1

I have tried everything for enabling port forwarding on my router. I am in a university and the university provides me the internet facility to my room where I have my own router. I think the university blocks all external ports but I am not sure so I came here.

What I have tried:

  • Configured port forwarding on my Tenda router (Internal and external port - 7712)
  • Added an inbound rule in firewall to allow the external port of 7712 (I have verified there is no other rule above this blocking my rule)
  • I have a springboot api that exposes a REST API on the port 7712
  • I am not sure if i am blocked by my university parent router or the ISP for my port 7712 (I tried by best to use a unique port)

Observations:

  • I am able to access externalIp:port when i am on my university network (Even from my friend's room who is also a student in the university and uses internet provided from them)
  • I am not able to access externalIp:port when I connect from my phone internet (Basically, when I go out of my University provided internet) When I try to check if a port is free on this link, every port I try said it is blockedTest for 7712 port that my application runs on

Links that I have already checked, understood, tried and was failed to solve the issue:

Apart from these links I have checked many more resources on the internet and was unsuccessful on any of the solutions checked

Basically I am trying to host a service from home to the world like a home data center you can say. I am I have no big machines here, it is just my laptop. I am doing this to host a very small app that may run on some user phones (client) that will connect to my laptop (server).

As of now I have a springboot application that I run from ecplise. once I start the server on eclipse I try to connect from localhost:ip and it works, but I want it to be accessible from externalIp:port after making the port forwarding configuration. Please guide me on this.

Vasanth Nag K V
  • 111
  • 3
  • Your university is likely using [Carrier Grade NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT). Please read [Alternatives to Port Forwarding & NAT](https://portforward.com/help/alt-to-pf.htm): "There are four major problems that you may run into that would require alternatives to port forwarding. " ... – DavidPostill Apr 24 '21 at 21:24
  • How to confirm if my university is using Carrier Grade NAT. ? I am not really sure what it is, I am reading on it now though. – Vasanth Nag K V Apr 24 '21 at 21:28
  • Compare the IP of the public facing IP of the router with the IP address shown in a service like [this](https://ipinfo.io/). – jvda Apr 24 '21 at 22:02
  • @jvda : can you please help to elaborate about what i have to check ? (I am not a networking guy, sorry). How do I know the public facing Ip of the router ? and the "this" which you say is a service like "whatsmyIP" ? – Vasanth Nag K V Apr 24 '21 at 22:04
  • 1
    Sure, sorry. The public facing IP is the one assigned to the uplink of your router (WAN). This is the IP address by which your ISP will route packets to your router. The service is, as correctly identified by you, a service showing which IP was used as the source of the packet arriving at some remote host. CG-NAT is given when these addresses don't match. What's happening is that your ISP is reusing the public IP shown in the service and using private addresses to translate to internally. You should be able to find that IP somewhere in the status info of your router (often also called WAN IP). – jvda Apr 24 '21 at 22:14
  • 1
    Thanks for the detailed explanation - I have checked and both the IPs match ! – Vasanth Nag K V Apr 24 '21 at 22:19

2 Answers2

1

It sounds like this could be your router or windows firewall software if your friend at the university can be accessed via his external IP/port.

However, you first need to determine if your connection at the university is using some kind of NAT (either Carrier Grade or regular NAT). Compare your IP addresses between your router and the internet. Look at the WAN IP in the router and then visit a site that shows your IP as seen from the internet (e.g. whatismyip.com). If the two IP addresses are the same then you aren't going through a NAT. If they are different and/or if your router's WAN IP is in a private IP address range (https://en.wikipedia.org/wiki/Private_network), then you are behind a NAT and there is not much you can do.

If you have a real external IP and don't have NAT interfering, it's still possible that your connection could be firewalled on certain ports/services by the university or it just could be your router or your windows firewall. Next step is to eliminate the router as the issue:

•If the Tenda router offers a DMZ feature, place your computer into the DMZ on the Tenda and begin testing (this is usually done by moving the IP assigned to your device by the Tenda into the DMZ settings). DMZ should bypass all NAT and expose your computer to the internet.

•Connect your computer directly to the university network and avoid the router entirely. You'll have to determine how your IP address is issued to your router (most likely it's just DHCP issued, but it could require PPPOE authentication).

Next step is to disable any Windows firewall software temporarily (warning: this exposes your computer wide-open to the internet) and then ensure you have ports open/listening on your computer check them to see if they are open using a tool like https://www.portchecktool.com/ or another device externally connected to the internet.

If you can see the open ports you can then further explore whether it is an issue with the router or your windows firewall settings. If the ports are not open, then you are likely being firewalled by the university.

spaceman-spiff
  • 789
  • 5
  • 16
  • I have verified that I am NOT behind an NAT as per your procedure. So if I disable my firewall entirely in a DMZ mode it seems very risky. Can I instead simply set an inbound rule on my firewall with the port I need while being in DMZ and connecting directly to the Internet (without the router) ? – Vasanth Nag K V Apr 24 '21 at 22:22
  • @VasanthNagKV - if your connecting without your router, then you don't need DMZ. Just do a portcheck and see if the port is open. If it is not, temporarily disable your firewall entirely and then see if it is open. If you are using your router and set your computer in the DMZ, port forwarding rules are not necessary and you can do a port check (with and without your firewall enabled) to see if it works. – spaceman-spiff Apr 26 '21 at 21:52
1

My ISP was using a NAT. I had to call them to manually remove me from the NAT and open the requested ports. Don't know if you can do that with your uni network though.

ksxbi2sibp00v
  • 11
  • 1