App QoS vs Port Forwarding in WRT110

Hello,
What would be better to set in my WRT110 router to make sure my online game gets priority overall: Application QoS or Port Forwarding? I can see the WRT110 has this new feature that I didn't see with my old WRT54GS.
If it is Port Forwarding, which one since there is Single Port and Port Range Forwarding? Now, I must keep the DHCP settings since I'm on laptop and I travel a lot.
Thanks in advance

If you travel a lot then Single Port Forwarding or Port Range Forwarding are not your options...You need to do Port Triggering...

Similar Messages

Port forwarding, NAT, QoS..

I have a LinkSys E3000, but I'm having mad problems with QoS & port forwarding. I've tried the following:
Port range forwarding, from port 53 to 3074, to the IP of my xbox. My understanding is that it opens all ports in that range. Moderate NAT.
Single port forwarding, 53, 80, 88, 3074 (all both UPD & TCP - and the ports it says to open on portfoward.com), to the IP of my xbox. Moderate NAT.
DMZ, putting the IP of my Xbox in the DMZ. Moderate NAT.
DMZ, putting the MAC address of my Xbox in the DMZ. Moderate NAT.
I've no idea why none of the above work? I've also set the QoS to give my Xbox high priority (it is another option under Gaming & Applications alongside Port range forwarding, port forwarding, DMZ), so I doubt that is working either.
The only thing that gives me open NAT is if i have uPnP enabled (none of the above have any effect at all), but the connection is very dodgy. Voice chat is choppy, bit of lag in game, even when I'm the only one using an 8Mb connection (it was fine on a basic netgear router before, when no one else was on, but now I can't even get that far). I believe it should work without uPnP and with the above options I've set.
Even if the lag is sorted, it doesn't even begin to solve the QoS problem that I bought the router to fix.

Who is your internet service provider is that cable or DSL connection
Please let me know so that Acoordingly we can decide whether we should go for port range triggering or port range forwarding

WRT110 - still can't get Port forwarding to work

Here's the deal: Vista PC behind WRT110 in PPPOe mode which is behind a successfully bridged AT&T Westell modem/router (but it's not in DMZ mode). I've setup a static IP on my computer and enabled port forwarding to it in the router. Then I test port forwarding and still fail the test. On my Westell modem, it says I can share my (external) static IP with my router. Would that do anything helpful? Can you suggest anything else helpful? Thanks so much!!

Mort wrote:
You can use the Static IP under WRT110 .... using Internet Connection type ....
If the port forwarding is not working then reset & reconfigure the router ...
Thanks for your reply! If my modem is bridged, how do I know what my router's static IP address should be? Would it be the same as the modem?

WRT54GC - Orb app not port forwarding

When trying to configure an app for port forwarding sometimes it will time out. In the App and Gaming section I will specify the app name, the start and end port number and finally enable it. When I click save settings it will just wait and wait and eventually time out. I got the same results w/ both IE7 and Firefox.
Right now I'm trying to configure Orb by using the following specs
orb1 80-80 enabled
orb2 554-554 enabled
orb3 13398-13401 enabled
When I click Save Settings the browser will just wait and eventually time out. I finally got it to work by applying the settings one at a time. But when I got to the 3rd setting (orb3 13398-13401 enabled) the browser times out. No matter how many times I try won't apply.
What am I doing wrong?

Can you just leave the port 80 and put in the others? see if it accepts that...and you can try to upgrade your routers firmware...some firmwares previously had problems i think....
"You tried your best and you failed miserably! "

