Two VLAN's port forwarding to one, problem

Hi all
This is my first ever Cisco router for forgive me, if this is a simple matter, but I have spent the entire weekend trying to figure this out - with no luck.
My employer has provided me with a Cisco 871W router for my homeoffice.
The router is pre-configured with two VLANs and BVIs; VLAN1 (BVI1) and VLAN2 (BVI2) for home and office connection on two different subnets (192.168.1.0 and 192.168.0.0).
My office connection is secured with IPSec or something similar - I have not that much insight in that aspect.
The configuration works for normal internet access (www, mail etc) on both networks, and the tunneling to my workplace works fint too.
My problem is that I would like to open up some ports for gaming etc. on the "home"-part of the configuration, but I cannot seems to get that to work.
The attached configuration is my current running configuration, which contains some of my trials on getting this to work, so it might look a bit odd.
If anyone could help me, I would appreciate it.
Regards
Jesper Lauridsen

Hi,
By the looks of it, you have an extended access list called 'outside_access_in' applied to your outside interface fa4.
You would have to add a rule to this access list allowing the port in question.
You would then need a static NAT entry that would map the port to the internal host.
For instance, if you had a rule to allow port 80 like this:
permit tcp any any eq www
You would also need a NAT entry like this:
ip nat inside source static tcp 192.168.0.10 80 interface FastEthernet4 80
Assuming that 192.168.0.10 was the client PC.

Similar Messages

  • Two VLANs on same Switch with NAT problem.

    Hello all.
    I have few cisco devices at home that i am using to study from. I am using for now on this little setup a 2620XM and a 3500XL Switch. I have two vlans setup on the switch VLan10 and VLan20 using router on a stick. I have setup the inside and outside interfaces. I have the fa1/0 as my outside with a dhcp address of 192.168.1.10. I have also setup my internet router to see networks 172.20.0.0/24 and 172.20.1.0/24. I am able to ping back and forth from 192.168.1.0/24 to both networks. The issue comes when i try to apply NAT. I have tried two different setups and both have failed. I have two ping windows open on my PC on the 192.168.1.0/24 side both hitting vlan 10 and 20. Once i applied either Nat solution i lose ping on one vlan while still pinging the other, but both vlans can't go out to the internet. Below is the NAT solutions i have tried below. Also running config for both router and switch. If anybody can i assist i would really appreciate it.
    NAT Solution 1
    ip nat pool INET 192.168.1.10 192.168.1.10 netmask 255.255.255.0
    ip nat inside source list 1 pool INET overload
    access-list 1 permit any
    NAT Solution 2
    ip nat inside source list 100 interface fa1/0 overload
    access-list 100 permit ip any any
    Router config
    R1#sh run
    Building configuration...
    Current configuration : 1470 bytes
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname R1
    boot-start-marker
    boot-end-marker
    enable secret
    no aaa new-model
    ip subnet-zero
    ip cef
    interface FastEthernet0/0
     no ip address
     duplex auto
     speed auto
    interface FastEthernet0/0.5
     encapsulation dot1Q 5 native
     ip address 172.16.1.6 255.255.255.248
    interface FastEthernet0/0.10
     encapsulation dot1Q 10
     ip address 172.20.0.254 255.255.255.0
     ip nat inside
    interface FastEthernet0/0.20
     encapsulation dot1Q 20
     ip address 172.20.1.254 255.255.255.0
     ip nat inside
    interface Serial0/0
     no ip address
     shutdown
    interface Serial0/1
     no ip address
     shutdown
    interface Serial0/2
     no ip address
     shutdown
    interface Serial0/3
     no ip address
     shutdown
    interface FastEthernet1/0
     ip address dhcp
     ip nat outside
     duplex auto
     speed auto
     no cdp enable
    router ospf 1
     log-adjacency-changes
     network 172.16.1.0 0.0.0.7 area 0
     network 172.20.0.0 0.0.0.255 area 0
     network 172.20.1.0 0.0.0.255 area 0
     network 192.168.1.0 0.0.0.255 area 0
    no ip http server
    ip classless
    line con 0
     exec-timeout 0 0
     password
     logging synchronous
     login
    line aux 0
    line vty 0 4
     exec-timeout 0 0
     password
     logging synchronous
     login
    line vty 5 181
     exec-timeout 0 0
     password
     logging synchronous
     login
    end
    Switch Config
    SW1#sh run
    Building configuration...
    Current configuration:
    version 12.0
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname SW1
    ip subnet-zero
    interface FastEthernet0/1
     switchport trunk encapsulation dot1q
     switchport trunk native vlan 5
     switchport trunk allowed vlan 1,5,10,20,1002-1005
     switchport mode trunk
    interface FastEthernet0/2
    interface FastEthernet0/3
    interface FastEthernet0/4
     switchport access vlan 10
    interface FastEthernet0/5
     switchport access vlan 10
    interface FastEthernet0/6
     switchport access vlan 10
    interface FastEthernet0/7
     switchport access vlan 10
    interface FastEthernet0/8
     switchport access vlan 10
    interface FastEthernet0/9
     switchport access vlan 10
    interface FastEthernet0/10
     switchport access vlan 10
    interface FastEthernet0/11
     switchport access vlan 10
    interface FastEthernet0/12
     switchport access vlan 20
    interface FastEthernet0/13
     switchport access vlan 20
    interface FastEthernet0/14
     switchport access vlan 20
    interface FastEthernet0/15
     switchport access vlan 20
    interface FastEthernet0/16
     switchport access vlan 20
    interface FastEthernet0/17
     switchport access vlan 20
    interface FastEthernet0/18
     switchport access vlan 20
    interface FastEthernet0/19
     switchport access vlan 20
    interface FastEthernet0/20
     switchport access vlan 20
    interface FastEthernet0/21
     switchport access vlan 20
    interface FastEthernet0/22
     switchport access vlan 20
    interface FastEthernet0/23
     shutdown
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface FastEthernet0/24
     shutdown
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface GigabitEthernet0/1
    interface GigabitEthernet0/2
    interface VLAN1
     no ip address
     no ip directed-broadcast
     no ip route-cache
     shutdown
    interface VLAN5
     ip address 172.16.1.1 255.255.255.248
     no ip directed-broadcast
     no ip route-cache
    ip default-gateway 172.16.1.6
    line con 0
     transport input none
     stopbits 1
    line vty 0 4
     login
    line vty 5 15
     login
    end

