Port Forward Question _ BT HomeHub 3
Hello all,
Ive been trying to set up port forwarding on my bt router but to no avail so far.
On the port forwarding tab in the router settings when I click Add to assign a device nothing happens??
Ive tried on my iphone and laptop and the "add" button turns grey but nothing happens?
Can anyone help?
so your selecting the "game or application" then selecting the "device" and the "ADD" button stays grey?
or can you select add but after selection and the page refreshing the new device doesnt show up?
under "supported applications" you can manually set up a device vis "new game or application" as a last resort
Similar Messages
-
Port Forwarding and Loopback with HomeHub 3B
There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault. -
Port Forwarding Question for IP Camera with MI424WR-GEN3
So just switched to fios from cable and trying to set up port forwarding on this new actiontec router so I can view my IP Camera from outside the house.
The camera has a static IP address of 192.168.1.200 using port 8080 and I works fine if I type that IP address with the port into the browser inside the network.
The IP Camera company requires you to port forward port 80 (switched to 8080) 554 and 50000-60000.
So I set up Portforwarding on the router like this:
Networked Computer / Device
192.168.1.200:8080
Applications & Ports Forwarded
IPCamera
TCP 8080 -> 8080
UDP 8080 -> 8080
TCP 554 -> 554
UDP 554 -> 554
TCP 50000-60000 -> 50000-60000
UDP 50000-60000 -> 50000-60000
WAN Connection Type
All Broadband Devices
Status
Active
Now the problem is when I type my real IP address: 108.XX.XXX.37:8080 (from inside the network it pulls up the Fios router login page and when I pull it up outside the network I get page not found. This isnt any different then I had previously done on my Netgear router, but I must be missing something on this actiontec one. Any suggestions?
Thanks
Solved!
Go to Solution.Howie411 wrote:
The IP Camera company requires you to port forward port 80 (switched to 8080) 554 and 50000-60000.
So I set up Portforwarding on the router like this:
Networked Computer / Device
192.168.1.200:8080
Applications & Ports Forwarded
IPCamera
TCP 8080 -> 8080
UDP 8080 -> 8080
TCP 554 -> 554
UDP 554 -> 554
TCP 50000-60000 -> 50000-60000
UDP 50000-60000 -> 50000-60000
WAN Connection Type
All Broadband Devices
Status
Active
Now the problem is when I type my real IP address: 108.XX.XXX.37:8080 (from inside the network it pulls up the Fios router login page and when I pull it up outside the network I get page not found. This isnt any different then I had previously done on my Netgear router, but I must be missing something on this actiontec one. Any suggestions?
Thanks
No port on the ip address
Networked Computer / Device
192.168.1.200
should say tcp any on the left side of the arrow in all cases
TCP any -> 8080
UDP any -> 8080
etc -
New network/port forwarding questions
I just replaced my Airport Extreme with a 1TB TC and set up a primary network (AirNett) and a Guest network (Guest). I added Port Mapping entries for my computers (running Tiger), SlingBoxes and ReplayTVs (which are all ethernet-connected) and I have 1 laptop running Leopard and 1 running Tiger. We also have 2 iPhones.
The wired devices all seem to connect just fine. Occasionally, there is a delay in the connection (30 sec-1 min), but once it connects, they seem to stay connected.
The laptops take too long to connect to the AirNett network. If they do connect, it seems that the connection comes and goes. The iPhones have yet to connect to AirNett.
The Guest network serves all the wireless devices just fine, BUT, it does not allow connections to the Port Forwarding devices.
So, 2 issues... any ideas about :
1) why my primary network (AirNett) is not working properly for my wireless devices and
2) why my Guest network does not allow the Port Forwarding connections.
TIA for any suggestions.
ScottThat was my point - all my lan ports that use port 80 can point at port 80, and long as the WAN ports point at something else. The trouble is, I am restricted to only using 80,81 and 443 on the LAN side, which limits me to 3 (not counting 8080 for my routers web gui)
So that means with my two web cams and web gui on my NAS drive, I am unable to log into any other web interfaces on my LAN, unless I log into my router first, disable one port forward and enable another (using the same WAN port of 80 or 81) - which is doable but a PITA..
