- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Help Needed: Port Forwarding
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help Needed: Port Forwarding
Hi All,
I'm having issues with port forwarding, scanner tool shows ports are closed/filtered. Here is my setup...
Physical Setup
- AT&T Gateway BRGW10
- Orbi RBR50 Router
- Connected to AT&T Gateway
- Router Internet port to a Gateway port
- Connected to an unmanaged Switch
- Open Router port to open Switch port
- Connected to AT&T Gateway
- 2 Satellites
- Connected to the above unmanaged Switch
- Open Satellite port to open Switch port
- Connected to the above unmanaged Switch
Device Configurations
- AT&T Gateway BRGW10
- Firewall Settings:
- Packet Filtering disabled
- All services deleted from NAT/Gaming
- IP Passthrough
- Allocation Mode: Passthrough
- Passthrough Mode: DHCPS-fixed
- Passthrough Fixed MAC Address: MAC address of the Orbi RBK50 Router
- Firewall Advanced: everything off
- Firewall Settings:
- Orbi RBR50 Router
- Router / AP Mode: Router Mode
- Internet Setup:
- Internet IP Address: Get Dynamically from ISP
- Domain Name Server (DNS) Address: Get Automatically from ISP
- Router MAC Address (Use Default Address)
- WAN Setup:
- Disable Port Scan and DoS Protection: false
- NAT Filtering: Secured
- Port Forwarding / Port Triggering
- Port Forwarding
- Service #1
- External Port Range: 49152-49160
- Internal Port Range: same as External Port Range
- Internal IP Address: [IP of device needing this port open]
- Service #1
- Port Forwarding
All devices connected to the Router and Satellite (wired and wireless) accesses the Internet just fine. I've confirmed Ethernet Backhaul via the Orbi app.
I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.
Any help or advice would be greatly appreciated!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
Did you disable uPnP before setting up your PF configurations?
ALso you need to be actively using those ports before trying to check the status of them. They will remain closed until they are used.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
@ShieldsUp wrote:
I attempted to scan for open ports using pentest-tools.com and ipfingerprints.com. pentest-tools advises that the "host seems down" and ipfingerprints advises the ports in this range are filtered.
Assuming that the service is up and running, are you able to access it from a computer on the local LAN?
When you access pentest-toos and ipfingerprints, do they show your public IP address as the same as the Orbi WAN IP?
When you do a trace route from a computer on the local LAN to some known IP, such as Google's DNS 8.8.8.8, the first router should be the Orbi's private IP (usually 192.168.1.1), is the second router a public IP address?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
Yes, UPnP was disabled, then I created the PF. I've test scanned with UPnP remaining disabled and with it renabled and the ports still appear to be closed.
I thought Port Forwarding keeps the ports open constantly while Port Triggering only opens when they are actively in use, no?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
No. PF just configures the port for open when something accesses the port. The port is closed until something accesses the port, like an app or device. The port needs to be access fully to check its status correctly. Security wouldn't be good if the port was open and nothing wasn't accessing it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.
Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP.
When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
@ShieldsUp wrote:Ah, good idea on the local test. I am unable to test at the moment, but will do so later this evening.
Yes, both sites show the same IP as my Orbi WAN IP and AT&T Broadband IP.
When tracert to 8.8.8.8, the first hop is the Orbi's private IP (10.0.0.1 in this case) and second hop is ATT GW's private IP (192.168.1.254). From there, my ISP and then onwards.
I think this is the problem. The gateway is NATing (is that a word?), which absolutely kills port forwarding. To verify, the WAN side of the Orbi probably has a 192.168 IP address, correct?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Help Needed: Port Forwarding
@FURRYe38 Right, the port remaining open without anything accessing it is definitely not good security. I thought this was the reason Port Triggering was created. In any case, I will test again this evening while the local device is attempting to actively listen.
@CrimpOn I'll consider it a word (network address translating) The WAN side of the Orbi is showing my public IP. It is the same public IP on my ATT GW.
On the ATT GW, it is assigning 192.168.1.64 - 192.168.1.253. However, I see it is assigning the Orbi the same public IP above.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more