problems with port forwarding on 2.93
problems with port forwarding on 2.93
Hello,
I installed 2.93 on a Dlink G604T.
I assigned 192.168.1.4 to my pc and I'm tring to forward port 5900 in order to use vnc.
I created a rule on port forward - user - vnc and set 5900 on port start, port end and port map.
This was working on my previous 2.92 firmware, but doesn't look to work now.
vncviewer on local net works without problems.
The ip address is found via DDNS.
Someone has ideas?
Paolo
I installed 2.93 on a Dlink G604T.
I assigned 192.168.1.4 to my pc and I'm tring to forward port 5900 in order to use vnc.
I created a rule on port forward - user - vnc and set 5900 on port start, port end and port map.
This was working on my previous 2.92 firmware, but doesn't look to work now.
vncviewer on local net works without problems.
The ip address is found via DDNS.
Someone has ideas?
Paolo
Paolo
Re: problems with port forwarding on 2.93
Is the lan device setup to receive that IP by static dhcp using the lan clients config?
Re: problems with port forwarding on 2.93
Are you testing from within your lan? If so you need wan ip local nat loopback (localnat) enabled - I assume that is still working I haven't tested recently...
Re: problems with port forwarding on 2.93
I was testing within my lan -
I'll repeat test from WAN
The router is now out of order (too many experiments...)
I'll repeat test from WAN
The router is now out of order (too many experiments...)
Paolo
Re: problems with port forwarding on 2.93
even if everything looks regular I can't get port forwarding
the problem is port 5900
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2222
ACCEPT tcp -- anywhere anywhere tcp dpt:7777
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.1.4 tcp dpt:5900
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
Do youn have suggestions?
Paolo
the problem is port 5900
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2222
ACCEPT tcp -- anywhere anywhere tcp dpt:7777
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.1.4 tcp dpt:5900
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
Do youn have suggestions?
Paolo
Paolo
Re: problems with port forwarding on 2.93
The first half of port-forwarding is done in the "nat" tables, to view use
still suspect issue is ddns or localnat...
Code: Select all
iptables -nvL -t nat
Re: problems with port forwarding on 2.93
Result of iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 1535 packets, 122K bytes)
pkts bytes target prot opt in out source destination
5 252 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 to:192.168.1.4:5900
Chain POSTROUTING (policy ACCEPT 10 packets, 672 bytes)
pkts bytes target prot opt in out source destination
1105 74827 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 816 packets, 55487 bytes)
pkts bytes target prot opt in out source destination
ddns works (I can ssh to the router from WAN)
Chain PREROUTING (policy ACCEPT 1535 packets, 122K bytes)
pkts bytes target prot opt in out source destination
5 252 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 to:192.168.1.4:5900
Chain POSTROUTING (policy ACCEPT 10 packets, 672 bytes)
pkts bytes target prot opt in out source destination
1105 74827 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 816 packets, 55487 bytes)
pkts bytes target prot opt in out source destination
ddns works (I can ssh to the router from WAN)
Paolo
Re: problems with port forwarding on 2.93
ummm,
the port 5900 portforward appears setup correctly
There's a duplicate TCPMSS rule, that should make any difference.
You are testing from the Internet aren't you? - there is no sign of localnat rules.
the port 5900 portforward appears setup correctly
There's a duplicate TCPMSS rule, that should make any difference.
You are testing from the Internet aren't you? - there is no sign of localnat rules.
Re: problems with port forwarding on 2.93
I'm checking from WAN.
what about the duplicate TCPMSS rule?
thx
Paolo
what about the duplicate TCPMSS rule?
thx
Paolo
Paolo
Re: problems with port forwarding on 2.93
In any case I have problems even with DMZ, so I'm not sure the problem is in the router.
Still no ideas about the duplicate TCPMSS rule?
Paolo
Still no ideas about the duplicate TCPMSS rule?
Paolo
Paolo
- thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
- Contact:
Re: problems with port forwarding on 2.93
The duplicate TCPMSS rule should not affect anything.
The Chief: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
No support via PM. Ask all questions on the open forum.
-
- Newbie
- Posts: 2
- Joined: Wed Aug 10, 2011 8:55 am
Re: problems with port forwarding on 2.93
Are you screening from within of your lan? If which means you need wan ip neighborhood nat loopback (localnat) enabled - I presume that is even now operating I haven't examined recently...
[Edit: SPAM signature removed by thechief]
[Edit: SPAM signature removed by thechief]