Solved

Unable to forward Port 21, 25 and 110

Posted on 2004-11-02
311 Views
Last Modified: 2013-12-14
Hi,

I recently got a 512 kbps broadband ADSL line and want to run my own web server, ftp server and mail servers. After some reading I found out that I have to forward the relevant ports from the router to the local machine based on its internal IP.

I have done the same using the router's browser based configuration system, but it seems to be forwarding only port 80. All the other ports (21, 25 and 110) always show up as either blocked or stealth (depending on which website you use to do the checking). Even port 80 was not forwarded initially, but it suddenly started working for whatever reason.

I checked with the ISP and they claim that they are NOT blocking any port.

The config is as follows:
Router     : D-Link DL-500T
ISP          : VSNL, Bangalore, India
Static IP   : 61.11.63.8
Domain    : deltacadd.com
OS           : Windows XP SP2 (yes, I have configured the firewall to unblock the relevant ports)
Webserver: Apache 2.0
Mailserver : MailEnable Standard
FTPserver : Serv-U Trial

The funny thing is that I tried this on a Linux box running Fedora Core 2 and the same result appears (i.e., port 80 is opened but the other ports are not). I have tried both the Sheids Up test at www.gcr.com as well as Symantec's online security check. The result is always the same port 80 is open, alive and kicking whereas all other ports are "Stealth".

What am I doing wrong? Any help is greatly appreciated.
0
Question by:deltacadd
    21 Comments
     
    LVL 40

    Accepted Solution

    by:
    I hate to say this, but I have found these Dlinks to be an unreliable router.  For consumer grade devices I usually go with the Linksys products, and have never had an issue with port forwarding.....  Although my server is running 2003 with IIS, it works like a charm with my Linksys..  (this is my SOHO at my home, www.doverproductions.com)

    FE
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    Do you have the router configured right now, and your server running?  I will try to get in myself when I get a chance...
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    I have to agree with Fatal_Exception.  I have seen multiple instances of D-Link routers unable to do port fowarding no matter what I try.  The last time was about a month ago, trying to get a 604 to do DCC.  Never worked.

    0
     

    Author Comment

    by:deltacadd
    The router was provided to me by the ISP as part of the broadband package. I checked with them and they say that all their routers are only D-Link ones. How come it is forwarding Port 80 correctly and not the other ports? I can accept it if it is not forwarding any port, but this is a little strange.

    Do I have to fork out some more to buy another router? Boo hooo....
    0
     
    LVL 4

    Assisted Solution

    by:JonSh
    Basically, yes.  I've been very happy with my Linksys products.....
    0
     

    Author Comment

    by:deltacadd
    Hey,

    I found the answer. Actually, there seems to be nothing wrong with the router thank God. The solution is as follows:

    1. Remove all port forwards from the router configuration
    2. Open the firewall control panel in the local system (Windows XP SP2)
    3. In the "Exceptions" tab, using the "Add port..." button, add the relevant ports separately (80, 25, 110 and 21) with appropriate names.
    4. In the "Advanced" tab, check the same services are also activated.
    5. Close the firewall control panel
    6. Now forward the ports from the router to the local system

    Works like a dream! Someone seems to have missed step (3) above, since doing only step (4) does not serve any purpose.

    Now everything is running successfully.

    Mr.Moderator, can I award myself the points that I have specified for this question? :-))
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    Um, mind if I ask a question?  if you are behind a firewalling, NATing router, why in the name of little kids do you have the windows firewall turned on????  We all assumed you had it off, like you are supposed to if you are behind a firewall :) Right now, you are wasting cpu on  your server.  Lemme guess, your Linux box has a software firewall on it too? :)  um, turn of the interior firewalls, that's part of whatyour router is for....

    ...unless you put your server in the DMZ?  but no, in that case everyport would be open....but there was still the software firewall, so maybe.... lol
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    um....further thought....if you removed all port fowards from the router, you must be A) set up  in the router's DMZ, or B) the router's firewall is turned off.

    LOL
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    ...for those ports :)
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    Yea, we should have asked if you had configured any firewalls on your local system.  That certainly makes a difference, eh?

