tejs1dhu
asked on
Testing Port Forwarding
Hi
I have been struggling with this for a very long time. I have an ADSL connection at home, I also have a small (3 computer) windows network setup. I use an ADSL Gateway (Linksys - BEFDSR41W), it is also a modem/router and 4 port switch. What I am trying to accomplish is to be able to host a website on one of my servers.
I have setup a webserver on my computer (IIS) and tested it using local IP address/localhost etc in the browser this all works fine.
I have setup port forwarding on my the linksys gateway (Ext.Port 80 TCP to forward to local IP address of my webserver).
My web server has a software firewall installed on it so I have setup a rule to allow all traffic on port 80 to/from the computer. I have Sygate Personal Firewall installed and the rule description reads as follows:
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP remote port(s) 80 to/from TCP local port(s) 80. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Internet Information Services."
I dont have a static IP address but my IP address stays the same for quite a while (changes whenever I reset the gateway). When I type the IP address of the gateway in a web browser on a external computer I would expect it to forward my request to the webserver which should server the web pages, but unfortunately this doesn't happen. If I use a local computer I am presented with the admin pages for the ADSL gateway.
Does anyone have any suggestions or possible techniques/tools which will help me narrow in on the point of failure.
Thank you.
I have been struggling with this for a very long time. I have an ADSL connection at home, I also have a small (3 computer) windows network setup. I use an ADSL Gateway (Linksys - BEFDSR41W), it is also a modem/router and 4 port switch. What I am trying to accomplish is to be able to host a website on one of my servers.
I have setup a webserver on my computer (IIS) and tested it using local IP address/localhost etc in the browser this all works fine.
I have setup port forwarding on my the linksys gateway (Ext.Port 80 TCP to forward to local IP address of my webserver).
My web server has a software firewall installed on it so I have setup a rule to allow all traffic on port 80 to/from the computer. I have Sygate Personal Firewall installed and the rule description reads as follows:
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP remote port(s) 80 to/from TCP local port(s) 80. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Internet Information Services."
I dont have a static IP address but my IP address stays the same for quite a while (changes whenever I reset the gateway). When I type the IP address of the gateway in a web browser on a external computer I would expect it to forward my request to the webserver which should server the web pages, but unfortunately this doesn't happen. If I use a local computer I am presented with the admin pages for the ADSL gateway.
Does anyone have any suggestions or possible techniques/tools which will help me narrow in on the point of failure.
Thank you.
even still. if you have residential dsl and not business dsl chances are that your ISP is blocking port 80. You should try to forward another port and configure IIS to listen on that port.
ASKER
@ViRoy
I have changed the rule and it now reads
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP local port(s) 80. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Internet Information Services."
@Everyone
One other thing, I just tried accessing the web page from a local computer (other than my webserver) and the request timed out, I tried this before and after the change noted above and it failed both times. So I am assuming it never worked, could this be the problem? How can I fix this? and get it to work?
I have changed the rule and it now reads
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP local port(s) 80. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Internet Information Services."
@Everyone
One other thing, I just tried accessing the web page from a local computer (other than my webserver) and the request timed out, I tried this before and after the change noted above and it failed both times. So I am assuming it never worked, could this be the problem? How can I fix this? and get it to work?
also, verify that 'remote administration' is disabled on the router and be sure youre running the latest firmware.
when you try to access it from a local computer, are you using the internal IP of the webserver? you should disable your software firewall for debugging purposes and enable it after you know everything else is working correctly.
ASKER
@ryandale56
remote management is disabled. I wil check to see if I have the latest firmware.
On my port forwarding setup I am unable to specify which port to forward too, I can only specify an IP address. Can my ISP block port 80, I suppose they would block incoming traffic on port 80? Is there any test that I can run to see which ports are being blocked?
remote management is disabled. I wil check to see if I have the latest firmware.
On my port forwarding setup I am unable to specify which port to forward too, I can only specify an IP address. Can my ISP block port 80, I suppose they would block incoming traffic on port 80? Is there any test that I can run to see which ports are being blocked?
id put $10 down that your isp is blocking port 21, 25, and 80.
ASKER
@ryandale56
Yes I am using 192.168.0.5 which is the internal IP of my webserver, even with the software firewall on both computers disabled I still unable to access the pages on my webserver. I get the cannot find server error. I have from command prompt typed in ping 192.168.0.5 and I get replies fine, both computers can also see each other in network neighbourhood.
Thanks for your help, im pulling my hair out trying to get this to work.
