Port Forwarding without nat

Similar Messages

• Port Forwarding ? NAT Error ? Azureus.

  Ok My I book G4 is hardwired to the internet (not wireless). I am using my Ibook with airport as a "software router" to provide my MACMini with wireless internet.
  So my Ibook isnt Receiving wireless it is Sending a wireless signal to my mac mini.
  The internet on my mini works fine, as well as messenger ect.
  The problem i am having is that i keep getting NAT errors in a P2P sharing program called Azureus. I have had wireless working fine on this mini before, with no NAT errors, but that was when i was using a wireless hub.
  I have since gotten rid of the wireless hub because i thought it was redundant because i could just use this ibook as a wireless "software router" so that my mini could "leech" of the signal that is directly plugged into the modem (cable).
  Before i got rid of the Router all was good.
  Now i cant upload anything to my peers cause i keep getting nat errors.
  My firewalls arent on on either computer so im not really sure if im just out of luck or if its some other issue.
  I believe all my ports are open and such, i dont know, all was good with the router but since i have used the Ibook as a software router all has gone to poop.
  Anyone please....

  Who is your internet service provider is that cable or DSL connection
  Please let  me know so that Acoordingly we can decide whether we should go for port range triggering or port range forwarding

• NAT port forwarding

  I have recently purchased a Cisco 871 router. In the GUI from the installed software, I have been able to configure which ports are forwarded to a specified IP address within my local area network.
  This seems to output a configuration line like this:
  ip nat inside source static tcp 192.168.1.123 1000 interface Dialer0 1000
  However, I can only do this one port at a time. Is there a function or command that I can use to specify a range of ports? For example, I would like to forward tcp ports 1000-2300 to the IP address 192.168.1.123.
  Any help would be appreciated.
  (p.s: I think I posted in the wrong Topic previously)

  Hi
  I own a 2621xm which I have used for port forwarding with NAT overload. from what I can see your options are to forward a port onto the address of your NATed interface with the command:
  ip nat inside source static (tcp/udp) your.inside.ip.address portnumber your.interface.ip.address externalportnumber
  eg
  ip nat inside source static tcp 192.168.1.43 22 194.41.66.2 8022
  would allow me to reach 192.168.1.43 port 22 from outside using 8022 or whatever port you specify in the command.
  alternatively you could change the interface address to one in the same network so that it is seen as a different devicewith a different ip that only has the forwarded port open.
  the final way would be to forward the entire inside address to a new external ip address for example if you have a 192.168.0.0 /24 NATed to 194.41.66.0 /24 through an interface with an ip of 194.41.66.2 you could run the folowing command:
  ip nat inside source static 192.168.1.43 194.41.66.43
  allowing you to communicate with that host as if there was no NAT. from here you can use the access-list feature to close ports that you don't need.
  Hope this helps!
  Barry

• Are "Back to my MAC" and "Port Forwarding" mutually exclusive?

  I have been using APExtreme and Port Forwarding successfully for several weeks now. The PF is to allow access to game players on a PC which acts as a server on the web. All Good.
  One more thing, I have a ISP provided wireless modem/router to talk to the cable and the world. It seems to work either bridged or un-bridged.
  I have disabled the wireless on the ISP's modem/router. (Actually the ISP's device doesn't hold a candle to the APE.)
  Still all good.
  So the firewall is on in the APExtreme and none on the modem router, and I have a port defined for my gamers to get access to my server in the APExtreme.
  I now want to implement Back to my MAC on my MBP and my other Apple devices. I believe these use iCloud for which I have an account and it seems to be working well with my iPhone.
  In Properties, when I select BtmM, iCloud says communications will be slow if I have port forwarding on. Also I will not be able to use the router function in my Modem/router.
  I'd really like to have the modem/router firewall up, and do the port forwarding there, but the BtmM will likely not get through.
  So what does anyone suggest?
  Can I use BtmM and port forwarding without too much degradation?
  Please advise.
  Thanks
  Barry