    FE
    0
     

    Author Comment

    by:deltacadd
    Is the router firewall enough to stop you-know-whos from hacking into my system? The local system is not in the DMZ. And yes, even my linux box had the default firewall turned on. One more thing, I tried everything with the Windows Firewall turned off but it was still not working until I did whatever I mentioned earlier. Any ideas why?
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    The router firewall is your perimeter firewall, and should be sufficient to stop attacks from outside your LAN.  Software firewalls take up system resources, so that is the only concern I have with them.  If you server has sufficient resources (CPU/RAM, etc..) I advise you to keep running your SP2 Firewall.  Although I am running 2003 Server, I still enable both my perimeter firewall and my Windows based firewall, just in case.

    Another way to do this is to put your server in a DMZ, but if this is your production system, that may not be an option...

    Not sure about why the firewall needed to be setup instead of disabled.  Perhaps the Security Service needs to be stopped also..??  Have to think about that a while.

    FE
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    Fatal, I have to completely disagree.  The software firewall doesn't add anything of any value, so why run it?  Now, there are two cases in which I like software firewalls.  When you share a lan with bozos whose security is lame, then yes, I use a personal software firewall.  The other exception is a software firewall that also screens outgoing traffic.  That has value and I can see using them (allthough I don't).
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    Gotta love a debate..!!  :)  The software firewall is considered the second line of defense.  In every seminar that I have attended over the past year, administrators and presenters are in agreement that the windows firewall is well worth running in the LAN.  I too agree with them on that point.  It takes up little resources (not like ZoneAlarm or the like that monitor traffic both directions) and provides that extra layer of security.  With the addition of SP2, it is much more configurable, therefore adding the functionality that was needed.

    Anyway, it is really a matter of how secure you really want your server.  

    FE
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    Well, my viewpoint is that if I need a second layer of protection, I've done a poor job with the outer layer.  I guess the theory is that the interior firewall will protect you from misuse from the LAN...but when it's a 3 machine lan??  I don't like giving up *any* extra cycles :)


    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    :)  from an experience Performance Master..!!
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    LOL :)..okay, I'll pipe down :)
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    Naw, debate is healthy, and everyone's viewpoints are always welcome.!!  Until just this year, I would have agreed completely with you, but speakers like Mark Minasi and a few others changed my mind..  But then again, I am looking at larger networks, not just the small LAN we are viewing here..  :)
    0
     
    LVL 4

    Expert Comment

    by:JonSh
    Absolutely - in a large corporate LAN, I'd agree with you.  Every opportunity to put up a block, you put one up.  But in the small LAN with one way in and all the machines are yours, nah....the world is completely trusted, so there is nothing a 2nd firewall buys you except a slower server.

    0
     

    Author Comment

    by:deltacadd
    So according to one I should take down the Windows firewall and according to the other I can retain it as a second line of defense. I tend to agree with the latter, since I am a complete noob to the server arena and in this case too much is never enough, right? I am already seeing some attempts on my FTP port and it is not even 48 hours since I got my site running! I am now reading up on Intrusion Detection (just my geekiness coming to the fore, I guess), not that my site offers anything worthwhile for all and sundry but just for the heck of it.

    Another wall never hurt anyone but as JonSh says if all my other systems are on an internal LAN then the worth is questionable. As far as CPU cycles go, I guess I have some to spare on the server since it is not doing anything else except running as Internet server. My production server is safely (I hope) sitting isolated and not connected to the Internet, only to my LAN.

    Good to see a debate though. Thanks guys, for all your views.
    0
     
    LVL 40

    Expert Comment

    by:Fatal_Exception
    You are welcome... and best of luck..  Better safe than sorry, eh?

    FE
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Course: JavaScript Coding - Massive 12-Part Bundle

    Regardless of your programming skill level, you'll go from basics to advanced concepts in a vast array of JavaScript subjects including Sammy.js, Agility.js, Ember.js, Node.js, jQuery, AJAX, Extjs, AngularJS, Knockout.js, and JSON.

        Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
    Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
    This video Micro Tutorial is the first in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles al…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    845 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now