This is what is looks like on the router:
For example, if I change the port from field for the "tranmission" entry to anything but 80 or 81, it will not work, so if I want to get into my torrent gui on my NAS drive I have to disable "cam1" and enable "transmission"
I checked with my ISP and they are not blocking any ports, so I'm not sure how to get around this, unless I can serve up a page that shows feeds from more than one camera and serve it from one source, ie my router or NAS drive. -
Port Forwarding Question - Detailed
Hi,
I hate wasting people's time, so I will give you very detailed information.
So here's an overview of the network. I have a WRT54G with V4.21 firmware on it. I also have a WRE54G Range Expander. Both are secured. We have 3 desktops, 2 laptops, and some game consoles hooked up to the wireless internet, with nothing connected with an ethernet cable (all wireless).
A friend and myself want to play an online game, which requires one person to be a server, and one to be a client. He doesn't have access to his network configurations, so I will end up being the server.
I have setup port forwarding, and the program gives me a Socket Error of 10061 - Connection was refused forcefully.
The port is 1001 that we need open.
I have checked with my ISP, and have found that they are not blocking any ports, so I know that is not an issue.
If I hook the computer up directly to the modem, it works fine, so it is definitely a forwarding issue.
I have DHCP turned off on the computer, my local IP address is 192.168.1.106
My port forwarding settings look like this.
Application: (Blank... but I have used other names during tests)
Start: 1001
End: 1001
Protocol: Both (I have also tried TCP and UDP individually)
IP Address: 192.168.1.106 (my static IP address)
Enabled: True
I have also tried turning the SPI Firewall Protection off, as well as Block Anonymous Internet Requests.
The IP address that the person is using to connect to the computer with is my router's IP address (which is propagated directly from the modem). With the port 1001. This is the same combination used when the computer is hooked up directly to the modem, however with it behind the router, the forwarding just doesn't seem to handle the forward.
I have tried it with Windows Firewall turned off, as well as my Norton AV.
I have also created exceptions and completely opened port 1001 in Windows Firewall just in case.
I've also tried just simply restarting the computer.
I'm tapped out of ideas... can anyone else suggest anything?
Message Edited by Joker_69 on 05-13-2008 01:53 AMAlright, I went through the checklist, and every single step in the checklist checked out, except for connecting from outside the LAN. I can connect to the server through 192.168.1.150:1001, but not through xxx.xxx.96.215:1001.
Here are all settings that have been changed (everything else should be assumed to be default values):
Wireless/Security:
Security Mode: WEP
Default Transmit Key: 1
WEP Encryption: 128 bits 26 hex digits
Passphrase: Have been set
Key 1, 2, 3, 4: Have been set
Security/Firewall:
Firewall Protection: Disable
Block Anonymous Internet Requests: False
Filter Multicast: True
Filter Internet NAT Redirection: False
Filter IDENT(Port 113): True
Applications & Gaming/Port Range Forward:
Application: (no name given)
Start: 1001
End: 1001
Protocol: Both (TCP & UDP)
IP Address: 192.168.1.150
Enable: True
Now, here is the Status Page of the Router:
Firmware Version: v4.21.1, Nov. 6, 2006
Current Time: Tue, 13 May 2008 23:47:26
MAC Address: xx:xx:xx:02:11:F5
Router Name: WRT54G
Host Name:
Domain Name:
Login Type: Automatic Configuration - DHCP
IP Address: xxx.xxx.96.215
Subnet Mask: 255.255.192.0
Default Gateway: xxx.xxx.64.254
