New Customer Experience with Port Forwarding

OK, so my OpenReach Modem and HomeHub 3 were installed last week and all seemed OK at first.
A bit of background:
I'm a seasoned IT guy and have a nice network set up at home that caters for my needs (most of the time).
Without going into too much detail, I have my own DHCP/DNS server and I run a Webserver for personal use.
I have Virgin Broadband - which work most of the time.
I've also just had BT Infinity installed so I should always have Internet access no matter which ISP is having issues.
I was hoping to be able to access my webserver externally from either my BT or Virgin. I didn't think this would be an issue.
It still all works fine through my Virgin connection. I use dynamic DNS (no-ip.org)  to get to my server. 
On the Virgin Superhub - I have DHCP switched off and all my machines (except one at the moment) get the Virgin router assigned as the Internet gateway (via my own DHCP server).  
My test machine gets a the BT HomeHub 3 assigned as the Internet gateway (also from my own DHCP server) and I have switched off DHCP on Home Hub.  
Before I move onto my issue, I have to say that the above network setup works flawlessly. 
The Virgin Router is on 192.168.0.1, The Home Hub is on 192.168.0.2.  (subnet 255.255.255.0)
They are on the same network but because DHCP it switched off on both routers - everything is happy.
I can access my Server from the Internet via my no-ip.org address and it all works great.
The issue:
I thought it would be relatively simple to configure the BT Home Hub 3 to access my server from the Internet.
Hmmm. Port Forwarding seems to be the issue. It just doesn't work reliably enough. Sometimes it works, then sometime it stops working. Right now it's not working.
At first I though it was just me, not configuring it correctly. But no.
Then I started reading this forum and found there are reports of issues with port forwarding going back a year.
I don't know if that a good or bad thing - an issue running that long must be on the verge of getting fixed right?
Or any issue running that long without resolution probably has no simple resolution or just isn't a priority (for BT) maybe.
My Question:
(and I think I already know the answer)
Has anyone got a sure fire way of configuring the HomeHub3 so the port forwarding works? 
Or should I just throw in the towel now and buy a Dual Wan Router? 
One last note:
This morning my Infinity Broadband Speed dropped from
38Mb down/6Mb Up (measured several times yesterday)
to
0.7Mb down/0.3Mb Up (yes those decimal points are in the right place)
And I haven't got a clue why.
I power cycled the HomeHub and it returned to normal. Does this happen to other people?
Cheers
Graeme.
Graeme

Bullitt wrote:
the port on your network is defined by lan ip address and port number eg 192.168.1.10:80
you cannot forward this outbound port twice
There is no "port on my network" A port is associated with a IP address not a network.
My webserver listens an port 80 - requests from the Internet for http are port forwarded by the router (either BT Homehub or Virgin Superhub) to port 80 at address 192.168.0.5 (in my case). 
If I am trying to access my webserver from the Internet, I point my browser at the WAN IP address of my router (again it doesn't matter which one - BT or Virgin) and the router port forwards the request to my Webserver.  Each router can do this independently. 
"you cannot forward this outbound port twice"
As explained above - It's an inbound port not an outbound port.
I appreciate you are trying to be helpful but just telling me something is not possible without explaining why its not possible doesn't really help me.
As I said before, this was working fine, then it stopped working but only when trying to access my webserver via the BT Router. It still works fine from my Virgin Router. I used WireShark and port mirroring on my switch to prove that the Home Hub as stopped port forwarding inbound traffic to my webserver. 
This is a problem with port forwarding on the Homehub, not my network setup. Looking at other posts on this forum - I'd suggest I'm not the only one having problems.
To be honest, it's the least of my problems with the HomeHub right now. I'm far more concerned with the fact that twice today I've had to power cycle it because the throughput has dropped from 38Mbit-down/6Mbit-up to <1Mbit-down/<1Mbit-up. It's a known problem, BT are working on it, yet I still am paying full price for a product that should never had made it out of Beta test.
Graeme