    You need to change your acl because NAT doesn't usually work with "any" as the source.
    I tend to use extended acls so -
    access-list 101 permit 172.20.0.0 255.255.255.0 any
    access-list 101 permit 172.20.1.0 255.255.255.0 any
    and then use your second solution ie. overload on the interface.
    If you find you cannot ping between your vlans then you need to modify the above acl to deny traffic between the vlans/IP subnets then permit any as above but it should work without doing that.
    Jon

  • Port Forwarding & Access List Problems

    Good morning all,
    I am trying to set up port forwarding for a Webserver we have hosted here on ip: 192.168.0.250 - I have set up access lists, and port forwarding configurations and I can not seem to access the server from outside the network. . I've included my config file below, any help would be greatly appreciated!  I've researched a lot lately but I'm still learning.  Side note:  I've replaced the external ip address with 1.1.1.1.
    I've added the bold lines in the config file below in hopes to forward port 80 to 192.168.0.250 to no avail.  You may notice I dont have access-list 102 that i created on any interfaces.  This is because whenever I add it to FastEthernet0/0, our internal network loses connection to the internet. 
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname pantera-office
    boot-start-marker
    boot-end-marker
    no logging buffered
    enable secret 5 $1$JP.D$6Oky5ZhtpOAbNT7fLyosy/
    aaa new-model
    aaa authentication login default local
    aaa session-id common
    dot11 syslog
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.0.1 192.168.0.150
    ip dhcp excluded-address 192.168.0.251 192.168.0.254
    ip dhcp pool private
       import all
       network 192.168.0.0 255.255.255.0
       dns-server 8.8.8.8 8.8.4.4 
       default-router 192.168.0.1 
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip domain name network.local
    multilink bundle-name authenticated
    crypto pki trustpoint TP-self-signed-4211276024
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-4211276024
     revocation-check none
     rsakeypair TP-self-signed-4211276024
    crypto pki certificate chain TP-self-signed-4211276024
     certificate self-signed 01
      3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
      69666963 6174652D 34323131 32373630 3234301E 170D3132 30383232 32303535 
      31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32313132 
      37363032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
      8100B381 8073BAC2 C322B5F5 F9595F43 E0BE1A27 FED75A75 68DFC6DD 4C062626 
      31BFC71F 2C2EF48C BEC8991F 2FEEA980 EA5BC766 FEBEA679 58F15020 C5D04881 
      1D6DFA74 B49E233A 8D702553 1F748DB5 38FDA3E6 2A5DDB36 0D069EF7 528FEAA4 
      93C5FA11 FBBF9EA8 485DBF88 0E49DF51 F5F9ED11 9CF90FD4 4A4E572C D6BE8A96 
      D61B0203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06 
      03551D11 04253023 82217061 6E746572 612D6F66 66696365 2E70616E 74657261 
      746F6F6C 732E6C6F 63616C30 1F060355 1D230418 30168014 31F245F1 7E3CECEF 
      41FC9A27 62BD24CE F01819CD 301D0603 551D0E04 16041431 F245F17E 3CECEF41 
      FC9A2762 BD24CEF0 1819CD30 0D06092A 864886F7 0D010104 05000381 8100604D 
      14B9B30B D2CE4AC1 4E09C4B5 E58C9751 11119867 C30C7FDF 7A02BDE0 79EB7944 
      82D93E04 3D674AF7 E27D3B24 D081E689 87AD255F B6431F94 36B0D61D C6F37703 
      E2D0BE60 3117C0EC 71BB919A 2CF77604 F7DCD499 EA3D6DD5 AB3019CA C1521F79 
      D77A2692 DCD84674 202DFC97 D765ECC4 4D0FA1B7 0A00475B FD1B7288 12E8
      quit
    username pantera privilege 15 password 0 XXXX
    username aneuron privilege 15 password 0 XXXX
    archive
     log config
      hidekeys
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp key xxxx address 2.2.2.2
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto map SDM_CMAP_1 1 ipsec-isakmp 
     description Tunnel to 2.2.2.2
     set peer 2.2.2.2
     set transform-set ESP-3DES-SHA 
     match address 100
    interface FastEthernet0/0
     description $ETH-WAN$
     ip address 2.2.2.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
     crypto map SDM_CMAP_1
    interface FastEthernet0/1
     description $ETH-LAN$
     ip address 192.168.0.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     duplex auto
     speed auto
    interface Serial0/0/0
     no ip address
     shutdown
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 1.1.1.1
    no ip http server
    ip http authentication local
    no ip http secure-server
