Two VLAN's port forwarding to one, problem
Hi all
This is my first ever Cisco router for forgive me, if this is a simple matter, but I have spent the entire weekend trying to figure this out - with no luck.
My employer has provided me with a Cisco 871W router for my homeoffice.
The router is pre-configured with two VLANs and BVIs; VLAN1 (BVI1) and VLAN2 (BVI2) for home and office connection on two different subnets (192.168.1.0 and 192.168.0.0).
My office connection is secured with IPSec or something similar - I have not that much insight in that aspect.
The configuration works for normal internet access (www, mail etc) on both networks, and the tunneling to my workplace works fint too.
My problem is that I would like to open up some ports for gaming etc. on the "home"-part of the configuration, but I cannot seems to get that to work.
The attached configuration is my current running configuration, which contains some of my trials on getting this to work, so it might look a bit odd.
If anyone could help me, I would appreciate it.
Regards
Jesper Lauridsen
Hi,
By the looks of it, you have an extended access list called 'outside_access_in' applied to your outside interface fa4.
You would have to add a rule to this access list allowing the port in question.
You would then need a static NAT entry that would map the port to the internal host.
For instance, if you had a rule to allow port 80 like this:
permit tcp any any eq www
You would also need a NAT entry like this:
ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet4 80
Assuming that 192.168.0.10 was the client PC.
Similar Messages
-
Two VLANs on same Switch with NAT problem.
Hello all.
I have few cisco devices at home that i am using to study from. I am using for now on this little setup a 2620XM and a 3500XL Switch. I have two vlans setup on the switch VLan10 and VLan20 using router on a stick. I have setup the inside and outside interfaces. I have the fa1/0 as my outside with a dhcp address of 192.168.1.10. I have also setup my internet router to see networks 172.20.0.0/24 and 172.20.1.0/24. I am able to ping back and forth from 192.168.1.0/24 to both networks. The issue comes when i try to apply NAT. I have tried two different setups and both have failed. I have two ping windows open on my PC on the 192.168.1.0/24 side both hitting vlan 10 and 20. Once i applied either Nat solution i lose ping on one vlan while still pinging the other, but both vlans can't go out to the internet. Below is the NAT solutions i have tried below. Also running config for both router and switch. If anybody can i assist i would really appreciate it.
NAT Solution 1
ip nat pool INET 192.168.1.10 192.168.1.10 netmask 255.255.255.0
ip nat inside source list 1 pool INET overload
access-list 1 permit any
NAT Solution 2
ip nat inside source list 100 interface fa1/0 overload
access-list 100 permit ip any any
Router config
R1#sh run
Building configuration...
Current configuration : 1470 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname R1
boot-start-marker
boot-end-marker
enable secret
no aaa new-model
ip subnet-zero
ip cef
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.5
encapsulation dot1Q 5 native
ip address 172.16.1.6 255.255.255.248
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.20.0.254 255.255.255.0
ip nat inside
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.20.1.254 255.255.255.0
ip nat inside
interface Serial0/0
no ip address
shutdown
interface Serial0/1
no ip address
shutdown
interface Serial0/2
no ip address
shutdown
interface Serial0/3
no ip address
shutdown
interface FastEthernet1/0
ip address dhcp
ip nat outside
duplex auto
speed auto
no cdp enable
router ospf 1
log-adjacency-changes
network 172.16.1.0 0.0.0.7 area 0
network 172.20.0.0 0.0.0.255 area 0
network 172.20.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
no ip http server
ip classless
line con 0
exec-timeout 0 0
password
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 0 0
password
logging synchronous
login
line vty 5 181
exec-timeout 0 0
password
logging synchronous
login
end
Switch Config
SW1#sh run
Building configuration...