Similar Messages

  • Problem with Port Forwarding (when PPTP is up) in WRT-160N

    Hi, everybody!
    I'm looking for some help with Port Forwarding in my new router from Linksys. I've bought the router afew daysago, and was badly surprised when I found out that there is DD-WRT firmware is installed in it (the router was 100% NEW when I've purchased it). I have downloaded the latest original Linksys firmware file and successfully flashed it.
    But I still have problem (same I had on DD-WRT firmware too) with port forwarding for my DC++ and Vuze (app for torrents): I've written port forward for ports 49151 (for Vuze) and 4000 (for DC++) to be forwarded to my desktop computer (IP 192.168.1.201) -- I've seen a post at this forum, that there could be a problem, if you forward to an IP, which is inside DHCP local zone, so I've forwarded it to .201 IP (my local DHCPzone is 192.168.1.100 - .149). But forwardind doesn't work ((
    What's wrong?
    My configuration:
    Router IP: 192.168.1.1
    PPTP (I've got it from my ISP)
    IP address: 192.168.226.127
    Default Gateway: 192.168.226.2
    DNS 1: 192.168.1.1
    DNS 2 & 3: 0.0.0.0
    PPTP Server IP Address: 192.168.226.2
    Username: ****
    Password: ****
    Single Port Forwarding:
    Application name     External port     Internal port     Protocol     To IP address     Enabled
    Vuze                       49151               49151             Both           192.168.1.201    Checked
    DC                          4000                 4000              Both           192.168.1.201    Checked
    Solved!
    Go to Solution.

    As you have mentioned in your post that your ISP has provided you a PPTP connection with an IP address: 192.x.x.x. The IP address which is provided to you by your ISP is in a Private Range, and if you try to forward any ports on your router it will not work, as your ISP modem will block that port. So you need to get a Public IP address from your ISP.
    As you are getting Private IP from your ISP, so this connection is called as NAT behind NAT, and your Modem is acting like a Router. 
    So now you have 2 options, get the Public IP address from your ISP or change the connection type. 

  • HELP!! asa 5505 8.4(5) problem with port forwarding-smtp

    Hi I am having a big problem with port forwarding on my asa. I am trying to forward smtp through the asa  to my mail server.
    my mail server ip is 10.0.0.2 and my outside interface is 80.80.80.80 , the ASA is setup with pppoe (I get internet access no problem and that seems fine)
    When I run a trace i get "(ACL-Drop) - flow is deied by configured rule"
    below is my config file , any help would be appreciated
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(5)
    hostname ciscoasa
    domain-name domain.local
    enable password mXa5sNUu4rCZ.t5y encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.0.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group ISPDsl
    ip address 80.80.80.80 255.255.255.255 pppoe setroute
    ftp mode passive
    dns server-group DefaultDNS
    domain-name domain.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network Server_SMTP
    host 10.0.0.2
    access-list outside_access_in extended permit tcp any object server_SMTP eq smtp
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (inside,outside) dynamic interface
    object network server_SMTP
    nat (inside,outside) static interface service tcp smtp smtp
    nat (inside,outside) after-auto source dynamic any interface
    access-group outside_access_in in interface outside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    vpdn group ISP request dialout pppoe
    vpdn group ISP localname [email protected]
    vpdn group ISP ppp authentication chap
    vpdn username [email protected] password *****
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:c5570d7ddffd46c528a76e515e65f366
    : end

    Hi Jennifer
    I have removed that nat line as suggested but still no joy.
    here is my current config
    Result of the command: "show running-config"
    : Saved
    ASA Version 8.4(5)
    hostname ciscoasa
    domain-name domain.local
    enable password mXa5sNUu4rCZ.t5y encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.0.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group ISP
    ip address 80.80.80.80 255.255.255.255 pppoe setroute
    ftp mode passive
    dns server-group DefaultDNS
    domain-name domain.local
    same-security-traffic permit intra-interface
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network Server_Mail
    host 10.0.0.2
    access-list outside_access_in extended permit tcp any object Server_Mail eq smtp
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (inside,outside) dynamic interface
    object network Server_Mail
    nat (inside,outside) static interface service tcp smtp smtp
    access-group outside_access_in in interface outside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 10.0.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    vpdn group ISP request dialout pppoe
    vpdn group ISP localname [email protected]
    vpdn group ISP ppp authentication chap
    vpdn username [email protected] password *****
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:f3bd954d1f9499595aab4f9da8c15795
    : end
    also here is the packet trace
    and my acl
    Thanks