DNS 1: xxx.xxx.133.68
DNS 2: xxx.xxx.133.100
DNS 3:
MTU: 1500
Here is the copy from ipconfig /all (with IP's blocked out):
Windows IP Configuration
Host Name . . . . . . . . . . . . : xxxxx-xxxxxxxxx
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Wireless-B PCI Adapter
Physical Address. . . . . . . . . : xx-xx-xx-0D-39-EC
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : xxx.xx.133.68
xxx.xxx.133.100
Here is my netstat -an:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5051 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5101 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7501 0.0.0.0:0 LISTENING
TCP 0.0.0.0:21159 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1045 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3668 127.0.0.1:3669 ESTABLISHED
TCP 127.0.0.1:3669 127.0.0.1:3668 ESTABLISHED
TCP 127.0.0.1:3670 127.0.0.1:3671 ESTABLISHED
TCP 127.0.0.1:3671 127.0.0.1:3670 ESTABLISHED
TCP 192.168.1.150:139 0.0.0.0:0 LISTENING
TCP 192.168.1.150:4153 xxx.xxx.193.131:119 ESTABLISHED
TCP 192.168.1.150:4156 xxx.xxx.233.145:5050 ESTABLISHED
TCP 192.168.1.150:4170 xxx.xxx.107.81:1863 ESTABLISHED
TCP 192.168.1.150:4949 xxx.xxx.207.191:80 CLOSE_WAIT
TCP 192.168.1.150:4950 xxx.xxx.223.191:80 CLOSE_WAIT
TCP 192.168.1.150:4951 xxx.xxx.139.166:80 CLOSE_WAIT
TCP 192.168.1.150:4952 xxx.xxx.139.166:80 CLOSE_WAIT
TCP 192.168.1.150:4953 xxx.xxx.255.103:80 CLOSE_WAIT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1048 *:*
UDP 0.0.0.0:1050 *:*
UDP 0.0.0.0:1166 *:*
UDP 0.0.0.0:1178 *:*
UDP 0.0.0.0:1802 *:*
UDP 0.0.0.0:1803 *:*
UDP 0.0.0.0:1804 *:*
UDP 0.0.0.0:1805 *:*
UDP 0.0.0.0:1806 *:*
UDP 0.0.0.0:3456 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5051 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:2089 *:*
UDP 127.0.0.1:2111 *:*
UDP 127.0.0.1:3459 *:*
UDP 192.168.1.150:9 *:*
UDP 192.168.1.150:123 *:*
UDP 192.168.1.150:137 *:*
UDP 192.168.1.150:138 *:*
UDP 192.168.1.150:1900 *:*
UDP 192.168.1.150:4160 *:*
UDP 192.168.1.150:4161 *:*
UDP 192.168.1.150:4163 *:*
UDP 192.168.1.150:4164 *:*
UDP 192.168.1.150:8163 *:*
UDP 192.168.1.150:39358 *:*
The sixth one down from the top looks like it is working properly.
Let me know what you think .
Message Edited by Joker_69 on 05-14-2008 12:01 AM -
Simple Port Forwarding Question
Sorry if this has been asked and answered many times before but I I've been at this for hours and I'm getting nowhere.
We have a Cisco 861 router. I've taken over the IT responsibilities from someone else and I'm just trying to forward TCP/UDP ports 5899 and 9010 to our server. I can access the server using Remote Desktop so I can see the previous IT person has gotten that far. Below is the output of our "Running Configuration".
I can see the line "ip port-map user-protocol--4 port tcp 3389" but I can't figure out how to add my own 5899 and 9010 lines.
I'm using the Cisco Configuration Professional UI but I don't have a problem using the command line interface if I'm sure I have the right commands to input. I started adding an extended rule using the ACL Editor in CCP but I'm afraid to deliver the changes to the router because it doesn't look anything like the "ip port-map user-protocol--4 port tcp 3389" line.
Here is the information generated from the ACL editor (again, I haven't delivered it to the router):
ip access-list extended user-protocol--05
remark Radmin5899
remark CCP_ACL Category=1
remark Radmin5899
permit tcp any host 10.10.10.10 eq 5899
exit
I don't think the ACL output is correct because I don't see the public IP.
How do I create a cusom ip port-map like the ones listed in the "Running Configuration"?
Any help would be greatly appreciated.
Kevin G
Running Configuration:
Building configuration...
