dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2398
Kirkx
join:2006-09-20
Toronto, ON

Kirkx

Member

BEFSX41: how to open up firewall for outbound traffic

Linksys: BEFSX41
Firmware: 1.45.7

I've been using befsx41 for two years without problems, but lately stumbled upon a piece of software that just won't connect to its server as long as Linksys stays in the way (the software is AxisPro stock trading platform from nexatech.com).

It always stalls 37% through the connection process:

»img525.imageshack.us/img ··· 7hv5.png

which ends with the message "no response from server"

»img266.imageshack.us/img ··· 5kf9.png

Disconnecting befsx41 and setting up DSL connection straight through the modem resolves the problem.

All this looks quite weird because I can easily ping the server in question when Linksys is connected.

»img443.imageshack.us/img ··· 7qe6.png

Is there any setting in Linksys that should be modified. I admit I don't know much about port forwarding and all that staff. The firewall settings are as follows:

»img338.imageshack.us/img ··· 3dm0.png

Thanks

d_l
Barsoom
MVM
join:2002-12-08
Reno, NV

d_l

MVM

Are there any directions about opening ports with the help files for the program? I looked on their web site FAQs and in their support pages without much success to answer that question.

The loading stall seems like it might be an MTU problem, but you already have yours set to Manual 1492 (I gather that you are on DSL).
Kirkx
join:2006-09-20
Toronto, ON

3 edits

Kirkx

Member

The more I look at this the more it looks like I will finally have to learn more about port forwarding. I have a PDF with some info about opening ports, unfortunately no ports are provided for the "demo" address:

demo.nexadirect.com (70.251.254.25)

but I can get that from tech support (the question is how long it will take). Here is the screenshot from PDF:

»img262.imageshack.us/img ··· 5yf8.png

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

Bill_MI

MVM

I can't claim, nor want, any experience with such web filtering so first thing I'd do is turn it OFF. Did you try that? (Advanced Firewall Protection)

And whoa there... this is NOT a port forwarding issue. Those are all OUTBOUND connections. Port forwarding is strictly inbound. Blame such confusion of various uses of the words "opening a port".
Kirkx
join:2006-09-20
Toronto, ON

Kirkx

Member

Turning off Advanced Firewall Protection didn't help. I'll try the remaining items one by one.

Jan Janowski
Premium Member
join:2000-06-18
Waynesville, NC

1 edit

Jan Janowski to Kirkx

Premium Member

to Kirkx
Are you on DSL or Cable?

I'm on DSL, and had a strange problem with uploads crashing with V1.45.7.

If you've the time and inclination, try the latest code, as V1.52.15 fixed an upload issue here. Post back if you try it.
Kirkx
join:2006-09-20
Toronto, ON

4 edits

Kirkx

Member

said by Kirkx:

Turning off Advanced Firewall Protection didn't help. I'll try the remaining items one by one.
No results. I've tried all possible settings. Bill_MI, if you like you can have a look at explanation what in this case is Advanced Firewall Protection:

»img372.imageshack.us/img ··· 3wm4.png
said by Jan Janowski:

...try the latest code, as V1.52.15...
When I got the router two years ago the latest version was 1.52.10 and it was crappy. Those days everyone was recommending v1.45.7.

I'm on DSL, v1.45.7 has been rock solid for me, it's the first time that the software refuses to work. But, on the other hand, I don't do too many uploads, maybe occasional 1 meg email attachment.

I'll report on the progress later, have to go now, I've already got firmware v1.52.15.

If I don't get Befsx41 running then I'll get another router. I need Nexa Tech software to work.

d_l
Barsoom
MVM
join:2002-12-08
Reno, NV

d_l to Kirkx

MVM

to Kirkx
Your could try running TCPView on your computer without showing the unconnected endpoints and setting it to resolve addresses. Then launch your AxisPro and see how many of those possible connections it actually makes to get an idea of where the connection process is failing. I use this program all the time to see what connections have been established by programs I run.

beerbum
Premium Member
join:2000-05-06
behind you..
Motorola MB8600
ARRIS TG862
Asus RT-AC5300

1 edit

beerbum to Kirkx

Premium Member

to Kirkx
the only thing I can find on mine having to do with outbound traffic is the restrict access and firewall .. here is how I have mine set and nothing is blocked outbound:





I am using firmware 1.52.15 tho, dunno if that makes a dirrerence..