Current configuration:
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname SW1
ip subnet-zero
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport trunk allowed vlan 1,5,10,20,1002-1005
switchport mode trunk
interface FastEthernet0/2
interface FastEthernet0/3
interface FastEthernet0/4
switchport access vlan 10
interface FastEthernet0/5
switchport access vlan 10
interface FastEthernet0/6
switchport access vlan 10
interface FastEthernet0/7
switchport access vlan 10
interface FastEthernet0/8
switchport access vlan 10
interface FastEthernet0/9
switchport access vlan 10
interface FastEthernet0/10
switchport access vlan 10
interface FastEthernet0/11
switchport access vlan 10
interface FastEthernet0/12
switchport access vlan 20
interface FastEthernet0/13
switchport access vlan 20
interface FastEthernet0/14
switchport access vlan 20
interface FastEthernet0/15
switchport access vlan 20
interface FastEthernet0/16
switchport access vlan 20
interface FastEthernet0/17
switchport access vlan 20
interface FastEthernet0/18
switchport access vlan 20
interface FastEthernet0/19
switchport access vlan 20
interface FastEthernet0/20
switchport access vlan 20
interface FastEthernet0/21
switchport access vlan 20
interface FastEthernet0/22
switchport access vlan 20
interface FastEthernet0/23
shutdown
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/24
shutdown
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/1
interface GigabitEthernet0/2
interface VLAN1
no ip address
no ip directed-broadcast
no ip route-cache
shutdown
interface VLAN5
ip address 172.16.1.1 255.255.255.248
no ip directed-broadcast
no ip route-cache
ip default-gateway 172.16.1.6
line con 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
endYou need to change your acl because NAT doesn't usually work with "any" as the source.
I tend to use extended acls so -
access-list 101 permit 172.20.0.0 255.255.255.0 any
access-list 101 permit 172.20.1.0 255.255.255.0 any
and then use your second solution ie. overload on the interface.
If you find you cannot ping between your vlans then you need to modify the above acl to deny traffic between the vlans/IP subnets then permit any as above but it should work without doing that.
Jon -
Port Forwarding & Access List Problems
Good morning all,
I am trying to set up port forwarding for a Webserver we have hosted here on ip: 192.168.0.250 - I have set up access lists, and port forwarding configurations and I can not seem to access the server from outside the network. . I've included my config file below, any help would be greatly appreciated! I've researched a lot lately but I'm still learning. Side note: I've replaced the external ip address with 1.1.1.1.
I've added the bold lines in the config file below in hopes to forward port 80 to 192.168.0.250 to no avail. You may notice I dont have access-list 102 that i created on any interfaces. This is because whenever I add it to FastEthernet0/0, our internal network loses connection to the internet.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname pantera-office
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$JP.D$6Oky5ZhtpOAbNT7fLyosy/
aaa new-model
aaa authentication login default local
aaa session-id common
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.150
ip dhcp excluded-address 192.168.0.251 192.168.0.254
ip dhcp pool private
import all
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.0.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name network.local
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-4211276024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4211276024
revocation-check none
rsakeypair TP-self-signed-4211276024
crypto pki certificate chain TP-self-signed-4211276024
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323131 32373630 3234301E 170D3132 30383232 32303535
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313132
37363032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B381 8073BAC2 C322B5F5 F9595F43 E0BE1A27 FED75A75 68DFC6DD 4C062626
31BFC71F 2C2EF48C BEC8991F 2FEEA980 EA5BC766 FEBEA679 58F15020 C5D04881
1D6DFA74 B49E233A 8D702553 1F748DB5 38FDA3E6 2A5DDB36 0D069EF7 528FEAA4
