Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Unable to forward Port 21, 25 and 110

Posted on 2004-11-02
23
Medium Priority
?
329 Views
Last Modified: 2013-12-14
Hi,

I recently got a 512 kbps broadband ADSL line and want to run my own web server, ftp server and mail servers. After some reading I found out that I have to forward the relevant ports from the router to the local machine based on its internal IP.

I have done the same using the router's browser based configuration system, but it seems to be forwarding only port 80. All the other ports (21, 25 and 110) always show up as either blocked or stealth (depending on which website you use to do the checking). Even port 80 was not forwarded initially, but it suddenly started working for whatever reason.

I checked with the ISP and they claim that they are NOT blocking any port.

The config is as follows:
Router     : D-Link DL-500T
ISP          : VSNL, Bangalore, India
Static IP   : 61.11.63.8
Domain    : deltacadd.com
OS           : Windows XP SP2 (yes, I have configured the firewall to unblock the relevant ports)
Webserver: Apache 2.0
Mailserver : MailEnable Standard
FTPserver : Serv-U Trial

The funny thing is that I tried this on a Linux box running Fedora Core 2 and the same result appears (i.e., port 80 is opened but the other ports are not). I have tried both the Sheids Up test at www.gcr.com as well as Symantec's online security check. The result is always the same port 80 is open, alive and kicking whereas all other ports are "Stealth".

What am I doing wrong? Any help is greatly appreciated.
0
Comment
Question by:deltacadd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 4
23 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 200 total points
ID: 12474897
I hate to say this, but I have found these Dlinks to be an unreliable router.  For consumer grade devices I usually go with the Linksys products, and have never had an issue with port forwarding.....  Although my server is running 2003 with IIS, it works like a charm with my Linksys..  (this is my SOHO at my home, www.doverproductions.com)

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12474939
Do you have the router configured right now, and your server running?  I will try to get in myself when I get a chance...
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12479020
I have to agree with Fatal_Exception.  I have seen multiple instances of D-Link routers unable to do port fowarding no matter what I try.  The last time was about a month ago, trying to get a 604 to do DCC.  Never worked.

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:deltacadd
ID: 12480098
The router was provided to me by the ISP as part of the broadband package. I checked with them and they say that all their routers are only D-Link ones. How come it is forwarding Port 80 correctly and not the other ports? I can accept it if it is not forwarding any port, but this is a little strange.

Do I have to fork out some more to buy another router? Boo hooo....
0
 
LVL 4

Assisted Solution

by:JonSh
JonSh earned 200 total points
ID: 12480253
Basically, yes.  I've been very happy with my Linksys products.....
0
 

Author Comment

by:deltacadd
ID: 12480428
Hey,

I found the answer. Actually, there seems to be nothing wrong with the router thank God. The solution is as follows:

1. Remove all port forwards from the router configuration
2. Open the firewall control panel in the local system (Windows XP SP2)
3. In the "Exceptions" tab, using the "Add port..." button, add the relevant ports separately (80, 25, 110 and 21) with appropriate names.
4. In the "Advanced" tab, check the same services are also activated.
5. Close the firewall control panel
6. Now forward the ports from the router to the local system

Works like a dream! Someone seems to have missed step (3) above, since doing only step (4) does not serve any purpose.

Now everything is running successfully.

Mr.Moderator, can I award myself the points that I have specified for this question? :-))
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12480717
Um, mind if I ask a question?  if you are behind a firewalling, NATing router, why in the name of little kids do you have the windows firewall turned on????  We all assumed you had it off, like you are supposed to if you are behind a firewall :) Right now, you are wasting cpu on  your server.  Lemme guess, your Linux box has a software firewall on it too? :)  um, turn of the interior firewalls, that's part of whatyour router is for....

...unless you put your server in the DMZ?  but no, in that case everyport would be open....but there was still the software firewall, so maybe.... lol
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12480721
um....further thought....if you removed all port fowards from the router, you must be A) set up  in the router's DMZ, or B) the router's firewall is turned off.