  • LRT214 Accessing Web Services with Port Forwarding & Port Translation

    Good afternoon to all,
    Purchased the LRT214 yesterday afternoon and it was a breeze to configure the internet settings and get back online. But after the initial configuration, I ran into some trouble getting the router to do port translation together with port forwarding.
    The port forwarding setup is straighforward and works perfectly, the same cannot be said for the port translation which does not seem to work. I programmed the following,
    1) external port 88 forwarded to internal port 80 for 192.169.1.12
    2) external port 89 forwarded to internal port 80 for 192.169.1.13
    Can someone point me in the correct direction to achieve the above?
    Router Model : LRT214
    Firmware Revision : 1.0.2.06
    Working Mode : Gateway

    Port Address Translation => Service Management
    Add two Services for the port translations and then add the translations to the list. Let us know if you get any errors.
    Please remember to Kudo those that help you.
    Linksys
    Communities Technical Support

  • Problem with Port Forwarding in WRT320N

    Good day.
    I have a web-server and Internet-radio translator to local network of my provider. And I found a problem with Port Forwarding. I'm trying to setup 80 & 8000 ports to forward. And it's working but only for Internet, without provider's local network. My web-server isn't accessible in local network and radio-translator too. 
    So is it possible to forward ports absolutely - for any type of connections? 
    P.S. DMZ is working like Port Forwarding.

    If you ask questions you have to mention that you have an PPTP connection to the internet and another network directly on the internet port. Otherwise noone will really understand your question as it is a very unusual setup.
    Your setup is not one really supported by the router. You are lucky that it works but don't expect too much. Port forwarding only the internet connection. If you use PPTP the network on the internet port is basically hidden. Using that local network on the internet port is not supported.
    The DMZ host is the IP address to which all ports are forwarded to which are not forwarded otherwise. The same restriction applies here.
    I would recommend to ask your ISP which router they recommend for their internet connection. I think most/all Linksys routers and many other brand's consumer routers won't really support a setup like yours...

  • Problems with Port Forwarding for RDP in WebVPN

    Hi,
    I'm hoping somebody can help me solve this problem that's been bugging for weeks. We recently implemented a double-layer firewall architecture. Before that, our users can access RDP via port forwarding on WebVPN or the Cisco VPN client without any problems.
    After we implemented the double-layer firewall architecture, users who are going through the WebVPN and port forwarding for RDP began to experience frequent disconnections, slowness or freezing connections. The users who are using the client are fine.
    I checked the logs and I'm getting repetitive TCP-O for the port forwarding connections for RDP. Additional information: the FW we installed as a 2nd layer is Netscreen. I've already set the policy on it to Any-Any for the meantime to help in troubleshooting but to no avail. 
    I hope somebody can help me in sorting this out as I'm kind of confused on the difference between the port-forwarding for RDP via the WebVPN and the normal RDP via the client.  

    Hi,
    I didnt see anything marked with red in the above? (Atleast when I was reading)
    I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
    But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
    There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
    - Jouni

  • Help please, with port forwarding settings

    I have an MSI RG60 wireless router (Ethernet hard wired to my XP Home PC) and don't know what settings to use for port forwarding, to enable my WinMX and BitTorrent clients to work successfully.
    I have the port numbers, and assume that this information goes in the Service Port box, i.e. 6699, or 6881-6889.
    I know which ports are TCP and which are UDP, but I don't know what IP address to enter or which Common Service Port type to choose. Can anyone help please?
    I'm pretty sure that other settings in my PC are OK as I have successfully been running a Belkin router for a couple of years, and have only replaced it with the new MSI unit due to reliability problems.

    It does indeed have port triggering, but it wants incoming and trigger port protocol info, along with trigger and incoming port numbers.
    How can I type ipconfig into either of teh clients...WinMx or Bit Torrent?