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
    ip nat inside source static tcp 192.168.0.254 20 1.1.1.1 20 extendable
    ip nat inside source static tcp 192.168.0.254 21 1.1.1.1 21 extendable
    ip nat inside source static tcp 192.168.0.252 22 1.1.1.1 22 extendable
    ip nat inside source static tcp 192.168.0.252 25 1.1.1.1 25 extendable
    ip nat inside source static tcp 192.168.0.250 80 1.1.1.1 80 extendable
    ip nat inside source static tcp 192.168.0.252 110 1.1.1.1 110 extendable
    ip nat inside source static tcp 192.168.0.250 443 1.1.1.1 443 extendable
    ip nat inside source static tcp 192.168.0.252 587 1.1.1.1 587 extendable
    ip nat inside source static tcp 192.168.0.252 995 1.1.1.1 995 extendable
    ip nat inside source static tcp 192.168.0.252 8080 1.1.1.1 8080 extendable
    ip nat inside source static tcp 192.168.0.249 8096 1.1.1.1 8096 extendable
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 100 remark CCP_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
    access-list 101 remark CCP_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny   ip 192.168.0.0 0.0.0.255 10.0.100.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark Web Server ACL
    access-list 102 permit tcp any any
    snmp-server community public RO
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps vrrp
    snmp-server enable traps ds1
    snmp-server enable traps tty
    snmp-server enable traps eigrp
    snmp-server enable traps envmon
    snmp-server enable traps flash insertion removal
    snmp-server enable traps icsudsu
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps isdn chan-not-avail
    snmp-server enable traps isdn ietf
    snmp-server enable traps ds0-busyout
    snmp-server enable traps ds1-loopback
    snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
    snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
    snmp-server enable traps disassociate
    snmp-server enable traps deauthenticate
    snmp-server enable traps authenticate-fail
    snmp-server enable traps dot11-qos
    snmp-server enable traps switch-over
    snmp-server enable traps rogue-ap
    snmp-server enable traps wlan-wep
    snmp-server enable traps bgp
    snmp-server enable traps cnpd
    snmp-server enable traps config-copy
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps resource-policy
    snmp-server enable traps event-manager
    snmp-server enable traps frame-relay multilink bundle-mismatch
    snmp-server enable traps frame-relay
    snmp-server enable traps frame-relay subif
    snmp-server enable traps hsrp
    snmp-server enable traps ipmulticast
    snmp-server enable traps msdp
    snmp-server enable traps mvpn
    snmp-server enable traps ospf state-change
    snmp-server enable traps ospf errors
    snmp-server enable traps ospf retransmit
    snmp-server enable traps ospf lsa
    snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
    snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
    snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
    snmp-server enable traps ospf cisco-specific errors
    snmp-server enable traps ospf cisco-specific retransmit
    snmp-server enable traps ospf cisco-specific lsa
    snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
    snmp-server enable traps pppoe
    snmp-server enable traps cpu threshold
    snmp-server enable traps rsvp
    snmp-server enable traps syslog
    snmp-server enable traps l2tun session
    snmp-server enable traps l2tun pseudowire status
    snmp-server enable traps vtp
    snmp-server enable traps aaa_server
    snmp-server enable traps atm subif
    snmp-server enable traps firewall serverstatus
    snmp-server enable traps isakmp policy add
    snmp-server enable traps isakmp policy delete
    snmp-server enable traps isakmp tunnel start
    snmp-server enable traps isakmp tunnel stop
    snmp-server enable traps ipsec cryptomap add
    snmp-server enable traps ipsec cryptomap delete
    snmp-server enable traps ipsec cryptomap attach
    snmp-server enable traps ipsec cryptomap detach
    snmp-server enable traps ipsec tunnel start
    snmp-server enable traps ipsec tunnel stop
    snmp-server enable traps ipsec too-many-sas
    snmp-server enable traps ipsla
    snmp-server enable traps rf
    route-map SDM_RMAP_1 permit 1
     match ip address 101
    control-plane
    line con 0
     logging synchronous
    line aux 0
    line vty 0 4
    scheduler allocate 20000 1000
    end
    Any/All help is greatly appreciated!  I'm sorry if I sound like a newby!
    -Evan