  To best answer your question on whether the two are "mutually exclusive," let take a look at how Back to My Mac (BTMM) basically works.
  BTMM - General Requirements
  OS X Leopard 10.7.3+
  Active iCloud account. Each Mac & the AirPort router, that will be relying on BTMM, needs to be configured with the same account.
  A publicly reachable IP address for your router.
  A router that supports either NAT-PMP or UPnP. For AirPorts, be sure it is running 7.6.1+ firmware.
  BTMM uses TCP port 5354 and UDP ports 4500 & 5353 for communications.
  BTMM - Basic Communication Flow
  For a computer connected to the Internet via a router, BTMM "asks" the router for its configuration information. For a router, like your AirPort, that uses NAT-PMP, BTMM will ask the router to assign arbitrary public ports. In turn, the router will provide these port assignments (& the router's Public IP address) back to BTMM.
  BTMM then sends this information to the iCloud account. In background iCloud updates a special set of DNS entries to be used by BTMM. These entries are then made available to all BTMM clients using your iCloud account. When a computer, with BTMM enabled, uses your iCloud credentials, it automatically retrieves a list of all other computers/routers that are registered with the same account. All these devices should then appear under the SHARED section of the Finder.
  When attempting to connect to a remote computer (or router), BTMM creates a secure connection to that remote device using the information from the iCloud account.
  Once the connection is established, the devices can then communicate with each other.
  So potentially, unless you are using Port Mapping for any of the ports BTMM uses, they should not conflict.

