• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3201
  • Last Modified:

Testing Port Forwarding

Hi

I have been struggling with this for a very long time.  I have an ADSL connection at home, I also have a small (3 computer) windows network setup.  I use an ADSL Gateway (Linksys - BEFDSR41W), it is also a modem/router and 4 port switch.  What I am trying to accomplish is to be able to host a website on one of my servers.

I have setup a webserver on my computer (IIS) and tested it using local IP address/localhost etc in the browser this all works fine.
I have setup port forwarding on my the linksys gateway (Ext.Port 80 TCP to forward to local IP address of my webserver).  

My web server has a software firewall installed on it so I have setup a rule to allow all traffic on port 80 to/from the computer.  I have Sygate Personal Firewall installed and the rule description reads as follows:

"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP remote port(s) 80 to/from TCP local port(s) 80.  This rule will be applied to all network interface cards.  The following applications will be affected in this rule: Internet Information Services."

I dont have a static IP address but my IP address stays the same for quite a while (changes whenever I reset the gateway).  When I type the IP address of the gateway in a web browser on a external computer I would expect it to forward my request to the webserver which should server the web pages, but unfortunately this doesn't happen.  If I use a local computer I am presented with the admin pages for the ADSL gateway.

Does anyone have any suggestions or possible techniques/tools which will help me narrow in on the point of failure.

Thank you.



0
tejs1dhu
Asked:
tejs1dhu
  • 12
  • 7
  • 4
  • +5
2 Solutions
 
ViRoyCommented:

"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP remote port(s) 80 to/from TCP local port(s) 80.  This rule will be applied to all network interface cards.  The following applications will be affected in this rule: Internet Information Services."
--------------------------------

the source port from remote computers is not always 80.
if you can, change the rule to allow any connection to local port 80.
0
 
ryandale56Commented:
even still.  if you have residential dsl and not business dsl chances are that your ISP is blocking port 80.  You should try to forward another port and configure IIS to listen on that port.

0
 
tejs1dhuAuthor Commented:
@ViRoy

I have changed the rule and it now reads
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP local port(s) 80.  This rule will be applied to all network interface cards.  The following applications will be affected in this rule: Internet Information Services."

@Everyone
One other thing, I just tried accessing the web page from a local computer (other than my webserver) and the request timed out, I tried this before and after the change noted above and it failed both times.  So I am assuming it never worked, could this be the problem?  How can I fix this? and get it to work?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
ryandale56Commented:
also, verify that 'remote administration' is disabled on the router and be sure youre running the latest firmware.
0
 
ryandale56Commented:
when you try to access it from a local computer, are you using the internal IP of the webserver?  you should disable your software firewall for debugging purposes and enable it after you know everything else is working correctly.
0
 
tejs1dhuAuthor Commented:
@ryandale56

remote management is disabled.  I wil check to see if I have the latest firmware.

On my port forwarding setup I am unable to specify which port to forward too, I can only specify an IP address.   Can my ISP block port 80, I suppose they would block incoming traffic on port 80?  Is there any test that I can run to see which ports are being blocked?
0
 
ryandale56Commented:
id put $10 down that your isp is blocking port 21, 25, and 80.
0
 
tejs1dhuAuthor Commented:
@ryandale56

Yes I am using 192.168.0.5 which is the internal IP of my webserver, even with the software firewall on both computers disabled I still unable to access the pages on my webserver.  I get the cannot find server error.  I have from command prompt typed in ping 192.168.0.5 and I get replies fine, both computers can also see each other in network neighbourhood.

Thanks for your help, im pulling my hair out trying to get this to work.
0
 
ryandale56Commented:
from an external computer you can do a portscan on your home external IP address.  Or you can do what i mentioned above:  tell IIS to listen to port 888 (for example) and then set your router to forward port 888 (the same way you told it to forward port 80).  if your website works on 888, but not 80, then they are blocking port 80.

it is very standard for port inbound connections to port 80 to be blocked.
0
 
sciwriterCommented:
<<What I am trying to accomplish is to be able to host a website on one of my servers >>

Aha!!  You are fighting the ADSL providers here.  Telephone companies don't want you doing that, it chokes their bandwidth -- the whole DSL concept relies on shared moderate usage that averages out....

Often the Phone companies will block outgoing and/or incoming on port 80 -- that kills your website, and these are the "aggressive" ones stopping home web sites.

Others create a 'Virtual" IP for you that is not real -- i.e. it is only real for certain functions.  You can get around this by buying a dedicated IP from them for $7 per month more or less.  That usually lets you "in" with a small website.

