7 replies to this topic

[Circaflex]

Hey guys im having a difficult time setting up our new router, we replaced a dead dlink with this and im trying to figure out why port forwarding isnt working. we have time warner cable, i setup the ports via the guide found on portforward.com. I save the settings and test them and they wont work, this is namely utorrent and my domain from my homeserver; both which worked on my previous router. utorrent states no incoming connections and a red circle on utorrrent for mac, my vm also shows this on windows 8 when i use their test it states it isnt forwarded properly; this also happens when i try to access my homeserver from remote or via the domain https://myhomeserver....

[manroweb]

Have you followed this guide?

http://www.dlink.com...-on-my-ebr-2310

[+BudMan]

What is the device in front of your new router? You sure its not doing NAT?

I would say like 95 times out of a hundred when people can not get port forwarding to work, is because they are behind a double NAT!

Might of worked before because the IP address of the other routers wan was placed into the dmz? Maybe it was setup static - and this new one you just plugged it in, etc.

As to other reasons port forwarding doesn't work - wrong private IP, IP they are forwarding to is not really listening on that port (wrong port), ISP blocking the port inbound that they are trying to forward. Software firewall on the IP they are wanting to forward too. They setup the forward wrong, ie trigger vs actual forward. They used the wrong protocol, tcp vs udp or vise versa. They setup the forward wrong source port vs dest port.

They are trying to test via loopback which router does not support or behind a double nat that doesn't support it, and forward actually works fine but their test method is flawed, etc. etc.

Verify that your new router actually has a PUBLIC IP on its wan (internet) interface -- something other than 10.x.x.x, 192.168.x.x, 172.16-31.x.x and then give the details of what your doing with screen shots and your host listing on the port.. You being able to connect to said port from other local devices, no firewall setup on the device your trying to forward too, etc.

And we can work out your issue - for now we are working with NOTHING to go on other than you can not setup a port forward

We got your previous one works -- great do into the mech when your car does not work and say. No idea what is wrong, it doesn't work. My last car worked just fine. Got this one and it doesn't work

[Circaflex]

BudMan, on 04 January 2013 - 13:10, said:

What is the device in front of your new router? You sure its not doing NAT?
Sorry if i dont understand but out setup is modem->ebr-2310->dell gigabit switch. I have setup the uplink from router to switch but all computers are plugged into the gigabitswitch

Might of worked before because the IP address of the other routers wan was placed into the dmz? Maybe it was setup static - and this new one you just plugged it in, etc. I dont understand the first part about being placed into the dmz? Before it was not setup static as sometimes i would need to relogin to the router and change the ip of the computer that the ports were forwarded for, i think thats what you were asking.

Verify that your new router actually has a PUBLIC IP on its wan (internet) interface -- something other than 10.x.x.x, 192.168.x.x, 172.16-31.x.x and then give the details of what your doing with screen shots and your host listing on the port.. You being able to connect to said port from other local devices, no firewall setup on the device your trying to forward too, etc. Forgive my ignorance how would i go about checking this?

I have attached screenshots of the router pages, hopefully that will help.

https://www.dropbox.....33.13%20AM.png
https://www.dropbox.....36.02%20AM.png
https://www.dropbox.....35.31%20AM.png
https://www.dropbox.....35.11%20AM.png
https://www.dropbox.....34.38%20AM.png
https://www.dropbox.....34.25%20AM.png



OFF TOPIC: budman how did you become so knowledgeable in networking, is it first hand experiences? schooling? books and materials?

[+BudMan]

I have been playing/working with computers and networking since late 70's -- so yeah lots of first hand. Its what I do for a living the last 20+ years. But yeah I read a LOT!!! I research a LOT, I play a LOT!! Yes I have had some classes over the years, advanced routing, checkpoint firewalls, I remember a IRIX class way back in the day when company I worked for at the time got some SGI boxes in.. etc.. etc.. Would be impossible for me to remember all the classes and certs I have gotten over the last 20+ years I recall a class with management of SSL certs back when PKI was new and fresh Got some kind of cert from verisign, etc.