• Port Forward in Cisco series 800

  Dear Support
  below the configuration of Cisco Series 800 Router that Has VDSL  port of internet , the configuration as below : 
  i add three command
  what is required in order to make port forward
  ip nat inside source static tcp  8000 10.10.10.10 8000 dilar 0
  ip nat inside source static tcp 554  10.10.10.10 554 dilar 0
  ip access list extended 100
  permit ip any any
  what is required to make port forward to the local ip address 10.10.10.10 from outside interface that is VDSL port ?
  ! Last configuration change at 10:47:44 KSA Wed Apr 22 2015 by aamalsup
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime
  service password-encryption
  hostname AamalNet
  boot-start-marker
  boot-end-marker
  logging buffered 51200 warnings
  enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0
  enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/
  enable secret 5 $1$plq6$P5HVL/tR81cs0GFDrD.0V/
  aaa new-model
  aaa authentication login default local
  aaa authentication login sdm_vpn_xauth_ml_1 local
  aaa authentication login sdm_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network sdm_vpn_group_ml_1 local
  aaa session-id common
  clock timezone KSA 3 0
  crypto pki trustpoint TP-self-signed-1682106276
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1682106276
   revocation-check none
   rsakeypair TP-self-signed-1682106276
  crypto pki certificate chain TP-self-signed-1682106276
   certificate self-signed 02
    30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31363832 31303632 3736301E 170D3032 30333031 30303038
    35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36383231
    30363237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100C2F3 49897460 71FEB259 7794B7C6 D398958A 2D338F0F C69F0E75 1137B16C
    C261A275 8416DAF6 FC19AA6E 50024019 66CE4DB8 3AFAB6FE CE892B42 86A93490
    97259E47 D740B2F4 9AA2D307 7B676841 2CAAA879 D945A6FD 717B507F 77399332
    1644CEDE 884BF133 ACFBBC80 9869A104 54CC3EEE 9D521378 EC762D86 C3F0ABC9
    CA990203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
    551D1104 1C301A82 18417761 6C416D61 6C792E61 77616C6E 65742E6E 65742E73
    61301F06 03551D23 04183016 80149ADD A651C9F9 F8369354 5C904777 090FEB75
    72E0301D 0603551D 0E041604 149ADDA6 51C9F9F8 3693545C 90477709 0FEB7572
    E0300D06 092A8648 86F70D01 01040500 03818100 50ACCA98 1A5FCCAD FC61D703
    A8589B02 AFB8CD47 BD1CC7B0 B095C97F AA0604A8 F8495053 C8A9CBB9 644F5674
    318A7AA0 873250AD 1DE28CE2 BE21ED19 BF212CF7 E2A97CFB FFA62F1E 643CEDFE
    90D02109 719FD4D3 98E6C40B D61CE89C D2426C1E 3CBD9FBE 397F7F7C F1DD279E
    14F8BB2D ABFA784B 6E04274B EDCBFC8F A805E91D
        quit
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.10.10.1
  ip dhcp excluded-address 10.10.11.1
  ip dhcp pool lan
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 212.93.192.4 212.93.192.5
   lease 0 2
  ip dhcp pool wireless
   import all
   network 10.10.11.0 255.255.255.0
   default-router 10.10.11.1
   dns-server 212.93.192.4 212.93.192.5
   lease 0 2
  no ip domain lookup
  ip domain name aamal.net.sa
  ip name-server 212.93.192.4
  ip name-server 212.93.192.5
  no ipv6 cef
  cwmp agent
   enable download
   enable
   session retry limit 10
   management server password 7 094D4308151612001D05072F
   management server url http://aamalservice.aamal.net.sa:9090
  license udi pid C887VA-W-E-K9 sn FCZ17459018
  archive
   log config
    hidekeys
  username k privilege 15 password 7 020D
  username admin privilege 15 password 7 14161606050A
  controller VDSL 0
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2
  crypto isakmp client configuration group aamalnet
   key aamalnet
   dns 212.93.192.4 212.93.192.5
   include-local-lan
   dhcp server 10.10.10.1
   max-users 10
   netmask 255.255.255.0
  crypto isakmp profile sdm-ike-profile-1
     match identity group aamalnet
     client authentication list sdm_vpn_xauth_ml_2
     isakmp authorization list sdm_vpn_group_ml_1
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
   mode tunnel
  crypto ipsec profile SDM_Profile1
   set security-association idle-time 60
   set transform-set ESP-3DES-SHA
   set isakmp-profile sdm-ike-profile-1
  bridge irb
  interface ATM0
   no ip address
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   pvc 0/35
    pppoe-client dial-pool-number 1
  interface Ethernet0
   no ip address
   shutdown
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   no ip address
  interface FastEthernet2
   no ip address
  interface FastEthernet3
   no ip address
  interface Virtual-Template1 type tunnel
   ip unnumbered Dialer0
   tunnel mode ipsec ipv4
   tunnel protection ipsec profile SDM_Profile1
  interface Wlan-GigabitEthernet0
   description Internal switch interface connecting to the embedded AP
   switchport mode trunk
   no ip address
  interface wlan-ap0
   description Embedded Service module interface to manage the embedded AP
   ip unnumbered Vlan1
  interface Vlan1
   description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
   ip address 10.10.10.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1452
  interface Vlan2
   no ip address
   bridge-group 2
  interface Dialer0
   ip address negotiated
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap callin
   ppp chap hostname [email protected]
   ppp chap password 7 0007145E2E5A05522E1858
   no cdp enable
  interface BVI2
   ip address 10.10.11.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 1 remark SDM_ACL Category=2
  access-list 1 permit 10.10.10.0 0.0.0.255
  access-list 1 permit 10.10.11.0 0.0.0.255
  access-list 23 permit 212.93.196.0 0.0.0.255
  access-list 23 permit 212.93.192.0 0.0.0.255
  access-list 23 permit 212.93.193.0 0.0.0.255
  access-list 23 permit 10.10.10.0 0.0.0.255
  access-list 23 permit 10.10.11.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  snmp-server community private RW
  snmp-server community public RO
  bridge 1 protocol ieee
  bridge 1 route ip
  bridge 2 protocol ieee
  bridge 2 route ip
  privilege interface level 5 encapsulation
  privilege interface level 5 description
  privilege interface level 5 no encapsulation
  privilege interface level 5 no description
  privilege interface level 5 no
  privilege configure level 5 ip route
  privilege configure level 5 interface
  privilege configure level 5 controller
  privilege configure level 5 ip
  privilege exec level 5 copy running-config tftp
  privilege exec level 5 copy running-config
  privilege exec level 5 copy
  privilege exec level 5 write memory
  privilege exec level 5 write
  privilege exec level 5 configure terminal
  privilege exec level 5 configure
  privilege exec level 5 show processes cpu
  privilege exec level 5 show processes
  privilege exec level 2 show running-config
  privilege exec level 5 show configuration
  privilege exec level 2 show
  privilege exec level 5 clear counters
  privilege exec level 5 clear
  banner exec
  CC
  % Password expiration warning.
  Cisco Router and Security Device Manager (SDM) is installed on this device and
  it provides the default username "cisco" for  one-time use. If you have already
  used the username "cisco" to login to the router and your IOS image supports the
  "one-time" user option, then this username has already expired. You will not be
  able to login to the router with this username after you exit this session.
  It is strongly suggested that you create a new username with a privilege level
  of 15 using the following command.
  username <myuser> privilege 15 secret 0 <mypassword>
  Replace <myuser> and <mypassword> with the username and password you want to
  use.
  banner login
  CC
  ********STC AamalNet Service****************************************
  ********Authorize Access Only. For more Support Call 909************
  line con 0
   privilege level 15
   no modem enable
  line aux 0
  line 2
   no activation-character
   no exec
   transport preferred none
   transport input all
   stopbits 1
  line vty 0 4
   access-class 23 in
   privilege level 2
   transport input telnet ssh
  scheduler max-task-time 5000
  scheduler allocate 20000 1000
  end