Current configuration : 10177 bytes
! Last configuration change at 09:45:33 PCTime Fri Feb 21 2014 by admin
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Summit
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$q6Ct$Wo7VDTQAbAL7BjYEvSXvJ/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1582036946
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1582036946
revocation-check none
rsakeypair TP-self-signed-1582036946
crypto pki certificate chain TP-self-signed-1582036946
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353832 30333639 3436301E 170D3933 30333031 30303030
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35383230
33363934 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A98F 75C0DEE6 FA35B0D2 3F42C711 3E622144 312E5DEC 8A721820 1E25EDCB
A8F10958 4DE48A8D AF5C0297 92526567 DCCCECC8 165C7A66 9CFF76C1 E8083FE2
807FD489 4A8EEF92 5528F079 F069690E 3F3A269B 4D948A32 E9F556B0 5AE8DC1A
9F753D60 58E0A298 1D1045C2 641D5976 E857FAE8 C853CF31 24356154 828F98E2
913D0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 1153756D 6D69742E 73706D63 2E6C6F63 616C301F 0603551D
23041830 16801436 F9B786F7 EB0AE78E DE16D0D8 EED4E8D5 E4679830 1D060355
1D0E0416 041436F9 B786F7EB 0AE78EDE 16D0D8EE D4E8D5E4 6798300D 06092A86
4886F70D 01010405 00038181 007B2A5E E5180062 70FD14E5 A1B9C29D C20C99D4
5897D077 B4F4250E 6788CF79 4640E214 C112724B 7EB04A9D 0754956E 2D5AF34A
0C1D1A6E 86AC0E07 FFFBEC66 B8DA4E35 E05B2AA9 F8FD084C A23A2E21 A92C409E
9AA9C45A F2B406BC E123869A 2989FBDD 65E96A95 8D6CB6C9 BAF33F75 19999CB3
4F8613BB 40251384 2D30F8A1 82
quit
no ip source-route
ip port-map user-protocol--2 port tcp 100
ip port-map user-protocol--1 port tcp 101
ip port-map user-protocol--4 port tcp 3389
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp pool spmcpool
network 10.10.10.0 255.255.255.0
domain-name spmc.local
dns-server 10.10.10.10 8.8.8.8
default-router 10.10.10.1
ip cef
no ip bootp server
no ip domain lookup
ip domain name spmc.local
license udi pid CISCO861-K9 sn FTX1446810J
username admin privilege 15 secret 5 $1$W2UZ$IvcuhFV2mkG0u/RI.XwUN0
username spmc privilege 15 secret 5 $1$P88u$ZEG5RuEVxxAaTXW3BQ1q3/
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 104
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-http-1
match access-group 102
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 103
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all sdm-nat-smtp-1
match access-group 102
match protocol smtp
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all sdm-nat-https-1
match access-group 102
match protocol https
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Internet$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address 66.x.x.x 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
interface Vlan1
description LAN$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip default-gateway 66.x.x.x
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
ip nat inside source list 3 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.100 100 66.x.x.x 100 extendable
ip nat inside source static tcp 10.10.10.101 101 66.x.x.x 101 extendable
ip nat inside source static tcp 10.10.10.10 25 66.x.x.x 25 extendable
ip nat inside source static tcp 10.10.10.10 80 66.x.x.x 80 extendable
ip nat inside source static tcp 10.10.10.10 443 66.x.x.x 443 extendable
ip nat inside source static tcp 10.10.10.10 3389 66.x.x.x 3389 extendable
ip nat inside source static tcp 10.10.10.10 5899 66.x.x.x 5899 extendable
ip nat inside source static tcp 10.10.10.10 9010 66.x.x.x 9010 extendable
ip nat inside source static udp 10.10.10.10 9010 66.x.x.x 9010 extendable
ip nat inside source static 10.10.10.10 66.x.x.x
ip route 0.0.0.0 0.0.0.0 FastEthernet4 66.x.x.x
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.10.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.10.101
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.10.100
no cdp run
snmp-server community agsl RO
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
endTurns out, through some quirk of either Java, IE or CCP, the "Port to Application Mappings" page was blank. I added the necessary application protocol and it worked for opening a port I needed open on the server. Even with the screen blank I could click on the blank area in different spots and the "Edit..." button would become available. For whatever reason, whenever I go into CCP now, the page is no longer blank.