93C5FA11 FBBF9EA8 485DBF88 0E49DF51 F5F9ED11 9CF90FD4 4A4E572C D6BE8A96
D61B0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 82217061 6E746572 612D6F66 66696365 2E70616E 74657261
746F6F6C 732E6C6F 63616C30 1F060355 1D230418 30168014 31F245F1 7E3CECEF
41FC9A27 62BD24CE F01819CD 301D0603 551D0E04 16041431 F245F17E 3CECEF41
FC9A2762 BD24CEF0 1819CD30 0D06092A 864886F7 0D010104 05000381 8100604D
14B9B30B D2CE4AC1 4E09C4B5 E58C9751 11119867 C30C7FDF 7A02BDE0 79EB7944
82D93E04 3D674AF7 E27D3B24 D081E689 87AD255F B6431F94 36B0D61D C6F37703
E2D0BE60 3117C0EC 71BB919A 2CF77604 F7DCD499 EA3D6DD5 AB3019CA C1521F79
D77A2692 DCD84674 202DFC97 D765ECC4 4D0FA1B7 0A00475B FD1B7288 12E8
quit
username pantera privilege 15 password 0 XXXX
username aneuron privilege 15 password 0 XXXX
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxx address 2.2.2.2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 2.2.2.2
set peer 2.2.2.2
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0/0
description $ETH-WAN$
ip address 2.2.2.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface Serial0/0/0
no ip address
shutdown
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.1.1.1
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.0.254 20 1.1.1.1 20 extendable
ip nat inside source static tcp 192.168.0.254 21 1.1.1.1 21 extendable
ip nat inside source static tcp 192.168.0.252 22 1.1.1.1 22 extendable
ip nat inside source static tcp 192.168.0.252 25 1.1.1.1 25 extendable
ip nat inside source static tcp 192.168.0.250 80 1.1.1.1 80 extendable
ip nat inside source static tcp 192.168.0.252 110 1.1.1.1 110 extendable
ip nat inside source static tcp 192.168.0.250 443 1.1.1.1 443 extendable
ip nat inside source static tcp 192.168.0.252 587 1.1.1.1 587 extendable
ip nat inside source static tcp 192.168.0.252 995 1.1.1.1 995 extendable
ip nat inside source static tcp 192.168.0.252 8080 1.1.1.1 8080 extendable
ip nat inside source static tcp 192.168.0.249 8096 1.1.1.1 8096 extendable
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 remark Web Server ACL
access-list 102 permit tcp any any
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps envmon
snmp-server enable traps flash insertion removal
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps bgp
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps ipsla
snmp-server enable traps rf
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
line con 0
logging synchronous
line aux 0
line vty 0 4
scheduler allocate 20000 1000
end
Any/All help is greatly appreciated! I'm sorry if I sound like a newby!
-EvanHello,
According to the config you posted 2.2.2.2 is your wan ip address and 1.1.1.1 is the next hop address for your wan connection. The ip nat configuration for port forwarding should look like
Ip nat inside source static tcp 192.168.0.250 80 2.2.2.2 80
If your provider assigns you a dynamic ipv4 address to the wan interface you can use
Ip nat inside source static tcp 192.168.0.250 80 interface fastethernet0/0 80
Verify the settings with show ip nat translation.
Your access list 102 permits only tcp traffic. If you apply the acl to an interface dns won't work anymore (and all other udp traffic). You might want to use a statefull firewall solution like cbac or zbf combined with an inbound acl on the wan interface.
Best Regards
Lukasz -
Port forwarding problems with WRT610N v2 + WAG54GS v1.0
Background:
I have a WAG54GS v1.0 (Annex A) which I was using to handle my home network and my ADSL connection. I bought a WRT610N v2 (which I'll refer to as the router) with the intention that it would replace the networking duties of the WAG54GS (which I'll call the modem), which would be relegated to just handling the Internet connection. Both are running their latest firmware.
I've gotten this configuration to work, but with one problem: I've lost a lot of flexibility in regard to port forwarding. The problem is that the only way I've managed to get the Internet to work is by having the router on 192.168.0.1, and the modem on 192.168.1.1. If I try and have both on 192.168.0.x or 192.168.1.x then connecting to the Internet no longer works under any configuration of options I've tried.