LOL
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12480723
...for those ports :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12482554
Yea, we should have asked if you had configured any firewalls on your local system.  That certainly makes a difference, eh?

FE
0
 

Author Comment

by:deltacadd
ID: 12483084
Is the router firewall enough to stop you-know-whos from hacking into my system? The local system is not in the DMZ. And yes, even my linux box had the default firewall turned on. One more thing, I tried everything with the Windows Firewall turned off but it was still not working until I did whatever I mentioned earlier. Any ideas why?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12483513
The router firewall is your perimeter firewall, and should be sufficient to stop attacks from outside your LAN.  Software firewalls take up system resources, so that is the only concern I have with them.  If you server has sufficient resources (CPU/RAM, etc..) I advise you to keep running your SP2 Firewall.  Although I am running 2003 Server, I still enable both my perimeter firewall and my Windows based firewall, just in case.

Another way to do this is to put your server in a DMZ, but if this is your production system, that may not be an option...

Not sure about why the firewall needed to be setup instead of disabled.  Perhaps the Security Service needs to be stopped also..??  Have to think about that a while.

FE
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12485493
Fatal, I have to completely disagree.  The software firewall doesn't add anything of any value, so why run it?  Now, there are two cases in which I like software firewalls.  When you share a lan with bozos whose security is lame, then yes, I use a personal software firewall.  The other exception is a software firewall that also screens outgoing traffic.  That has value and I can see using them (allthough I don't).
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12485724
Gotta love a debate..!!  :)  The software firewall is considered the second line of defense.  In every seminar that I have attended over the past year, administrators and presenters are in agreement that the windows firewall is well worth running in the LAN.  I too agree with them on that point.  It takes up little resources (not like ZoneAlarm or the like that monitor traffic both directions) and provides that extra layer of security.  With the addition of SP2, it is much more configurable, therefore adding the functionality that was needed.

Anyway, it is really a matter of how secure you really want your server.  

FE
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12486230
Well, my viewpoint is that if I need a second layer of protection, I've done a poor job with the outer layer.  I guess the theory is that the interior firewall will protect you from misuse from the LAN...but when it's a 3 machine lan??  I don't like giving up *any* extra cycles :)


0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12486614
:)  from an experience Performance Master..!!
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12486915
LOL :)..okay, I'll pipe down :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12487873
Naw, debate is healthy, and everyone's viewpoints are always welcome.!!  Until just this year, I would have agreed completely with you, but speakers like Mark Minasi and a few others changed my mind..  But then again, I am looking at larger networks, not just the small LAN we are viewing here..  :)
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12488290
Absolutely - in a large corporate LAN, I'd agree with you.  Every opportunity to put up a block, you put one up.  But in the small LAN with one way in and all the machines are yours, nah....the world is completely trusted, so there is nothing a 2nd firewall buys you except a slower server.

0
 

Author Comment

by:deltacadd
ID: 12490112
So according to one I should take down the Windows firewall and according to the other I can retain it as a second line of defense. I tend to agree with the latter, since I am a complete noob to the server arena and in this case too much is never enough, right? I am already seeing some attempts on my FTP port and it is not even 48 hours since I got my site running! I am now reading up on Intrusion Detection (just my geekiness coming to the fore, I guess), not that my site offers anything worthwhile for all and sundry but just for the heck of it.

Another wall never hurt anyone but as JonSh says if all my other systems are on an internal LAN then the worth is questionable. As far as CPU cycles go, I guess I have some to spare on the server since it is not doing anything else except running as Internet server. My production server is safely (I hope) sitting isolated and not connected to the Internet, only to my LAN.

Good to see a debate though. Thanks guys, for all your views.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12493682
You are welcome... and best of luck..  Better safe than sorry, eh?

FE
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question