Its great when what you do is also your hobby I enjoy tech and keeping up with all things computer related be it hardware, OS or networking.. Current position is more networking based so I have lost some of my AD and Server Skills.

the forward is clearly working for the first one - since you post your actual IP, I connected to you on 80 and got this

budman@ubuntu:~$ wget --save-headers 76.167.xx.xx
--2013-01-04 14:18:14-- http://76.167.xx.xx/
Connecting to 76.167.xx.xx:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 602 [text/html]
Saving to: `index.html.5'

100%[======================================>] 602 --.-K/s in 0s

2013-01-04 14:18:14 (65.4 MB/s) - `index.html.5' saved [602/602]

ubuntu:~$ cat index.html.5

HTTP/1.1 200 OK
Content-Length: 602
Content-Type: text/html
Content-Location: http://76.167.xx.xx/Default.htm
Last-Modified: Sat, 12 Jul 2008 20:45:28 GMT
Accept-Ranges: bytes
ETag: "0648c3760e4c81:1389"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 04 Jan 2013 20:17:02 GMT

<html>

<head>
<meta HTTP-EQUIV="Content-Type" Content="text/html; charset=utf-8">
<script language="javascript">
		document.location = 'home/default.aspx?gotodefault=true';
</script>

<title ID="titletext">Navigate to public landing page...</title>
</head>

<body>
<noscript>
   <p id="JSWarningTitle"><b>JavaScript is Required.</b><br/></p>
   <p id="JSWarningText">
	   JavaScript is required to use the Windows Home Server Remote Access Web site.<br />
	   Please enable JavaScript in your Web browser and refresh this page to proceed.
   </p>
</noscript>
</body>
</html>

Again how are you testing that it was not working?

Also not a good idea to forward to IP that fall inside your dhcp scope - do you have a reservation set for the .11 box?? If not if you turn him off he might be .12 next time.

Also normally if your going to setup manual port forwards you don't leave UPnP enable.

quick scan shows

Starting Nmap 6.01 ( http://nmap.org ) at 2013-01-04 14:07 Central Standard Time
Nmap scan report for cpe-76-167-xx-xx.socal.res.rr.com (76.167.xx.xx)

Host is up (0.090s latency).
Not shown: 98 filtered ports

PORT STATE SERVICE
80/tcp open http
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 3.23 seconds

I can verify those other ports for you if you want.. But sure looks like your forwards are working to me, which is a close 2nd to users just think their forwards are not working because they try testing it via loopback forwarding, nat reflection when their router does not support it. Many routers do not allow you to hit your public IP from an inside IP just to get forwarded back in. You would have to RTFM on your router to see if they do - maybe changing your nat restrictions might allow it, maybe endpoint independent

Also I highly doubt you need UDP 80 and 443 forwarded. As to 4125, not sure what your wanting to do with that so not sure if that is tcp or udp, I would guess from what I got back from port 80 your using it for RWW, I would have to lookup the details but some sort of proxy port used for remote desktop use. But that is the older version I do believe - thought the newer versions of SBS used 443 for this?

Not sure that has to be open on your router or not - since not clear on what your trying to get working? But its rare that a port is both, off the top of my head dns needs to be because it will switch from udp to tcp depending.. But mostly its udp. torrents might use both tcp/udp depending on what your doing.

I snipped out your public IP from what I posted - you might want to remove screen shots showing your public IP.

[Circaflex]

"Again how are you testing that it was not working?"

For utorrent I go into preferences and it says no incoming connections on the port i set it to, giving me a red light. This does the same when I test on my win 8 VM it just gives me an x stating its not forwarded.

For my home server I have it setup on the custom domain https://kevinbostwick.homeserver.com and its no longer opening.