I'm having a different problem now with opening ports for our camera DVR. I'll start a new thread for that.
Thanks for the help. -
I have a WCG200 with a WRT310N router attached. I'm attempting to forward a few single ports across to one of the clients on the router. I seem to be unable to forward the ports to the clients on the wireless. Do I need to forward the ports from the Gateway to the Router then to the Client. Any ideas?
As you have 2 Wireless router, so you issue is NAT behind NAT. I think you can try to Open the ports on Both the router and check if it working or not. Who is your ISP. If it dosent work then you need to bypass anyone of your router and open the ports on your router, and i think this might solve your problem.
-
WRT54G ver 6 Port forwarding question
Howdy... I just purchased the WRT54G ver 6 router to replace my old wired one that was fried after losing power one night... plugged into a $60 surge protector... but I digress... I have 2 PCs plugged into this router... neither are wireless. I host a website and so I setup the router to forward port 80 to the webserver... The loading of images has become incredibly slow. Probably 3 to 4 Xs as slow as the old router... If I plug my cable modem into the pc direct it seems fine, so I dont see a bandwidth issue or upload problem... Seems to be at the router and more specific where the router is forwarding the request. Has anyone run into this? Are there settings on the router somewhere that I can tweak?
Try to lower your MTU settings.
"When you have eliminated the impossible, whatever remains, however improbable, must be the truth." -
Port Forwarding and Printing with Static IP Address
Hey there -
I am trying to setup a network printer that can be printed to from anywhere in the world. My organization has 5 static IP addresses given to us by our ISP. Four of those I have on computers, and one of them I have on my Linksys router (WRT54G v.8).
What I want to do is be able to setup a printer on my router that I can print to from anywhere I have an internet connection. My wireless router's static IP address is 74.172.54.XXX - The address on my network is 192.168.7.1 - I have a printer statically assigned the IP address 192.168.7.2 - and I have a port forwarding for port 70 to forward to 192.168.7.2
In theory, I would think that now I could print to 74.172.54.XXX:70 and have no problems. But that doesn't seem to be working. Even printing to 192.168.7.1:70 doesn't seem to work either.
Also, the printer has a web GUI interface that if I type http://192.168.7.1/ into my browser it comes up, so in theory I would think typing http://74.172.54.XXX:70 into my browser it should come up (but it doesn't nor does http://192.168.7.1:70).
Anybody got any suggestions? I tried to do a search about this, but ever Port Forwarding question seemed to deal with gaming (which I have no desire to do). Thanks!
I will include two screen snapshots of what I am talking about:
Thanks for any help.Is the router setup to accept static connections?
I have my router set up to accept both, so from 192.168.1.100 to 192.168.1.192 the addresses are static the other addresses are given by DHCP.
If you do not define a range and the address your laptop has as static IP conflicts with the address given by DHCP your loose ... as in you get no address.
Set up of that feature may depend on your type of router but usually any decent router will have that capability ... read your manual for specifics about your unit.
Best of luck.
R.
Last edited by ralvez (2009-12-10 00:08:50) -
Home Hub 3 Port Forwarding Issue - Question to BT
Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?
As i work in IT (Cisco Network Eng) i need to be able to access several devices/services at home and this is a real pain for me. If you think that this could drag on as some posts have indicated could you please let me know and i will either get a draytek or throw in a cisco 1841.
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknownrequiem wrote:
Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?.........
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknown
Hi Dean
By the look of it you've got the type B version of the HH3 with current firmware.
From http://bt.custhelp.com/app/answers/detail/a_id/13073
The latest versions of the firmware are:
BT Home Hub 3 – Software version 4.7.5.1.83.8.57.1.3 (Type A) or V100R001C01B031SP09_L_B
Please Click On any Text in Blue as that automatically links to information.
PC (NDEGR) -
Port Forward and IP address question
I am configuring my father's computer so that I can "see" his screen. He's on a different network, using a mac with a wireless router. He enables remote desktop login, I use Chicken of the VNC software on my mac to see and control his computer.