  Hello,
  Sure.
  What version are you running?
  Regards,

• Port Forward: Conflicts with all of them.

  A bit about me: I am an IT professional 20+ years so I know how to port forward
  Situation:
  I had a Actiontec Gen1 router. A technician came out the other day and tried to resolve an upload speed issue. As a result, he replaced the ONT and the Router to a Gen2. He got it all up and running and left. My issue started 20 minutes after he left -- when I sat down to reestablish my port forwards.
  When I tryed creating my first port forward, I got a warning message about a conflict. I looked at the list and all I had were 3 preset entries:
  --Localhost                               TCP Any -> 4567
  --192.168.1.100:63145          Application - TCP Any -> Any
  --192.168.1.100:63145          Application - TCP Any -> 1
  Now, I have done port forwards a lot with my previous router so I was a bit taken back. I did a factory restore on the router and tried to create another port forward - still conflicts.
  I knew something was up so I called Verizon. A tech didn't get anywhere so they put me on the phone with Actiontec. They had me try to create a port forward and got the same results. They said the router was corrupt and to have Verizon send me another.
  I got the new router in today. While the tech was setting it up in the basement, I quickly tried to create a port forward on it and it worked. I was excited and waited for him to connected it to the WAN. Once he did his thing and established outside connectivity, I tried to create another port forward, and it failed. I asked him to give me back my original Gen1 router so I could use it to troubleshoot. He did with the rule that I call him when I was done.
  I got Verizon back on the line and they couldn't help. They then got me on the phone with Actiontec. A couple hours later, they still had no answer. One thing we found though was that they were also not able to connect remotely. They tried 443 and 8080 - nothing worked. I also found that I was able to create UDP port forwards - they worked fine but as soon as I tried any TCP ports, the always came back with a conflict.
  Actiontec said the issue was with Verizon and that I should work with them again, so I called Verizon.
  I got a great tech who was really going the extra mile instead of giving me the infamous "We don't support that". He too couldn't access the router remotely and we tried just about anything under the sun. For giggles, we decided to put my old Gen1 router back in place. He wanted to reset it to factory defaults so we did. I took a screen capture of my original port forwards though first. When we restored it, it was also stating that there is a conflict when I created a new port forward.
  I took a look at my screen capture of my original Gen1 router (this is the one that was originally working over the last year) and I noticed that its 192.168.1.100 entry was set to go to Application - UDP any -> 63146. After resetting it to factory default, Verizon is now setting it to the two setting I documented above.
  So now I am questioning Verizons settings that they are pushing down to the router.
  My next step was to disconnect it from the WAN completely, do a factory reset and see if I can create a port forward. After doing that test, I was able to create port forwards - TCP, UDP -- they all entered without a conflict. As soon as I connected the router to the WAN and Verizon pushed their settings, it broke again.
  The technician did all he could. It is Sunday today and the higher tier techs do not work on Sundays so he said he will have them contact me tomorrow. I sure hope they can resolve this!
  So this is the deal:
  -Go into your router and try to create a port forward. Pick anyone from the list that includes a TCP port. If you get a message stating there is a conflict, you are most likely in the same boat as I. I would bet anything that Verzion cannot access your router remotely too.
  -If you ARE able to create tcp port forwards, then I would highly suggest that you do not do a factory reset. When doing so, I would bet anything that you will no longer be able to create those forwards.
  -if you are able to port forward fine, do me a favor and tell me what your 192.168.1.100 port forwards are that Verizon throws in there. If I were to bet, I would bet that the ones that work are set for Application - UDP any -> 63146; If they don't work, I would bet that they are set to:
  --192.168.1.100:63145          Application - TCP Any -> Any
  --192.168.1.100:63145          Application - TCP Any -> 1
  Anyway, that is my story. I spent a whole weekend with Verizon and I am still not working. Any data from the community will be helpful. I want to know if this is a global issue or if it is only affecting me. I have had this happen with 3 routers, 1 gen1 and 2 gen2's.
  Thanks for your help in advance.
  Solved!
  Go to Solution.