Please Help - Only Some Port Forwards Working

Hi all,
I have the most annoying issue with a Cisco 887VA-K9 port forwarding. Some port work while other don’t and I just can’t see why, however I suspect it is a zone based firewall (ZBF) issue.
Port forwards on the follow ports all work fine:
External port 8021 to 192.168.4.253 on port 80 works
External port 8022 to 192.168.4.253 on port 8022 works
All the rest don’t. I also have SIP phones sitting outside the LAN which are unable to register through the internet with the PBX unit which is in the DMZ network 192.168.4..0
Any help would be great appreciated as this sending me mad. Fully running config below.
Louise ;-)
Building configuration...
Current configuration : 36870 bytes
! Last configuration change at 12:49:03 Magadan Fri Nov 8 2013 by cpadmin
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname QQQ_ADSL_Gateway
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 64000
enable secret 4 gim.lMOdQK/21R4Wu.QJfOMAv3CIkRyN.hbSTG5xAxE
aaa new-model
aaa authentication login local_authen local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec local_author local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone Magadan 11 0
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3471381936
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3471381936
revocation-check none
rsakeypair TP-self-signed-3471381936
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-3471381936
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343731 33383139 3336301E 170D3132 30373132 31313332
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34373133
38313933 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AB76 5F7EE03F 306F52A0 91E82E04 7A69528D 1839409C 55BCC55A 47F180A9
7B522E9B FBB96A32 715178FE B96B737E 788947A4 CF4791AA 15609E37 A3F66F07
AD1B8A34 A2877711 E33A613D 8E50AE40 A106DE9C B2B03B95 73392ADB 4BB51FAD
6F2D6F8D A90BA0B5 BD1A209C F54126A9 2E2FF5B7 85041B7E C72032C0 CECE7F79
51550203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 141713AB B7F927E5 50C242DF 9912C3B6 61D93313 80301D06
03551D0E 04160414 1713ABB7 F927E550 C242DF99 12C3B661 D9331380 300D0609
2A864886 F70D0101 05050003 81810099 8EBE5630 2E6734A8 4D2FD0A5 F09A98F8
9E49125F AECEF4BB E0DEBB3A 1A449E38 99B02114 7EC84845 B53C2F88 046B7290
AE44967A 8BE20F5E 9D4A1CFC E1F64FE8 59F51892 23B88B4E 3416808A 68E65660
644C7DA0 E3A7A525 14FE8E54 67C35F8E CF69EB40 34DFB13D EA302F66 102C822A
3D7107BA AA4E7273 1D43690E C4A5D4
                quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip dhcp excluded-address 192.168.0.230 192.168.0.255
ip dhcp excluded-address 192.168.0.1 192.168.0.200
ip dhcp pool QQQ_LAN
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.254
dns-server 192.168.0.6 202.1.161.36
netbios-name-server 192.168.0.6
domain-name QQQ.Local
lease 3
ip cef
no ip bootp server
ip domain name QQQ.Local
ip name-server 192.168.0.6
ip name-server 202.1.161.37
ip name-server 202.1.161.36
ip inspect log drop-pkt
no ipv6 cef
parameter-map type inspect global
log dropped-packets enable
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
password encryption aes
license udi pid CISCO887VA-K9 sn FGL162321CT
object-group service MAIL-PORTS
description QQQ User Mail Restrictions
tcp eq smtp
tcp eq pop3
tcp eq 995
tcp eq 993
udp lt rip
udp lt domain
tcp eq telnet
udp lt ntp
udp lt tftp
tcp eq ftp
tcp eq domain
tcp eq 5900
tcp eq ftp-data
tcp eq 3389
tcp eq 20410
object-group network Network1
description QQQ Management Network
192.168.1.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.8.0 255.255.255.0
range 192.168.0.200 192.168.0.254
range 192.168.0.1 192.168.0.25
object-group network Network2
description QQQ User Network
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.6.0 255.255.255.0
range 192.168.0.26 192.168.0.199
object-group network QQQ.Local
description QQQ_Domain
192.168.0.0 255.255.255.0
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.6.0 255.255.255.0
192.168.8.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.10.0 255.255.255.0
10.1.0.0 255.255.0.0
object-group network QQQ_Management_Group
description QQQ I.T. Devices With UnRestricted Access
range 192.168.0.200 192.168.0.254
range 192.168.0.1 192.168.0.25
192.168.1.0 255.255.255.0
192.168.8.0 255.255.255.0
192.168.7.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.4.0 255.255.255.0
10.1.0.0 255.255.0.0
192.168.10.0 255.255.255.0
10.8.0.0 255.255.255.0
192.168.9.0 255.255.255.0
192.168.100.0 255.255.255.0
192.168.20.0 255.255.255.0
192.168.21.0 255.255.255.0
192.168.22.0 255.255.255.0
192.168.23.0 255.255.255.0
object-group network QQQ_User_Group
description QQQ I.T. Devices WIth Restricted Access
range 192.168.0.26 192.168.0.199
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.6.0 255.255.255.0
object-group service WEB
description QQQ User Web Restrictions
tcp eq www
tcp eq 443
tcp eq 8080
tcp eq 1863
tcp eq 5190
username cpadmin privilege 15 password 7 1406031A2C172527
username QQQVPN privilege 15 secret 4 Hk2tP2GgJ1xXtJUqIZr4gmNSgw6q1E.rvzWiYnDAZHU
controller VDSL 0
ip tcp synwait-time 10
no ip ftp passive
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 118
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 121
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 120
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
match access-group 122
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 117
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect gnutella match-any ccp-app-gnutella
match file-transfer
class-map type inspect match-any SDM_HTTP
match access-group name SDM_HTTP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all sdm-cls-http
match access-group name dmz-traffic
match protocol http
class-map type inspect match-any Telnet
match protocol telnet
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
match service any
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
match service any
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
match service any
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any FIREWALL_EXCEPTIONS_CLASS
match access-group name FIREWALL_EXCEPTIONS_ACL
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any SDM_EASY_VPN_CTCP_SERVER_PT
match access-group 102
match access-group 103
match access-group 104
