dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
167
share rss forum feed

mdamberger

join:2004-12-01
Roswell, NM
reply to msj

Re: Actiontec 701 Port Forwarding

Yes, I had set that up to be port 49153. I had read to change it from the typical setting of 6881 because some ISP's blocked that port.

When I go to www.canyouseeme.org I get back the following error.

Error: I could not see your service on 71.39.36.30 on port (49153)
Reason: Connection timed out

At »www.grc.com/x/portprobe=49153 I get

Port
Status Protocol and Application

49153
Stealth Unknown Protocol for this port
Unknown Application for this port

I get the same response on other ports, like POP3 mail etc.. My ipconfig is as follows.

C:\Documents and Settings\mdamberger\Desktop>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Actiontec Gateway
Physical Address. . . . . . . . . : 00-0F-B3-74-AA-6B
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.3.65

XP Firewall is set to off. There are no other firewalls setup. In fact the old hard drive failed a few weeks ago, so I reinstalled XP and took all the updates. I am the administrator of the computer, says so under users.

mdamberger

join:2004-12-01
Roswell, NM
The first thing I did when I could not get port forwarding to work, I went to Qwest's firmware update site and updated to the latest version. I checked a few days ago, and they are still the same. This is the version I have.
Thanks.

Firmware Version: QW04 -3.60.2.0.6.3-GT701-WG


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
reply to mdamberger
OK, so we're still not sure where the packets are getting dropped. Here's the next thing to do. Go to this webpage:

»www.winpcap.org/windump/install/default.htm

Download and install WinPcap 3.1 and then download WinDump.exe. These need to be installed on the machine that has IP 192.168.0.3. WinDump is the windows equivalent of tcpdump for Linux, and it requires WinPcap to run.

Then start a command prompt window and cd to the directory where you placed the windump command. Then type:

windump -D

This will list all of the network interfaces on your machine. Note which number interface is your ethernet interface (assuming you have just one). You need to use that number with the -i option below. Now, first make sure it is working. Type:

windump -i 2 -n port 80

Substitute the appropriate number for the 2 above, which is the right interface on my machine. I'll continue to use 2 in the following example.

Start up a web browser and go to any external web page. You should see windump dump a bunch of packet traffic if it is properly monitoring your ethernet interface.

Use control-C to terminate the above windump command. If the above worked then you should type:

windump -i 2 -n port 49153

Now go to www.canyouseeme.org and test port 49153 again. windump is fairly good at seeing all traffic, even if the port is being blocked by the OS or other software. If windump doesn't show anything then the evidence points back to the modem as the source of the problem, and we'll continue to debug that. If windump does show something (it should show two packets if you use www.canyouseeme.org) then the problem is with your PC configuration.

As an extra step, before you do these tests, power cycle the modem so all the iptables counts are reset. Then, if the above windump test fails, repost the iptables -v -L and iptables -t nat -v -L output from the modem, just to make sure we have consistant data .


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
reply to mdamberger
Oh, one more thing. I've been assuming a fairly simple network, i.e. either you have one PC hooked up directly to the Actiontec modem, or you have a simple switch/hub (not a router) between the Actiontec and the PC. Is that correct?

mdamberger

join:2004-12-01
Roswell, NM
reply to msj
I only have the PC connected directly to the modem. No other devices connected or between them. This is what I got when I ran winpcap.

C:\Program Files>windump -i 2 -n port 49153
windump: listening on \Device\NPF_{6E544437-5954-4FB9-B744-AF8AC39260ED}

0 packets captured
115 packets received by filter
0 packets dropped by kernel

C:\Program Files>

So, it looks like I'm not getting any packets through the port. Looks like the modems as fault. I tried canyousee me and another site. Both came back negative. I then changed my IP address just to make sure to 192.168.0.152. Still nothing.

mdamberger

join:2004-12-01
Roswell, NM
Here are the tables.