What this means is that when I go to setup port forwarding in the modem, I can only forwards to clients on 192.168.1.x, but the router can only forward to 192.168.0.x. The only things I can get to work are situations where port range triggering can be applied, so only when a connection is made on the relevant port to an external IP, and then that external IP also communicates back on that port. As you may guess this doesn't nearly cover all cases.
Question:
Should it be be possible to have both router and modem on either 192.168.0.x or 192.168.1.x, which would allow port forwarding to work as expected. That should have in theory been possible with the modem's bridge mode except that it's then impossible to configure the PPPoA settings necessary to connect to my ISP.
Or am I going to have to rethink the network layout (i.e. buy a dedicated ADSL modem and fully retire my WAG54GS?)
Solved!
Go to Solution.Actually in the end what I figured out was that as far as my WRT610N was concerned my WAG54GS was my ISP, and that was all it needed to know about the Internet connection. So I set it to connect to the WAG54GS with a static IP, stuck that IP into the WAG54GS's DMZ, and left the WRT610N to handle port forwarding as all devices that connect will do so through that. (Yes, I've disabled the wireless features of the WAG54GS)
I'm reasonably sure I tried the combination of settings you've suggested (including moving the WAG54GS off the Internet port of the WRT610N, which I would have wanted to avoid anyway as I have four permanently connected devices anyway) and found it still wouldn't work. And I wasn't trying to set both to 192.168.1.1 at any point, my self-obscured point was that changing only the last block of the IP address failed to work for accessing the Internet. -
RDP PORT FORWARDING ON WRT120N
I'd like to be able to RDP to my home desktop from the office. I used to be able to do this with my OLD Linksys wireless B router by having two entries in the GAMING port forwarding section. One for port 3389 and the other for 65001. I recently installed a new WRT120N and can't for the life of me figure out what/where I need to add these two entries for port forwarding. Can someone please walk me through the process?
Message Edited by SBINDER on 07-07-2009 07:22 AMI think you are missing some setps to enable port forwarding on your router for RDP.
When you login to the Linksys router, Click on "Application and Gamin" tab, and below you need to click on the sub tab "Port Range Forwarding" .
Click Here how to enable Port Forwarding on you Router, Once configured properly i think you should be able to access RDP. -
Port Forwarding and Loopback with HomeHub 3B
There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21. The cure is to set up each port as a separate rule within the same user-defined application.
On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing! You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault. -
How do you set up Port Forwarding for ARD 2.2 in AEB N?
Help,
I'm a novice at Apple Remote Desktop (ARD) - not an IT guy, so it has to be pretty basic and detailed.
How do you set up Port Forwarding for ARD 2.2 on the Apple Airport Extreme BS router, 802.11 N. I have one at each end of the internet connection. At one end I have an Airport Extreme N router with 2 macs and eventually 1 windows XP machine (if I can) that I would like to be able to connect to over the interenet (the clients) and at the other end, I have a Mac with ARD 2.2 installed also with an Airport Extreme N router. Note: Both routers use Static IP addresses and all computers use static IP's internally not through DHCP. What are the settings or directions to do this.
I have read and printed out the directions for Configuration of ARD 3.0 that are posted many times in the ARD discusion group, but it uses a Linksys router ( http://www.starkpr.com/ard.htm posted by Dave Sawyer). The Mac router is different, particularly with the place to set a Private IP address. I'm not sure about alot of things, but especially about the Private IP address, what number do I set it to, the one that is in my Network connections list? It automatically changes to a different number in AE N setup for Port Forwarding (by one) as if it is not suppose to the same?????
Are there any directions available that are as straight forward for the Airport Extreme N router, as the one's that are listed here for the Linksys Router's? ( http://www.starkpr.com/ard.htm )
Any and All help will be greatly appreciated.
P.S. I know I should have 3.0 but bought 2.2 just weeks before 3.0 came out and they would not give me an upgrade price, so I'm waiting for 4.0 to upgrade.
Thanks,
JimTry the following for each AirPort Extreme ...