match access-group 105
match access-group 106
match access-group 107
match access-group 108
match access-group 109
match access-group 110
match access-group 111
match access-group 112
match access-group 113
match access-group 114
match access-group 115
class-map type inspect match-any SIP
match protocol sip
class-map type inspect pop3 match-any ccp-app-pop3
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect sip match-any ccp-cls-sip-pv-2
match protocol-violation
class-map type inspect kazaa2 match-any ccp-app-kazaa2
match file-transfer
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect match-all ccp-cls-ccp-permit-1
match access-group name ETS1
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect msnmsgr match-any ccp-app-msn
match service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
match service text-chat
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-1
match access-group name ETS
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
class-map type inspect match-all ccp-cls-ccp-pol-outToIn-2
match class-map Telnet
match access-group name Telnet
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-any ccp-dmz-protocols
match user-group qqq
match protocol icmp
match protocol http
class-map type inspect edonkey match-any ccp-app-edonkey
match file-transfer
match text-chat
match search-file-name
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all sdm-cls-sip
match access-group name dmz-traffic
match protocol sip
class-map type inspect match-all ccp-dmz-traffic
match access-group name dmz-traffic
match class-map ccp-dmz-protocols
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
class-map type inspect edonkey match-any ccp-app-edonkeydownload
match file-transfer
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect aol match-any ccp-app-aol
match service text-chat
class-map type inspect edonkey match-any ccp-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect match-all ccp-cls-ccp-permit-dmzservice-1
match class-map SIP
match access-group name SIP
class-map type inspect fasttrack match-any ccp-app-fasttrack
match file-transfer
class-map type inspect http match-any ccp-http-allowparam
match request port-misuse tunneling
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect p2p ccp-action-app-p2p
class type inspect edonkey ccp-app-edonkeychat
log
allow
class type inspect edonkey ccp-app-edonkeydownload
log
allow
class type inspect fasttrack ccp-app-fasttrack
log
allow
class type inspect gnutella ccp-app-gnutella
log
allow
class type inspect kazaa2 ccp-app-kazaa2
log
allow
policy-map type inspect PF_OUT_TO_IN
class type inspect FIREWALL_EXCEPTIONS_CLASS
pass
policy-map type inspect PF_IN_TO_OUT
class type inspect FIREWALL_EXCEPTIONS_CLASS
pass
policy-map type inspect im ccp-action-app-im
class type inspect aol ccp-app-aol
log
allow
class type inspect msnmsgr ccp-app-msn
log
allow
class type inspect ymsgr ccp-app-yahoo
log
allow
class type inspect aol ccp-app-aol-otherservices
log
reset
class type inspect msnmsgr ccp-app-msn-otherservices
log
reset
class type inspect ymsgr ccp-app-yahoo-otherservices
log
reset
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
reset
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-http-allowparam
log
allow
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
policy-map type inspect ccp-inspect
class type inspect ccp-protocol-http
inspect
service-policy http ccp-action-app-http
class type inspect ccp-protocol-imap
inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
inspect
service-policy p2p ccp-action-app-p2p
class type inspect ccp-protocol-im
inspect
service-policy im ccp-action-app-im
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-invalid-src
drop log
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect ccp-cls-ccp-permit-1
pass
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class type inspect SDM_EASY_VPN_CTCP_SERVER_PT
inspect
class class-default
drop
policy-map type inspect sip ccp-app-sip-2
class type inspect sip ccp-cls-sip-pv-2
allow
policy-map type inspect ccp-permit-dmzservice
class type inspect ccp-cls-ccp-permit-dmzservice-1
pass
class type inspect ccp-dmz-traffic
inspect
class type inspect sdm-cls-http
inspect
service-policy http ccp-action-app-http
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class class-default
pass
policy-map type inspect ccp-pol-outToIn
class type inspect ccp-cls-ccp-pol-outToIn-1
pass
class type inspect ccp-cls-ccp-pol-outToIn-2
pass
class type inspect CCP_PPTP
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
pass
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class class-default
drop log
zone security dmz-zone
zone security in-zone
zone security out-zone
zone security ezvpn-zone
zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone
service-policy type inspect ccp-pol-outToIn
zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security dmz-to-in source dmz-zone destination in-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn2 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn1 source dmz-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in2 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination dmz-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in3 source ezvpn-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
crypto ctcp port 10000 1723 6299
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key 6 PbKM_WfaCM[hYNXAFOUgCNgCB_ZdJEAAB address 220.245.109.219
crypto isakmp key 6 NddQRR[O^KY`GRDC[VZUEPE`CSJ^CDAAB address 0.0.0.0 0.0.0.0
crypto isakmp client configuration group QQQ
key 6 UWVBhb`Lgc_AZbDYWDFZiGZTTadNYTAAB
dns 192.168.0.6 202.1.161.36
wins 192.168.0.6
domain QQQ.Local
pool SDM_POOL_1
include-local-lan
max-users 20
max-logins 1
netmask 255.255.255.0
banner ^CCWelcome to QQQ VPN!!!!1                 ^C
crypto isakmp profile ciscocp-ike-profile-1
   match identity group QQQ
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address initiate
   client configuration address respond
   keepalive 10 retry 2
   virtual-template 1
crypto ipsec transform-set ESP_AES_SHA esp-aes 256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP_AES_SHA
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to220.245.109.219
set peer 220.245.109.219
set transform-set ESP-3DES-SHA
match address 119
interface Loopback0