  • Continued issues with Port Forwarding/Matchmaking ...

    I am at a loss. I am one step away from cancelling with BT. Please, if someone can provide simple, step by step instructions, that would be great...
    I have a new Home Hub 5 (type a), as apparently the last was faulty and kept dropping out around peak time. I initially set up port forwarding for my Xbox360 and placed the Xbox One in the DMZ. For the most part, things worked, but now, I am unable to maintain a solid connection, even with this awful excuse for Fibre Optic.
    I have reset the hub. Restored to factory settings. I have assigned static IP's. Placed devices in the DMZ. Followed all steps provided from the many sources available. I am still getting a "Matchmaking" service error on the 360, and my Xbox One continually changes it NAT type from moderate to open, leaving me to run the checks each time I want to start a game online, intead of just booting up the console and playing without concern.
    I have just cleared all my settings for port forwarding, and when I try to set it up again, I can't due to "Conflicts", which don't exist. Even after factory resetting the Hub.
    Please. Can someone help me before I throw all this in the bin and cancel with BT. I am exhausted with it all and am getting nowhere.
    How do I clear all the settings so I can assign ports without "conflicts".
    Why am I getting matchmaking service errors on Xbox360 when there are no issues on Xbox's end.
    What am I missing?

    The TP Link TD-W9980 and Billion 8800nl are popular at the cheaper end (£65ish) or there are the ASUS DSL AC68U Billion8800AXL and Netgear D6400 in the pricier (£150ish) range. Personally I have the TP-Link. The downside to the Billion 8800nl is lack of 5Ghz wireless.

  • Help with port forwarding to application

    Help needed to Port Forward on to my PS3. 
    I need to forward the following ports: 
    UDP: 3074; 3659; 6000
    TCP: 80; 443; 3659; 10000 - 10099; 42127
    Have previously given the PS3 a static IP, set the port forwarding rules and then forwarded to the IP address, but it appears the ports have not opened as expected.
    Help Keith

    I can only see one image which just shows the application mapping, but no indication as to whether you had clicked the "apply" button.
    Why are you forwarding ports 80 and 443, are you running a webserver on the PS3, as those ports are used for web serving.
    As a matter of interest, your port 80 is showing as open at the moment, so is the PS3 turned on, or is port 80 mapped to something else instead?
    What I would like you to do is to start from the beginning, with just the single TCP port number 3659 assigned to the PS3.
    It will mean removing the other assignments, but it will make things a bit easier.
    If you could do that please, and then we can do some tests.
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Trouble with port forwarding, DHCP, VUZE, and downloading speed.

    I am using Vuze to download things. I have a slow download speed and yellow smiley face, indicating a NAT problem. I think I need to implement a port forwarding, but that requires a static IP address. My router and security is set up such that I CANNOT connect to the internet using a manual configuration--DHCP only. However, I always have the same IP address. This is because the wireless router--a Motorola SB900--will only recognize approved computers designated by the IP address.
    Can anyone advise on what to do next?

    Enmnm wrote:
    I am using Vuze to download things. I have a slow download speed and yellow smiley face, indicating a NAT problem.
    Here are two links that will rate your connection.
    http://www.speedtest.net/
    http://www.pingtest.net/
    You can try downloading directly from the terminal to see how fast one file downloads.
    Macintosh-HD -> Applications -> Utilities -> Terminal
    mac $ mkdir test
    mac $ cd test
    mac $ curl "http://www.apple.com" >see
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 11292  100 11292    0     0  22628      0 --:--:-- --:--:-- --:--:-- 62623
    mac $ cat see
    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-US">
    <head>
    ... clipped ...
    I think I need to implement a port forwarding, but that requires a static IP address. My router and security is set up such that I CANNOT connect to the internet using a manual configuration--DHCP only.
    you are dealing with two networks. There is a network between your computer and your router. There is a second network between your router and your ISP.
    Port-forwarding is from your router to your computer.
    http://www.portforward.com/english/routers/port_forwarding/Motorola/SBG900/Azure us.htm
    However, I always have the same IP address. This is because the wireless router--a Motorola SB900--will only recognize approved computers designated by the IP address.
    Can anyone advise on what to do next?
    You need to set Port-forwarding between your computer and your router. You will need a fixed IP address on a your Computer. There is to ways of doing this. You can set up a static IP address on your computer. A hack would be to add 10 or 20 to your IP address that your router gives out. For example if your router gives out 192.168.1.10 you of would add 10 to the ten giving 192.168.1.20. you need to make the addition to the right most number of which in the example is ten.
    The section way is . . . You can have your router a signed a fixed address based on your MAC address. ( Each Internet device has a fixed address that is called the MAC address. This is a different address than your IP address. the MAC address is assigned in the factory. )
    Another hack would be to Port-forward to the number your router assigned at random. If your Computer is the only computer on the router, the number should always be the same. It is a hack because this is not guaranteed.

