NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Help Needed: Port Forwarding
Hi All,
I'm having issues with port forwarding, scanner tool shows ports are closed/filtered. Here is my setup...
Physical Setup
- AT&T Gateway BRGW10
- Orbi RBR50 Router
- Connected to AT&T Gateway
- Router Internet port to a Gateway port
- Connected to an unmanaged Switch
- Open Router port to open Switch port
- Connected to AT&T Gateway
- 2 Satellites
- Connected to the above unmanaged Switch
- Open Satellite port to open Switch port
- Connected to the above unmanaged Switch
Device Configurations
- AT&T Gateway BRGW10
- Firewall Settings:
- Packet Filtering disabled
- All services deleted from NAT/Gaming
- IP Passthrough
- Allocation Mode: Passthrough
- Passthrough Mode: DHCPS-fixed
- Passthrough Fixed MAC Address: MAC address of the Orbi RBK50 Router
- Firewall Advanced: everything off
- Firewall Settings:
- Orbi RBR50 Router
- Router / AP Mode: Router Mode
- Internet Setup:
- Internet IP Address: Get Dynamically from ISP
- Domain Name Server (DNS) Address: Get Automatically from ISP
- Router MAC Address (Use Default Address)
- WAN Setup:
- Disable Port Scan and DoS Protection: false
- NAT Filtering: Secured
- Port Forwarding / Port Triggering
- Port Forwarding
- Service #1
- External Port Range: 49152-49160
- Internal Port Range: same as External Port Range
- Internal IP Address: [IP of device needing this port open]
- Service #1
- Port Forwarding
All devices connected to the Router and Satellite (wired and wireless) accesses the Internet just fine. I've confirmed Ethernet Backhaul via the Orbi app.
I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.
Any help or advice would be greatly appreciated!
7 Replies
Did you disable uPnP before setting up your PF configurations?
ALso you need to be actively using those ports before trying to check the status of them. They will remain closed until they are used.
Yes, UPnP was disabled, then I created the PF. I've test scanned with UPnP remaining disabled and with it renabled and the ports still appear to be closed.
I thought Port Forwarding keeps the ports open constantly while Port Triggering only opens when they are actively in use, no?
No. PF just configures the port for open when something accesses the port. The port is closed until something accesses the port, like an app or device. The port needs to be access fully to check its status correctly. Security wouldn't be good if the port was open and nothing wasn't accessing it.
ShieldsUp wrote:
I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.Assuming that the service is up and running, are you able to access it from a computer on the local LAN?
When you access pentest-toos and ipfingerprints, do they show your public IP address as the same as the Orbi WAN IP?
When you do a trace route from a computer on the local LAN to some known IP, such as Google's DNS 8.8.8.8, the first router should be the Orbi's private IP (usually 192.168.1.1), is the second router a public IP address?
Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.
Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP.
When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.
ShieldsUp wrote:Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.
Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP.
When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.
I think this is the problem. The gateway is NATing (is that a word?), which absolutely kills port forwarding. To verify, the WAN side of the Orbi probably has a 192.168 IP address, correct?