description QQQ_VPN
ip address 192.168.9.254 255.255.255.0
interface Null0
no ip unreachables
interface Ethernet0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no fair-queue
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description Telekom_ADSL
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
zone-member security out-zone
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description QQQ_LAN-VLAN_1
switchport access vlan 1
no ip address
interface FastEthernet1
description QQQ_LAN-VLAN_1
no ip address
interface FastEthernet2
description QQQ_WAN-VLAN_2
switchport access vlan 2
no ip address
interface FastEthernet3
description QQQ_DMZ-IP_PBX-VLAN_3
switchport access vlan 3
no ip address
interface Virtual-Template1 type tunnel
description QQQ_Easy_VPN
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
description QQQ_LAN-VLAN1$FW_INSIDE$
ip address 192.168.0.254 255.255.255.0
ip access-group QQQ_ACL in
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
interface Vlan2
description QQQ_WAN-VLAN2$FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
ip access-group QQQ_ACL in
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip tcp adjust-mss 1412
interface Vlan3
description QQQ_IP-PBX_WAN-VLAN3
ip address 192.168.4.254 255.255.255.0
ip mask-reply
ip nat inside
ip virtual-reassembly in
zone-member security dmz-zone
interface Vlan4
description VLAN4 - 192.168.20.xxx (Spare)
ip address 192.168.20.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description ATM Dialer
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
no cdp enable
interface Dialer2
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxx0 password 7 xxxxxxxxxxxxxxxxxxxxx
no cdp enable
crypto map SDM_CMAP_1
router rip
version 2
redistribute static
passive-interface ATM0
passive-interface ATM0.1
passive-interface Dialer0
passive-interface Dialer2
passive-interface Ethernet0
passive-interface Loopback0
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.5.0
network 192.168.6.0
network 192.168.7.0
network 192.168.8.0
network 192.168.10.0
network 192.168.100.0
ip local pool SDM_POOL_1 192.168.5.100 192.168.5.200
ip forward-protocol nd
ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
ip nat pool NAT_IP 192.168.0.210 192.168.0.235 netmask 255.255.255.0
ip nat inside source static tcp 192.168.4.253 5060 interface Dialer2 5060
ip nat inside source static tcp 192.168.0.240 20408 interface Dialer2 6208
ip nat inside source static tcp 192.168.0.240 20409 interface Dialer2 6209
ip nat inside source static tcp 192.168.0.240 20410 interface Dialer2 6200
ip nat inside source static tcp 192.168.1.240 20408 interface Dialer2 6218
ip nat inside source static tcp 192.168.1.240 20409 interface Dialer2 6219
ip nat inside source static tcp 192.168.1.240 20410 interface Dialer2 6210
ip nat inside source static tcp 192.168.7.240 20408 interface Dialer2 6278
ip nat inside source static tcp 192.168.7.240 20409 interface Dialer2 6279
ip nat inside source static tcp 192.168.7.240 20410 interface Dialer2 6270
ip nat inside source static tcp 192.168.8.240 20408 interface Dialer2 6288
ip nat inside source static tcp 192.168.8.240 20409 interface Dialer2 6289
ip nat inside source static tcp 192.168.8.240 20410 interface Dialer2 6280
ip nat inside source static tcp 192.168.0.6 1723 interface Dialer2 1723
ip nat inside source static tcp 192.168.0.6 3389 interface Dialer2 6389
ip nat inside source static tcp 192.168.0.24 3389 interface Dialer2 6390
ip nat inside source static tcp 192.168.4.253 8022 interface Dialer2 8022
ip nat inside source static tcp 192.168.4.253 80 interface Dialer2 8021
ip nat inside source static tcp 192.168.0.254 23 interface Dialer2 8023
ip nat inside source static tcp 192.168.0.6 443 interface Dialer2 443
ip nat inside source route-map SDM_RMAP_1 interface Dialer2 overload
ip default-network 192.168.0.0
ip default-network 192.168.4.0
ip route 0.0.0.0 0.0.0.0 Dialer2 permanent
ip route 10.1.0.0 255.255.0.0 Vlan2 permanent
ip route 10.8.0.0 255.255.255.0 Vlan2 permanent
ip route 192.168.0.0 255.255.255.0 Vlan1 permanent
ip route 192.168.4.0 255.255.255.0 Vlan3 permanent
ip route 192.168.5.0 255.255.255.0 Vlan2 permanent
ip route 192.168.100.0 255.255.255.0 Dialer2 permanent
ip access-list extended ACCESS_FROM_INSIDE
permit ip object-group QQQ_Management_Group any
permit tcp object-group QQQ_User_Group any eq smtp pop3
permit tcp object-group QQQ_User_Group any eq 993 995
permit tcp 192.168.0.0 0.0.0.255 any eq smtp pop3
permit tcp 192.168.0.0 0.0.0.255 any eq 993 995
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.4.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
permit ip 192.168.7.0 0.0.0.255 any
permit ip 192.168.8.0 0.0.0.255 any
permit tcp 192.168.2.0 0.0.0.255 any eq www 443 8080 domain
permit tcp 192.168.2.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit tcp 192.168.3.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit tcp 192.168.4.0 0.0.0.255 any eq www 443 8080 domain time-range QQQ_Control
permit udp 192.168.2.0 0.0.0.255 any eq domain time-range QQQ_Control
permit udp 192.168.3.0 0.0.0.255 any eq domain time-range QQQ_Control
permit udp 192.168.4.0 0.0.0.255 any eq domain time-range QQQ_Control
ip access-list extended ETS
remark CCP_ACL Category=128
permit ip host 203.219.237.252 any
ip access-list extended ETS1
remark CCP_ACL Category=128
permit ip host 203.219.237.252 any
ip access-list extended FIREWALL_EXCEPTIONS_ACL
permit tcp any host 192.168.0.100 eq 25565
permit tcp any eq 25565 host 192.168.0.100
ip access-list extended QQQ_ACL
permit ip any host 192.168.4.253
permit udp any any eq bootps bootpc
permit ip any 192.168.4.0 0.0.0.255
permit ip host 203.219.237.252 any
remark QQQ Internet Control List
remark CCP_ACL Category=17
remark Auto generated by CCP for NTP (123) 203.12.160.2
permit udp host 203.12.160.2 eq ntp any eq ntp
remark AD Services
permit udp host 192.168.0.6 eq domain any
remark Unrestricted Access
permit ip object-group QQQ_Management_Group any
remark Restricted Users
permit object-group MAIL-PORTS object-group QQQ_User_Group any
permit ip 192.168.0.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.2.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.3.0 0.0.0.255 any time-range QQQ_Control
permit ip 192.168.6.0 0.0.0.255 any time-range QQQ_Control