  • Problem with Port Forwarding - Password.

    Hello,
    I have a LINKSYS router, model BEFW11S4 v4 and its firmware is version 1.52.02
    My problem is that neither can I do Port Forwarding nor Port Triggering, because when I make the changes I need and press "Save Changes", it asks me for the username and password again. I write them again, but this time it does not accept them.
    I have tested it with 2 laptops connected to the router wired the first time and wireless other times.
    What should I do?
    Thank you in advance.

    Normally, you cannot "see your modem" in your network.  This is because a modem does not have an IP address.  A modem simply converts one signal (ADSL, DSL, or cable) into another signal which is an ethernet signal.
    However, some devices that people call "modems" are actually "modem-routers".  In this case your "modem-router" probably does have an IP address.  If your system is set up correctly, you can "see"  a "modem-router" that has an IP address, but it is not part of your LAN (local area network).  It is on a another subnet.
    The ethernet port of the modem should be wired to the "Internet" port on the BEFW11S4.  Do not connect the modem to any other port on the router.
    Maybe we need to back up a step or two here.  I have always assumed that you were able to get a properly working wired Internet connection through your BEFW11S4.  Is that correct?
    What is the make and model of your modem?
    Who is your ISP?
    Also, when you set up your router, leave the username blank.   Do not try to add a user name.   Change the password to something unique.  Do not use the password default "admin"   (with no quotes).
    Since you are still having problems, please use the following protocol to reset your router to factory defaults: 
    1)  Power down all computers, the router, and the modem, and unplug them from the wall.
    2)  Disconnect all wires from the router.
    3)  Power up the router and allow it to fully boot (1-2 minutes).
    4)  Press and hold the reset button for 30 seconds, then release it, then let the router reset and reboot (2-3 minutes).
    5)  Power down the router.
    6)  Connect one computer by wire to port 1 on the router (NOT to the internet port).
    7)  Power up the router and allow it to fully boot (1-2 minutes).
    8)  Power up the computer (if the computer has a wireless card, make sure it is off).
    9)  Try to ping the router.  To do this, click the "Start" button > All Programs > Accessories > Command Prompt.  A black DOS box will appear.  Enter the following:  "ping 192.168.1.1"  (no quotes), and hit the Enter key.  You will see 3 or 4 lines that start either with "Reply from ... " or "Request timed out."   If you see "Reply from ...", your computer has found your router.
    10)  Open your browser and point it to 192.168.1.1.  This will take you to your router's login page.  Leave the user name blank, and in the password field, enter "admin"  (with no quotes).   This will take you to your router setup page.  Note the version number of your firmware (usually listed near upper right corner of screen).  Exit your browser.
    If you get this far without problems, try the setup disk (or setup the router manually, if you prefer), and see if you can get your router setup and working.
    If you cannot get "Reply from ..." in step 9 above, your router is dead.
    If you get a reply in step 9, but cannot complete step 10, then either your router is dead or the firmware is corrupt.  In this case, use the Linksys tftp.exe program to try to reload your router with the latest firmware.  After reloading the firmware, repeat the above procedure starting with step 1.
    If you have problems, report back the results of steps 9 and 10.  Also, if you get any error messages, copy them exactly and report back.
    Message Edited by toomanydonuts on 04-14-200705:19 PM