Here's my question, when I set up his router to forward the ports so this will work, do I use the ports for apple remote desktop or VNC? (The ports overlap (5900) but are different.)
Also, which IP address do I enter into Chicken of the VNC? His router IP, his static IP that we assigned or his computer's IP.
Thanks for the help,
Robok, but in his prefs for apple remote desktop, it gives the static IP address that we set as the address other people can use, so... any thoughts?
You use that private address if you are in the same subnet as his Mac. That is the address you enter into the port forwarding settings on the router because the router needs to send requests received on the public IP address to that unreachable private IP address.
When you are on the internet, you can't reach that private IP address. -
Combo unix ssh port forwarding + iChatAV + Bonjour question
I don't know which forum is best for this question, so thought I'd try here first.
I've been tossing around the idea of picking up a couple of iSights and running iChatAV. Problem is, if I understand this correctly, iChatAV uses a couple of ports for connections to third-party servers: AOL buddy server or Jabber server, a port for something called snatmap, a port for SIP, and some other stuff. Plus, it requires that you open up nearly 20 ports on your network for the AV traffic! (I get nervous just having my non-standard ports for smtp and ssh open, and my imaps port open (which is another issue -- anybody know how to change imaps port 993 to a non-standard port if running uw-imap server?) It doesn't look like iChatAV can, normally, operate by "calling up" an IP address or hostname...it always has to set up calls using AOL or Jabber...unless, perhaps, the destination iSight/iChatAV is on your own Bonjour-capable subnet.
So, I'm thinking, what if a calling party created a ssh tunnel and port-forwarded the dozens of UDP and couple of TCP ports over a ssh tunnel, as a lengthy list of port forward options like "-L 5297:localhost:5297 -L ...", (assuming that the forwarding host, to whom the caller ssh's, is the same computer that is running iChatAV, hence, the remote host specification in the "-L" option of "localhost"). Would the caller then be able to treat the connection like Bonjour networking and when he calls localhost on his end of the circuit, it "bonjours" to the called hostname's localhost and thus a peer-to-peer connection would be made?
Or perhaps a reverse port forward tunnel ("-R" options) could be set up in advance by the "to-be-called" party, and then the calling party initiates a iChatAV call as a "same-subnet-as-calling-computer-via-Bonjour" type of call?
I'm just kicking around some thoughts here; I don't know enough about the intricacies of iChatAV and Bonjour (and ssh) to really know all the "gotchas" and I'd like to get the planning done with a high degree of confidence of success before I plunk out $300 on two iSights.
If the general concensus of the group moderator and others on this forum is that this question should be posted in another forum, I apologize, and I'll move, but I thought that the ssh tunneling nature of my inquiry (and my unrelated side question about how to change 993 to a non-standard port) made this forum the obvious, and best, choice.
Thanks in advance for any thoughts on these issues!
2001 Quicksilver G4 Mac OS X (10.4.5)No, you can't do what you describe. You have to use port forwarding on the router for any incoming connections, and each port forward rule can only map to a single server/service.
However, SSH has the ability to tunnel other connections, so it may be possible to remove one or more of the existing port forwarding rules and replace them with a SSH rule, then use SSH tunneling to get to those services. Of course, this will only work for services that only you (or other authorized users) need to access, and not public services such as web/http traffic (assuming you're running a public web site).
The only other option would be to replace your router with one that doesn't have such a strict limit on the number of port forwarding rules. -
Homehub Port Forwarding trouble. (Terraria)
Hey everyone, yet more problems with my HH2. This time port forwarding is being very weird.
Im tryng to set up a terraria home server (its a video game on PC for those who don't know) and it requires TCP and UDP port 7777 to be open.
I followed this guide: http://portforward.com/english/routers/port_forwarding/BT/BTHomeHub2/Terraria.htm to try and set it up.
I then downloaded portforward.com's program which checks to see if your ports are open, and heres the weird thing, TCP 7777 wont connect however UDP 7777 will connect. So I tried it with port UDP and TCP ports 7776 and 7778 and in this case both the TCP and UDP ports work fine for 7778 and 7776. I've triple checked to make sure I've not mistyped but as far as Im aware its correct. Any ideas what might be causing this?
