NAT port forwarding

Similar Messages

• NAT Port Forwarding Issues

  I am running a Mac Mini Server with 10.6.4 and have just the Firewall and NAT services running on this computer at this time.
  I have two ethernet connections on this computer. One is the built in adapter (en0) and the other is the Apple USB 100mbit adapter (en2). The en2 adapter is plugged into the internet gateway from my ISP with a static addresss (something like 333.333.333.1) and the en0 adapter is connected to my switch with an internal address (something like 10.0.0.1). I can go out to the internet from the computer and also see it from my internal network, which means that from a network prospective, it is properly configured.
  I enabled the NAT service with the Server Admin tool by clicking the "IP Forwarding and Network Address Translation (NAT)" radio button. I selected the USB Ethernet from the "External network interface" and checked the "Enable NAT Port Mapping Protocol" from the options.
  After that I followed the directions of adding the following lines to my natd.plist from the /etc/nat/ directory:
  <array>
  <dict>
  <key>proto</key>
  <string>tcp</string>
  <key>targetIP</key>
  <string>10.0.0.123</string>
  <key>targetPortRange</key>
  <string>80</string>
  <key>aliasIP</key>
  <string>333.33.333.1</string>
  <key>aliasPortRange</key>
  <string>80</string>
  </dict>
  </array>
  I also left the top part of the plist file as such:
  <key>clamp_mss</key>
  <true/>
  <key>deny_incoming</key>
  <false/>
  <key>dynamic</key>
  <true/>
  <key>enable_natportmap</key>
  <true/>
  <key>interface</key>
  <string>en2</string>
  <key>log</key>
  <true/>
  <key>log_denied</key>
  <false/>
  <key>natportmap_interface</key>
  <string>en2</string>
  <key>proxy_only</key>
  <false/>
  <key>reverse</key>
  <false/>
  <key>same_ports</key>
  <true/>
  <key>unregistered_only</key>
  <true/>
  <key>use_sockets</key>
  <true/>
  The section I added is correctly located directly above the final </dict></plist>.
  Unfortunately, this does not work and according to the directions from Apple this is exactly how you are supposed to be able to enable port forwarding. I have also opened up the port 80 on my firewall to allow incoming requests. When I go to the external IP address for that server it just sits and waits forever and nothing is resolved.
  If someone has experience with this issue please advise.

  Gateway configurations are problematic with Mac OS X Server.
  (There are many previous discussions around the forums.)
  Getting this to work is fussy, at best.
  You can also end up with ports unexpectedly open.
  An external firewall is usually the easiest choice.

• NAT port-forwarding and WAN side IP addresses

  I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
  When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
  Client ----> AE ----> FTP-SERVER
  130.129.12.3 76.99.89.3 10.0.1.2
  Log states client connected
  from IP: 76.99.89.3
  My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
  Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
  I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.

  Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
  This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
  Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
  jmj

• Wrt160nv2 xbox strict NAT port forwarding/port triggering

  I am having trouble stabalizing my NAT on 2 Xboxes. They are both connected to the wrt160nv2 with ethernet cables and I don't know whether I need to do port forwarding or port triggering. Right now, I am using port range triggering, triggered range 53 to 3074 and forwarded range 53 to 3074, and under Setup, MTU size is 1452. I got that off of another post on here but I think they were trying to set it up for an ethernet cable and wireless. I just need to know what to do since both Xboxes are using ethernet cables so both Xboxes can have open NATs.

  No need to forward/trigger any ports on the router . Sometimes 2 gaming consoles do not work on a router.
  You can try to upgrade the firmware on the router , reset it and reconfigure .

• NAT / Port Forwarding WRV200

  Hi, I would like to access a Digital Video Recorder (192.168.3.200 port 12088) from the internet (Telenet/Belgium). I'm using a Cisco/Linksys WRV200 (192.168.3.254) to access the internet. I can access the WRV200 remotely (from Internet) and I've created following port forwards: Port 8016-8016 >>> 192.168.3.200 Port 12088-12088 >>> 192.168.3.200 Connecting to the DVR internally is working fine but accessing the DVR from the outside doesn't work for some reason. Any suggestions?
  Solved!
  Go to Solution.