AEBSn - Port Mapping Setup
To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
1. Reserve a DHCP-provided IP address for the host device.
Internet > DHCP tab
o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
o Description: <enter the desired description of the host device>
o Reserve address by: MAC Address
o Click Continue.
o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
o IPv4 Address: <enter the desired IP address>
o Click Done.
2. Setup Port Mapping on the AEBSn.
Advanced > Port Mapping tab
o Click the "+" (Add) button
o Service: <choose the appropriate service from the Service pop-up menu>
o Public UDP Port(s): 3283
o Public TCP Port(s): 3283
o Private IP Address: <enter the IP address of the host server>
o Private UDP Port(s): 3283
o Private TCP Port(s): 3283
o Click "Continue"
o Click the "+" (Add) button
o Service: <choose the appropriate service from the Service pop-up menu>
o Public UDP Port(s):
o Public TCP Port(s): 5900
o Private IP Address: <enter the IP address of the host server>
o Private UDP Port(s):
o Private TCP Port(s): 5900
o Click "Continue"
o Click the "+" (Add) button
o Service: <choose the appropriate service from the Service pop-up menu>
o Public UDP Port(s):
o Public TCP Port(s): 5988
o Private IP Address: <enter the IP address of the host server>
o Private UDP Port(s):
o Private TCP Port(s): 5988
o Click "Continue"
(ref: "Well Known" TCP and UDP ports used by Apple software products) -
Home Hub 3 Port Forwarding (NOT)
Hello World
Ok recived the New Home Hub 3 today, ahead of my Infinity install.
I thought ok lets replace Trusty Home Hub 2 with the 3 as it works both on Std ADSL and Infinity
Super Quick UI and love the GIG port BUT and its a BIGGY (well for ME) !
THe hub is running 4.7.5.1.83.8.48 (TypeA) lastest and greatest, Upnp does work so Xbox works no prob and it can be seen in the FW Log being setup
BUT if you configure port forwarding by hand ie HTTP to 192.168.0.2 DOESNT WORK !!!
I tried using a connected device to forward to and just the IP address BOTH FAIL !
roll back in trusty Hub2 and all work again !
Phoned in and was told after a few minutes on hold (No Problem) to roll back to Home Hub 2 and there should be a Firmware upgrade for the 3 soon to fix this issue.
So now you know if you try it and it doesnt work
Giz
Solved!
Go to Solution.Similar situation here.
I received HomeHub 3 this week. Overall, I am pretty satisfied with the new router. The local networking feels quicker due to the gigabit port (connected to gigabit switch). And the wifi reception is better probably due to the intelligent channel selection.
Similarly, I tried to replicate settings from my old HomeHub 2. I wasn't able to setup port forwarding.
The problem is the router in inaccessible using the external IP address.
I contacted BT Broadband Help desk. I spoke to 2 operators. First told me he would investigate and call me back. Never did. Second told me they were untrained to deal with this sort of queries and suggested speaking to the BT Subscription help line.
So, now I know thanks to you. Waiting anxiously for the patch. Hope it will be out soon.
Slava -
Cannot get port forwarding to work - what am I doing wrong?
Hi All,
I am sure I am doing something wrong, but can't see what. All I need to be able to do is to port forward to one of my virtual machines web port on my file server.
So, scenario is:
Windows 2012 R2 Server. IP address: 10.0.0.2 I have a VM running on there called spatial - it's IP address is 10.0.0.17
Before moving to Windows 2012 R2 server and virtualization - I had multiple servers and to port forward, simply changed the listening port of IIS to another port from standard - say 81. Then in my router, port forwarded web traffic to port 81 on that
server - worked like a charm.
Now however, when I have tried to do the same thing (10.0.0.17 web server listens on port 81) - the page times out. If I leave it at port 80 - the server2012 IIS page answers.