  Finally - a solution. *wipes brow*
  First off, I want to state that the networking group located in the Syracuse - all the other tech need to visit them for a week and learn:
  - How to talk to a customer (what to say and not to say)
  - How routers work, how they can be configured, and what they are capable of. Basically, learn a bit about networking.
  - Listen to the customer - they may know more than you.
  Anyway, thank you very much Syracuse Team!
  While working with the tech (this guy was awesome and actually listened to me about the automatic port forwards that were appearing from Verizon), he decided to to use the RJ45 network WAN connection in addition the COAX. My setup was setup to only use the COAX connection - it's been that way for over a year now.
  The tech turned set it up so that my data was going through the RJ45 and the TV was going through the COAX. When he did this and we reset the router to factory, the Verizon forwarded ports were no longer showing up and as a result, I was able to create ports at will without conflict.
  So beware all of you who are setup to only use the COAX connection. It appears that one of my set top boxes was now throwing in the port forwards that I noted in the original post and those were screwing everything up. Go figure that, eh? I wonder who said that some 14 tech hours ago?
  Anyway - if you are unable to create port forwards without a conflict error, call up Verizon and tell them the issue. If they act like they never heard this, tell them about my situation and that adding the RJ45 connection in addition the COAX is the solution. Just make sure you reset your router to factory when they are done or else those odd port forwards won't clear.
  Peace out and good luck!

• Port forwarding, NAT, SSH and Transmission.

  A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
  That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
  Now for the results:
  $ nmap -sT xx.xxx.xx.xx
  Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
  Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  Host is up (0.038s latency).
  Not shown: 996 closed ports
  PORT STATE SERVICE
  22/tcp filtered ssh
  53/tcp open domain
  80/tcp open http
  9091/tcp filtered unknown
  Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
  SSH shows the true problem:
  $ ssh neal@xxxxxxxx
  ssh: connect to host xxxxxxxx port 22: Connection timed out
  SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
  My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
  TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
  Is there something I'm missing here?
  Thanks in advance,
  Neal van Veen.

  by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
  as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
  on the above ssh and nmap scans, did u use your lan ip, or your public ip.

• Port forwarding, NAT, QoS..