  These products are being handled by the Cisco Small Business Support Community. (URL: https://supportforums.cisco.com/community/netpro/small-business )

• NAT Port forwarding WRT54G

  Hi!
  I used several versions of wrt54g, but as fasr as I know none has the following feature:
  Outside ip: unknown
  Outside port: let's choose for example 14642
  Inside ip: a static chosen ip
  inside port: let's choose for ftp port 21
  So the thing is, that the router forwards all connections from the internet on the port 14642 to the local static ip chosen, and its well known port number 21.
  Is there a way to achieve this in WRT54G? v1.1, v5, v6 and v7
  If not, will there be an upgrade making that possible?
  Thanks.

  Gateway configurations are problematic with Mac OS X Server.
  (There are many previous discussions around the forums.)
  Getting this to work is fussy, at best.
  You can also end up with ports unexpectedly open.
  An external firewall is usually the easiest choice.

• Open Nat / Port Forward Xbox

  I'm using Cisco Connect Cloud to connect to my E4200 router. I wish to open my NAT type as currently its moderate on all games.
  Where the hell is the area to add the port ranges?? Is it even an option on the new connect cloud? If it is, it doesn't make it very easy to find. Would be allot easier if you had a tab/app for "Gaming/Applications" like you did previously.
  Any help appreciated.
  Solved!
  Go to Solution.

  It's in Security

• Port forwarding is not working on SRP521W

  Hello,
  I have a problem with incoming traffic.
  I opend 3 ports as followed:
  I have olso anabbled de remote web menagement on port 888.
  From the outside i can access the remote management. but i cannot access my webserver on prot 80 or 443. I have checked with the isp provirder en these port or not blocked.
  Can anywane help,
  Thanks,

  Hi Danny, to my recollection there are not any bugs on the current releases for the SRP for forwarding.
  To affirm, you have went to Network Setup -> NAT -> Port forwarding
  Also, are you able to log in to the server locally with the LAN IP address using an internet browser for http and https?
  -Tom
  Please mark answered for helpful posts

• Port Forwarding with Airport Express 802.11n Utility version 6.1

  Hi all,
  Quick question, hoping it can be solved with a quick answer
  Not sure what I'm doing wrong: I'd like to set up port forwarding for Skype and Transmission, however in the airport utility even when I assign the public/private ports to the ones specified in the respective programs (with the IP address for the machine I am using), if I go into Transmission or onto a port checker website the connections are shown as closed for the ports I have selected (on the public side).
  I've made a DHCP reservation for this machine to tie it to a given IP address, and I've enabled NAT port forwarding protocol in the Network options (no default host so far).
  Also, in case it makes a big difference, right now I'm connecting to the internet via a Cisco DCP3825 cable modem running in bridge mode, with the AEBS in DHCP and NAT router modes.
  Any tips?
  Thanks!

  Sadly I never got it to work. I called up Apple and they claimed that all the ports are open for the Airport Express, but if I run port scanner in Network Utilities none of the ports I specify show up as open unless I select one of the "Default" port categories like "Windows File Sharing". I told this to the person I spoke to on the phone, and they replied several times in a row that they are not allowed to help set up port forwarding, that they can only provide info on how to open the ports, and that even if the ports are subsequently not opened or forwarded they can't provide any assistance. It wasn't a very good conversation. Unfortunately, based on some of the other disucssions I've looked at in this forum, it doesn't seem possible to do conventional custom port forwarding using this version of the Airport Utility. Hopefully someone will correct me though. Sorry I can't be more help.

• Question about port forwarding 2 xbox 360s to get rid of NAT on one of them

  I have a xbox 360 with the official xbox 360 wireless antenna that is already set up for port forwarding and my NAT is fine.  My brother has a xbox 360 and he has a NAT problem but he doesn't have a official xbox 360 wireless antenna, he hooked up his laptop to his xbox 360 via ethernet cable and is using his laptops wireless card for the connection and he gets a NAT error when he tests his connection to xbox live.  Is it possible to port forward 2 xbox's?  I'm sure I have to set up some type of static IP for him but the thing is that I'm not sure what IP address to assign to him.  If it is possible, would he have to use a static IP address on his laptop since he's using that for a wireless connection?  If this is at all possible could someone post some step-by-step instructions on how I should set this up?  Below I will give you what I have set up for my xbox 360 to open up my NAT I just want to know what static IP I can use for him.  Can I use just any numbers?
  In my port forwarding tab in my wireless modem I have the following:
  and in my xbox i have the following settings:
  IP address: 192.168.1.20
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  Primary DNS: 4.2.2.2
  Secondary DNS: 192.168.1.1
  I have all that entered for myself and my xbox NAT is open.  I just need to set up his xbox if it is at all possible.  Please help!!!
  P.S. My router is a WRT54GS v2.0 with updated firmware, just incase you need that info.
  Message Edited by nourotherleft on 01-08-2009 03:20 PM