# iptables -v -L
Chain INPUT (policy ACCEPT 234 packets, 26488 bytes)
pkts bytes target prot opt in out source destination

0 0 DROP tcp -- ppp0 any anywhere anywhere
tcp dpt:telnet
0 0 DROP tcp -- ppp0 any anywhere anywhere
tcp dpt:www
19 1235 QUEUE udp -- br0 any anywhere anywhere
udp dpt:domain
0 0 ACCEPT icmp -- any any anywhere anywhere

20 4911 ACCEPT all -- ppp0 any anywhere anywhere
state RELATED,ESTABLISHED
5 330 DROP all -- ppp0 any anywhere anywhere

Chain FORWARD (policy ACCEPT 3642 packets, 1099K bytes)
pkts bytes target prot opt in out source destination

6 1416 QUEUE udp -- ppp0 any anywhere anywhere
udp spt:domain
7 446 QUEUE udp -- any ppp0 anywhere anywhere
udp dpt:domain
183 8816 ACCEPT tcp -- ppp0 any anywhere anywhere
tcp dpt:49153
724 102K ACCEPT udp -- ppp0 any anywhere anywhere
udp dpt:49153
0 0 REJECT tcp -- br0 any anywhere anywhere
state INVALID,NEW,RELATED,UNTRACKED tcp dpt:telnet flags:!SYN/SYN reject
-with tcp-reset
2345 982K sLog all -- !ppp0 ppp0 anywhere anywhere
sLog max_num 50 timeout 300

Chain OUTPUT (policy ACCEPT 198 packets, 77748 bytes)
pkts bytes target prot opt in out source destination

16 3992 QUEUE udp -- any br0 anywhere anywhere
udp spt:domain
0 0 DROP udp -- any ppp0 anywhere anywhere
udp spt:route
0 0 DROP icmp -- any ppp0 anywhere anywhere
icmp destination-unreachable
0 0 DROP icmp -- any ppp0 anywhere anywhere
state INVALID
#
# iptables -t nat -v -L
Chain PREROUTING (policy ACCEPT 847 packets, 65916 bytes)
pkts bytes target prot opt in out source destination

71 3416 DNAT tcp -- ppp0 any anywhere anywhere
tcp dpt:49153 to:192.168.0.3
166 15671 DNAT udp -- ppp0 any anywhere anywhere
udp dpt:49153 to:192.168.0.3

Chain POSTROUTING (policy ACCEPT 247 packets, 19783 bytes)
pkts bytes target prot opt in out source destination

621 48883 MASQUERADE all -- any ppp0 anywhere anywhere

Chain OUTPUT (policy ACCEPT 10 packets, 657 bytes)
pkts bytes target prot opt in out source destination

#
#


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
I noticed that you are forwarding port 49153 for TCP and UDP. I thought this was for running BitTorrent? BitTorrent doesn't use UDP. But the iptables output seems to show more packets coming in for UDP port 49153 than TCP port 49153. Both TCP and UDP have higher counts than I would expect from a few tests.

Anyway, this is certainly an interesting problem. I think the best next step would be to send me your modem configuration. I describe how to do that earlier in this thread. The instructions are in my fifth post to this thread. Make sure you follow the instructions regarding temporarily changing your account name and password, so that you won't be sending that information to me.

I have the ability to take that configuration and flash the whole thing directly to my modem, which should essentially make my modem a clone of yours. I would then need to change the account and password to my own to be able to effectively test the configuration.

There will be two possible outcomes of this:

1) I am able to reproduce the problem you are having, allowing me to diagnose the problem much more quickly.

2) Your configuration works just fine on my modem. I'd have to think some more about what to do next at that point.

One more question. How is the modem connected to your PC? Via ethernet cable or via USB?

mdamberger

join:2004-12-01
Roswell, NM
downloadmtd4.zip 6,159 bytes
(mtd4.txt)
Okay, I used your directions and have attched the file, it's a text file. I hope this is correct. If you can't get the file, I can post to a FTP site.

I'm using Azureus, and it complains about no UDP NAT error. Maybe UDP is only used if you seed, I'm not sure since I've never seeded.

Thanks.


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
The file isn't a text file, although it contains mostly text (xml data), but I was able to get it to work.