  • Help with port forwarding ASA5505 v8.2

    Hi,
    Having an issue doing a port translation on an ASA5505 for RDP.
    I have a /29 allocated by ISP and when I port forward the address assigned to the outside interface RDP works perfectly, however when I try to use another IP within the /29 range, I get nothing.
    I am only new to ASA so please forgive if this is something obvious...
    Relevant config is:
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.1.12.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address X.X.X.217 255.255.255.248
    access-list OUTSIDE-IN extended permit tcp any host X.X.X.218 eq 3389
    static (inside,outside) X.X.X.218 10.1.12.10 netmask 255.255.255.255 sh run acces    
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0
    access-group OUTSIDE-IN in interface outside
    When I used the outside IP address and it worked perfectly, config difference was only
    access-list OUTSIDE-IN extended permit tcp any host X.X.X.217 eq 3389
    static (inside,outside) tcp X.X.X.217 3389 10.1.12.10 3389 netmask 255.255.255.255
    Any help would be greatly appreciated

    Hey Jouni,
    Packet capture gave me this output which didnt have any TCP 3389... but had some random UDP ports only?
       1: 21:54:55.108377 802.1Q vlan#2 P0 X.X.X.218.63420 > 208.67.222.222.53:  udp 44
       2: 21:54:58.751929 802.1Q vlan#2 P0 X.X.X.218.63420 > 208.67.220.220.53:  udp 44
       3: 21:54:59.492238 802.1Q vlan#2 P0 X.X.X.218.63976 > 208.67.222.222.53:  udp 45
       4: 21:55:02.807468 802.1Q vlan#2 P0 X.X.X.218.63207 > 216.239.34.10.53:  udp 55
       5: 21:55:02.807651 802.1Q vlan#2 P0 X.X.X.218.63976 > 208.67.220.220.53:  udp 45
       6: 21:55:06.863495 802.1Q vlan#2 P0 X.X.X.218.63414 > 199.253.183.183.53:  udp 56
       7: 21:55:24.599563 802.1Q vlan#2 P0 X.X.X.218.65039 > 208.67.222.222.53:  udp 42
    Config is below:
    ASA Version 8.2(5)
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    switchport access vlan 3
    interface Ethernet0/2
    description TO LAN
    interface Ethernet0/3
    description TO LAN
    interface Ethernet0/4
    description TO LAN
    interface Ethernet0/5
    description TO LAN
    interface Ethernet0/6
    description TO LAN
    interface Ethernet0/7
    description TO LAN
    interface Vlan1
    description TO LAN
    nameif inside
    security-level 100
    ip address 10.1.12.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address X.X.X.217 255.255.255.248
    interface Vlan3
    shutdown
    no forward interface Vlan2
    nameif backup
    security-level 0
    ip address X.X.X.42 255.255.255.252
    ftp mode passive
    dns server-group DefaultDNS
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group icmp-type ICMP
    description ICMP types permitted
    icmp-object echo
    icmp-object echo-reply
    icmp-object unreachable
    icmp-object time-exceeded
    access-list OUTSIDE-IN remark TRAFFIC PERMITTED TO ENTER THE OUTSIDE INTERFACE
    access-list OUTSIDE-IN extended permit tcp any host X.X.X.218 eq 3389
    access-list OUTSIDE-IN extended permit icmp any interface outside object-group ICMP
    access-list INSIDE-IN remark INSIDE ACCESS
    access-list INSIDE-IN extended permit tcp any any
    access-list INSIDE-IN extended permit ip any any
    access-list INSIDE-IN extended permit icmp any any
    access-list BACKUP-IN remark TRAFFIC PERMITTED TO ENTER THE BACKUP INTERFACE
    access-list BACKUP-IN extended permit icmp any interface backup object-group ICMP
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu backup 1500
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (backup) 1 interface
    nat (inside) 0 access-list NO-NAT
    nat (inside) 1 0.0.0.0 0.0.0.0
    static (inside,outside) X.X.X.218 10.1.12.10 netmask 255.255.255.255
    access-group INSIDE-IN in interface inside
    access-group OUTSIDE-IN in interface outside
    access-group BACKUP-IN in interface backup
    route outside 0.0.0.0 0.0.0.0 X.X.X.222 1 track 1
    route backup 0.0.0.0 0.0.0.0 X.X.X.41 254
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sla monitor 1
    type echo protocol ipIcmpEcho X.X.X.X interface outside
    num-packets 3
    frequency 10
    sla monitor schedule 1 life forever start-time now
    track 1 rtr 1 reachability
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp

  • Help with port forwarding for the WRT54G

    I need assistance please!
    I am having issues trying to setup port forwarding for a ftp. I already have set this up for a SQL Server port and it works remotely. When I setup another rule for ftp using port range 20-21 it does not work.
    I have confirmed that I have saved my settings, have the correct IP address, etc. I have firmware version 4.21.1 and not sure how to troubleshoot this. Any help would be great.
    Thanks,
    John

    Yes you do need to have the port already forwarded for port 20~21 with both TCP/IP and UDP enabled unless you know for sure your ftp only uses just one of them.  That is why I asked what port your SGL was set to.  Follow the link that other guy posted and open port 20 and 21 (I only use 21 with no problems) and make sure it is directed to the IP of the ftp host.  Also that PC needs to have the FTP enabled in windows.  To do that go to your control panel > add/remove software > and on the left side go to add/remove windows components.  Then check the box for the ftp and add it.  It should ask for your windows CD do have it handy when you add the ftp component to your PC.
    Richard Aichner (Ikester)

  • Help with port forwarding

    i am running a web and mail server from my home computer. i have port 25 and port 80 set to forward traffic to my webserver. port 80 works ok, but according to the linksys log, the linksys router is blocking port 25. My isp is not blocking any ports, and i can send mail from my mail server. how can I get the linksys router to stop blocking incoming port 25? my router setup is: linksys befw11s4 port forwarding: 80 to 80 25 to 25 upnp is enabled upnp forward smtp 25 tcp to port 25 192.168.X.X dmz is enabled for the server's ip.

    wiles wrote:
    i am running a web and mail server from my home computer. i have port 25 and port 80 set to forward traffic to my webserver. port 80 works ok, but according to the linksys log, the linksys router is blocking port 25. My isp is not blocking any ports, and i can send mail from my mail server. how can I get the linksys router to stop blocking incoming port 25? my router setup is: linksys befw11s4 port forwarding: 80 to 80 25 to 25 upnp is enabled upnp forward smtp 25 tcp to port 25 192.168.X.X dmz is enabled for the server's ip.
    First off, DISABLE the dmz!! That opens ALL ports to your pc, you dont want that.
    Second, because you had the pc in the dmz tells me that the router is not blocking port 25, again, in the dmz all ports are open.
    Disable upnp, it will just cause problems and you arent using it anyway.
    Go to :
    https://www.grc.com/x/ne.dll?bh0bkyd2
    Click proceed, enter 25 in the box in the middle, then click user specified custom probe.
    Does it show as stealth?

  • Setting up a Time Capsule with port forwarding

    Our old AirPort Extreme station hit EOL, so we decided to upgrade it to a Time Capsule. Along the way, we're trying to also set it up with a separate guest network and port forwarding/NAT, however we're having trouble setting it up so that the time capsule is handling the DHCP leases instead of the router. We've got DSL through Verizon through a Westell modem/router to the Time Capsule. Done the RTFM thing, and we haven't been able to get it to work. Can anyone explain how to get things set up properly for this configuration?

    however we're having trouble setting it up so that the time capsule is handling the DHCP leases instead of the router.
    If you have a router ahead of the Time Capsule, you would want to configure the Time Capsule as a "bridge", using Bridge Mode to allow things to work correctly on your network. You don't want two devices handling DHCP on a home network. This will cause slowdowns and IP address conflicts on your network.
    In order for the Time Capsule to act as the DHCP server for your network, you will need to connect it to a simple modem (one port), not another router or gateway with 3-4 ethernet ports.

Maybe you are looking for