  ok that still didn't help me.... he still has a NAT problem.... I don't....I went to port triggering and added the ports that you described but it didn't open his NAT... If the connection is going through his laptop(acting like the xbox 360's wireless antenna) wouldn't either his laptop or his xbox need a static ip? because I had to set up my xbox manually with the following addresses:
  ip: 192.168.1.20
  subnet mask: 255.255.255.0
  default gateway: 192.168.1.1
  primary dns: 4.2.2.2
  secondary dns: 192.168.1.1
  so in essence wouldn't his laptop need to be configured with some kind of static ip or something? because if he puts in what I just stated into his xbox it wont connect at all because I guess the ip's are conflicting....so what do I do now?

• Port forwarding, NAT, SSH and Transmission.

  A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
  That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
  Now for the results:
  $ nmap -sT xx.xxx.xx.xx
  Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
  Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Host is up (0.038s latency).
  Not shown: 996 closed ports
  PORT STATE SERVICE
  22/tcp filtered ssh
  53/tcp open domain
  80/tcp open http
  9091/tcp filtered unknown
  Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
  SSH shows the true problem:
  $ ssh neal@xxxxxxxx
  ssh: connect to host xxxxxxxx port 22: Connection timed out
  SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
  My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
  TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
  Is there something I'm missing here?
  Thanks in advance,
  Neal van Veen.

  by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
  as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
  on the above ssh and nmap scans, did u use your lan ip, or your public ip.

• Port Forwarding a Range in UC540 NAT

  Hi all,
  I am trying to forward a range of ports (55736-55863 for Synology  Surveillance Station) from the WAN interface to an internal IP on a Cisco UC540.  I'm not great with the CLI so I generally stick to CCA but right now I'm not even sure it's possible with the CLI.
  I've found this tutorial online: http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/
  The first step in the tutorial is to setup a NAT IP Pool (which I *can* do in CCA) but unfortunately, the tutorial tells me to use the IP address of the internal device I want to foward the range of ports to but CCA (and its documentation) tells that the IP address must be on the same subnet as the WAN IP address?
  I tried following the tutorial anyway by telnetting in to the UC540 and entering the following via the CLI:
  UC540 config t
  UC540 ip nat pool PORTFWD 192.168.12.121 192.168.12.121 netmask 255.255.255.0 type rotary
  UC540 access-list 121 permit udp any any range 55736 55863
  UC540 ip nat inside destination list 121 pool PORTFWD
  I can now see the 121 access list in CCA, although it has no Interface or Direction assigned to it?
  Does anyone know if this is possible?  I really don't fancy setting up 127 entries in the NAT table!
  Thanks in advance everyone!

  The range isn't going to work in CCA.  As you are probably aware, CCA has limits to what it can do, even if something can be done in the CLI.
  That being said, I think this is a better write up on how to do this:
  http://ping8888.com/2014/01/21/cisco-ios-port-forwarding-pat/

• Port forwarding, NAT, QoS..

  I have a LinkSys E3000, but I'm having mad problems with QoS & port forwarding. I've tried the following:
  Port range forwarding, from port 53 to 3074, to the IP of my xbox. My understanding is that it opens all ports in that range. Moderate NAT.
  Single port forwarding, 53, 80, 88, 3074 (all both UPD & TCP - and the ports it says to open on portfoward.com), to the IP of my xbox. Moderate NAT.
  DMZ, putting the IP of my Xbox in the DMZ. Moderate NAT.
  DMZ, putting the MAC address of my Xbox in the DMZ. Moderate NAT.
  I've no idea why none of the above work? I've also set the QoS to give my Xbox high priority (it is another option under Gaming & Applications alongside Port range forwarding, port forwarding, DMZ), so I doubt that is working either.
  The only thing that gives me open NAT is if i have uPnP enabled (none of the above have any effect at all), but the connection is very dodgy. Voice chat is choppy, bit of lag in game, even when I'm the only one using an 8Mb connection (it was fine on a basic netgear router before, when no one else was on, but now I can't even get that far). I believe it should work without uPnP and with the above options I've set.
  Even if the lag is sorted, it doesn't even begin to solve the QoS problem that I bought the router to fix.