By simply setting the user and password to for my account, your configuration worked on my modem without any changes, i.e. port 49153 was forwarded correctly.

I checked all of your configuration pages to see if there was anything incorrect, and the only thing I noticed was DHCP still enabled, with a starting address on 192.168.0.2. It should either be disabled, or the starting address set to something higher, like 192.168.0.100. But this will only cause a problem if another machine on the network requests an address via DHCP. Since you only have the one statically configured machine right now, you should not see any problems due to this.

So, here are a few questions to answer, and things to try:

1) What type of connection do you have between the modem and your PC -- ethernet or USB? I've never tried USB, so although it probably isn't a problem, I guess it is possible that it could cause a problem.

2) Telnet into the modem and try pinging 192.168.0.3. If the firewall is completely disabled on the PC then this should succeed.

3) When you did the windump, did you first try it with port 80? Did you successfully get traced packets in that case?

4) Please post the output from "windump -D" here.

5) Finally, lets try another port instead of 49153. Here is why. Azureus by default will try to set up its own port forwarding by talking to the UPnP service on the modem. This may be causing problems with the explicit port forwarding you are trying to enable. Set up port forwarding for a port that the PC is not currently listening to. It might also help to disable Azureus for this test (Note, just closing the Azureus window doesn't terminate the process by default, you need to right click on the frog icon in the lower right part of the task bar and click on exit).

Try port 799 for example (not currently assigned to any service). Create a port forwarding rule for TCP port 799 on the modem (save & restart, then check to make sure it is still there). Start windump on the PC listening to port 799 and then try to test it via www.canyouseeme.org. If you see "Connection Refused" (rather than "Connection Timed Out") from www.canyouseeme.org, and/or windump captures some packets then that would indicate a "success".

mdamberger

join:2004-12-01
Roswell, NM
I've been using the USB connection lately. That is because on most resets to the modem I only am able to connect to it about half the time after a reset. I tend to have to reset the PC when using ethernet. But once I setup ethernet and not keep resetting the modem it's stable. However, the USB connection comes back every time when I do resets of the modem. I've tried the port forwarding on both ethernet and USB, makes no difference.

When I tel-netted into the modem at 192.168.0.1, I tried to ping 192.168.0.3 my static IP address on the PC side and got back no responses. But if I pinged yahoo.com or google.com from the telnet session inside the modem I got solid pings back from both. I don't understand how my computer and modem communicate if I can't ping it from inside the modem.. I've checked both security center and firewall in control panels and I've got the firewall set to off. I've setup security to be minimum. The modems firewall is off.

When I did a port 80 test, I was able to see the packets on windump, but still got back the time out error on canyouseeme.org. On port 799 I DON'T see any packets on windump and also get the time out error on canyouseeme.org.

Here is windump. Device two is currently USB, I'm attached to the GT701 via USB right now. It won't make a difference if I use ethernet.

C:\Program Files>windump -D
1.\Device\NPF_GenericDialupAdapter (Generic dialup adapter)
2.\Device\NPF_{6E544437-5954-4FB9-B744-AF8AC39260ED} (Actiontec Electronics, I
. (Microsoft's Packet Scheduler) )

Here are iptables.

# iptables -v -L
Chain INPUT (policy ACCEPT 200 packets, 24695 bytes)
pkts bytes target prot opt in out source destination

0 0 DROP tcp -- ppp0 any anywhere anywhere
tcp dpt:telnet
6 360 DROP tcp -- ppp0 any anywhere anywhere
tcp dpt:www
7 450 QUEUE udp -- br0 any anywhere anywhere
udp dpt:domain
0 0 ACCEPT icmp -- any any anywhere anywhere

11 2472 ACCEPT all -- ppp0 any anywhere anywhere
state RELATED,ESTABLISHED
186 9627 DROP all -- ppp0 any anywhere anywhere

Chain FORWARD (policy ACCEPT 400 packets, 126K bytes)
pkts bytes target prot opt in out source destination