    Hello,
    According to the config you posted 2.2.2.2 is your wan ip address and 1.1.1.1 is the next hop address for your wan connection. The ip nat configuration for port forwarding should look like
    Ip nat inside source static tcp 192.168.0.250 80 2.2.2.2 80
    If your provider assigns you a dynamic ipv4 address to the wan interface you can use
    Ip nat inside source static tcp 192.168.0.250 80 interface fastethernet0/0 80
    Verify the settings with show ip nat translation.
    Your access list 102 permits only tcp traffic. If you apply the acl to an interface dns won't work anymore (and all other udp traffic). You might want to use a statefull firewall solution like cbac or zbf combined with an inbound acl on the wan interface.
    Best Regards
    Lukasz

  • Port forwarding problems with WRT610N v2 + WAG54GS v1.0

    Background:
    I have a WAG54GS v1.0 (Annex A) which I was using to handle my home network and my ADSL connection. I bought a WRT610N v2 (which I'll refer to as the router) with the intention that it would replace the networking duties of the WAG54GS (which I'll call the modem), which would be relegated to just handling the Internet connection. Both are running their latest firmware.
    I've gotten this configuration to work, but with one problem: I've lost a lot of flexibility in regard to port forwarding. The problem is that the only way I've managed to get the Internet to work is by having the router on 192.168.0.1, and the modem on 192.168.1.1. If I try and have both on 192.168.0.x or 192.168.1.x then connecting to the Internet no longer works under any configuration of options I've tried.
    What this means is that when I go to setup port forwarding in the modem, I can only forwards to clients on 192.168.1.x, but the router can only forward to 192.168.0.x. The only things I can get to work are situations where port range triggering can be applied, so only when a connection is made on the relevant port to an external IP, and then that external IP also communicates back on that port. As you may guess this doesn't nearly cover all cases.
    Question:
    Should it be be possible to have both router and modem on either 192.168.0.x or 192.168.1.x, which would allow port forwarding to work as expected. That should have in theory been possible with the modem's bridge mode except that it's then impossible to configure the PPPoA settings necessary to connect to my ISP.
    Or am I going to have to rethink the network layout (i.e. buy a dedicated ADSL modem and fully retire my WAG54GS?)
    Solved!
    Go to Solution.

    Actually in the end what I figured out was that as far as my WRT610N was concerned my WAG54GS was my ISP, and that was all it needed to know about the Internet connection. So I set it to connect to the WAG54GS with a static IP, stuck that IP into the WAG54GS's DMZ, and left the WRT610N to handle port forwarding as all devices that connect will do so through that. (Yes, I've disabled the wireless features of the WAG54GS)
    I'm reasonably sure I tried the combination of settings you've suggested (including moving the WAG54GS off the Internet port of the WRT610N, which I would have wanted to avoid anyway as I have four permanently connected devices anyway) and found it still wouldn't work. And I wasn't trying to set both to 192.168.1.1 at any point, my self-obscured point was that changing only the last block of the IP address failed to work for accessing the Internet.

  • RDP PORT FORWARDING ON WRT120N

    I'd like to be able to RDP to my home desktop from the office. I used to be able to do this with my OLD Linksys wireless B router by having two entries in the GAMING port forwarding section. One for port 3389 and the other for 65001. I recently installed a new WRT120N and can't for the life of me figure out what/where I need to add these two entries for port forwarding. Can someone please walk me through the process?
    Message Edited by SBINDER on 07-07-2009 07:22 AM

    I think you are missing some setps to enable port forwarding on your router for RDP.
    When you login to the Linksys router, Click on "Application and Gamin" tab, and below you need to click on the sub tab "Port Range Forwarding" .
    Click Here how to enable Port Forwarding on you Router, Once configured properly i think you should be able to access RDP. 