  Who is your internet service provider is that cable or DSL connection
  Please let  me know so that Acoordingly we can decide whether we should go for port range triggering or port range forwarding

• WRT320N. Port forwarding help. Xbox and ps3 playing at same time. NAT issues

  Hi
  I'm trying to have both my xbox and ps3 play with open NAT's for online gaming. I have had success utilizing info from 'portforward.com'. But the solutions will unlock OPEN NAT for either the ps3 or the xbox .. one at a time. Is there a way to get both to be open?
  It seems like one main conflict is the success depends on both utilizing port 3074. But I can't have both use it? ( obviously).
  I tried port forwarding the xbox per specs off of this forum and that works great.. And DMZ ing the PS3. But like i said before. Most solutions
  leave one console with OPEN and one with Moderate.
  Is there a solution that allows both NAT OPEN's on both consoles? 

  First of all XBOX works on a different port number and PS3 works on a different port numbers. Follow the steps below to open the ports on your router for XBOX and PS3. 
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave Username blank & in Password use admin in lower case...
   This settings are for your XBOX.
  On the set-up tab change the MTU Size to 1365 and click Save Settings...
  Click on "Administration" tab and disable the option UPnP and click Save Settings...
  Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
  1) On the first line in Application box type in ABC, in the start box type in 53 and End box type in 3074, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box, click Save Settings once done...
  2) Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
  3)Click on the Status tab and take note of DNS1 and DNS2 Addresses...
  4) Goto the XBox Network Settings and IP Address Settings and select manual IP Settings and assign the following on your Xbox IP Address :- 192.168.1.20, Subnet Mask :- 255.255.255.0, Default Gateway :- 192.168.1.1...
  5) Also assign the DNS Addresses on the Xbox Use DNS1 and DNS2 Addresses you took note off of the router status tab as Primary DNS & Secondary DNS for the xbox...
  6) Turn off your modem, router, and Xbox...Wait for a minute...
  7) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the Xbox and test it...it will connect...
  For PS3 Follow the steps below
  Click on "Administration" tab and disable the option UPnP and click Save Settings...
  Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
  Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
  1) On the first line in Application box type in ABC, in the start box type in 80 and End box type in 80, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  2) On the second line in Application box type in DEF, in the start box type in 443 and End box type in 443, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  3) On the third line in Application box type in GHI, in the start box type in 5223 and End box type in 5223, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  4) On the fourth line in Application box type in JKL, in the start box type in 3478 and End box type in 3479, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  5) On the fifth line in Application box type in MNO, in the start box type in 3658 and End box type in 3658, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  6) On the sixth line in Application box type in PQR, in the start box type in 10070 and End box type in 10080, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box and click on Save Settings
  7) Now assign the given ip address on your PlayStation ip address :- 192.168.1.20, subnet mask :- 255.255.255.0, default gateway :- 192.168.1.1...
  8) Also assign the dns addresses on the PlayStation Primary dns :- 4.2.2.2...Secondary dns :- 192.168.1.1
  9) Turn off your modem, router, and PlayStation...Wait for a minute...
  10) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the PlayStation and test it...

• NAT Port Range Forwarding various internal IPs

  I have a Cisco 2911 running c2900-universalk9-mz.SPA.152-4.M5.bin.  I am trying to figure out a way to port forward various ports on a single public address, to multiple internal destination ips/subnets.  For instance port 21 will foward to the FTP server but ports 80, 5000, & 10000-20000 to the web server.  So far the only method that seems to work is line by line, IE: 
  ip nat inside source static udp 10.58.1.15 10000 interface GigabitEthernet0/0 10000
  ip nat inside source static udp 10.58.1.15 10001 interface GigabitEthernet0/0 10001
  ip nat inside source static udp 10.58.1.15 80 interface GigabitEthernet0/0 80
  ip nat inside source static tcp 10.26.7.10 21 interface GigabitEthernet0/0 21
  And so on.  Is there any easier way then generating 10k lines of config to perform a simple task?  If something like a standard home router and do this I feel there is an easier way unless I am missing something.
  Thanks in advance!
  -Chris

  Pretty much sailing in the same boat
  I have to forward around 15 ports and I was wondering if i could do wildcard masking allowing a range of ports altogether rather than going about by doing each and every one of them manually.