[EDIT] turns out my firewall is to blame, god I feel silly now
Aut inveniam viam aut faciamIf you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’
-
Cisco 5520 ASA Port Forward to Endian Firewall VPN Question
Hello,
We have had a VPN operational on our Endian Firewall which uses OpenVPN server on port number 1194. We recently purchased a Cisco 5520 ASA to put in front of our Endian Firewall and I am still hoping to use our current Endian Firewall VPN server. So I am thinking the easiest way to make this happen is to port forward all vpn traffic through the ASA to our Endian Firewall to access the VPN. Anyhow, I am just hoping someone with higher knowledge can let me know if this is the best course of action or if there is another easier or more efficient way of doing this?
Thanks for your comments in advance I am new to cisco technology,
JoeWrong forum, post in "Secuirity - Firewalling". You can move your posting with the Actions panel on the right.
-
Question about port forwarding 2 xbox 360s to get rid of NAT on one of them
I have a xbox 360 with the official xbox 360 wireless antenna that is already set up for port forwarding and my NAT is fine. My brother has a xbox 360 and he has a NAT problem but he doesn't have a official xbox 360 wireless antenna, he hooked up his laptop to his xbox 360 via ethernet cable and is using his laptops wireless card for the connection and he gets a NAT error when he tests his connection to xbox live. Is it possible to port forward 2 xbox's? I'm sure I have to set up some type of static IP for him but the thing is that I'm not sure what IP address to assign to him. If it is possible, would he have to use a static IP address on his laptop since he's using that for a wireless connection? If this is at all possible could someone post some step-by-step instructions on how I should set this up? Below I will give you what I have set up for my xbox 360 to open up my NAT I just want to know what static IP I can use for him. Can I use just any numbers?
In my port forwarding tab in my wireless modem I have the following:
and in my xbox i have the following settings:
IP address: 192.168.1.20
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Primary DNS: 4.2.2.2
Secondary DNS: 192.168.1.1
I have all that entered for myself and my xbox NAT is open. I just need to set up his xbox if it is at all possible. Please help!!!
P.S. My router is a WRT54GS v2.0 with updated firmware, just incase you need that info.
Message Edited by nourotherleft on 01-08-2009 03:20 PMok that still didn't help me.... he still has a NAT problem.... I don't....I went to port triggering and added the ports that you described but it didn't open his NAT... If the connection is going through his laptop(acting like the xbox 360's wireless antenna) wouldn't either his laptop or his xbox need a static ip? because I had to set up my xbox manually with the following addresses:
ip: 192.168.1.20
subnet mask: 255.255.255.0
default gateway: 192.168.1.1
primary dns: 4.2.2.2
secondary dns: 192.168.1.1
so in essence wouldn't his laptop need to be configured with some kind of static ip or something? because if he puts in what I just stated into his xbox it wont connect at all because I guess the ip's are conflicting....so what do I do now?
Maybe you are looking for
-
I have some music content in my itunes library that I do not want to sync with my ipod touch. The content has previously been synced and I want to remove it without deleting it from my itunes library. Is this possible?
-
This copy of Windows is not genuine
This message keeps showing up on desktop, and goes away after clicking on Computer properties where it shows that it's already activated.
-
Error message on Mac After Effects CC2014. I've seen other threads but wondering if this can be explained in layperson's terms and if there is troubleshooting to prevent? Last log message was: <140735235891584> <ae.blitpipe> <2> HardwareBlitpipe Dise
-
ITunes Quit Unexpectedly (as does Safari and Mail)
I have been having trouble recently with iTunes quitting unexpectedly when opening or shortly after opening. I've tried recreating the library as detailed in the FAQ in this forum, but it crashed again when trying to import the iTunes Library.xml fil
-
The question of getting CAD/CAM drawings into FrameMaker pops up regularly in the FrameMaker forum. If you have anything to add, please visit the "FAQ Corrections and Suggestions" topic and post your thoughts there.