port forwarding not working

[gib65]

Hello,

I'm trying to set up port forwarding on my router and it doesn't seem to be working.

Please see the attached screen shot titled "port forwarding rule.jpg". This shows the rule I have setup to forward HTTP requests to my server. I have it set to ports 80 and 81 for both the LAN and WAN (not sure if this is right), TCP for the protocol, and 192.168.1.66 for the server address (which I've verified is correct).

If you have a look at the other attachment (titled "port forwarding options.jpg"), you will see what kind of options my router gives me for setting up port forwarding. One thing I've never seen before is start and end ports for BOTH WAN and LAN. Not sure if it should be the same for both.

In any case, it's not working.

I set the A record with my registration company to 161.184.240.190, which I got off www.whatismyip.com, so it should be pointing to my router.

Can anyone think of why it is not working?

 

[Cromewell]

Can you access the server via its internal IP on your network? i.e. using a second machine connect to 192.168.1.66.

You probably could have done 80 to 80, but what you have should be fine if you don't mind 81 being open.

 

[beers]

A lot of ISPs block inbound TCP 25 (smtp) and TCP 80 (http).

 

[gib65]

Can you access the server via its internal IP on your network? i.e. using a second machine connect to 192.168.1.66.

Yes, I can RDP into it.

A lot of ISPs block inbound TCP 25 (smtp) and TCP 80 (http).

That's what I'm afraid of. The guy who set up my internet service told me I could run a server out of my home so long as I kept the bandwidth low, which lead me to believe it was possible. But even these techy guys can be wrong.

Is there a way to tell if my ISP is actively blocking HTTP requests (other than by asking them)?

 

[beers]

You could forward on another port (say externally on 50000 to internal 80). If you can see that high range port open with the same configuration then it's probably blocked, as internally you would be listening on the same addresses etc.

 

[gib65]

You could forward on another port (say externally on 50000 to internal 80). If you can see that high range port open with the same configuration then it's probably blocked, as internally you would be listening on the same addresses etc.

Well, I set the external port to 50000 (both the start and end) and then tried to go to http://www.mm-theory.com:50000. It could not access the page. Does this mean I'm not being blocked?

 

[beers]

Can you use something like Shieldsup or Canyouseeme to receive connections on that port? Some consumer devices aren't good at hairpin NAT so you wouldn't be able to access your own external address from within your internal network, if that makes any sense

 

[smellsorange]

Yes, I can RDP into it.



That's what I'm afraid of. The guy who set up my internet service told me I could run a server out of my home so long as I kept the bandwidth low, which lead me to believe it was possible. But even these techy guys can be wrong.

Is there a way to tell if my ISP is actively blocking HTTP requests (other than by asking them)?

RDP isn't the same as just visiting port 80 on that machine.

So goto browser and type in 192.168.1.66 or whatever the ip is and see if you can load the website page from there. If not then you have to open 80 on that machine.

You often can't visit your own server from a home based connection due to the router not supporting loop backs.

you would need to ask someone on the internet, like a friend, to test, or try using a http proxy service to visit your own site locally.


Also: I can visit http://www.mm-theory.com:50000/ and I get a website about "The Nuts and Bolts of Consciousness"

so it works..... Your device just doesn't support loop backs. Try port 80 again and test with external http proxy or ask someone to load it.

 

[beers]

You often can't visit your own server from a home based connection due to the router not supporting loop backs.

The term loopback can get confusing in certain contexts

Usually the router doesn't see the internal source traffic as needing to be NATted so you're just bouncing a request off the router instead of having it be forwarded back in on the port forwarding rules (or a 'hairpin' NAT where the request follows the same rules as external traffic).

OP, a lot of the time to resolve this you'd do something like a split horizon DNS where your internal nameserver provides the internal IP for 'mm-theory.com' instead of the externally available one. You could probably add an entry into your HOSTS file to point to the internal IP too if you wanted to just reference via hostname instead of keeping track of multiple IP addresses.

 

[smellsorange]

The term loopback can get confusing in certain contexts

nat loopback. it's an actual thingie majig that a lot of residential routers do not support/just don't work.




/edit add another internet resource I located quickly/

http://security.stackexchange.com/questions/16343/is-nat-loopback-on-my-router-a-security-problem (no, it is NOT a security issue, just a "feature" that isn't often included in residential equipment)

 

[gib65]

Also: I can visit http://www.mm-theory.com:50000/ and I get a website about "The Nuts and Bolts of Consciousness"

Yes!!! That's it!

So you can get there. I can't because I'm trying to connect from my home network. I could try it again at work tomorrow and see. But I trust you. So the question now is how do I configure my modem/router to not require the user to supply the port number with the URL?

OP, a lot of the time to resolve this you'd do something like a split horizon DNS where your internal nameserver provides the internal IP for 'mm-theory.com' instead of the externally available one. You could probably add an entry into your HOSTS file to point to the internal IP too if you wanted to just reference via hostname instead of keeping track of multiple IP addresses.

I'm familiar with the hosts file. I'm not sure what an example would be of a proper entry though. Would you mind providing an example with www.mm-theory.com?

 

[gib65]

UPDATE: I just remotely logged on to my computer at work and found that I can indeed get to my website by typing in:

http://www.mm-theory.com:50000/

I also found that this doesn't work unless I explicitly type in the "http://" at the beginning... weird.

 

[smellsorange]

It appears that when you specify a port you also have to specify the protocol.

Try setting it back to port 80 and see if that works so you just have to go to mm-theory.com without specifying a port.

 

[gib65]

Nope, not happening. I can't get there on port 80.

IE and Chrome default http://www.mm-theory.com:80 to www.mm-theory.com anyway. Firefox doesn't, but it can't get to http://www.mm-theory.com:80.

I'd like to try that host file idea that beers suggested, but I'm not sure of what an example might look like.

 

[smellsorange]

the hosts file will only allow you to visit the site on port 80 locally.

It will not allow others to visit your site if port 80 is blocked by your ISP.

You are sure you configured your server back to port 80 and redid the forwarding ?

If you are sure about that and still can't visit on port 80 then it is likely that your ISP has indeed blocked that incoming port.

 

[gib65]

the hosts file will only allow you to visit the site on port 80 locally.

It will not allow others to visit your site if port 80 is blocked by your ISP.

You are sure you configured your server back to port 80 and redid the forwarding ?

If you are sure about that and still can't visit on port 80 then it is likely that your ISP has indeed blocked that incoming port.

Assuming that my ISP is blocking me, what other options do I have? Do I have to bight the bullet and bump my account up to the business level?