0 0 QUEUE udp -- ppp0 any anywhere anywhere
udp spt:domain
0 0 QUEUE udp -- any ppp0 anywhere anywhere
udp dpt:domain
2 120 ACCEPT tcp -- ppp0 any anywhere anywhere
tcp dpt:799
0 0 REJECT tcp -- br0 any anywhere anywhere
state INVALID,NEW,RELATED,UNTRACKED tcp dpt:telnet flags:!SYN/SYN reject
-with tcp-reset
152 24708 sLog all -- !ppp0 ppp0 anywhere anywhere
sLog max_num 50 timeout 300

Chain OUTPUT (policy ACCEPT 152 packets, 63950 bytes)
pkts bytes target prot opt in out source destination

7 1713 QUEUE udp -- any br0 anywhere anywhere
udp spt:domain
0 0 DROP udp -- any ppp0 anywhere anywhere
udp spt:route
0 0 DROP icmp -- any ppp0 anywhere anywhere
icmp destination-unreachable
0 0 DROP icmp -- any ppp0 anywhere anywhere
state INVALID
#
# iptables -t nat -v -L
Chain PREROUTING (policy ACCEPT 380 packets, 20521 bytes)
pkts bytes target prot opt in out source destination

1 60 DNAT tcp -- ppp0 any anywhere anywhere
tcp dpt:799 to:192.168.0.3

Chain POSTROUTING (policy ACCEPT 3 packets, 180 bytes)
pkts bytes target prot opt in out source destination

68 3386 MASQUERADE all -- any ppp0 anywhere anywhere

Chain OUTPUT (policy ACCEPT 8 packets, 514 bytes)
pkts bytes target prot opt in out source destination

#
#


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
I installed the USB driver on my laptop and tested it out, just to be sure that it doesn't behave differently. It worked fine, and I was able to get port forwarding working via the USB interface, so I agree that using the USB interface is probably not the cause of your problem. I will note that the USB interface can reduce your performance (both bandwidth and latency).

The fact that you can't ping your PC from the modem is a very strong indicator that the problem is on your PC, not on the modem. This is the exact behaviour you would see if Windows Firewall was enabled. I'm not doubting the fact that you say it is disabled, although it still might be worth doing a few sanity checks to make sure. If it was just Windows Firewall that was blocking ports then you should still see packets with windump, since it can see packets that get rejected by Windows Firewall. So, I suspect that you have some other software that is doing the blocking. FInding it, if it does exist, may not be easy. I'm fairly certain that whatever is blocking your PC from responding to ping (ICMP Echo) is also what is blocking your inbound ports.

So, here are some questions and other things to try:

1) You mentioned that you installed Qwest QuickCare. You don't need it. It's meant for people who have absolutely no networking knowledge, and don't need to do anything fancy. It's been known to cause more problems than it fixes. It probably isn't responsible for this particular problem, but it does install a Windows Layers Service Provider hook, i.e. a module that gets inserted into your network stack. Some people have had trouble removing it. Before removing QuickCare, download lspfix from:

»www.cexx.org/LSPFix.exe

This utility can fix any damage caused by QuickCare, and I also want you to use it to determine what other Layered Service Providers you may have installed on your machine.

So, Click on "Add or Remove Programs" in the control panel, and remove QuickCare.

2) Run lspfix (must be run with Admin privileges). Do not click the "I know what I am doing" box. Write down everything listed in the "Keep" box and post it here. Click on "Finish". This will fix any problems in the Layered Service Provider chain if there are any (Removing QuickCare has been known to mangle this).

3) From the Start menu click on or mouse over "Connect To". Then click on "Show All Connections". Report here what it shows in the "Status" column for the USB lan connection. It should just say "Connected", not "Connected,Firewalled".

4) With the Network Connections box still up (from the previous step), right click on the USB connection under the Name column, and then click on "Properties". List here what you find in the "This connection uses the following items:" box (e.g. Internet Protocol(TCP/IP), Client for Microsoft Networks, etc).

