unable to open a port on the firewall

Steve_AES · ‎2017-10-04

I have used Netgear Routers for the past 10 years namely the DGN2200 and have had no issues with setting up firewall rules and adding them into services to open a port but since purchasing the D7000 i cannot seem to get a port open been through port forwarding and created a custom rule for port 4651 tested port still closed added a rule to blocked services with never block for same port number 4651 and added all local ip addresses 192.168.0.2 - 254 tested port again still blocked rebooted router and retested still blocked how do i open a custom port in the firewall was real easy in all other netgear router create firewall rule and add to services = port open but cannot seem to do it on this nighthawk d7000 AC 1900 can anyone help? TIA Steve

I have upgraded firmware to latest version 1.0.1.50

antinode · ‎2017-10-05

> I'm sorry you dont understand what it is I'm trying to achieve which
> is open a port ?

   The question is more what you think that "open a port" means.

> I have followed the genie [...]

   Ever helpful, Netgear uses the name "Genie" for more than one thing.
I'll assume that you're using the web interface, not some application
program.

> [...] cretaing a port forwarding rule see attached [...]

   Ok. The "Block Services" rule may be pointless, as explained
earlier, but the port-forwarding rule looks like a port-forwarding rule.

> C:\WINDOWS\system32>netstat -na | find "4651"
> C:\WINDOWS\system32>

   Apparently, no program is running which is listening at port 4651.

>    In my experience, people who talk about ports being closed often
> don't understand the problem. A port looks "closed" when there's no
> server program listening at that port. All the port forwarding in the
> world won't help you if, at the end of the line, no one is listening at
> that port number.

   Still true. (And evidence continues to accumulate.)

> C:\WINDOWS\system32>netstat -na | find "80"
> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
> [...]
> TCP [::]:80 [::]:0 LISTENING
> [...]

   In contrast, you seem to be running a web server, which is listening
at port 80. If you defined a port-forwarding rule which targeted port
80 on this system, then your web server could be accessible from the
outside world. (If you want, you can call that "opening" port 80, but
that seems (to me) to result in more confusion than it does
understanding.)

   With my weak psychic powers, I have no idea what you expect to do
with port 4651, but forwarding anything to it on this Windows system
won't do much until you run some program which listens at port 4651.
And defining a port-forwarding rule on your router will not cause that
(or any) program to run on your Windows system.

>    Note, too, that because a port-forwarding rule specifies the LAN IP
> address of the target (server) system, that address must be fixed. That
> can be done by reserving a particular address for that system, perhaps
> under ADVANCED > Setup > LAN Setup : Address Reservation. (Or by
> assigning it a static address.)

   Still true. In this case, the port-forwarding rule specifies a
"Server IP Address" of 192.168.0.2, so, one way or another, you'll want
to ensure that your Windows system always gets/has that address.

View solution in original post

antinode · ‎2017-10-04

   Clearly, your "." key works. You should use it more, unless
"difficult to read" is your goal.

> [...] i cannot seem to get a port open been through port forwarding
> [...]

   "i cannot" is not a useful problem description. It does not say
what you did. It does not say what happened whan you did it. As usual,
showing actual actions with their actual results (error messages, ...)
can be more helpful than vague descriptions or interpretations.

   In my experience, people who talk about ports being closed often
don't understand the problem. A port looks "closed" when there's no
server program listening at that port. All the port forwarding in the
world won't help you if, at the end of the line, no one is listening at
that port number.

> [...] created a custom rule for port 4651 [...]

   Care to reveal the details of that (port-forwarding?) rule?

> [...] tested port still closed [...]

   Tested how, exactly?

> [...] added a rule to blocked services with never block for same port
> number 4651 [...]

   Sounds like a waste of effort. Port forwarding deals with incoming
connections from the outside world. ADVANCED > Security > Block
Services deals with outgoing connections.

   Note, too, that because a port-forwarding rule specifies the LAN IP
address of the target (server) system, that address must be fixed. That
can be done by reserving a particular address for that system, perhaps
under ADVANCED > Setup > LAN Setup : Address Reservation. (Or by
assigning it a static address.)

Steve_AES · ‎2017-10-05

I'm sorry you dont understand what it is I'm trying to achieve which is open a port ?

I have followed the genie by cretaing a port forwarding rule see attached I thought it was pretty self explanitory as you can only use the wizard and it wont create if its not configurred correctly see attached i then created one to open the port in blocked services to test i used netstat -na | find "4651" see below tests for port 80 and 4651

C:\WINDOWS\system32>netstat -na | find "80"
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
TCP 192.168.0.10:54959 172.217.25.142:80 ESTABLISHED
TCP [::]:80 [::]:0 LISTENING
TCP [::]:1801 [::]:0 LISTENING
UDP [fe80::7941:eb58:cc3a:a39f%14]:1900 *:*
UDP [fe80::7941:eb58:cc3a:a39f%14]:54671 *:*

C:\WINDOWS\system32>netstat -na | find "4651"

C:\WINDOWS\system32>

antinode · ‎2017-10-05

> I'm sorry you dont understand what it is I'm trying to achieve which
> is open a port ?

   The question is more what you think that "open a port" means.

> I have followed the genie [...]

   Ever helpful, Netgear uses the name "Genie" for more than one thing.
I'll assume that you're using the web interface, not some application
program.

> [...] cretaing a port forwarding rule see attached [...]

   Ok. The "Block Services" rule may be pointless, as explained
earlier, but the port-forwarding rule looks like a port-forwarding rule.

> C:\WINDOWS\system32>netstat -na | find "4651"
> C:\WINDOWS\system32>

   Apparently, no program is running which is listening at port 4651.

>    In my experience, people who talk about ports being closed often
> don't understand the problem. A port looks "closed" when there's no
> server program listening at that port. All the port forwarding in the
> world won't help you if, at the end of the line, no one is listening at
> that port number.

   Still true. (And evidence continues to accumulate.)

> C:\WINDOWS\system32>netstat -na | find "80"
> TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
> [...]
> TCP [::]:80 [::]:0 LISTENING
> [...]

   In contrast, you seem to be running a web server, which is listening
at port 80. If you defined a port-forwarding rule which targeted port
80 on this system, then your web server could be accessible from the
outside world. (If you want, you can call that "opening" port 80, but
that seems (to me) to result in more confusion than it does
understanding.)

   With my weak psychic powers, I have no idea what you expect to do
with port 4651, but forwarding anything to it on this Windows system
won't do much until you run some program which listens at port 4651.
And defining a port-forwarding rule on your router will not cause that
(or any) program to run on your Windows system.

>    Note, too, that because a port-forwarding rule specifies the LAN IP
> address of the target (server) system, that address must be fixed. That
> can be done by reserving a particular address for that system, perhaps
> under ADVANCED > Setup > LAN Setup : Address Reservation. (Or by
> assigning it a static address.)

   Still true. In this case, the port-forwarding rule specifies a
"Server IP Address" of 192.168.0.2, so, one way or another, you'll want
to ensure that your Windows system always gets/has that address.

unable to open a port on the firewall

unable to open a port on the firewall

Re: unable to open a port on the firewall

Re: unable to open a port on the firewall

Re: unable to open a port on the firewall

Re: unable to open a port on the firewall