2

I have setup port forwarding successfully before, but this time it just won't work.

I am using a WRT54G v6 Router, with the latest firmware. In the port forwarding section, I have set the port range 7000-7100 to get forwarded to the LAN ip 192.168.1.106, which is my computer. I have also setup my computer's network connection to use always the ip mentioned above, as in a static ip configuration.

However, when I test if e.g. port 7050 is open, I always get it is closed from websites like http://www.yougetsignal.com/tools/open-ports/ .

What could be causing the problem?

Severo Raz
  • 143
  • 9

1 Answers1

4

Testing a forwarded port will only show a success if there is a "listener" on IP address you are forwarding the ports to that can accept the connection on the port.

So the first thing to do is start the application that will be connected to, and ensure it is listening on the port. You can do this with

netstat -an

You should see something like 

Proto  Local Address          Foreign Address        State
TCP    0.0.0.0:7050            0.0.0.0:0              LISTENING

If just starting the client isn't enough to get the listener running, then you can use netcat:

nc -l 7050

Make sure this works from within your network, if you can. An easy way would be from another machine that has telnet installed, with the following command:

telnet 192.168.1.106 7050

If it succeeds, and is a windows device you are testing from, you'll just see a flashing cursor. If it fails, then you'll get returned to the command line instantly, or get a time out. nmap is an alternative tool you can use to test.

Once you are certain that the PC is accepting connections on the port, then try the external testing service.

If possible, test from an external linux box. Ensure that you can ping the public IP of your router (you may need to enable this in the configuration of the router) then do the following from the linux box:

traceroute -I <public ip>
traceroute -p 7050 -T <your public IP>

The first traceroute will use ICMP to trace to your router, which should work if you have enabled ping on the router. The second one will either work, or stop at some point before your router. If it is the immediate hop before the router (as compared to the ICMP traceroute) then your router is not correctly forwarding. If it is earlier, then it means your ISP is blocking the incoming connection.

Paul
  • 59,223
  • 18
  • 147
  • 168
  • Well I was not aware of that a listener was required haha. Anyway, I have Transmission listening on port 7001, so I used that port instead. The telnet command works great from my computer, but I have not been able to test it from another computer in the network. I will let you know when I can, and the results. Thank you for your help! – Severo Raz Jan 15 '12 at 20:24
  • I think I managed to connect from another computer. I used a Windows computer this time, and its native telnet client. I connected to the port 7001, and then the cmd went black. I could write, but the text didn't get rendered. Then I hit the escape character and exited telnet. However, there was never a report of a connection failure. I tried using another port, and I did get an error. – Severo Raz Jan 16 '12 at 21:18
  • I have just completed an additional test: I opened a connection from my host with `nc -l 7002` and connected to it successfully from the other computer. I sent some text, and the text was received. My host is opening the ports correctly. – Severo Raz Jan 16 '12 at 21:28
  • No, just in my network. – Severo Raz Jan 17 '12 at 00:01
  • The traceroute stops at an ip which is in my country but is not my router. It may belong to my ISP. Do you think its necessary for me to post the traceroute output? – Severo Raz Jan 17 '12 at 01:19
  • Should I run this command from my host or from a remote host? – Severo Raz Jan 17 '12 at 02:11
  • Well in the traceroutes I have done I can see that 2 hosts of my country always pop up, which leads me to think that it is my router causing the problem. Now, how can I be sure? How could I fix this in my router, if the settings are supposedly ok? – Severo Raz Jan 17 '12 at 05:20
  • Have you enabled ping on your routers public interface, and did you first confirm you can ping? (I have moved my comments into the answer) – Paul Jan 17 '12 at 05:40
  • Well the settings in my router evidence ping should work, but it doesn't. – Severo Raz Jan 17 '12 at 06:38
  • If you are confident that you are targetting your router public IP address, I would raise this with your ISP, perhaps they have changed policy on incoming connections. – Paul Jan 17 '12 at 09:02
  • I have talked to my ISP and was told that they do not block any port, so this further blames my router, unless my ISP lies. I think I will factory reset my router to see if it is of any help. – Severo Raz Jan 20 '12 at 07:54
  • I have tested all the commands again with a fellow, and the results are the following: 1. `ping` doesn't work 2. Both traceroutes reach the same end host I spoke to some people at freenode.net@##networking and was told that probably my ISP has assigned me a private IP, unreachable for the outer internet. – Severo Raz Jan 20 '12 at 09:07
  • Yeah it is definitely possible. Which truly sucks. Wait - where are you getting your public IP from - is it your router or from a website? – Paul Jan 20 '12 at 11:53
  • Website haha, https://duckduckgo.com/?q=what+is+my+ip%3F for example – Severo Raz Jan 20 '12 at 19:04
  • Ok, I talked to my ISP and now my IP is public dynamic; problem solved :) Thanks for all the help! – Severo Raz Jan 20 '12 at 23:18