Port Forwarding not working no matter what I do

A

Alien

Member
beers said:
That's a different service that has nothing to do with the application you're trying to allow.. It sounds like they had you launch a web server (IIS). You can connect since the application is listening on it.

If you really just wanted to test port forwarding anyway you could forward something like external 50000 to internal 80 for that host and then try to have an external/Internet source browse to http://external-ip-here:50000



For a forwarded port it should usually show open if the service is forwarded and listening. If you are filtering by source IP it may show closed or stealth (which you most probably aren't). Usually you will see closed if the service is not listening on that port but the port is forwarded.


What are you even trying to accomplish anyway? Most torrent clients utilize UPnP to begin with. Are your uploads just sucky?
Click to expand...

My uploads are pretty god awful, as you mentioned, mostly at 500b/s, but 52757 is just an example that I chose to use for the sake of simplicity. In reality, no port that I forward ever shows as open. For example, I decided to test to see if I could connect to a Teamspeak server hosted on my computer (Which utilises port 9987), and I was unable to connect, as was a third party I requested try and connect. I also occasionally have trouble connecting to users on online games, as I usually have either a closed or moderate NAT. I've also ensured that there's ABSOLUTELY a program listening on the port I am testing.

C4C said:
There's a sticky thread in this sections for my guide: http://www.computerforum.com/232855-how-port-forward.html
It may or may not be helpful if you haven't taken a look already.

FROM THIS IMAGE YOU HAVE, try to set the port number above and below what you're trying to open. Some routers have issues and won't open the port if the start and end ports are the same.

ISP's can also block forwarding if you're using a router model they own.
Click to expand...

Unfortunately, the first thing I did when coming to this forum was check your guide, but I was unable to find a solution within. I've also tried to forward the ports 9986-9988 (Port 9987 is for Teamspeak), but it doesn't appear to have worked, however.
3950ef57af3ff11c821406a66715a3f2.png


I have a router which is not manufactured by my ISP and is simply a rebranded Zyxel router, but when I checked my ISPs forums their support simply say that they do not "support" port forwarding, and make no mention of actively blocking it.
 
Agent Smith

Agent Smith

Well-Known Member
Can you post a screen shot of your router's web page that you set your port forwarding in?

Also, you may want to change the default Teamspeak port. I was using the default port and was running Peerblock with a whole host of country blocks. Well, Iran was constantly trying to get into the default TS port and no one knows that I run TS except my Bro.

Here's my blog post on that. https://blog.************.net/?p=91

Scroll to the bottom. You don't need to use Putty. I did in the beginning.
https://blog.************.net/?p=91
 
Last edited:
beers

beers

Moderator
Staff member
Agent Smith said:
Well, Iran was constantly trying to get into the default TS port and no one knows that I run TS except my Bro.
Click to expand...

Surprised with how paranoid you are you don't ACL traffic sourcing from those countries. Also, it's pretty easy to do a service fingerprint off of open ports if you're just auto scanning IP ranges.
 
Agent Smith

Agent Smith

Well-Known Member
OMFG dude. I don't have enterprise hardware for ACL. Also it's called security through obscurity. Sure, you could scan all 65 thousand + ports, but most probe scans don't do that. I see this monitoring input traffic on SNMP. So far no connection attemps to that port anymore.


My ACL is Peerblock as stated. They couldn't get in, but it was the fact they were trying that I changed the port.
 
beers

beers

Moderator
Staff member
Agent Smith said:
OMFG dude. I don't have enterprise hardware for ACL. Also it's called security through obscurity. Sure, you could scan all 65 thousand + ports, but most probe scans don't do that. I see this monitoring input traffic on SNMP. So far no connection attemps to that port anymore.

My ACL is Peerblock as stated. They couldn't get in, but it was the fact they were trying that I changed the port.
Click to expand...

Facedesk. You can even use iptables on an Ubiquiti ERL or something that is less than $100 (or flash your router to DD-WRT and drop traffic there). You could also even drop those subnets on a software firewall layer costing you nothing, which you have indicated with PeerBlock.

If the traffic is showing up in PeerBlock logs why are you even paranoid about it as it's already being dropped?

Also it's called security through obscurity.
Click to expand...

In a professional realm this means nothing at all. Usually you get fired taking this approach since obscure implementations by default don't offer anything other than obfuscation.
 
A

Alien

Member
Agent Smith said:
Can you post a screen shot of your router's web page that you set your port forwarding in?

Also, you may want to change the default Teamspeak port. I was using the default port and was running Peerblock with a whole host of country blocks. Well, Iran was constantly trying to get into the default TS port and no one knows that I run TS except my Bro.

Here's my blog post on that. https://blog.************.net/?p=91

Scroll to the bottom. You don't need to use Putty. I did in the beginning.
https://blog.************.net/?p=91
Click to expand...

I'm going to include all pages of the NAT section, just in case I did not use a correct setting.
I also still am unable to connect to putty or Telnet. I have no idea what could be causing it, as my firewall is not running. I'm simply at a loss.
92a9576a8cd5918252ccf426d7fae64b.png

7610da91a47466d84951c5fbafd076ac.png

065aa49b7849205cd11897d0c111f357.png

70dd0453502c000f4f2bcea311c478b7.png

88521402b460e826ef1d91739f4fcdfc.png
 
Agent Smith

Agent Smith

Well-Known Member
beers said:
Facedesk. You can even use iptables on an Ubiquiti ERL or something that is less than $100 (or flash your router to DD-WRT and drop traffic there). You could also even drop those subnets on a software firewall layer costing you nothing, which you have indicated with PeerBlock.

If the traffic is showing up in PeerBlock logs why are you even paranoid about it as it's already being dropped?



In a professional realm this means nothing at all. Usually you get fired taking this approach since obscure implementations by default don't offer anything other than obfuscation.
Click to expand...

My router has been flashed with DD-WRT since circa 2006 and I can use IPtables, but the memory can't hold as many it would require to block the countries I want.
 
You must log in or register to reply here.
Top