All incoming connections blocked

> I've installed this new Netgear modem. [...]

   What is "this new Netgear modem"?  Connected to what?  Firmware
version?

> Model: A7000|Nighthawk AC1900 WiFi USB Adapter - USB 3.0

   Clearly not that.

> [...] I have set up port forwarding on [...]

   What are the actual port-forwarding rules?  Copy+paste is your
friend.  (Exposing external port 22 is just asking for attacks, by the
way.)

   What is the server's LAN IP address?

   What is the IP address of the WAN/Internet interface of the router
(whatever it might be)?  Is that what (you think that) your public IP
address is?

Sorry, yes, you are correct - it is a D7000 – Nighthawk AC1900 WiFi VDSL/ADSL Modem Router.

I've attached a picture of the port forwarding rules I set up.

Port 22 is commonly used for SFTP - so I am just following that normal usage, so surely it is OK?

The servers LAN IP address is 192.168.0.101 - as shown in the picture.

I don't want to publicize the WAN IP address, but I can assure you it is my fixed public external IP address.  I know I am using the correct address because when I go to it from the web I get presented with the Netgear login screen, and if I then login I can see my Netgear router!

Please - do you have any idea why I get presented with the Netgear login screen rather than being forwarded through to my internal server?

> [...] it is a D7000 [...]

   According to the attached picture, it's a D7000v2 with very old
firmware.  V1.0.0.41 is not even available under "Previous Versions".
There could be a reason for that.  As a start, you might try a firmware
update.

   Visit http://netgear.com/support , put in your model number, and look
for Downloads.  (For older versions, under Firmware and Software
Downloads, look for "View Previous Versions".)  Find the kit(s).
Download the kit(s) you want.  Read the "Release Notes" file for
instructions.

> [...] I've attached a picture of the port forwarding rules I set up.

   Looks ok to me.

> Port 22 is commonly used for SFTP - so I am just following that normal
> usage, so surely it is OK?

   It's fine, if you want to be bombarded by attacks on external port
22.  Specifying (and using) a different external port could save you
some future headaches.  A Web search for terms like:
      ssh port 22 security
should find abundant similar advice.  Note that there's no reason to
move your server off port 22; port 22 is fine on your LAN.  Specifying a
different external port in the port-forwarding rule will do the job
without adding any inconvenience ("-p xxxx") for local access.

> [...] when I go to it from the web [...]

   "go to it from the web" is not a useful description.  As usual,
showing actual actions (commands) with their actual results (error
messages, LED indicators, ...) can be more helpful than vague
descriptions or interpretations.

   I'll assume that you mean that you used some web browser or other,
from someplace in the outside world, with a URL like
"http://<your_public_IP_address>".  But I'm guessing.

> [...] I get presented with the Netgear login screen, [...]

   That should not happen, at least with reasonable firmware.  Such
remote access should be restricted to a (different) URL like
"https://<your_public_IP_address>:<alternate_port>", as configured at
ADVANCED > Advanced Setup > Remote Management.

   On the other hand, if you're really doing this (vaguely specified)
test from a system on your LAN (rather than from the outside world),
then the router's NAT loopback feature could cause some unexpected
behavior.

> [...] do you have any idea why I get presented with the Netgear login
> screen rather than being forwarded through to my internal server?

   Depends on what you're actually doing, but lame firmware is (always)
a possibility.

   Can you access these services from a system on your LAN, using the
server's LAN IP address ("192.168.0.101")?  If so, and if NAT loopback
is working, the you should get the same results (again, from a system on
your LAN) if you specify the router's WAN/Internet IP address with the
appropriate external port number, if that differs from the internal port
number.

   If that works, and if your public IP address matches the router's
WAN/Internet IP address, then you should get the same results from the
outside world.

   Note: Various reports suggest that NAT loopback does not work on a
D7000v2, so if you're actually on your LAN, but using the router's
WAN/Internet IP address, then you could see a failure, but things might
work if you were actually running the test from the outside world.

      https://community.netgear.com/t5/x/x/m-p/1751841

Many thanks for your detailed replies.

Firmware:  I'll update that, as the next thing to try.  (It is a brand new Netgear modem/router so I assumed firmware would be up to date.)

LAN testing vs WAN testing:  I was aware that testing internally around the LAN was problematic, although I didn't know what NAT loopback was.  So I go out of the LAN via GoToMyPC to a remote PC then come back in from the browser on that remote PC e.g. "http://<my_public_IP_address>". .  It has worked with other Netgear modem/routers, and Plusnet and BT modem/routers - so I assumed it would work with this.

Remote Management:  I'll check the settings for Remote Management - maybe it is switched on by default?  That seems a very likely cause why I get presented with a login screen!

I haven't yet tested the new Netgear modem/router with LAN connections.  I was doing initial testing with a Plusnet device, and got it working on LAN and WAN.  Then, when I switched to Netgear I went straight to WAN testing - and immediately got this error with being presented with a login screen.  I will try LAN tests with the new Netgear.

Thanks for your advice.

---

@CPH250 wrote:

 

(It is a brand new Netgear modem/router so I assumed firmware would be up to date.)

 

In many years, I have yet to receive a device with up-to-date firmware or software. These things can spend months in the delivery chain.

Firmware is usually out of date as soon as the thing leaves the factory. New devices often get shipped with what ,many people regard as beta software. And Netgear is good at shipping new devices before the beta trials have finished.

Most devices now check for new firmware when you set them up. But that depends on succeeding and getting to the stage where it can connect to the Internet.

As recommended, a firmware update is your first move.

Many thanks for your replies.  I have upgraded the firmware - but also given up and reverted to my Plusnet modem/router.  I've installed the Netgear at a different site, and it works fine there - very odd!