Port Forwarding Issues

T

tgray96

[H]ard|Gawd
Joined
Dec 13, 2010
Messages
1,055
Ok, so Im assuming this has to do with port forwarding.
I setup a server on Ubuntu, and people need access to a few different ports
80: for the main webpage
8080: for a different webpage
10000: for webmin
and the ts3 ports.
I am using no-ip dynamic dns, i have the updater installed, but nobody can access the server.
I even put it in the DMZ to see if it was my port forwarding, but still no one can connect
I've done this 100 times, and never had this problem, Im stumped
 
so if you ping your no-ip domain name, it resolves to your IP address, correct?
and you've given your Ubuntu box a static IP, correct?

and in your router, you've forwarded those ports to the static IP configured on the Ubuntu box?
 
It does resolve.
Ubuntu Box has static ip
And in my router those ports are forwarded to the static ip
 
so the Westell is the only device? No additional router?

by looking at what I could find on that Westell, you are selecting Host and not Dynamic for the port forward type?

edit: it also appears that Westell has a built-in firewall, which defaults to High security setting? Apparently dropping that down to Medium allows (or is supposed to allow) port forwarding.
 
Just the Westell,
Are you referring to this?
Dynamic Application* Dynamic application is not applicable for Service containing a rule for "in" direction.
Click to expand...
When i forward a port, where it asks for the ip, it gives me this option, but I cant select it. Its grayed out
 
tgray96 said:
Just the Westell,
Are you referring to this?

When i forward a port, where it asks for the ip, it gives me this option, but I cant select it. Its grayed out
Click to expand...

HOST is the one you would want. It looks like Dynamic is more for Port Triggering, which is not what you want.

Have you tried disabling the gateway's built-in firewall?
a quick google search on "Westell 7500 Gateway port forwarding" shows LOTS of folks with issues getting port forwarding to work.
one resolution was upgrading the firmware.
one suggested changing the Westell to bridged mode and use a real router.
one said turning the Westell's firewall to Low or Off resolved the issues.

basically, it looks like the Westell is just horrible as a router.
 
j-sta said:
HOST is the one you would want. It looks like Dynamic is more for Port Triggering, which is not what you want.

Have you tried disabling the gateway's built-in firewall?
a quick google search on "Westell 7500 Gateway port forwarding" shows LOTS of folks with issues getting port forwarding to work.
one resolution was upgrading the firmware.
one suggested changing the Westell to bridged mode and use a real router.
one said turning the Westell's firewall to Low or Off resolved the issues.

basically, it looks like the Westell is just horrible as a router.
Click to expand...
OK, tried turning the firewall off, no luck.
How would i bridge this modem? I've never had any problems with port forwarding on this modem.
 
after bridging my modem and setup a dd-wrt wrt54gs.
Still no luck.
Dynamic Address- Still resolves to IP
I can still connect to server on local network
And the ports are forwarded. Do i need to change other settings in DD-WRT?
 
That's strange.

ipcop, iptables, or any other sort of firewall installed on the Ubuntu box?
not sure what else it could be, if none of the ports are accessible from outside.
I could see port 80 and maybe 443 being blocked by the ISP, but 8080 is doubtful and 10000 is even more unlikely.
 
80 is not blocked, I havent installed ipcop or iptables, is there a default firewall i should check?
 
none that I know of; but it's been years since I've messed with Ubuntu.

I'm out of ideas.
 
the no-ip link is:
twpclan.zapto.org
it resolves to my ip: 74.5.134.143
ports forwarded:
8080
10000
80
9987
30033
10011
443

 
Did you forward both TCP and UDP? Check it with something like the shields up program on grc.com. Might also just connect the server directly to the bridged modem and see if you can connect from the outside then to rule out/in the router.
 
AcidBurn said:
Did you forward both TCP and UDP? Check it with something like the shields up program on grc.com. Might also just connect the server directly to the bridged modem and see if you can connect from the outside then to rule out/in the router.
Click to expand...
forwarded as both except the teamspeak ports which specify upd or tcp.
results from grc.

transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]80[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]http
World Wide Web HTTP[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]443[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]https
http protocol over TLS/SSL[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]8080[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]http-alt
HTTP Alternate (see port 80 and port 81)[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]9987[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Unknown Protocol for this port
Unknown Application for this port[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]10000[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]ndmp
Network Data Management Protocol[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]10011[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Unknown Protocol for this port
Unknown Application for this port[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]30033[/FONT]
transpixel.gif

[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Stealth[/FONT] [FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Unknown Protocol for this port
Unknown Application for this port[/FONT]Seems to me like it was scanning just the computer im on, which is not forwarded.
 
AcidBurn said:
Did you forward both TCP and UDP? Check it with something like the shields up program on grc.com. Might also just connect the server directly to the bridged modem and see if you can connect from the outside then to rule out/in the router.
Click to expand...
And connecting to the modem, won't be easy, for some reason the video does not work correctly, so not gonna be easy to get the IP...
 
No, it scans your WAN ip. My guess is the crappy westell is messing some things up.


Have the server clone the mac of the router and swap them, it "should" pull the same IP
 
Like I said, i had things forwarded through the westell before, and it worked fine, before i setup this server, i had ubuntu and these programs running on a virtual pc on my desktop and they were forwarded fine.
 
Tried the DMZ again, i find it odd, I still cant connect to the server, but if i put say my XBOX through it, it opens it up.. I will dig and find one of my old zyxel modems tommorow
 
I'd appreciate it if we keep this thread on topic, if you don't have anything helpful or if you have anything shitty to post, DON'T.
 
OK, according to ubuntu, ran a netstat cmd, 8080,80,10000,22 are open, not sure what to do now
 
Question?

Are you using a hardware firewall or Linux software? If hardware which one?
 
tangoseal said:
Question?

Are you using a hardware firewall or Linux software? If hardware which one?
Click to expand...
Not using either that I know of, I haven't installed one on the server.
I'm currently using a westell 7500 modem/router/gateway
 
this is what im getting form the shields up test:
transpixel.gif
[FONT=Verdana,Arial,Helvetica,Sans-Serif,MS Sans Serif]Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
transpixel.gif

graypixel.gif

transpixel.gif

Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
transpixel.gif

graypixel.gif

transpixel.gif

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.[/FONT]
transpixel.gif

graypixel.gif
Click to expand...
 
Could it have anything to do with the static ip setup, hostname, apache bindings? just trying to think of ideas here...
 
You must log in or register to reply here.
Back
Top