  • Port Forwarding and Loopback with HomeHub 3B

    There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
    Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
    One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
    On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
    If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
    If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
    In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

    There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
    Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
    One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
    On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
    If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
    If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
    In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

  • How do you set up Port Forwarding for ARD 2.2 in AEB N?

    Help,
    I'm a novice at Apple Remote Desktop (ARD) - not an IT guy, so it has to be pretty basic and detailed.
    How do you set up Port Forwarding for ARD 2.2 on the Apple Airport Extreme BS router, 802.11 N. I have one at each end of the internet connection. At one end I have an Airport Extreme N router with 2 macs and eventually 1 windows XP machine (if I can) that I would like to be able to connect to over the interenet (the clients) and at the other end, I have a Mac with ARD 2.2 installed also with an Airport Extreme N router. Note: Both routers use Static IP addresses and all computers use static IP's internally not through DHCP. What are the settings or directions to do this.
    I have read and printed out the directions for Configuration of ARD 3.0 that are posted many times in the ARD discusion group, but it uses a Linksys router ( http://www.starkpr.com/ard.htm posted by Dave Sawyer). The Mac router is different, particularly with the place to set a Private IP address. I'm not sure about alot of things, but especially about the Private IP address, what number do I set it to, the one that is in my Network connections list? It automatically changes to a different number in AE N setup for Port Forwarding (by one) as if it is not suppose to the same?????
    Are there any directions available that are as straight forward for the Airport Extreme N router, as the one's that are listed here for the Linksys Router's? ( http://www.starkpr.com/ard.htm )
    Any and All help will be greatly appreciated.
    P.S. I know I should have 3.0 but bought 2.2 just weeks before 3.0 came out and they would not give me an upgrade price, so I'm waiting for 4.0 to upgrade.
    Thanks,
    Jim

    Try the following for each AirPort Extreme ...
    AEBSn - Port Mapping Setup
    To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
    1. Reserve a DHCP-provided IP address for the host device.
    Internet > DHCP tab
    o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
    o Description: <enter the desired description of the host device>
    o Reserve address by: MAC Address
    o Click Continue.
    o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
    o IPv4 Address: <enter the desired IP address>
    o Click Done.
    2. Setup Port Mapping on the AEBSn.
    Advanced > Port Mapping tab
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s): 3283
    o Public TCP Port(s): 3283
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s): 3283
    o Private TCP Port(s): 3283
    o Click "Continue"
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s):
    o Public TCP Port(s): 5900
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s):
    o Private TCP Port(s): 5900
    o Click "Continue"
    o Click the "+" (Add) button
    o Service: <choose the appropriate service from the Service pop-up menu>
    o Public UDP Port(s):
    o Public TCP Port(s): 5988
    o Private IP Address: <enter the IP address of the host server>
    o Private UDP Port(s):
    o Private TCP Port(s): 5988
    o Click "Continue"
    (ref: "Well Known" TCP and UDP ports used by Apple software products)

  • Home Hub 3 Port Forwarding (NOT)

    Hello World
    Ok recived the New Home Hub 3 today, ahead of my Infinity install.
    I thought ok lets replace Trusty Home Hub 2 with the 3 as it works both on Std ADSL and Infinity
    Super Quick UI and love the GIG port BUT and its a BIGGY (well for ME) !
    THe hub is running 4.7.5.1.83.8.48 (TypeA) lastest and greatest, Upnp does work so Xbox works no prob and it can be seen in the FW Log being setup 
    BUT if you configure port forwarding by hand ie HTTP to 192.168.0.2 DOESNT WORK !!!
    I tried using a connected device to forward to and just the IP address BOTH FAIL !
    roll back in trusty Hub2 and all work again !
    Phoned in and was told after a few minutes on hold (No Problem) to roll back to Home Hub 2 and there should be a Firmware upgrade for the 3 soon to fix this issue.
    So now you know if you try it and it doesnt work
    Giz
    Solved!
    Go to Solution.

    Similar situation here.
    I received HomeHub 3 this week. Overall, I am pretty satisfied with the new router. The local networking feels quicker due to the gigabit port (connected to gigabit switch). And the wifi reception is better probably due to the intelligent channel selection.
    Similarly, I tried to replicate settings from my old HomeHub 2. I wasn't able to setup port forwarding.
    The problem is the router in inaccessible using the external IP address.
    I contacted BT Broadband Help desk. I spoke to 2 operators. First told me he would investigate and call me back. Never did. Second told me they were untrained to deal with this sort of queries and suggested speaking to the BT Subscription help line.
    So, now I know thanks to you. Waiting anxiously for the patch. Hope it will be out soon.
    Slava

  • Cannot get port forwarding to work - what am I doing wrong?