remark ICMP Full Access
permit icmp object-group QQQ_User_Group any
permit tcp 192.168.2.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.3.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.6.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.6.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit tcp 192.168.0.0 0.0.0.255 eq www 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.0.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.2.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
permit udp 192.168.3.0 0.0.0.255 eq 80 443 8080 5190 1863 any time-range QQQ_Control
ip access-list extended QQQ_NAT
remark CCP_ACL Category=18
remark IPSec Rule
deny   ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
permit ip any any
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
ip access-list extended SDM_HTTP
remark CCP_ACL Category=0
permit tcp any any eq telnet
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=0
permit tcp any any eq 443
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
ip access-list extended SIP
remark CCP_ACL Category=128
permit ip any 192.168.4.0 0.0.0.255
ip access-list extended Telnet
remark CCP_ACL Category=128
permit ip any any
ip access-list extended dmz-traffic
remark CCP_ACL Category=1
permit ip any 192.168.4.0 0.0.0.255
access-list 1 remark CCP_ACL Category=2
access-list 1 remark QQQ_DMZ
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 remark QQQ_LAN
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 3 remark QQQ Insid NAT
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.0.0 0.0.0.255
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 3 permit 192.168.4.0 0.0.0.255
access-list 3 permit 192.168.5.0 0.0.0.255
access-list 3 permit 192.168.6.0 0.0.0.255
access-list 3 permit 192.168.7.0 0.0.0.255
access-list 3 permit 192.168.8.0 0.0.0.255
access-list 3 permit 192.168.9.0 0.0.0.255
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 4 remark QQQ_NAT
access-list 4 remark CCP_ACL Category=2
access-list 4 permit 10.1.0.0 0.0.255.255
access-list 4 permit 10.8.0.0 0.0.0.255
access-list 4 permit 192.168.0.0 0.0.0.255
access-list 4 permit 192.168.1.0 0.0.0.255
access-list 4 permit 192.168.2.0 0.0.0.255
access-list 4 permit 192.168.3.0 0.0.0.255
access-list 4 permit 192.168.4.0 0.0.0.255
access-list 4 permit 192.168.5.0 0.0.0.255
access-list 4 permit 192.168.6.0 0.0.0.255
access-list 4 permit 192.168.7.0 0.0.0.255
access-list 4 permit 192.168.8.0 0.0.0.255
access-list 4 permit 192.168.9.0 0.0.0.255
access-list 4 permit 192.168.10.0 0.0.0.255
access-list 5 remark HTTP Access-class list
access-list 5 remark CCP_ACL Category=1
access-list 5 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 deny   any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip host 255.255.255.255 any
access-list 101 remark QQQ_Extended_ACL
access-list 101 remark CCP_ACL Category=1
access-list 101 permit tcp any host 192.168.0.254 eq 10000
access-list 101 permit udp any host 192.168.0.254 eq non500-isakmp
access-list 101 permit udp any host 192.168.0.254 eq isakmp
access-list 101 permit esp any host 192.168.0.254
access-list 101 permit ahp any host 192.168.0.254
access-list 101 remark Auto generated by CCP for NTP (123) 203.12.160.2
access-list 101 permit udp host 203.12.160.2 eq ntp host 192.168.4.254 eq ntp
access-list 101 permit udp host 192.168.0.6 eq domain any
access-list 101 remark NTP (123) 203.12.160.2
access-list 101 permit udp host 203.12.160.2 eq ntp any eq ntp
access-list 101 remark QQQ_ANY_Any
access-list 101 permit ip object-group QQQ.Local any
access-list 101 remark QQQ_DMZ
access-list 101 permit ip any 192.168.4.0 0.0.0.255
access-list 101 remark QQQ_GRE
access-list 101 permit gre any any
access-list 101 remark QQQ_Ping
access-list 101 permit icmp any any
access-list 102 remark CCP_ACL Category=1
access-list 102 permit tcp any any eq 10000
access-list 103 permit tcp any 192.168.0.0 0.0.0.255 eq 443
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp any any eq 10000
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq 8022
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq telnet
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq www
access-list 103 permit tcp any 192.168.4.0 0.0.0.255 eq 5060
access-list 103 permit tcp any eq telnet host 192.168.0.254
access-list 103 permit tcp any 192.168.0.0 0.0.0.255 eq telnet
access-list 103 permit udp any 192.168.4.0 0.0.0.255 eq 5060
access-list 103 permit udp any 192.168.4.0 0.0.0.255 range 10001 12000
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp any any eq 10000
access-list 105 remark CCP_ACL Category=1
access-list 105 permit tcp any any eq 10000
access-list 106 remark CCP_ACL Category=1
access-list 106 permit tcp any any eq 10000
access-list 107 remark CCP_ACL Category=1
access-list 107 permit tcp any any eq 10000
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp any any eq 10000
access-list 109 remark CCP_ACL Category=1
access-list 109 permit tcp any any eq 10000
access-list 110 remark CCP_ACL Category=1
access-list 110 permit tcp any any eq 10000
access-list 111 remark CCP_ACL Category=1
access-list 111 permit tcp any any eq 10000
access-list 112 remark CCP_ACL Category=1
access-list 112 permit tcp any any eq 10000
access-list 113 remark CCP_ACL Category=1
access-list 113 permit tcp any any eq 10000
access-list 114 remark CCP_ACL Category=1
access-list 114 permit tcp any any eq 10000
access-list 115 remark CCP_ACL Category=1
access-list 115 permit tcp any any eq 10000
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 117 remark CCP_ACL Category=128
access-list 117 permit ip any any
access-list 117 permit ip host 220.245.109.219 any
access-list 118 remark CCP_ACL Category=0
access-list 118 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 119 remark CCP_ACL Category=4
access-list 119 remark IPSec Rule
access-list 119 permit ip 192.168.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 120 remark CCP_ACL Category=0
access-list 120 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 121 remark CCP_ACL Category=0
access-list 121 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 122 remark CCP_ACL Category=0
access-list 122 permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address QQQ_NAT
banner login ^CCWelcome to QQQ ADSL Gateway

