• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Unable to forward Port 21, 25 and 110

Hi,

I recently got a 512 kbps broadband ADSL line and want to run my own web server, ftp server and mail servers. After some reading I found out that I have to forward the relevant ports from the router to the local machine based on its internal IP.

I have done the same using the router's browser based configuration system, but it seems to be forwarding only port 80. All the other ports (21, 25 and 110) always show up as either blocked or stealth (depending on which website you use to do the checking). Even port 80 was not forwarded initially, but it suddenly started working for whatever reason.

I checked with the ISP and they claim that they are NOT blocking any port.

The config is as follows:
Router     : D-Link DL-500T
ISP          : VSNL, Bangalore, India
Static IP   : 61.11.63.8
Domain    : deltacadd.com
OS           : Windows XP SP2 (yes, I have configured the firewall to unblock the relevant ports)
Webserver: Apache 2.0
Mailserver : MailEnable Standard
FTPserver : Serv-U Trial

The funny thing is that I tried this on a Linux box running Fedora Core 2 and the same result appears (i.e., port 80 is opened but the other ports are not). I have tried both the Sheids Up test at www.gcr.com as well as Symantec's online security check. The result is always the same port 80 is open, alive and kicking whereas all other ports are "Stealth".

What am I doing wrong? Any help is greatly appreciated.
0
deltacadd
Asked:
deltacadd
  • 9
  • 8
  • 4
2 Solutions
 
Fatal_ExceptionCommented:
I hate to say this, but I have found these Dlinks to be an unreliable router.  For consumer grade devices I usually go with the Linksys products, and have never had an issue with port forwarding.....  Although my server is running 2003 with IIS, it works like a charm with my Linksys..  (this is my SOHO at my home, www.doverproductions.com)

FE
0
 
Fatal_ExceptionCommented:
Do you have the router configured right now, and your server running?  I will try to get in myself when I get a chance...
0
 
JonShCommented:
I have to agree with Fatal_Exception.  I have seen multiple instances of D-Link routers unable to do port fowarding no matter what I try.  The last time was about a month ago, trying to get a 604 to do DCC.  Never worked.

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
deltacaddAuthor Commented:
The router was provided to me by the ISP as part of the broadband package. I checked with them and they say that all their routers are only D-Link ones. How come it is forwarding Port 80 correctly and not the other ports? I can accept it if it is not forwarding any port, but this is a little strange.

Do I have to fork out some more to buy another router? Boo hooo....
0
 
JonShCommented:
Basically, yes.  I've been very happy with my Linksys products.....
0
 
deltacaddAuthor Commented:
Hey,

I found the answer. Actually, there seems to be nothing wrong with the router thank God. The solution is as follows:

1. Remove all port forwards from the router configuration
2. Open the firewall control panel in the local system (Windows XP SP2)
3. In the "Exceptions" tab, using the "Add port..." button, add the relevant ports separately (80, 25, 110 and 21) with appropriate names.
4. In the "Advanced" tab, check the same services are also activated.
5. Close the firewall control panel
6. Now forward the ports from the router to the local system

Works like a dream! Someone seems to have missed step (3) above, since doing only step (4) does not serve any purpose.

Now everything is running successfully.

Mr.Moderator, can I award myself the points that I have specified for this question? :-))
0
 
JonShCommented:
Um, mind if I ask a question?  if you are behind a firewalling, NATing router, why in the name of little kids do you have the windows firewall turned on????  We all assumed you had it off, like you are supposed to if you are behind a firewall :) Right now, you are wasting cpu on  your server.  Lemme guess, your Linux box has a software firewall on it too? :)  um, turn of the interior firewalls, that's part of whatyour router is for....

...unless you put your server in the DMZ?  but no, in that case everyport would be open....but there was still the software firewall, so maybe.... lol
0
 
JonShCommented:
um....further thought....if you removed all port fowards from the router, you must be A) set up  in the router's DMZ, or B) the router's firewall is turned off.