    Hi All,
    I am sure I am doing something wrong, but can't see what.   All I need to be able to do is to port forward to one of my virtual machines web port on my file server.
    So, scenario is:
    Windows 2012 R2 Server.    IP address: 10.0.0.2      I have a VM running on there called spatial - it's IP address is 10.0.0.17
    Before moving to Windows 2012 R2 server and virtualization - I had multiple servers and to port forward, simply changed the listening port of IIS to another port from standard - say 81.  Then in my router, port forwarded web traffic to port 81 on that
    server - worked like a charm.
    Now however, when I have tried to do the same thing (10.0.0.17 web server listens on port 81) - the page times out.  If I leave it at port 80 - the server2012 IIS page answers.
    I guess I need to create some sort of gateway on the 2012 server to allow traffic to flow through to port 81 on the VM - but not sure how to?  Can anyone help?  Is there a simple walk through guide someone has written in order to achieve this -
    as I am sure is a very common request.  I have googled, but can't find exactly what I am looking for.
    thanks.

    Hi,
    The Hyper-V 2012r2 virtual switch have the extension security ability, please use the following PowerShell cmdlet to confirm your IIS vm virtual switch not enable the related
    security settings:
    Get-VMSwitchExtension -VMSwitchName "virtual switch name"
    =================================================
    For example:
    Get-VMSwitchExtension -VMSwitchName "External network MSFT"
    Id                 
    : EA24CD6C-D17A-4348-9190-09F0D5BE83DD
    Name               
    : Microsoft NDIS Capture
    Vendor             
    : Microsoft
    Version            
    : 6.3.9600.16384
    ExtensionType      
    : Monitoring
    ParentExtensionId  
    ParentExtensionName :
    SwitchId           
    : 0686a779-c79c-4fd0-9971-f9eb330ca089
    SwitchName         
    : External network MSFT
    Enabled            
    : False
    Running            
    : False
    ComputerName     
      : SERVERLAB-02
    Key                
    IsDeleted          
    : False
    Id                 
    : E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A
    Name               
    : Microsoft Windows Filtering Platform
    Vendor             
    : Microsoft
    Version            
    : 6.3.9600.17042
    ExtensionType      
    : Filter
    ParentExtensionId  
    ParentExtensionName :
    SwitchId           
    : 0686a779-c79c-4fd0-9971-f9eb330ca089
    SwitchName         
    : External network MSFT
    Enabled            
    : True
    Running            
    : True
    ComputerName       
    : SERVERLAB-02
    Key                
    IsDeleted          
    : False
    ===================================================
    The related KB:
    Create Security Policies with Extended Port Access Control Lists for Windows Server 2012 R2
    http://technet.microsoft.com/en-us/library/dn375962.aspx
    Enabling Hyper-V Extensible Switch Extensions
    http://msdn.microsoft.com/en-us/library/windows/hardware/hh598144(v=vs.85).aspx
    Enumerating Hyper-V Extensible Switch Extensions
    http://msdn.microsoft.com/en-us/library/windows/hardware/hh598146(v=vs.85).aspx
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Connections drops with port forwarding

    I have a WRT54G v.5 and I recently just set up port forwarding. The problem is that my internet connection drops between every 10 minutes to once an hour. Once I disable port forwarding, the connection works perfectly. Any ideas?

    Make sure your router has the latest firmware installed. 
    Richard Aichner (Ikester)

  • App QoS vs Port Forwarding in WRT110

    Hello,
    What would be better to set in my WRT110 router to make sure my online game gets priority overall: Application QoS or Port Forwarding? I can see the WRT110 has this new feature that I didn't see with my old WRT54GS.
    If it is Port Forwarding, which one since there is Single Port and Port Range Forwarding? Now, I must keep the DHCP settings since I'm on laptop and I travel a lot.
    Thanks in advance

    If you travel a lot then Single Port Forwarding or Port Range Forwarding are not your options...You need to do Port Triggering...

  • Two VLANs on one switch port?

    Currently we have the following
    Cat 4003 with VLAN trunking turned on to multiple switches. Each port in those exterior switches is assigned to a vlan(we have about 60 different vlans).
    What I would like to do is on those exterior switches have two vlans assigned to it.
    We'd like to create a single IP Phone VLAN(let's call it 999) that can span our entire enterprise and would have dhcp deployed on it.
    Each port is connected to an IP phone which has a 2 port switch in them. One port to the wall, one to the pc.
    The switch ports on those phones support vlan tagging
    How would setup an exterior switch to access 2 vlans that connect to 2 port switch on an IP phone?