It turns out the problem had nothing to do with wires or splitters. The Verizon tech was at my house yesterday and the ONT was failing. He replaced part of the ONT and it fixed the problem (finally!). At least I was able to watch the Celtics game last night.
I have a Tellabs ONT. Not sure the model but it's older like the ones in this thread.
http://www.dslreports.com/forum/r19982000-Mounting-board-for-612-ONT

BT Home Hub 3 + Back To My Mac / Port Forwarding

I've recently got BT Infinity and along with it a BT Home Hub 3 which doesn't seem to be playing nicely with Back to my Mac.
The setup on the Mac side of things is correct and I can see my remote computer but I just can't connect to them, or vice versa. The Back to My Mac preference is showing that the router needs configuring for better performance.
I've ensured UPnP is enabled and forwarded the following ports to the device:
TCP 5354
UDP 4500
UDP 5353
UDP 500
UDP/TCP 4488
Which I found listed in http://support.apple.com/kb/TS1629
After doing some checks on these ports using http://canyouseeme.org it would seem that only one of these ports is open, and even then it's occassional.
BT seem to state on http://bt.custhelp.com/app/answers/detail/a_id/12529/~/why-do-i-get-an-error-message-when-using-appl... that 'Back to My Mac' isn't compatible and this is due to a compatibility issue on Apple's part. Frustratingly this article doesn't indicate a date when this was posted. Never the less, I would presume this could only be UPnP related — i.e. the necessary ports won't open automatically. I'm unsure of what other compatibility issues there would be. If the ports are open it should work fine.
I've read numerous threads in many forums about the BT Home Hub 3 port forwarding not working correctly, is this still true? If so, surely the device should be deemed faulty or a firmware update should have been put in place by now to resolve this. I can't seem to find any recent articles regarding this.
Thanks in advance for any help!
Solved!
Go to Solution.

Hi ollie,
If you're still having problems with this please feel free to contact us via the webform link in my profile and we'll check to see what the current status of the investigations with Back to my Mac is.
Cheers
Dean
BTCare Community Mod
If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

Home Hub 3 Port Forwarding Issue - Question to BT

Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?
As i work in IT (Cisco Network Eng) i need to be able to access several devices/services at home and this is a real pain for me. If you think that this could drag on as some posts have indicated could you please let me know and i will either get a draytek or throw in a cisco 1841.
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknown

requiem wrote:
Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?.........
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknown
Hi Dean
By the look of it you've got the type B version of the HH3 with current firmware.
From http://bt.custhelp.com/app/answers/detail/a_id/13073
The latest versions of the firmware are:
BT Home Hub 3 – Software version 4.7.5.1.83.8.57.1.3 (Type A) or V100R001C01B031SP09_L_B
Please Click On any Text in Blue as that automatically links to information.
PC (NDEGR)

Port Forwarding To Two Macs with Port 22 limitations

This is another port forwarding/port 22 issue and I've look around and not seen an answer to my specific problem. I work for a business that has an in-house ad system that runs on a Mac Mini. I have been accessing that Mac Mini remotely because we set up port forwarding through the Linksys rounter that is at the business using port 22. This is the only port that works for this connection to the mini and the software.
We are now adding a second Mac Mini to send the ads to a different set of monitors. I can't set up port forward to the new mini on the same port so I don't know how to connect to this mini remotely. Is there a way to get into the first mini through port 22 and then somehow communite to the second one through the first? Is there another way to do port forwarding...or have the linksys router switch from one mini to the other when a request comes in? There will only be one remote computer trying to reach either Mac Mini so there will never be simultaneous traffic coming in. Any help would be appreciated!
The linksys router is critical to the business becasue a host of other devices are forwarded though it as well.
Thank you.

klara wrote:
Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
"The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
I am not being given the option to select the same device.
I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
If in the Home Hub 4 A you go to
Advanced Settings
Firewall
Port Fowarding
Manage Games and Applications
You get the following statement:
"Each game or application can be assigned to only one device on your home network"
I would think that the only way round your problem is to have each Camera running a different application or the same application with a different name.
Does the remote browser app need to know the application name or just the device name ?
If you think about how Port Forwarding needs to function you need a way whereby the remote user needs to be able to tell the Hub what Camera to talk to.

Port forwarding to two devices with HH4

Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
"The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
I am not being given the option to select the same device.
I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
Solved!
Go to Solution.

klara wrote:
Having set up my IP camera with HH4 successfully, I've now got another one and would like to set it up as well. I gave it a unique, static IP address which my router can see fine. When I try to set up port forwarding, I get a message saying:
"The game or application you’ve selected conflicts with an application (IP Cam 1) you’ve already assigned to another device. Please remove the other application or select the same device."
I am not being given the option to select the same device.
I'm now wondering if port forwarding to two identical devices actually works in principle with HH4? Has anyone else done this?
If in the Home Hub 4 A you go to
Advanced Settings
Firewall
Port Fowarding
Manage Games and Applications
You get the following statement:
"Each game or application can be assigned to only one device on your home network"
I would think that the only way round your problem is to have each Camera running a different application or the same application with a different name.
Does the remote browser app need to know the application name or just the device name ?
If you think about how Port Forwarding needs to function you need a way whereby the remote user needs to be able to tell the Hub what Camera to talk to.

Port Forwarding to two computers.

I want to open ports for an application that I use on two different computers. I have been able to forward the port to on (static) ip and everything works fine. But when I use the application on another computer the port is closed. On my previous router I could say port map to 192.168.0.* and all computers would have the port open, and the app would be fine on either computer. The AEBS does nor recognize the *.
When I set up the same port forward to two different ip addresses with the same ports open I get an error that the port mapping already exists. Is there a way just to have the port open for any computer on the network?
How would I allow incoming traffic to a specific port on either computer? Normally the application is only used on one computer at a time.
Carlos

Lighthouse?
http://codelaide.com/blog/products/lighthouse/

Port forwarding for the rest of us?