The least aggressive are those who allow it, but you have to go to a site like Dyndns.com -- to get a dynamically changing DNS translation for the website to the current IP address.  Some get this to work.

It all depends on your phone company, and where you are, and what measures you want to go to.  But remember, if your site becomes very busy, or you run FTP, you are robbing from the other people on your DSL head end -- their internet throughput drops exponentially to zero as your site becomes busy.

For $79 per year, isn't it worth hosting it with one of the hosting companies sitting right over one of the transcontinental OC3 fiber links across the planet?
0
 
tejs1dhuAuthor Commented:
@ryandale56

Ah i got ya, I will try accessing my webserver tomorrow.  Would I just use xxx.xxx.xxx.xxx:888 (assuming I setup on port 888) to try accessing it?

I have a feeling that it is probably my ISP blocking it, but I don't understand why the webserver doesnt work internally (other than on the webserver itself).

Anyway will let you know what happens.  Thanks for your help.
0
 
Tim HolmanCommented:
Do you have a default gateway on 192.168.0.5 pointing back to the Linksys ?
There shouldn't be any problems in doing this.
Your ISP will NOT be blocking these ports - they don't do this anymore as can't keep up with the level of support and complaints !  ;)
Please follow these instructions:

http://www.portforward.com/linksys/befdsr41w-portforwarding.htm
0
 
tejs1dhuAuthor Commented:
@sciwriter

I understand your point and I think BT would be an aggresive ISP.

I am only planning on hosting a personal site, I just want to gain the experience of setting up a website + server from scratch (Im a web developer/comp sci student) I never knew ISP would block certain ports, I will have to carefully research other ISP to see if they are blocking the ports I need.

Thanks for the info
0
 
sciwriterCommented:
Well if you are just testing, try two other things -- don't try to externalize your site -- http:\\www.mysite.com -- that will only become bogged down in the whole ADSL problem.

Try an internal address. Give the system a fixed IP, and borrow, say a laptop or something with a NW card, and go to the site directly http://192.168.0.10  or whatever.  Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in.  In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users.  Once you find them, the local IP should immediately bring up your site.
0
 
tejs1dhuAuthor Commented:
If anyone has any clue as to why my webserver doesn't work internally I would be very grateful for your help.  When in the browser I can access the webpages using a browser on the actual webserver but not from a different computer on the same local network.  Any ideas?
0
 
sciwriterCommented:
See post above -- serendipitous posts -- its in the IIS setup.  Good luck -- get an A++
0
 
tejs1dhuAuthor Commented:
@tim_holman

Yes my default gateway is 192.168.0.3 on 192.168.0.5 (and all computers on my local network) is this a problem?
0
 
ryandale56Commented:
tejs1dhu, yes just open a web browser and type in http://xxx.xxx.xxx.xxx:888

let's say your webserver private ip address is 192.168.0.5 and your public ip address is 216.239.39.99.  lets get the web server working on the internal network first.

make sure IIS is set to take connections from "all unassigned" and is setup for port 888.

try to connect to http://192.168.0.5:888 from a computer on your internal network.  if this works great, if not then disable the software firewall(s) on your web server and try again.  if it still doesnt work then let us know.

after you got it working for the internal network it is time to setup the port forwarding on the router.  configure port 888 to be forwarded to 192.168.0.5.  now from an external computer try and access http://216.239.39.99:888 (change to your external ip).





also, tim holman is full of it.  almost all isp's block those ports for residential setups.
0
 
tejs1dhuAuthor Commented:
@sciwriter

"Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in.  In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users.  Once you find them, the local IP should immediately bring up your site."

I cant find this setting in IIS, I am using IIS v5.1 on a windows XP computer, could you perhaps direct me?  Thanks for your help.
0
 
tejs1dhuAuthor Commented:
@ryandale56

"try to connect to http://192.168.0.5:888 from a computer on your internal network.  if this works great, if not then disable the software firewall(s) on your web server and try again.  if it still doesnt work then let us know."

I've checked that the site in IIS is "all unassigned" and set it up on TCP port: 888 but I still cannot access this from another internal computer?  I have disabled the software firewall on both computers but still not luck.
0
 
sciwriterCommented:
Aw, come-on, you gotta do some of this yourself.  That's the test, figure out what most people have not, that's what get's you the A++
0
 
Tim HolmanCommented:
>> also, tim holman is full of it.  almost all isp's block those ports for residential setups.

Well, they don't in the UK.  I'm running BT Yahoo Broadband and have a web server running fine !  :P

Should 192.168.0.3 be your default gateway ?  Is this the internal address of your Linksys ?  