I guess I need to create some sort of gateway on the 2012 server to allow traffic to flow through to port 81 on the VM - but not sure how to? Can anyone help? Is there a simple walk through guide someone has written in order to achieve this -
as I am sure is a very common request. I have googled, but can't find exactly what I am looking for.
thanks.Hi,
The Hyper-V 2012r2 virtual switch have the extension security ability, please use the following PowerShell cmdlet to confirm your IIS vm virtual switch not enable the related
security settings:
Get-VMSwitchExtension -VMSwitchName "virtual switch name"
=================================================
For example:
Get-VMSwitchExtension -VMSwitchName "External network MSFT"
Id
: EA24CD6C-D17A-4348-9190-09F0D5BE83DD
Name
: Microsoft NDIS Capture
Vendor
: Microsoft
Version
: 6.3.9600.16384
ExtensionType
: Monitoring
ParentExtensionId
ParentExtensionName :
SwitchId
: 0686a779-c79c-4fd0-9971-f9eb330ca089
SwitchName
: External network MSFT
Enabled
: False
Running
: False
ComputerName
: SERVERLAB-02
Key
IsDeleted
: False
Id
: E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A
Name
: Microsoft Windows Filtering Platform
Vendor
: Microsoft
Version
: 6.3.9600.17042
ExtensionType
: Filter
ParentExtensionId
ParentExtensionName :
SwitchId
: 0686a779-c79c-4fd0-9971-f9eb330ca089
SwitchName
: External network MSFT
Enabled
: True
Running
: True
ComputerName
: SERVERLAB-02
Key
IsDeleted
: False
===================================================
The related KB:
Create Security Policies with Extended Port Access Control Lists for Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn375962.aspx
Enabling Hyper-V Extensible Switch Extensions
http://msdn.microsoft.com/en-us/library/windows/hardware/hh598144(v=vs.85).aspx
Enumerating Hyper-V Extensible Switch Extensions
http://msdn.microsoft.com/en-us/library/windows/hardware/hh598146(v=vs.85).aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Connections drops with port forwarding
I have a WRT54G v.5 and I recently just set up port forwarding. The problem is that my internet connection drops between every 10 minutes to once an hour. Once I disable port forwarding, the connection works perfectly. Any ideas?
Make sure your router has the latest firmware installed.
Richard Aichner (Ikester) -
App QoS vs Port Forwarding in WRT110
Hello,
What would be better to set in my WRT110 router to make sure my online game gets priority overall: Application QoS or Port Forwarding? I can see the WRT110 has this new feature that I didn't see with my old WRT54GS.
If it is Port Forwarding, which one since there is Single Port and Port Range Forwarding? Now, I must keep the DHCP settings since I'm on laptop and I travel a lot.
Thanks in advanceIf you travel a lot then Single Port Forwarding or Port Range Forwarding are not your options...You need to do Port Triggering...
-
Two VLANs on one switch port?
Currently we have the following
Cat 4003 with VLAN trunking turned on to multiple switches. Each port in those exterior switches is assigned to a vlan(we have about 60 different vlans).
What I would like to do is on those exterior switches have two vlans assigned to it.
We'd like to create a single IP Phone VLAN(let's call it 999) that can span our entire enterprise and would have dhcp deployed on it.
Each port is connected to an IP phone which has a 2 port switch in them. One port to the wall, one to the pc.
The switch ports on those phones support vlan tagging
How would setup an exterior switch to access 2 vlans that connect to 2 port switch on an IP phone?To facilitate ease of deployment, use VTP so that you can centrally create the vlans and propagate to each exterior switch. Now I believe you already do have a layer 3 engine or router that does routing between all these vlans. What switches are used on teh exterior ? This is to find out if voice vlan support is available.
In cat switches, voice vlan is created using command,
set port auxiliaryvlan vlan
In IOS based switches,
int fa0/1
switchport mode trunk
switchport trunk encap dot1q
switchport trunk native vlan
switchport voice vlan
switchport priority cos extend 0
or
int fa0/1
switchport mode access
switchport access vlan
switchport voice vlan
I am not sure about support of voice/aux vlan in 4003. We will have check your other switch models/ software versions to determine support for this command. -
HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone
Hellow all!