Yes I am using 192.168.0.5 which is the internal IP of my webserver, even with the software firewall on both computers disabled I still unable to access the pages on my webserver. I get the cannot find server error. I have from command prompt typed in ping 192.168.0.5 and I get replies fine, both computers can also see each other in network neighbourhood.
Thanks for your help, im pulling my hair out trying to get this to work.
from an external computer you can do a portscan on your home external IP address. Or you can do what i mentioned above: tell IIS to listen to port 888 (for example) and then set your router to forward port 888 (the same way you told it to forward port 80). if your website works on 888, but not 80, then they are blocking port 80.
it is very standard for port inbound connections to port 80 to be blocked.
it is very standard for port inbound connections to port 80 to be blocked.
<<What I am trying to accomplish is to be able to host a website on one of my servers >>
Aha!! You are fighting the ADSL providers here. Telephone companies don't want you doing that, it chokes their bandwidth -- the whole DSL concept relies on shared moderate usage that averages out....
Often the Phone companies will block outgoing and/or incoming on port 80 -- that kills your website, and these are the "aggressive" ones stopping home web sites.
Others create a 'Virtual" IP for you that is not real -- i.e. it is only real for certain functions. You can get around this by buying a dedicated IP from them for $7 per month more or less. That usually lets you "in" with a small website.
The least aggressive are those who allow it, but you have to go to a site like Dyndns.com -- to get a dynamically changing DNS translation for the website to the current IP address. Some get this to work.
It all depends on your phone company, and where you are, and what measures you want to go to. But remember, if your site becomes very busy, or you run FTP, you are robbing from the other people on your DSL head end -- their internet throughput drops exponentially to zero as your site becomes busy.
For $79 per year, isn't it worth hosting it with one of the hosting companies sitting right over one of the transcontinental OC3 fiber links across the planet?
Aha!! You are fighting the ADSL providers here. Telephone companies don't want you doing that, it chokes their bandwidth -- the whole DSL concept relies on shared moderate usage that averages out....
Often the Phone companies will block outgoing and/or incoming on port 80 -- that kills your website, and these are the "aggressive" ones stopping home web sites.
Others create a 'Virtual" IP for you that is not real -- i.e. it is only real for certain functions. You can get around this by buying a dedicated IP from them for $7 per month more or less. That usually lets you "in" with a small website.
The least aggressive are those who allow it, but you have to go to a site like Dyndns.com -- to get a dynamically changing DNS translation for the website to the current IP address. Some get this to work.
It all depends on your phone company, and where you are, and what measures you want to go to. But remember, if your site becomes very busy, or you run FTP, you are robbing from the other people on your DSL head end -- their internet throughput drops exponentially to zero as your site becomes busy.
For $79 per year, isn't it worth hosting it with one of the hosting companies sitting right over one of the transcontinental OC3 fiber links across the planet?
ASKER
@ryandale56
Ah i got ya, I will try accessing my webserver tomorrow. Would I just use xxx.xxx.xxx.xxx:888 (assuming I setup on port 888) to try accessing it?
I have a feeling that it is probably my ISP blocking it, but I don't understand why the webserver doesnt work internally (other than on the webserver itself).
Anyway will let you know what happens. Thanks for your help.
Ah i got ya, I will try accessing my webserver tomorrow. Would I just use xxx.xxx.xxx.xxx:888 (assuming I setup on port 888) to try accessing it?
I have a feeling that it is probably my ISP blocking it, but I don't understand why the webserver doesnt work internally (other than on the webserver itself).
Anyway will let you know what happens. Thanks for your help.
Do you have a default gateway on 192.168.0.5 pointing back to the Linksys ?
There shouldn't be any problems in doing this.
Your ISP will NOT be blocking these ports - they don't do this anymore as can't keep up with the level of support and complaints ! ;)
Please follow these instructions:
http://www.portforward.com/linksys/befdsr41w-portforwarding.htm
There shouldn't be any problems in doing this.
Your ISP will NOT be blocking these ports - they don't do this anymore as can't keep up with the level of support and complaints ! ;)
Please follow these instructions:
http://www.portforward.com/linksys/befdsr41w-portforwarding.htm
ASKER
@sciwriter
I understand your point and I think BT would be an aggresive ISP.
I am only planning on hosting a personal site, I just want to gain the experience of setting up a website + server from scratch (Im a web developer/comp sci student) I never knew ISP would block certain ports, I will have to carefully research other ISP to see if they are blocking the ports I need.
Thanks for the info
I understand your point and I think BT would be an aggresive ISP.