Hi all,
I've been reading this forum for a couple of weeks now trying to find a way to get two Macs to do iChat video.
1st setup is a G5 MP2.0, 10.4.7, iChat 3.1.5, iSight, Belkin 8230-4 router.
2nd setup is iMac intel 20", 10.4.7, iChat 3.1.X, builtin camera, Airport Extreme router.
Both are on 1.5+ broadband, Belkin has a static IP coming into the router, with the G5 connected using DHCP with manual address. Airport has cable modem DHCP in, with DHCP/NAT turned on. Apple firewall is OFF on both.
Initial tries yielded the dreaded -8 error. I reset Quicktime streaming, iChat bandwidth prefs as suggested and tried forwarding ports on both setups, per the portforward.com recs for iChat.
The Intel iMac is now able to see/hear the ads on the auto chat test from appleu3test01 just fine, but we're still getting -8 when trying to connect to the G5/Belkin.
Besides the six initial ports for iChat (portforward.com) have now tried a shotgun approach by adding ports suggested from various sites/forums. This setup has achieved at least an error free connection with the auto testers, however the intermittent blocky video and choppy sound is not much better. Screen grab of blocky video with the 20 forwards currently set on the Belkin.
http://www.hamishthewelshie.com/ports.jpg
I'm looking for help sorting this mess out. What am I doing wrong here?
Thanks in advance for any help.
PMcK
P.S. I was going to post my first ever anti-apple rant... if only just to feel better but, what's that? oh okay...
<rant> Dear Steve, Even tho I have been using Macs since the 512, I am one of those artsy fartsy Mac users who doesn't really want to know what is under the hood. Admittedly, I am newbie at all this router port stuff, but the fact that lots of people seem to be having this same problem is ridiculous IMHO. Even the Yahoo and Skype Beta video ran the first time we tried it, not great quality, but it was a no brainer setup and it just works... exactly what we've come to expect from Apple. If these johnny come latelys can do it this simply, why can't my fruitbox company of choice get their own ***** sorted out? </rant> Sorry Steve.
G5-2.0MP Mac OS X (10.4.7)

Hi PMck,
This device can do Port Triggering even if it can not do UPnP.
At present the Port Forward site list their own PC app to help.
The method though is here
Ignor the pics and info on the brown and orange pics.
Set the first trigger as port 5678 on UDP.
Set these ports in the next text field
5060,5678,16384-16403 (no spaces and only commas and dashes inbetween) Set the protocol for these as UDP as well
Set a new line for trigger 5190 on TCP
Set the next text field as just 5190 and TCP again
Repeat the line above but for UDP at both points
If using Jabber at all:
Set a trigger of 5222 on TCP and ports 5220,5222 on TCP
(if using GoogleTalk make that 5223 on TCP and list 5220,5222,5223 on TCP)
Bonjour needs four single lines (trigger and just one port in the list field)
5297 on UDP 5297 on UDP
5298 on UDP 5298 on UDP
Repeat for TCP for 5298
5353 on UDP 5353 on UDP
As this is a NAT method of opening the ports the Airport will need "Distributing Addressing" turned Off in the Aipor Admin Utlity > Network tab This will make the Airport just an access point and the Belkin will address the whole Lan then.
Thios will allow multiple copmuters to access the same ports for iChat at the same time. The Belkin can be left doing DHCP. (Or be set to Static to the LAN)
Turning Off DHCP in the Airport (Distributing Addresses) will avoid any Double NAT and Double DHCP that seems to be going on at the moment.
10:12 PM Tuesday; August 1, 2006

Port Forwarding For WinXP (RDC) (Using AE 802.11n)

I have some problem and I need some thoughts and input from someone else, Here goes.
Here is what im looking to accomplish. From my work I want to be able to connect into my machine at home (windows XP). I cannot use the standard RDC (Remote Desktop Connection) port 3389. My work blocks all traffic coming through that port. So I need to push it through port 443. My co-worker is doing this just fine with a Netgear switch at home, so I know it should work.
In theory it should work like this.
(In Windows XP I have done this)
Change the registry to move through port 443 (windows web site actually shows you how to do this). I turned off the windows firewall completely. RDC has also been turned on. A static IP has been given to this machine as well
(Airport Extreme I have done this)
Put a static ip and Mac address for the Windows machine. Turned on NAT and Forwarded the UDP and TCP ports for public and Private to port 443. As well as set the private IP adders in the port forwarding to the ip on the windows machine.
(Current results)
I think this is where the beginning of my problem and im not sure if its a windows or a AE problem. Before changing the port on the windows machine I can RDC locally. But cannot get through the AE on the default port 3389.
After changing the port on the windows machine to 443 I can no longer RDC locally and still cannot connect from out side the AE.
Im not sure where to take it from here. Please advise someone im dying to cruse the net from work

Hello Preston Holder. Welcome to the Apple Discussions!
As you are already aware RDC clients listen on port 3389 by default.
To change the listening port will require making a Registry mod. This would be typically used if you needed to access more than one computer remotely. (ref: Microsoft Knowledge Base article 306759)
Locate the appropriate Registry key using Regedit.exe:
HKEYLOCALMACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\Port Number
From the Edit menu, click Modify and then click Decimal. Choose a new port number. In general, choosing a number between 49152 and 65535 will avoid conflict with any other apps on your system, but you could theoretically use any port on the system. Once you set the port number you also need to configure your router to pass the specified port to your computer.
To access your computer remotely, instead of typing just the IP address, you need to type the IP address followed by the port number like this: 192.168.1.1:50001

Port Forwarding for Filemaker Pro on Airport Extreme

I really don't know what I'm doing - I'm trying to get my Instant Web for Filemaker to work - It was set up on my MacBook Pro and then I moved everything to this iMac and now it's not working. I do know that the port for FM Pro is 591. I have it set up in FM Pro sharing and it gives me an IP address that should work. Which, by the way, it does inside my network, but not from outside. So, I need to know how to set up the Port Forwarding on my Apple Extreme to make this work.

