problems with port forwarding on 2.93

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

problems with port forwarding on 2.93

Post by tiepolo » Mon Apr 26, 2010 3:02 pm

Hello,

I installed 2.93 on a Dlink G604T.

I assigned 192.168.1.4 to my pc and I'm tring to forward port 5900 in order to use vnc.

I created a rule on port forward - user - vnc and set 5900 on port start, port end and port map.

This was working on my previous 2.92 firmware, but doesn't look to work now.
vncviewer on local net works without problems.

The ip address is found via DDNS.

Someone has ideas?

Paolo
Paolo
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: problems with port forwarding on 2.93

Post by mstombs » Mon Apr 26, 2010 7:06 pm

Is the lan device setup to receive that IP by static dhcp using the lan clients config?
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Mon Apr 26, 2010 7:07 pm

yes, it is

static DHCP
Paolo
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: problems with port forwarding on 2.93

Post by mstombs » Mon Apr 26, 2010 7:14 pm

Are you testing from within your lan? If so you need wan ip local nat loopback (localnat) enabled - I assume that is still working I haven't tested recently...
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Mon Apr 26, 2010 7:21 pm

I was testing within my lan -

I'll repeat test from WAN

The router is now out of order (too many experiments...)
Paolo
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Wed May 05, 2010 12:39 pm

even if everything looks regular I can't get port forwarding

the problem is port 5900

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2222
ACCEPT tcp -- anywhere anywhere tcp dpt:7777
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.1.4 tcp dpt:5900
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID


Do youn have suggestions?

Paolo
Paolo
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: problems with port forwarding on 2.93

Post by mstombs » Wed May 05, 2010 5:07 pm

The first half of port-forwarding is done in the "nat" tables, to view use

Code: Select all

iptables -nvL -t nat
still suspect issue is ddns or localnat...
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Wed May 05, 2010 5:36 pm

Result of iptables -nvL -t nat

Chain PREROUTING (policy ACCEPT 1535 packets, 122K bytes)
pkts bytes target prot opt in out source destination
5 252 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 to:192.168.1.4:5900

Chain POSTROUTING (policy ACCEPT 10 packets, 672 bytes)
pkts bytes target prot opt in out source destination
1105 74827 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 816 packets, 55487 bytes)
pkts bytes target prot opt in out source destination

ddns works (I can ssh to the router from WAN)
Paolo
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: problems with port forwarding on 2.93

Post by mstombs » Wed May 05, 2010 6:50 pm

ummm,

the port 5900 portforward appears setup correctly

There's a duplicate TCPMSS rule, that should make any difference.

You are testing from the Internet aren't you? - there is no sign of localnat rules.
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Thu May 06, 2010 3:11 am

I'm checking from WAN.

what about the duplicate TCPMSS rule?

thx

Paolo
Paolo
tiepolo
Experienced
Experienced
Posts: 162
Joined: Sat Mar 03, 2007 10:10 pm
Location: milan, Italy

Re: problems with port forwarding on 2.93

Post by tiepolo » Sat May 08, 2010 8:02 am

In any case I have problems even with DMZ, so I'm not sure the problem is in the router.

Still no ideas about the duplicate TCPMSS rule?

Paolo
Paolo
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: problems with port forwarding on 2.93

Post by thechief » Sat May 08, 2010 9:36 am

The duplicate TCPMSS rule should not affect anything.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
Supermanglide
Newbie
Newbie
Posts: 2
Joined: Wed Aug 10, 2011 8:55 am

Re: problems with port forwarding on 2.93

Post by Supermanglide » Wed Aug 10, 2011 9:05 am

Are you screening from within of your lan? If which means you need wan ip neighborhood nat loopback (localnat) enabled - I presume that is even now operating I haven't examined recently...

[Edit: SPAM signature removed by thechief]
Post Reply