1 edit | reply to Doctor Olds
Re: SpeedStream 5660 NAPT Yes. Locally they both work on the same ports I'm trying to open on the DSL. They both work fine locally without issues, its just that I can't get to 8080 from outside. |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | Then it might be ISP Blocking. Try testing at GRC.Com's Shields Up and there is a section after the initial port testing that talks about determining if there is upstream blocking from the ISP.
GRC.Com's Shields Up!
»www.grc.com/x/ne.dll?bh0bkyd2
You could also try another port like 8000, 8001, 8081 instead of 8080.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
| Thanks I know about grc and I have been using it to test, when I use GRC it says the port in stealth (for the 10.0.0.25 server). I also tried other ports (21, 25, 143, etc) and those were also not being translated to the "new" server (10.0.0.25), they would work for the "old" server (10.0.0.20). Its weird and I'm at a loss as to what next to try. |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | How many Ports Forward Rules do you have and how many Ports in total are being Forwarded by NAPT server entries? |
|
1 edit | I have 4 NAPT server entries including the one to forward port 8080. So I believe I'm well within the limit.
Port forward rules, is that the same as IP Filtering? I have one rule for IP Filtering, which I just tried because I couldn't think of anything else. I have never needed to use IP filtering before. |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | IP Filtering is normally not used. You must be very careful with rule creation as you can block the wrong things. NAPT by default drops ALL unsolicited incoming traffic.
NAPT Servers are Port Forwarding.
You should be able to test a range of ports in default mode and get all Green aka Stealth responses. Then add the range reduced by one on each end and get those Forwarded Ports shown as Blue aka Closed since they are now reaching the PC but nothing is running to accept the connection so it responds differently than a Router. If you don't get blue after adding the Port Range to the NAPT Servers then the Firewall on the PC is stealthing those ports or the ISP is blocking those Ports before they reach your Router.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
1 edit | Doc, I went ahead and stopped the service that was listening on port 8080, but GRC still showing it up as Stealth. I'm running the service on a Windows 2003 Server OS, so the firewall is not running, so am I to conclude then that it has to be an ISP blocking that's going on? No other possibilities?
I went ahead and disabled IP Filtering and the 8080 port is still setup in the NAPT.
Thanks. |
|
| Ok, I have not so good news.
I ran an experiment and the result is that the 5660 refuses to port forward to another machine on the same network and subnet.
On the 10.0.0.20 machine, I opened up port 8080 and then did GRC and it showed the port opened (pink). Then I closed the port, and it should it as closed (blue).
I then deleted that entry from the NAPT, then created a new entry pointing port 8080 to the 10.0.0.25 machine, and it should the port as stealth, both when I had a program listening and when there was none. So that proves that my ISP is not blocking the port, and proves that something is funny with the 5660 and its NAPT.
Is it that the 5660 is only able to forward to one machine? The test I would have to run to prove this theory is to remove all the entries that I have and then setup a port for the new machine and see if it will show as open. Maybe I'll do this so that I can know quicker if I need to get another router.
Let me know.
Thanks. |
|
|
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
3 edits | said by cyskon:Ok, I have not so good news. I ran an experiment and the result is that the 5660 refuses to port forward to another machine on the same network and subnet. What is the Firmware version installed in your 5660?
Make sure you disable IP Filtering.
Did you set the MaxMTU on all LAN PCs? (PPPoE only, skip this if you are PPPoA) It needs to be 1454 or 1492 depending on your ping test results on a PPPoE connection. Details are HERE. Download DR. TCP from HERE to make the changes for you. All LAN PC's should use the exact same settings.
The NAPT Mode must be enabled.
When you Forward the Port for 8080 are you using TCP and one rule or are you making two rules, one for TCP - one for UDP.
said by cyskon:Is it that the 5660 is only able to forward to one machine? No. There is no such limitation in the 5660. The 5660 can be setup to Forward to ANY Private IP on the LAN that is running a server. There is a limit on the total number of opened ports though.
Port Range on the Speedstream 5660
5660 Opening Ports
It sounds like your Server is blocking the incoming connections from 10.0.0.1 with its Firewall.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
| Hey doc,
The firmware on the device is 2.3.0(7) Mar 4, 2002 13:44:50
Double checked, IP Filtering is disabled.
I would like to thank you for your assistance, really appreciated it.
I figured out what the problem was. I had the wrong gateway in the network NIC (I know you can kick me later).
Once I changed the gateway to the 5660, everything started working and I'm good to go now.
Thanks again. (you can kick me know)  |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | Getting it fixed is the only issue. Human error, typos or even hardware or firmware issues or bugs are not the problem to be worried so much about to me, but the troubleshooting for the cause and having it corrected is what I consider important and you were successful. Congrats! 
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
| True, the end result is fixing it. Thanks again. |
|
Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | You are very welcome. Always glad to help when I can. |
|