    To facilitate ease of deployment, use VTP so that you can centrally create the vlans and propagate to each exterior switch. Now I believe you already do have a layer 3 engine or router that does routing between all these vlans. What switches are used on teh exterior ? This is to find out if voice vlan support is available.
    In cat switches, voice vlan is created using command,
    set port auxiliaryvlan vlan
    In IOS based switches,
    int fa0/1
    switchport mode trunk
    switchport trunk encap dot1q
    switchport trunk native vlan
    switchport voice vlan
    switchport priority cos extend 0
    or
    int fa0/1
    switchport mode access
    switchport access vlan
    switchport voice vlan
    I am not sure about support of voice/aux vlan in 4003. We will have check your other switch models/ software versions to determine support for this command.

  • HP 3800 switch port-security one mac in two VLAN for Cisco IP Phone

    Hellow all!
    I'm want use port-security for ports on my HP 3800. But PC connected
    to network via PC port on Cisco ip phone. For phone used 10 voice VLAN,
    for data - 1 VLAN (native). Cisco phone add self mac-address in these
    two VLAN. On Cisco Switch 2960 i resolve this for 4 command:
    switchport port-security maximum 3
    switchport port-security mac-address pc_mac
    switchport port-security mac-address ip_phone_mac
    switchport port-security mac-address ip_phone_mac vlan voice
    How i can add one mac in two VLAN's on HP 3800 Switch?
    Sorry for my English, please ^_^
    This topic first appeared in the Spiceworks Community

    Hi Kuarzo, please reference the following;
    https://supportforums.cisco.com/document/116426/how-configure-dynamic-mac-port-security-sx300
    https://supportforums.cisco.com/document/116256/how-configure-static-mac-port-security-sx300

  • Xbox 360/one problem and port forwarding

    For a couple months now (since I got my AirPort Extreme) I have not been able to connect to a certain friend on xbox. I can connect to anybody else however. The only way we can (kind of) connect is if somebody else is host and we both connect to him.
    My NAT type is Moderate. When I try to test my connection on my xbox it says that I can connect but I am limited in matchmaking (this is joining games and using voice chat, which is the problem named above for my particular friend). The xbox shows the error and suggests that I enable UPnP or open the port 3074.
    The problem is that I have already have! I gave my xbox a static IP and forwarded the port 3074 to that IP.
    (I have also tried forwarding all the ports that xbox live uses to the xbox. These being:
    Port 88 (UDP)
    Port 3074 (UDP and TCP)
    Port 53 (UDP and TCP)
    Port 80 (TCP)
    as found on the xbox website...  https://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live
    I made sure to put them in the right text boxes for UDP and TCP so that is not the problem either.)
    I know that the AirPort Extreme does not support UPnP but does have a similar thing called NAT Port Mapping Protocol which was already enabled. (I tried all possibilities of enabling/disabling NAT...Protocol and port forwarding/not port forwarding.)  ---  This is not the solution as I see it
    In short: My xbox tells me to open port 3074. I already have. It still tells me to open it and still won't work.
    I posted this on the apple discussion page (instead of the xbox discussion page) because I know that it's not an xbox problem. When I had my old linksys router it worked perfectly.

    I have this exact same question and problem.  I know this doesn't help, but would appreciate any updated information if you find an answer.  I'll keep working on this also and let you know if I find an anwer.