  I have a LinkSys E3000, but I'm having mad problems with QoS & port forwarding. I've tried the following:
  Port range forwarding, from port 53 to 3074, to the IP of my xbox. My understanding is that it opens all ports in that range. Moderate NAT.
  Single port forwarding, 53, 80, 88, 3074 (all both UPD & TCP - and the ports it says to open on portfoward.com), to the IP of my xbox. Moderate NAT.
  DMZ, putting the IP of my Xbox in the DMZ. Moderate NAT.
  DMZ, putting the MAC address of my Xbox in the DMZ. Moderate NAT.
  I've no idea why none of the above work? I've also set the QoS to give my Xbox high priority (it is another option under Gaming & Applications alongside Port range forwarding, port forwarding, DMZ), so I doubt that is working either.
  The only thing that gives me open NAT is if i have uPnP enabled (none of the above have any effect at all), but the connection is very dodgy. Voice chat is choppy, bit of lag in game, even when I'm the only one using an 8Mb connection (it was fine on a basic netgear router before, when no one else was on, but now I can't even get that far). I believe it should work without uPnP and with the above options I've set.
  Even if the lag is sorted, it doesn't even begin to solve the QoS problem that I bought the router to fix.

  Who is your internet service provider is that cable or DSL connection
  Please let  me know so that Acoordingly we can decide whether we should go for port range triggering or port range forwarding

• Question about port forwarding 2 xbox 360s to get rid of NAT on one of them

  I have a xbox 360 with the official xbox 360 wireless antenna that is already set up for port forwarding and my NAT is fine.  My brother has a xbox 360 and he has a NAT problem but he doesn't have a official xbox 360 wireless antenna, he hooked up his laptop to his xbox 360 via ethernet cable and is using his laptops wireless card for the connection and he gets a NAT error when he tests his connection to xbox live.  Is it possible to port forward 2 xbox's?  I'm sure I have to set up some type of static IP for him but the thing is that I'm not sure what IP address to assign to him.  If it is possible, would he have to use a static IP address on his laptop since he's using that for a wireless connection?  If this is at all possible could someone post some step-by-step instructions on how I should set this up?  Below I will give you what I have set up for my xbox 360 to open up my NAT I just want to know what static IP I can use for him.  Can I use just any numbers?
  In my port forwarding tab in my wireless modem I have the following:
  and in my xbox i have the following settings:
  IP address: 192.168.1.20
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  Primary DNS: 4.2.2.2
  Secondary DNS: 192.168.1.1
  I have all that entered for myself and my xbox NAT is open.  I just need to set up his xbox if it is at all possible.  Please help!!!
  P.S. My router is a WRT54GS v2.0 with updated firmware, just incase you need that info.
  Message Edited by nourotherleft on 01-08-2009 03:20 PM

  ok that still didn't help me.... he still has a NAT problem.... I don't....I went to port triggering and added the ports that you described but it didn't open his NAT... If the connection is going through his laptop(acting like the xbox 360's wireless antenna) wouldn't either his laptop or his xbox need a static ip? because I had to set up my xbox manually with the following addresses:
  ip: 192.168.1.20
  subnet mask: 255.255.255.0
  default gateway: 192.168.1.1
  primary dns: 4.2.2.2
  secondary dns: 192.168.1.1
  so in essence wouldn't his laptop need to be configured with some kind of static ip or something? because if he puts in what I just stated into his xbox it wont connect at all because I guess the ip's are conflicting....so what do I do now?