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

Bill_MI to Kirkx

MVM

to Kirkx
Something sounds fishy. Like they're not telling you all there is about the connections needed.

Question: That 37% stall point. How long does it take, roughly, to get there? 5 seconds or 5 minutes? We should be able to rule out some things.

If you feel bold, *temporarily* place your box in the DMZ. Try it. Then take it off DMZ (I'd never suggest this as a permanent solution but it rules out any port forwarding will help).
Kirkx
join:2006-09-20
Toronto, ON

1 edit

Kirkx

Member

said by Bill_MI :

That 37% stall point. How long does it take, roughly, to get there?
It takes a few seconds, the same time it takes when I connect straight through the modem.
said by Bill_MI :

... place your box in the DMZ ...
DMZ didn't help, unless I didn't set it up right, here is the summary:

a) dhcp is left unchanged:

»img139.imageshack.us/img ··· 2yu4.png

b) port forwarding of port 113 is disabled (normally traffic for port 113 is directed to DMZ, and from there to 192.168.1.200):

»img248.imageshack.us/img ··· 9ov7.png

c) DMZ is set to "Assigned by the DMZ Port" because I only have one computer connected:

»img248.imageshack.us/img ··· 1vw1.png

»img440.imageshack.us/img ··· 8fv4.png

Btw, I remember I was using AxisPro software for a short while in winter 2007, with exactly the same router configuration, so it looks like they have just made some changes and things got messed up.

Bill_MI
Bill In Michigan
MVM
join:2001-01-03
Royal Oak, MI
TP-Link Archer C7
Linksys WRT54GS
Linksys WRT54G v4

1 edit

Bill_MI

MVM

There's a DMZ port, separate from the other ports on the router, did you plug the 1 PC into that port?

Again, don't stay there long. In fact, I'm having second thoughts about suggesting it not knowing the security setup of your PC (e.g. XP/Vista firewall ON, latest patches, etc.).

It doesn't sound like an MTU issue. You'd have problems more places than this. I assume other things work fine?

You might consider resetting to defaults: »Linksys FAQ »The Loooooooong Reset to the rescue

You might consider upgrading firmware.

You already mentioned the new router option.

There's always waiting for Nexa support.
Kirkx
join:2006-09-20
Toronto, ON

Kirkx

Member

I'll try DMZ port, I've never used it before. There is Comodo firewall installed, updated XP-SP3. Every other software works fine. Firmware v1.45.7 is so stable that I don't want to touch it. Maybe I'll by Linksys RVS 4000, it's a new design so this might help.
Kirkx

2 edits

Kirkx

Member

Tried DMZ, it's port #4 at the back of my router, it didn't solve the problem. It looks like I need a router with more options to control outbound traffic. Befsx41 is focused on controlling inbound traffic only. Thanks for help, everyone.

d_l
Barsoom
MVM
join:2002-12-08
Reno, NV

1 edit

d_l to Kirkx

MVM

to Kirkx
AFAIK, there is no control of outbound traffic on the SX41 with 1.45.7. Linksys removed all outbound inbound restriction controls from the firmware much earlier (firmware v1.44.8 seems to stick in my mind).

Edit: My brain flub. I was thinking about inbound restrictions by IP which were removed some time ago. Outbound access restrictions are still a part of the firmware and have been in it since the earliest versions.

So outbound control ISN'T shouldn't be your problem if you have all services permitted for your commputer.