  • I will Paypal you $100 if you can resolve this Port Forward problem

    Believe me when I tell you, If you are the person who fixes this problem, I will GLADLY Paypal you $100.
    This is so unbelievable. Short story is, after 12 hours of paid support through Support RIX, 6 hours with TWC support, and 4  different modems there isn't a single person in these groups that can get ports forwarded on my Linksys E4200 router.
    I am running a fresh copy of windows 7 with all updates and no anti virus installed. I purchased a Motorola ARRIS SURFboard modem 200 series DOCSIS 3.0 so I have no double router issues. Before I was using the TWC moden/routers in bridge mode.
    I have no problem setting a static IP or configuring port forwarding. It doesn't matter if I have windows firewall on or off. I can't get an outside port checking website that can verify an open port.
    I am trying to play Battlefield 4 using the port forwarding request they provide.
    If I run a local port check program on my computer it will confirm the ports open. Ok, Fair enough. They tell me the outside port checking utilities will say the port is closed unless I am running the program that uses these open ports.
    SO I run the game and check and it always says port closed. One of the ports I want to open is 80. It has to be open to get internet anyway but it still shows closed using the online port checking websites. 
    I connected the computer to the modem. No router. I keep getting ports closed or filtered when I check through 6 different port checking sites. Leads me to think their is some kind of block in the ethernet card software.
    Its a Realtek PCIe GBE Family controller with a driver date of 8/26/2014. Latest one I could find.
    I think its an ethernet card filter. Just my thoughts. Here is the current adapter card settings.
    Advanced settings on Ethernet card
    Auto Disable Gigabit/ Disabled
    Flow Control/ RX & TX Enabled
    Green Ethernet/ Enabled
    Interrupt Moderation/ Enabled
    IPv4 Checksum Offload/ RX & TX Enabled
    Jumbo Frame/ Disabled
    Large send Offload v2 (IPv4)/ Enabled
    Large Send Offload v2 (IPv6)/ Enabled
    Network address/ You can check the box for Value and add one. Currently its checked to Not present
    Priority & VLAN/ Enabled
    Receive buffers/ 512
    Receive Side Scaling/ Enabled
    Shutdown Wake-on-Lan Enabled
    Speed and duplex/ Auto Negotiation
    TCP Checksum Offload (IPv4)/ RX & TX Enabled
    ''''''''''''''''''''''''''''''''''''''(IPv6)/ RX & TX Enabled
    Transmit buffers/ 128
    UDP Checksum Offload (IPv4) RX & TX Enabled
    '''''''''''''''''''''''''''''''''''''''(IPv6) RX & TX Enabled
    Wake on Magic Packet/ Enabled
    Wake on Pattern match/ Enabled
    WOL & Shutdown Link Speed/ 10 Mbps First
    I used a port tester downloaded from PCWinTech.com v3.0.0. It says the ports are open. When I close port 80 it says port 80 is closed. My problem is nothing outside my network can confirm an open port. It always states port closed.
    The game I am playing is Battlefield-4. I have played all of the campigns without any problem but once online it crashes. The BF-4 community says I need to open 5 single ports and 5 port ranges. This is what I am trying to do.
    We have tried an ARRIS router modem, a Ubee router modem (both in bridge mode) and are now using a motorola modem. All with the same problem. We checked the ports during game play and they all say closed.
    I will post pictures of my current router settings.

    What model router do you have?
    What Firmware version is currently loaded?
    What region are you located?
    What is your current model ISP modem your using now? 
    What ISP Modem service link speeds UP and Down do you have?
    Check cable between Modem and Router, swap out to be sure. Link>http://en.wikipedia.org/wiki/CAT6 is recommended.
    Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask.
    http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=88e63d78588142e6bb68e22d7faf2046_Configuring_the_M...
    Router and Wired Configurations
    Setup DHCP reserved IP addresses for all devices ON the router. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives.
    Ensure devices are set to auto obtain an IP address.
    If http://en.wikipedia.org/wiki/Ipv6 is an option on the router, select Local Connection Only.
    If you set up port forwarding, disable uPnP and test. 
    When you check for port status, you have to be actively using the port before you scan check as you may get a false negative if your not using the port. If your using the port then check the status, you should get an accurate result. 
    I would try using Port Range Triggering instead of PF and set up the port as follows for your PC that your gaming with:
    0 thru 65535. A bit less hassle to set up then all those different port rules. 
    PC 3rd Party Security Software Configurations
    Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
    Turn off all devices accept for one wired LAN PC while testing.
    Disable any downloading client software managers, i.e. Torrents or similar.

Maybe you are looking for

  • Case When Statement and ORA:01722 Invalid number error

    Hi folks, I have posted this under another heading as well under E-business suite so apologies if some you have already seen it but I would really appreciate some help on this one. Any suggestions are most welcome. We are trying to put together a cal

  • How to dynamically set a bounded value for a VO at runtime

    Hi all, I am working on a custom page for time card summary, the VO's query like this: select Timecard_Id,.... from timecard_summary where supervisor_id = :1 There is a utility that can retrieve supervisor_id from system, but I don't know how I can s

  • MBA, Thunderbolt and firewire

    i am now the happy owner of a MBA 13" 94gb memory)...i cannot expouse how mush i love it.... but i use an 800 firewire drive foe work, i have several VM images on it and use VMware fusion. so heres the question; on my MBP (8gb memory) running the ima

  • Access migration - error handling field default value "=Now()"

    Hi All, I'm doing an Access - Oracle Migration. I've exported the structure, captured the model and generated the SQL. When I run the SQL I get: SQL Error: ORA-00907: missing right parenthesis 00907. 00000 - "missing right parenthesis" It looks like

  • Where can I download the latest WLP nightly build?

    I need Sunshine build to test. Thanks.