cyskon
join:2003-06-06
00000
|  SpeedStream 5660 NAPT
Good Day All,
Now I have been using a 5660 for years now and I have had a few NAPT servers configured to one server within my network and this has always worked wonderfully. Recently I have had reasons to now open up another port and have it sent to another server.
I go through the process of setting up the port and server IP address as I have done before and point it to the new server, but even though I can access the server internally (indicating that the service is working and responding), the modem will not transfer the information to the other server, it will only work for the original server.
Example:
WAN --> DSL (80) --> 10.0.0.20 (original) - WORKS!
WAN --> DSL (8080) --> 10.0.0.25 (new) - DOESN'T WORK!
What am I doing wrong? Would appreciate your expertise. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| Are you running the other server on Port 8080 locally? The Speedstream 5660 doesn't redirect ports, so it can't hit port 8080 and then go to Port 80 on 10.0.0.25 so that server has to be listening on Port 8080 instead.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cyskon
join:2003-06-06
00000
1 edit | Yes. Locally they both work on the same ports I'm trying to open on the DSL. They both work fine locally without issues, its just that I can't get to 8080 from outside. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| Then it might be ISP Blocking. Try testing at GRC.Com's Shields Up and there is a section after the initial port testing that talks about determining if there is upstream blocking from the ISP.
GRC.Com's Shields Up!
»https://www.grc.com/x/ne.dll?bh0bkyd2
You could also try another port like 8000, 8001, 8081 instead of 8080.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cyskon
join:2003-06-06
00000
| Thanks I know about grc and I have been using it to test, when I use GRC it says the port in stealth (for the 10.0.0.25 server). I also tried other ports (21, 25, 143, etc) and those were also not being translated to the "new" server (10.0.0.25), they would work for the "old" server (10.0.0.20). Its weird and I'm at a loss as to what next to try. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | How many Ports Forward Rules do you have and how many Ports in total are being Forwarded by NAPT server entries? |
|
cyskon
join:2003-06-06
00000
1 edit | I have 4 NAPT server entries including the one to forward port 8080. So I believe I'm well within the limit.
Port forward rules, is that the same as IP Filtering? I have one rule for IP Filtering, which I just tried because I couldn't think of anything else. I have never needed to use IP filtering before. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| IP Filtering is normally not used. You must be very careful with rule creation as you can block the wrong things. NAPT by default drops ALL unsolicited incoming traffic.
NAPT Servers are Port Forwarding.
You should be able to test a range of ports in default mode and get all Green aka Stealth responses. Then add the range reduced by one on each end and get those Forwarded Ports shown as Blue aka Closed since they are now reaching the PC but nothing is running to accept the connection so it responds differently than a Router. If you don't get blue after adding the Port Range to the NAPT Servers then the Firewall on the PC is stealthing those ports or the ISP is blocking those Ports before they reach your Router.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cyskon
join:2003-06-06
00000
1 edit | Doc, I went ahead and stopped the service that was listening on port 8080, but GRC still showing it up as Stealth. I'm running the service on a Windows 2003 Server OS, so the firewall is not running, so am I to conclude then that it has to be an ISP blocking that's going on? No other possibilities?
I went ahead and disabled IP Filtering and the 8080 port is still setup in the NAPT.
Thanks. |
|
cyskon
join:2003-06-06
00000
| Ok, I have not so good news.
I ran an experiment and the result is that the 5660 refuses to port forward to another machine on the same network and subnet.
On the 10.0.0.20 machine, I opened up port 8080 and then did GRC and it showed the port opened (pink). Then I closed the port, and it should it as closed (blue).
I then deleted that entry from the NAPT, then created a new entry pointing port 8080 to the 10.0.0.25 machine, and it should the port as stealth, both when I had a program listening and when there was none. So that proves that my ISP is not blocking the port, and proves that something is funny with the 5660 and its NAPT.
Is it that the 5660 is only able to forward to one machine? The test I would have to run to prove this theory is to remove all the entries that I have and then setup a port for the new machine and see if it will show as open. Maybe I'll do this so that I can know quicker if I need to get another router.
Let me know.
Thanks. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
3 edits | said by cyskon  :Ok, I have not so good news. I ran an experiment and the result is that the 5660 refuses to port forward to another machine on the same network and subnet. What is the Firmware version installed in your 5660?
Make sure you disable IP Filtering.
Did you set the MaxMTU on all LAN PCs? (PPPoE only, skip this if you are PPPoA) It needs to be 1454 or 1492 depending on your ping test results on a PPPoE connection. Details are HERE. Download DR. TCP from HERE to make the changes for you. All LAN PC's should use the exact same settings.
The NAPT Mode must be enabled.
When you Forward the Port for 8080 are you using TCP and one rule or are you making two rules, one for TCP - one for UDP.
said by cyskon :Is it that the 5660 is only able to forward to one machine? No. There is no such limitation in the 5660. The 5660 can be setup to Forward to ANY Private IP on the LAN that is running a server. There is a limit on the total number of opened ports though.
Port Range on the Speedstream 5660
5660 Opening Ports
It sounds like your Server is blocking the incoming connections from 10.0.0.1 with its Firewall.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cyskon
join:2003-06-06
00000
| Hey doc,
The firmware on the device is 2.3.0(7) Mar 4, 2002 13:44:50
Double checked, IP Filtering is disabled.
I would like to thank you for your assistance, really appreciated it.
I figured out what the problem was. I had the wrong gateway in the network NIC (I know you can kick me later).
Once I changed the gateway to the 5660, everything started working and I'm good to go now.
Thanks again. (you can kick me know)  |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| Getting it fixed is the only issue. Human error, typos or even hardware or firmware issues or bugs are not the problem to be worried so much about to me, but the troubleshooting for the cause and having it corrected is what I consider important and you were successful. Congrats! 
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cyskon
join:2003-06-06
00000 | True, the end result is fixing it. Thanks again. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | You are very welcome. Always glad to help when I can. |
|