LOL
0
 
JonShCommented:
...for those ports :)
0
 
Fatal_ExceptionCommented:
Yea, we should have asked if you had configured any firewalls on your local system.  That certainly makes a difference, eh?

FE
0
 
deltacaddAuthor Commented:
Is the router firewall enough to stop you-know-whos from hacking into my system? The local system is not in the DMZ. And yes, even my linux box had the default firewall turned on. One more thing, I tried everything with the Windows Firewall turned off but it was still not working until I did whatever I mentioned earlier. Any ideas why?
0
 
Fatal_ExceptionCommented:
The router firewall is your perimeter firewall, and should be sufficient to stop attacks from outside your LAN.  Software firewalls take up system resources, so that is the only concern I have with them.  If you server has sufficient resources (CPU/RAM, etc..) I advise you to keep running your SP2 Firewall.  Although I am running 2003 Server, I still enable both my perimeter firewall and my Windows based firewall, just in case.

Another way to do this is to put your server in a DMZ, but if this is your production system, that may not be an option...

Not sure about why the firewall needed to be setup instead of disabled.  Perhaps the Security Service needs to be stopped also..??  Have to think about that a while.

FE
0
 
JonShCommented:
Fatal, I have to completely disagree.  The software firewall doesn't add anything of any value, so why run it?  Now, there are two cases in which I like software firewalls.  When you share a lan with bozos whose security is lame, then yes, I use a personal software firewall.  The other exception is a software firewall that also screens outgoing traffic.  That has value and I can see using them (allthough I don't).
0
 
Fatal_ExceptionCommented:
Gotta love a debate..!!  :)  The software firewall is considered the second line of defense.  In every seminar that I have attended over the past year, administrators and presenters are in agreement that the windows firewall is well worth running in the LAN.  I too agree with them on that point.  It takes up little resources (not like ZoneAlarm or the like that monitor traffic both directions) and provides that extra layer of security.  With the addition of SP2, it is much more configurable, therefore adding the functionality that was needed.

Anyway, it is really a matter of how secure you really want your server.  

FE
0
 
JonShCommented:
Well, my viewpoint is that if I need a second layer of protection, I've done a poor job with the outer layer.  I guess the theory is that the interior firewall will protect you from misuse from the LAN...but when it's a 3 machine lan??  I don't like giving up *any* extra cycles :)


0
 
Fatal_ExceptionCommented:
:)  from an experience Performance Master..!!
0
 
JonShCommented:
LOL :)..okay, I'll pipe down :)
0
 
Fatal_ExceptionCommented:
Naw, debate is healthy, and everyone's viewpoints are always welcome.!!  Until just this year, I would have agreed completely with you, but speakers like Mark Minasi and a few others changed my mind..  But then again, I am looking at larger networks, not just the small LAN we are viewing here..  :)
0
 
JonShCommented:
Absolutely - in a large corporate LAN, I'd agree with you.  Every opportunity to put up a block, you put one up.  But in the small LAN with one way in and all the machines are yours, nah....the world is completely trusted, so there is nothing a 2nd firewall buys you except a slower server.

0
 
deltacaddAuthor Commented:
So according to one I should take down the Windows firewall and according to the other I can retain it as a second line of defense. I tend to agree with the latter, since I am a complete noob to the server arena and in this case too much is never enough, right? I am already seeing some attempts on my FTP port and it is not even 48 hours since I got my site running! I am now reading up on Intrusion Detection (just my geekiness coming to the fore, I guess), not that my site offers anything worthwhile for all and sundry but just for the heck of it.

Another wall never hurt anyone but as JonSh says if all my other systems are on an internal LAN then the worth is questionable. As far as CPU cycles go, I guess I have some to spare on the server since it is not doing anything else except running as Internet server. My production server is safely (I hope) sitting isolated and not connected to the Internet, only to my LAN.

Good to see a debate though. Thanks guys, for all your views.
0
 
Fatal_ExceptionCommented:
You are welcome... and best of luck..  Better safe than sorry, eh?

FE
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 9
  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now