5) Now click on "Internet Protocol(TCP/IP)" so that it is highlighted. Then click on the "Properties" button. Now click on the "Advanced" button near the bottom. That will bring up another dialog with 4 tabs on top. Click on the "options" tab. Report here if there is anything else listed in the "Optional Settings" box other than "TCP/IP filtering". Now click on "TCP/IP filtering" so that it is highlighted. Then click on the "Properties" button. Make sure the "Enable TCP/IP Filtering (All Adapters)" box is NOT checked. Now just X out of (or cancel) all those dialog boxes.

6) On the bottom right of your task bar there should be a variety of different icons for different services that were started. Mouse over them, or right click on them to identify what they are if you don't know what they are currently. Make sure you expand that part of the bar if you have auto hiding on. Many firewall applications (other than Windows Firewall) will place an icon here, showing that it is running, and also giving you the ability to turn it off and/or configure it. Make sure you understand what each one is for, and report on any that might be a firewall, or you are not sure what it is.

7) Click on "Add or Remove Programs" under control panel and go through the list of programs listed there. Report here any programs that may be a firewall, or that you are not sure what it is.

8) Are you running any kind of antivirus software? Spyware detection software? Is it possible that that software may also have a firewall? Check the configuration of that software carefully.

9) Do you use VPN (Virtual Private Networking) software for anything? If so, what type?

10) Start a command prompt window and type "route print". Paste the output here.

11) What kind of computer do you have? You said that you recently reinstalled Windows. Did you use a Microsoft manufactured CD, or one from an OEM (i.e. Dell, HP, etc.). PC companies typically bundle their computers with a lot of extra software, which may include firewall software. Even if you reinstall windows you may get the software reinstalled automaticaally if you use a PC companies CD to do the install.

12) Try this experiment. Reboot Windows, and press the F5 key as it starts booting. That should bring you to a screen that lets you choose to start Windows in "Safe Mode". Choose "Safe Mode with Networking". Once Windows comes up in Safe Mode, start a command prompt window and telnet to the modem and try pinging the PC again. See if it now works (Safe Mode prevents a lot of stuff from starting at boot, which may prevent whatever is blocking you currently from starting). If it does work, start up a browser and try the www.canyouseeme.org experiment. Try whichever ports you are still forwarding, i.e. either 799 or 49153. See if you get "Connection Refused" instead of "Connection Timed Out".

Sorry for all this, but if the problem is on the PC, then there are a lot of places where things can go wrong. This is far from an exhaustive list of possibilities, but it is a start at least.

mdamberger

join:2004-12-01
Roswell, NM
I uninstalled Quick Care. When I ran LSPFix.exe I got the following.

mswsock.dll Tcpip
winrnr.dll NTDS
rsvpsp.dll (Protocol handler)

no changes were made when I hit Finish.

I'm not sure what you mean by Connect To or Show All Connections, but when I go into Network Connections. Local Area Connection 2 says "Connected Actiontec Gateway" No firewall or lock symbol.

Under properties, I have the following listed.

Client for Microsoft Networks
Deterministic Network Enhancer
File and Printer Sharing for Microsoft Networks
QoS Packet Scheduler
Network Monitor Driver
Internet Protocol (TCP/IP)

Only TCP/IP filtering is listed under Options.

Under filtering Enable TCP/IP Filtering (All adapter) IS checked off. I've set it to OFF (not checked) There were no ports listed, just grayed out.

I only have Microsoft Windows Security Alerts in red with an X inside the icon. No other services are running.

I've got no programs listed that I can see that might effect this. Remember this computer got a complete reinstall after the old hard drive died. I've not installed any kind of antivirus software, firewalls etc..

I do have a VPN client to connect to our corporate network. But I only run it if I need to connect, I've not run it in the last month. Also, if I do run it, I must enter my login and passwod if I surf the net via Explorer. So it's quite obvious when I do run it. The VPN client is by Cisco Systems.