"Also not a good idea to forward to IP that fall inside your dhcp scope - do you have a reservation set for the .11 box?? If not if you turn him off he might be .12 next time."
I dont have a reservation setup, i will look into doing that

"Also normally if your going to setup manual port forwards you don't leave UPnP enable."
in case others on the network have devices that use upnp, i dont want them to have problems, so i just assumed id leave it on.

"Also I highly doubt you need UDP 80 and 443 forwarded. As to 4125, not sure what your wanting to do with that so not sure if that is tcp or udp, I would guess from what I got back from port 80 your using it for RWW, I would have to lookup the details but some sort of proxy port used for remote desktop use. Not sure that has to be open on your router or not? But its rare that a port is both, off the top of my head dns needs to be because it will switch from udp to tcp depending.. But mostly its udp. torrents might use both tcp/udp depending on what your doing."
I followed the portforward.com guide for my router and setting up windows home server for outside access via a windowslive custom domain.

[+BudMan]

Well that resolves to the IP you posted in your screenshots - I would remove anything that resolves or gives you public IP out on a public forum.

;; QUESTION SECTION:
;snipped.homeserver.com. IN A

;; ANSWER SECTION:
snipped.homeserver.com. 271 IN A 76.167.xx.xx

But how are you trying to test that?? You trying to access it from one of the machines on your local network? That is not going to work unless your router supports nat reflection, etc.

As to utorrent not working - you sure its using that 10622 port?? Do you have utorrent set to use UPnP? You have that enabled, but also trying to do manual forwards. I did a scan of that port and show it filtered -- I would check that box is actually listening on that port.

Starting Nmap 6.00 ( http://nmap.org ) at 2013-01-04 15:17 CST
Nmap scan report for cpe-76-167-xx-xx.socal.res.rr.com (76.167.xx.xx)
Host is up (0.091s latency).
PORT STATE SERVICE
10622/udp open|filtered unknown

UDP scans can be misleading for sure.. But I would have to guess that your not forwarding to the right IP, or its not listening on that port if your saying its not working. You sure you don't have a firewall on that host that is blocking your utorrent traffic?

simple netstat -an | findstr portnumber

would tell real quick, so for example I use 42312 as my torrent port.. And you can see from this output

C:\>netstat -an | findstr 42312
  TCP	0.0.0.0:42312		  0.0.0.0:0			  LISTENING
  TCP	192.168.1.8:42312	  xx:1526	   TIME_WAIT
  TCP	192.168.1.8:42312	  xx:13288	 TIME_WAIT
  TCP	192.168.1.8:42312	  xx:57388   TIME_WAIT
  TCP	192.168.1.8:42312	  xx:57759   TIME_WAIT
<snipped out all the other listed time_waits>
  TCP	[::]:42312			 [::]:0				 LISTENING
  UDP	0.0.0.0:42312		  *:*
  UDP	[::]:42312			 *:*

So maybe your utorrent client is not using that 10622 port? Maybe Its no longer on that .20 IP I believe you were forwarding it too? But clearly your forwards are working since I hit your server on port 80 from the outside.

If you change the command to say -ano you will get the PID of the process listening, so you can verify that its utorrent listening on that port
C:\>netstat -ano | findstr 42312
TCP 0.0.0.0:42312 0.0.0.0:0 LISTENING 4712

C:\>tasklist | findstr 4712
uTorrent.exe 4712 Console 1 19,344 K

Maybe having the manual forward is messing up the UPnP? If you going to do manual forwards, normally you disable UPnP - I personally not a fan of UPnP and normally do not have it enabled ever!! But when my son got his PS3 it was the easiest way to allow his games to work. But my router firewall allows me to lock down UPnP so only his PS3 IP can request and only to his PS3 IP, etc.

allow 1024-65535 192.168.1.209/32 1024-65535

I would turn of UPnP if your going to use manual port forwarding.

[Circaflex]

So it seems i found a solution to my HS problem, i released the domain and created a new one now its accessible from outside my network! I will tackle utorrent with your info and post back later tonight, thank you again.