I don't use FM, but do port forwards on AE for my private website using DynDNS
Go to Applications >> Utilities >> AirPort Utility >> pick your AE and click Manual Setup button
Go to Advanced >> Port Mapping >> click the PLUS to add a new port fwd
Leave the Service drop down as is
Set public TCP and private TCP fields to 591
Set the private IP to the IP address of your iMac as your AE assigned it - I assume that your AE will have 10.0.1.1 and your iMac will be 10.0.1.X - not sure whether you use DHCP and let AE do the work or manually assign private IPs yourself
Give it a description in the next window. Not sure about advertising via Bonjour - I'd try both.
If you don't know what private IP your iMac has, go to applications >> utilities >> Terminal app and type this command: ifconfig
You'll see something like this. In my case, since I use Ethernet to connect my mac to AE router, the en0 is my active connection and my private IP is 10.0.1.12 as shown below. If you use WiFi, you'r main connection will be en1
Last login: Sun Mar 13 20:52:12 on console
Mac-mini:~ jiri$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 fd75:7419:92a9:cab8:226:4aff:fe15:f970 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0 mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:26:4a:15:f9:70
inet6 fe80::226:4aff:fe15:f970%en0 prefixlen 64 scopeid 0x4
*inet 10.0.1.12* netmask 0xffffff00 broadcast 10.0.1.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 00:26:08:ec:4f:fa
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:4a:ff:fe:15:f9:70
media: autoselect <full-duplex>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet6 fe80::226:4aff:fe15:f970%utun0 prefixlen 64 scopeid 0x7
inet6 fd00:6587:52d7:85:226:4aff:fe15:f970 prefixlen 64
Mac-mini:~ jiri$
Let me know, if it works...

Help needed to do port forwarding in ipfw...

For the last weeks I have been working to get the new open-source content management system Alfresco working. It is a pure Java web application that runs under Tomcat. There is official support for Mac OS X but only Windows and Linux gets true installer binaries with guides and everything.
The unique thing about this platform is that it has a built in Java-based CIFS/SMB-server to expose the content not only in web browser but as a mounted volume as well. However, it turned out more than difficult to get that working in my Mac OS X Server 10.4.9 running on an XServe G5 2.0Ghz.
I can run the startup script for the Tomcat as root on my laptop running Mac OS X 10.4.9 and then the CIFS-server can use standard ports like 137, 138, 139 and 445. Finder can mount that as a volume called Alfresco. However, I do not want to run it as root because of several other issues related to X11. There is a note in the installation text that if running the script not as root but as admin or a designated Alfresco user requires port forwarding. That means setting up firewall rules to forward requests from the standard CIFS TCP ports 139/445 to the non-privileged ports the Alfresco CIFS server is listening on (which are 1137,1138,1139 and 1145).
I have understood that this is not possible through the Server Admin GUI-app but needs to be done either in the terminal or by using an app like WaterRoof. I guess also Apple´s server tools are famous for overwriting config files made by a "third-party" app. However, I can't make it work and ipfw syntax still looks very confusing to me. Any ideas of what I need to do in order to have this port forwarding to work.
I have tried something like this so far:
# ! /bin/sh
echo "Setup CIFS Port Forwarding ..."
sysctl -w net.inet.ip.fw.enable=1
sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet.ip.fw.verbose=1
sysctl -w net.inet.ip.fw.debug=0
#ipfw add 100 count log ip from any to any
ipfw add 200 allow ip from any to any via lo0
# Forward native SMB and NetBIOS sessions to non-privileged ports
ipfw add 300 fwd 192.168.1.2,1445 tcp from any to any dst-port 445 in
ipfw add 400 fwd 192.168.1.2,1139 tcp from any to any dst-port 139 in
# Forward NetBIOS datagrams to non-privileged ports
ipfw add 500 fwd 192.168.1.2,1137 udp from any to any dst-port 137 in
ipfw add 600 fwd 192.168.1.2,1138 udp from any to any dst-port 138 in
Windows filesharing i Mac OS X Server is turned off and there are firewall rules to allow traffic on the designated ports.
http://www.alfresco.com
Any hints would be very helpful!
XServe G5 Mac OS X (10.4.9)

Ok, thanks for the tip. Had a look at that page and it was only about NAT which is not what I am looking for. I have a server with public IP where I need to forward from one port to another on the same IP. However, I find the information about how to configure IPFW rather limited so I wanted to know if the rules in the first post look right and what pitfalls there are when using the GUI-based server admin tools from Apple

Need help with port forwarding an Avtech DVR

For some reason I can't get my Avtech DVR to work on my android phone on Avtech's Eagle Eyes app.
The camera/dvr comes up on wifi, but not on 4g. I am trying to get the port forwarding to work, but its not working. It says the ip address is not accesible.
The port for the dvr is 80. This is what I have. I thought it was correct?
I have a Westell 9100EM router.
Solved!
Go to Solution.

Thought I'd post an update to this. I fixed it. I had to change ports on my dvr.

App QoS vs Port Forwarding in WRT110

Similar Messages

Maybe you are looking for