• NAT Port Forwarding Issues

  I am running a Mac Mini Server with 10.6.4 and have just the Firewall and NAT services running on this computer at this time.
  I have two ethernet connections on this computer. One is the built in adapter (en0) and the other is the Apple USB 100mbit adapter (en2). The en2 adapter is plugged into the internet gateway from my ISP with a static addresss (something like 333.333.333.1) and the en0 adapter is connected to my switch with an internal address (something like 10.0.0.1). I can go out to the internet from the computer and also see it from my internal network, which means that from a network prospective, it is properly configured.
  I enabled the NAT service with the Server Admin tool by clicking the "IP Forwarding and Network Address Translation (NAT)" radio button. I selected the USB Ethernet from the "External network interface" and checked the "Enable NAT Port Mapping Protocol" from the options.
  After that I followed the directions of adding the following lines to my natd.plist from the /etc/nat/ directory:
  <array>
  <dict>
  <key>proto</key>
  <string>tcp</string>
  <key>targetIP</key>
  <string>10.0.0.123</string>
  <key>targetPortRange</key>
  <string>80</string>
  <key>aliasIP</key>
  <string>333.33.333.1</string>
  <key>aliasPortRange</key>
  <string>80</string>
  </dict>
  </array>
  I also left the top part of the plist file as such:
  <key>clamp_mss</key>
  <true/>
  <key>deny_incoming</key>
  <false/>
  <key>dynamic</key>
  <true/>
  <key>enable_natportmap</key>
  <true/>
  <key>interface</key>
  <string>en2</string>
  <key>log</key>
  <true/>
  <key>log_denied</key>
  <false/>
  <key>natportmap_interface</key>
  <string>en2</string>
  <key>proxy_only</key>
  <false/>
  <key>reverse</key>
  <false/>
  <key>same_ports</key>
  <true/>
  <key>unregistered_only</key>
  <true/>
  <key>use_sockets</key>
  <true/>
  The section I added is correctly located directly above the final </dict></plist>.
  Unfortunately, this does not work and according to the directions from Apple this is exactly how you are supposed to be able to enable port forwarding. I have also opened up the port 80 on my firewall to allow incoming requests. When I go to the external IP address for that server it just sits and waits forever and nothing is resolved.
  If someone has experience with this issue please advise.

  Gateway configurations are problematic with Mac OS X Server.
  (There are many previous discussions around the forums.)
  Getting this to work is fussy, at best.
  You can also end up with ports unexpectedly open.
  An external firewall is usually the easiest choice.

• NAT port-forwarding and WAN side IP addresses

  I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
  When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
  Client ----> AE ----> FTP-SERVER
  130.129.12.3 76.99.89.3 10.0.1.2
  Log states client connected
  from IP: 76.99.89.3
  My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
  Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
  I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.

  Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
  This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
  Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
  jmj

• Port Forwarding a Range in UC540 NAT

  Hi all,
  I am trying to forward a range of ports (55736-55863 for Synology  Surveillance Station) from the WAN interface to an internal IP on a Cisco UC540.  I'm not great with the CLI so I generally stick to CCA but right now I'm not even sure it's possible with the CLI.
  I've found this tutorial online: http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/
  The first step in the tutorial is to setup a NAT IP Pool (which I *can* do in CCA) but unfortunately, the tutorial tells me to use the IP address of the internal device I want to foward the range of ports to but CCA (and its documentation) tells that the IP address must be on the same subnet as the WAN IP address?
  I tried following the tutorial anyway by telnetting in to the UC540 and entering the following via the CLI:
  UC540 config t
  UC540 ip nat pool PORTFWD 192.168.12.121 192.168.12.121 netmask 255.255.255.0 type rotary
  UC540 access-list 121 permit udp any any range 55736 55863
  UC540 ip nat inside destination list 121 pool PORTFWD
  I can now see the 121 access list in CCA, although it has no Interface or Direction assigned to it?
  Does anyone know if this is possible?  I really don't fancy setting up 127 entries in the NAT table!
  Thanks in advance everyone!

  The range isn't going to work in CCA.  As you are probably aware, CCA has limits to what it can do, even if something can be done in the CLI.
  That being said, I think this is a better write up on how to do this:
  http://ping8888.com/2014/01/21/cisco-ios-port-forwarding-pat/

• WRT320N. Port forwarding help. Xbox and ps3 playing at same time. NAT issues

  Hi
  I'm trying to have both my xbox and ps3 play with open NAT's for online gaming. I have had success utilizing info from 'portforward.com'. But the solutions will unlock OPEN NAT for either the ps3 or the xbox .. one at a time. Is there a way to get both to be open?
  It seems like one main conflict is the success depends on both utilizing port 3074. But I can't have both use it? ( obviously).
  I tried port forwarding the xbox per specs off of this forum and that works great.. And DMZ ing the PS3. But like i said before. Most solutions
  leave one console with OPEN and one with Moderate.
  Is there a solution that allows both NAT OPEN's on both consoles? 