I'm want use port-security for ports on my HP 3800. But PC connected
to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
for data - 1 VLAN (native). Cisco phone add self mac-address in these
two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
switchport port-security maximum 3
switchport port-security mac-address pc_mac
switchport port-security mac-address ip_phone_mac
switchport port-security mac-address ip_phone_mac vlan voice
How i can add one mac in two VLAN's on HP 3800 Switch?
Sorry for my English, please ^_^
This topic first appeared in the Spiceworks CommunityHi Kuarzo, please reference the following;
https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300 -
Xbox 360/one problem and port forwarding
For a couple months now (since I got my AirPort Extreme) I have not been able to connect to a certain friend on xbox. I can connect to anybody else however. The only way we can (kind of) connect is if somebody else is host and we both connect to him.
My NAT type is Moderate. When I try to test my connection on my xbox it says that I can connect but I am limited in matchmaking (this is joining games and using voice chat, which is the problem named above for my particular friend). The xbox shows the error and suggests that I enable UPnP or open the port 3074.
The problem is that I have already have! I gave my xbox a static IP and forwarded the port 3074 to that IP.
(I have also tried forwarding all the ports that xbox live uses to the xbox. These being:
Port 88 (UDP)
Port 3074 (UDP and TCP)
Port 53 (UDP and TCP)
Port 80 (TCP)
as found on the xbox website... https://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live
I made sure to put them in the right text boxes for UDP and TCP so that is not the problem either.)
I know that the AirPort Extreme does not support UPnP but does have a similar thing called NAT Port Mapping Protocol which was already enabled. (I tried all possibilities of enabling/disabling NAT...Protocol and port forwarding/not port forwarding.) --- This is not the solution as I see it
In short: My xbox tells me to open port 3074. I already have. It still tells me to open it and still won't work.
I posted this on the apple discussion page (instead of the xbox discussion page) because I know that it's not an xbox problem. When I had my old linksys router it worked perfectly.I have this exact same question and problem. I know this doesn't help, but would appreciate any updated information if you find an answer. I'll keep working on this also and let you know if I find an anwer.
-
I will Paypal you $100 if you can resolve this Port Forward problem
Believe me when I tell you, If you are the person who fixes this problem, I will GLADLY Paypal you $100.
This is so unbelievable. Short story is, after 12 hours of paid support through Support RIX, 6 hours with TWC support, and 4 different modems there isn't a single person in these groups that can get ports forwarded on my Linksys E4200 router.
I am running a fresh copy of windows 7 with all updates and no anti virus installed. I purchased a Motorola ARRIS SURFboard modem 200 series DOCSIS 3.0 so I have no double router issues. Before I was using the TWC moden/routers in bridge mode.
I have no problem setting a static IP or configuring port forwarding. It doesn't matter if I have windows firewall on or off. I can't get an outside port checking website that can verify an open port.
I am trying to play Battlefield 4 using the port forwarding request they provide.
If I run a local port check program on my computer it will confirm the ports open. Ok, Fair enough. They tell me the outside port checking utilities will say the port is closed unless I am running the program that uses these open ports.
SO I run the game and check and it always says port closed. One of the ports I want to open is 80. It has to be open to get internet anyway but it still shows closed using the online port checking websites.
I connected the computer to the modem. No router. I keep getting ports closed or filtered when I check through 6 different port checking sites. Leads me to think their is some kind of block in the ethernet card software.
Its a Realtek PCIe GBE Family controller with a driver date of 8/26/2014. Latest one I could find.
I think its an ethernet card filter. Just my thoughts. Here is the current adapter card settings.