C:\Documents and Settings\mdamberger>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0f b3 74 aa 6b ...... Actiontec Gateway - Packet Scheduler Minipor
t
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 30
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 30
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 30
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

The computer I have is a HP Omnibook 6000 PIII 650MHz. The install was a Microsoft XP Pro disk.

mdamberger

join:2004-12-01
Roswell, NM
I went back in and ran in safe mode with networking. I was able to ping my PC from inside the DSL modem at 192.168.0.3. (I got nothing before) When I tried port 799 from canyouseeme.org I got back "connection refused". Not the timeout error I had been getting to that port. So it looks like port forwarding is working, because if I tried any other ports like 80 I got the timeout error. So some setting on the pc must be refusing to answer any ports.


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1

1 edit
reply to mdamberger
said by mdamberger:

I do have a VPN client to connect to our corporate network. But I only run it if I need to connect, I've not run it in the last month. Also, if I do run it, I must enter my login and passwod if I surf the net via Explorer. So it's quite obvious when I do run it. The VPN client is by Cisco Systems.
Ah, this is most likely the cause of your problem. The Cisco VPN client contains a firewall that can be enabled to run EVEN WHEN YOU ARE NOT RUNNING THE CLIENT, i.e. the firewall part of the client runs automatically when you boot the machine. Many distributions of the Cisco VPN client have this enabled by default.

So, to disable it, try this:

1) Open the Cisco VPN Client and select "Options". Uncheck the "Stateful Firewall (Always On)" option.

2) If you don't find this option, try selecting "Advanced Mode" from the Options menu.

If you still can't find the option, it doesn't mean that the firewall is not there. It's possible, if you got the client from your company, that they have disabled the ability to turn this option off. Try uninstalling the client for testing purposes.

Now try some of the previous tests (ping from the modem, port checks via www.canyouseeme.org). Hopefully it will work now (assuming there isn't yet a 3rd firewall lurking on your computer).

If port forwarding works then you need to come up with a more permanent solution. You don't want to connect your laptop to an external ISP without having any firewall in place. The problem is that the Cisco VPN client has known problems with Windows Firewall. There are some workarounds that work in some cases, but not always. For that reason many people use yet another 3rd party firewall that works with the Cisco VPN client (because the "Always On" part of the Cisco VPN firewall is very inflexible, i.e. you can't open selected ports). Anyway, for testing purposes while behind your Actiontec modem, you should be safe, but long term you need to either 1) Get the Cisco VPN to work with Windows Firewall 2) Get a 3rd party firewall that works with Cisco VPN, or 3) Manually enable and disable the firewall when you are in public (dangerous if you ever forget).


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
reply to mdamberger
mdamberger, I was just wondering if the Cisco VPN client firewall was what was causing your problem, and if you were able to get things to work.

mdamberger

join:2004-12-01
Roswell, NM
Yes, the problem WAS the Cisco VPN dial-er. It does have a option for Firewall on/off. But turning it off is disabled. So I went into Services in Administrative Tools and changed the Cisco Systems to Manual Start up. At this point I should probably turn on Windows Firewall and add the ports Im using. But your saying Cisco VPN's don't work well with Windows. So if I want to use it I'll need to turn off Windows Firewall and let the VPN Firewall back on while I use it.

ggreg

join:2005-11-02
reply to msj
I am having problems with port forwarding on the actiontec also. i have tried everything even updating the firmware. I am setting up ssh forwarding. No mater what I get connection refused when I try to ssh into my linux box through the modem. This modem seems to bar all incoming connection no matter what. I went to the advanced and set up port forwarding both udp and tcp for ports 20-25. I am also tried the dmz option. Same crap. I had the port fowarding working fine before with a cable modem and a linksys router. This actiontec is a piece of crap. Is there any way to make port fowarding work. Does anyone in the world have it working for incoming ssh connections. If so I would love to know how you did it. Otherwise is there another modem that I can use with quest?


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1
Yes, I have ssh (port 22 tcp) forwarding working just fine to my Linux server. I haven't done anything special that hasn't already been mentioned in this thread.

When you say you test it "through the modem" are you actually doing it from an external site, or are you trying to test it from inside your network?

I assume you have tried to ssh into your linux box directly from inside your network, just to validate that you have sshd setup correctly?

What does www.canyouseeme.org report for port 22 (using any machine inside your network).

Is qwest your ISP, or are you using a different ISP?