Try the TCPView and see what connections are missing when AxisPro stops. You might also have to packet sniff with Wireshark to find the problem.
Kirkx
join:2006-09-20
Toronto, ON

1 edit

Kirkx

Member

Here is the screenshot of TCPView taken when AxisPro stalled at 37%:

»img392.imageshack.us/img ··· 6ds6.png

Obviously I don't have a clue "what connections are missing".

viewer.exe - AxisPro
vsserv.exe - BitDefender antivirus

d_l
Barsoom
MVM
join:2002-12-08
Reno, NV

1 edit

d_l to Kirkx

MVM

to Kirkx
Well, only port 17185 is connected out of all those listed in this PDF: »img262.imageshack.us/img ··· 5yf8.png Maybe some or all of the http (port 80) connections go with AxisPro but the connect IP doesn't match the PDF. Also there is a 19001 connection that goes with AxisPro that ISN'T listed in the PDF!

Are you using AxisPro or is there a special demo version you are trying to test? I was thinking that maybe the demo version uses different ports than the paid version and so the PDF instructions wouldn't be strictly applicable.

I guess one other thing you could do is connect without the router, but with a software firewall (the firewall may cause its own problems) and take a sanpshot of the connected ports to compare with your router snapshot.

beerbum
Premium Member
join:2000-05-06
behind you..
Motorola MB8600
ARRIS TG862
Asus RT-AC5300

beerbum to d_l

Premium Member

to d_l
said by d_l:

AFAIK, there is no control of outbound traffic on the SX41 with 1.45.7. Linksys removed all outbound controls from the firmware much earlier (firmware v1.44.8 seems to stick in my mind).

So outbound control ISN'T your problem.
actually my BEFSX41 with firmware 1.52.15 does have controls for outbound traffic..




at this point I suggest trying a hard reset.. press and hold the reset button for 30-40 seconds, then I cut and restore power..
Kirkx
join:2006-09-20
Toronto, ON

4 edits

Kirkx

Member

In the meantime I figured out what you meant by "missing connections" and I connected straight through the DSL modem. When AxisPro started properly all connections looked as follows:

»img504.imageshack.us/img ··· 8hh8.png

Yes, it is a demo and the info for the demo seems to be omitted in the PDF file. The address for the demo is:

demo.nexadirect.com

»img529.imageshack.us/img ··· 8vz8.png

The "live" version only requires the following two addresses:

level2.pentrader.net
news.pentrader.net

»img148.imageshack.us/img ··· 1xx6.png

------
PS. Beerbum, I don't want to do the hard reset and then spend three hours redoing all configuration again, because the router works like a charm with all my software, including some real time stock market programs like AxisPro. The latter happens to be the only application that gives problems.
Kirkx

1 edit

Kirkx

Member

So here is the summary of IPs and ports.

This one is working ok:

70.251.254.25:17185

All the others don't work:

12.40.223.40:19001
12.40.222.41:18008
12.40.222.41:18003
12.40.222.41:18007
12.40.222.41:18017
12.40.222.41:18004
12.40.222.41:18015
12.40.222.41:18016
12.40.223.40:19001

Is there any way to get all those addresses working?

»img247.imageshack.us/img ··· 4mp1.png

»img516.imageshack.us/img ··· 0bi0.png

d_l
Barsoom
MVM
join:2002-12-08
Reno, NV

d_l to Kirkx

MVM

to Kirkx
Well at least we now know which ports aren't connecting! Now to figure out why.
Kirkx
join:2006-09-20
Toronto, ON

Kirkx

Member

I have corrected my last post (and added pings screenshots): only the first address is working.
Kirkx

Kirkx

Member

RESOLVED. Replacing firmware v1.45.7 with v1.52.15 resolved the problem. Really weird, it was the only problem with v1.45.7 that I've had since I got this router two years ago.

I hope v1.52.15 is as stable as v1.45.7.

Jan Janowski
Premium Member
join:2000-06-18
Waynesville, NC
·Carolina Mountai..
Synology RT2600ac
Linksys E2000

2 edits

Jan Janowski to Kirkx

Premium Member

to Kirkx
I've found V1.52.15 quite stable..

Only reason I left V1.45.7 was because of uploads that would randomly crash the router.

Your first post seemed to ring far too familiar..... That's why I suggested trying it.

The only thing I miss from V1.45.7 is the fact that logging of blocking by keyword or url has been broken in ALL SX41 firmware since V1.45.7