  First of all XBOX works on a different port number and PS3 works on a different port numbers. Follow the steps below to open the ports on your router for XBOX and PS3. 
  Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave Username blank & in Password use admin in lower case...
   This settings are for your XBOX.
  On the set-up tab change the MTU Size to 1365 and click Save Settings...
  Click on "Administration" tab and disable the option UPnP and click Save Settings...
  Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
  1) On the first line in Application box type in ABC, in the start box type in 53 and End box type in 3074, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box, click Save Settings once done...
  2) Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
  3)Click on the Status tab and take note of DNS1 and DNS2 Addresses...
  4) Goto the XBox Network Settings and IP Address Settings and select manual IP Settings and assign the following on your Xbox IP Address :- 192.168.1.20, Subnet Mask :- 255.255.255.0, Default Gateway :- 192.168.1.1...
  5) Also assign the DNS Addresses on the Xbox Use DNS1 and DNS2 Addresses you took note off of the router status tab as Primary DNS & Secondary DNS for the xbox...
  6) Turn off your modem, router, and Xbox...Wait for a minute...
  7) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the Xbox and test it...it will connect...
  For PS3 Follow the steps below
  Click on "Administration" tab and disable the option UPnP and click Save Settings...
  Once you return to the set up page click on the Security tab and uncheck Block Anonymous Internet Requests and click on Save Settings...
  Click on "Applications and Gaming" tab and then click on "Port Range Forwarding" subtab...
  1) On the first line in Application box type in ABC, in the start box type in 80 and End box type in 80, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  2) On the second line in Application box type in DEF, in the start box type in 443 and End box type in 443, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  3) On the third line in Application box type in GHI, in the start box type in 5223 and End box type in 5223, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  4) On the fourth line in Application box type in JKL, in the start box type in 3478 and End box type in 3479, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  5) On the fifth line in Application box type in MNO, in the start box type in 3658 and End box type in 3658, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box...
  6) On the sixth line in Application box type in PQR, in the start box type in 10070 and End box type in 10080, leave the protocol as both and under ip address type in 192.168.1.20 and check the enable box and click on Save Settings
  7) Now assign the given ip address on your PlayStation ip address :- 192.168.1.20, subnet mask :- 255.255.255.0, default gateway :- 192.168.1.1...
  8) Also assign the dns addresses on the PlayStation Primary dns :- 4.2.2.2...Secondary dns :- 192.168.1.1
  9) Turn off your modem, router, and PlayStation...Wait for a minute...
  10) Plug the modem power first, wait for another minute and plug the router power cable, wait another minute and turn on the PlayStation and test it...

• Wrt160nv2 xbox strict NAT port forwarding/port triggering

  I am having trouble stabalizing my NAT on 2 Xboxes. They are both connected to the wrt160nv2 with ethernet cables and I don't know whether I need to do port forwarding or port triggering. Right now, I am using port range triggering, triggered range 53 to 3074 and forwarded range 53 to 3074, and under Setup, MTU size is 1452. I got that off of another post on here but I think they were trying to set it up for an ethernet cable and wireless. I just need to know what to do since both Xboxes are using ethernet cables so both Xboxes can have open NATs.

  No need to forward/trigger any ports on the router . Sometimes 2 gaming consoles do not work on a router.
  You can try to upgrade the firmware on the router , reset it and reconfigure .

• NAT / Port Forwarding WRV200

  Hi, I would like to access a Digital Video Recorder (192.168.3.200 port 12088) from the internet (Telenet/Belgium). I'm using a Cisco/Linksys WRV200 (192.168.3.254) to access the internet. I can access the WRV200 remotely (from Internet) and I've created following port forwards: Port 8016-8016 >>> 192.168.3.200 Port 12088-12088 >>> 192.168.3.200 Connecting to the DVR internally is working fine but accessing the DVR from the outside doesn't work for some reason. Any suggestions?
  Solved!
  Go to Solution.

  These products are being handled by the Cisco Small Business Support Community. (URL: https://supportforums.cisco.com/community/netpro/small-business )