Have you followed the link I posted up ?

Reasonably good, free web server you could try instead of IIS - http://www.xitami.com/download.htm

0
 
snerkelCommented:
1. Many SOHO routers don't allow loopback (using your WAN IP from your own LAN), so the only sure way of testing on your own network is to use http://192.168.0.5 if this doesn't work from another PC then you have a firewall blocking the connection.

2. Some routers don't like you using the same port as you use for the router management, many routers allow you to change the management port, if it does then change to 8080 then to access router use http://192.168.0.3:8080

3. I don't believe BT block ports, especially 80

4. Have you powered off the router since adding the virtual server settings, some routers don't action these settings until the power has been cycled.
0
 
purplepomegraniteCommented:
ryandale56, tim_holman is in fact spot on.  BT certainly don't block ports, and very few providers (if any) do here in the UK.  Try researching your facts before posting such comments.  In return I won't make rash comments about America ;)

If the website isn't working on the internal network, it obviously isn't anything to do with the ISP anyway.

tejs1dhu, you don't have Windows Firewall enabled as well do you?  If you have SP2 installed it is enabled by default - always worth a check.

Whatever the problem is, you need to get the site working on the internal network before you even look at port-forwarding, etc.
0
 
ryandale56Commented:
purple, im sorry, my post about ISPs was only in reference to ISPs in america.  i forget that there are other countries sometimes.
0
 
Tim HolmanCommented:
Are you trying to run IIS on Windows XP ?
ie as per - http://www.webwizguide.com/asp/tutorials/installing_iis_winXP_pro.asp ?
0
 
fixnixCommented:
To narrow it down a lil to an IIS or Firewall problem (excellent choice of your firewall, btw...IMO you've got the best free one out there for a doze app layer fw):  Open up a command prompt, and type:

netstat -an

Look for a line that says:

TCP     192.168.0.5      0.0.0.0:888     LISTENING

or:

TCP     0.0.0.0             0.0.0.0:888     LISTENING


(assuming you've changed IIS to listen on port 888...replace the 888 above w/ 80 if you haven't changed or changed it back to listen on port 80)

If there is a line like above in the netstat output, then it is a firewall configuration problem.  If there is no line showing that your computer is listening on your web port configured in IIS, then it is an IIS configuration problem.

That'll make the next troubleshooting steps easier...
0
 
tejs1dhuAuthor Commented:
@purplepomegranite

My Windows Firewall was enabled, thats solved my internal site access problems!  Thanks!  I will split the points between you and the person who is able to help me solved my external site access problems.

@fixnix

Thanks for your response, netstats showed both.  I've got internal access running now.
I used to have Zone Alarm - didnt like it!

I am going to try to connect externally from work later today.  Will keep you guys updated.
0
 
tejs1dhuAuthor Commented:
Hi all

I tried accessing the site (IIS is listening on port 888) so i used external_IP:888 in the browser address bar.  No luck!  Any suggestions?
0
 
tejs1dhuAuthor Commented:
P.S. Im able to RDC to my computer, I have setup port forwarding for RDC on the gateway to the server, if that helps or gives you a clue.
0
 
purplepomegraniteCommented:
So you have set up a port forwarding rule for RDC (port 3389?), and for HTTP (currently 888), and RDC works yet the web-server doesn't?
0
 
purplepomegraniteCommented:
I solved the internal problem, but the other problem hasn't been solved due to lack of more input!
0
 
snerkelCommented:
>> I am going to try to connect externally from work later today.  Will keep you guys updated.

>> I tried accessing the site (IIS is listening on port 888) so i used external_IP:888 in the browser address bar.  No luck!  Any suggestions?

Depending on your companies network you may not be able to access a web server on any non standard port, large companies especially will tie down the Internet connection very tightly to prevent abuse.

You need to change the server so that is uses the standard port 80 or use a dial-up internet connection to try 888.

ps I did suggest earlier that you probaobly had a software firewall enabled >> 1. Many SOHO routers don't allow loopback (using your WAN IP from your own LAN), so the only sure way of testing on your own network is to use http://192.168.0.5 if this doesn't work from another PC then you have a firewall blocking the connection. (This was suggested before purplepomgranite did although I didn't specifically mention XP firewall)
0
 
purplepomegraniteCommented:
Agreed Snerkel... though the asker has already said he will split the points between myself and the person that solves the external problem.  Looks like we won't get a chance to solve that one though.

I have no objection to split points however.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 12
  • 7
  • 4
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now