Advanced settings on Ethernet card
Auto Disable Gigabit/ Disabled
Flow Control/ RX & TX Enabled
Green Ethernet/ Enabled
Interrupt Moderation/ Enabled
IPv4 Checksum Offload/ RX & TX Enabled
Jumbo Frame/ Disabled
Large send Offload v2 (IPv4)/ Enabled
Large Send Offload v2 (IPv6)/ Enabled
Network address/ You can check the box for Value and add one. Currently its checked to Not present
Priority & VLAN/ Enabled
Receive buffers/ 512
Receive Side Scaling/ Enabled
Shutdown Wake-on-Lan Enabled
Speed and duplex/ Auto Negotiation
TCP Checksum Offload (IPv4)/ RX & TX Enabled
''''''''''''''''''''''''''''''''''''''(IPv6)/ RX & TX Enabled
Transmit buffers/ 128
UDP Checksum Offload (IPv4) RX & TX Enabled
'''''''''''''''''''''''''''''''''''''''(IPv6) RX & TX Enabled
Wake on Magic Packet/ Enabled
Wake on Pattern match/ Enabled
WOL & Shutdown Link Speed/ 10 Mbps First
I used a port tester downloaded from PCWinTech.com v3.0.0. It says the ports are open. When I close port 80 it says port 80 is closed. My problem is nothing outside my network can confirm an open port. It always states port closed.
The game I am playing is Battlefield-4. I have played all of the campigns without any problem but once online it crashes. The BF-4 community says I need to open 5 single ports and 5 port ranges. This is what I am trying to do.
We have tried an ARRIS router modem, a Ubee router modem (both in bridge mode) and are now using a motorola modem. All with the same problem. We checked the ports during game play and they all say closed.
I will post pictures of my current router settings.What model router do you have?
What Firmware version is currently loaded?
What region are you located?
What is your current model ISP modem your using now?
What ISP Modem service link speeds UP and Down do you have?
Check cable between Modem and Router, swap out to be sure. Link>http://en.wikipedia.org/wiki/CAT6 is recommended.
Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask.
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=88e63d78588142e6bb68e22d7faf2046_Configuring_the_M...
Router and Wired Configurations
Setup DHCP reserved IP addresses for all devices ON the router. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives.
Ensure devices are set to auto obtain an IP address.
If http://en.wikipedia.org/wiki/Ipv6 is an option on the router, select Local Connection Only.
If you set up port forwarding, disable uPnP and test.
When you check for port status, you have to be actively using the port before you scan check as you may get a false negative if your not using the port. If your using the port then check the status, you should get an accurate result.
I would try using Port Range Triggering instead of PF and set up the port as follows for your PC that your gaming with:
0 thru 65535. A bit less hassle to set up then all those different port rules.
PC 3rd Party Security Software Configurations
Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Turn off all devices accept for one wired LAN PC while testing.
Disable any downloading client software managers, i.e. Torrents or similar.
Maybe you are looking for
-
Case When Statement and ORA:01722 Invalid number error
Hi folks, I have posted this under another heading as well under E-business suite so apologies if some you have already seen it but I would really appreciate some help on this one. Any suggestions are most welcome. We are trying to put together a cal
-
How to dynamically set a bounded value for a VO at runtime
Hi all, I am working on a custom page for time card summary, the VO's query like this: select Timecard_Id,.... from timecard_summary where supervisor_id = :1 There is a utility that can retrieve supervisor_id from system, but I don't know how I can s
-
MBA, Thunderbolt and firewire
i am now the happy owner of a MBA 13" 94gb memory)...i cannot expouse how mush i love it.... but i use an 800 firewire drive foe work, i have several VM images on it and use VMware fusion. so heres the question; on my MBP (8gb memory) running the ima
-
Access migration - error handling field default value "=Now()"
Hi All, I'm doing an Access - Oracle Migration. I've exported the structure, captured the model and generated the SQL. When I run the SQL I get: SQL Error: ORA-00907: missing right parenthesis 00907. 00000 - "missing right parenthesis" It looks like
-
Where can I download the latest WLP nightly build?
I need Sunshine build to test. Thanks.