I am only planning on hosting a personal site, I just want to gain the experience of setting up a website + server from scratch (Im a web developer/comp sci student) I never knew ISP would block certain ports, I will have to carefully research other ISP to see if they are blocking the ports I need.
Thanks for the info
Well if you are just testing, try two other things -- don't try to externalize your site -- http:\\www.mysite.com -- that will only become bogged down in the whole ADSL problem.
Try an internal address. Give the system a fixed IP, and borrow, say a laptop or something with a NW card, and go to the site directly http://192.168.0.10 or whatever. Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in. In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users. Once you find them, the local IP should immediately bring up your site.
Try an internal address. Give the system a fixed IP, and borrow, say a laptop or something with a NW card, and go to the site directly http://192.168.0.10 or whatever. Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in. In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users. Once you find them, the local IP should immediately bring up your site.
ASKER
If anyone has any clue as to why my webserver doesn't work internally I would be very grateful for your help. When in the browser I can access the webpages using a browser on the actual webserver but not from a different computer on the same local network. Any ideas?
See post above -- serendipitous posts -- its in the IIS setup. Good luck -- get an A++
ASKER
@tim_holman
Yes my default gateway is 192.168.0.3 on 192.168.0.5 (and all computers on my local network) is this a problem?
Yes my default gateway is 192.168.0.3 on 192.168.0.5 (and all computers on my local network) is this a problem?
tejs1dhu, yes just open a web browser and type in http://xxx.xxx.xxx.xxx:888
let's say your webserver private ip address is 192.168.0.5 and your public ip address is 216.239.39.99. lets get the web server working on the internal network first.
make sure IIS is set to take connections from "all unassigned" and is setup for port 888.
try to connect to http://192.168.0.5:888 from a computer on your internal network. if this works great, if not then disable the software firewall(s) on your web server and try again. if it still doesnt work then let us know.
after you got it working for the internal network it is time to setup the port forwarding on the router. configure port 888 to be forwarded to 192.168.0.5. now from an external computer try and access http://216.239.39.99:888 (change to your external ip).
also, tim holman is full of it. almost all isp's block those ports for residential setups.
let's say your webserver private ip address is 192.168.0.5 and your public ip address is 216.239.39.99. lets get the web server working on the internal network first.
make sure IIS is set to take connections from "all unassigned" and is setup for port 888.
try to connect to http://192.168.0.5:888 from a computer on your internal network. if this works great, if not then disable the software firewall(s) on your web server and try again. if it still doesnt work then let us know.
after you got it working for the internal network it is time to setup the port forwarding on the router. configure port 888 to be forwarded to 192.168.0.5. now from an external computer try and access http://216.239.39.99:888 (change to your external ip).
also, tim holman is full of it. almost all isp's block those ports for residential setups.
ASKER
@sciwriter
"Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in. In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users. Once you find them, the local IP should immediately bring up your site."
I cant find this setting in IIS, I am using IIS v5.1 on a windows XP computer, could you perhaps direct me? Thanks for your help.
"Now if you are using IIS, yuo must go into the setup there and allow local addressing to still get to the site, as IIS in the default mode only allows outside requests to come in. In finding these settings in IIS, you will discover what causes a LOT of problems for many IIS users. Once you find them, the local IP should immediately bring up your site."
I cant find this setting in IIS, I am using IIS v5.1 on a windows XP computer, could you perhaps direct me? Thanks for your help.
ASKER
@ryandale56
"try to connect to http://192.168.0.5:888 from a computer on your internal network. if this works great, if not then disable the software firewall(s) on your web server and try again. if it still doesnt work then let us know."
I've checked that the site in IIS is "all unassigned" and set it up on TCP port: 888 but I still cannot access this from another internal computer? I have disabled the software firewall on both computers but still not luck.
"try to connect to http://192.168.0.5:888 from a computer on your internal network. if this works great, if not then disable the software firewall(s) on your web server and try again. if it still doesnt work then let us know."
I've checked that the site in IIS is "all unassigned" and set it up on TCP port: 888 but I still cannot access this from another internal computer? I have disabled the software firewall on both computers but still not luck.
Aw, come-on, you gotta do some of this yourself. That's the test, figure out what most people have not, that's what get's you the A++
>> also, tim holman is full of it. almost all isp's block those ports for residential setups.
Well, they don't in the UK. I'm running BT Yahoo Broadband and have a web server running fine ! :P
Should 192.168.0.3 be your default gateway ? Is this the internal address of your Linksys ?
Have you followed the link I posted up ?
Reasonably good, free web server you could try instead of IIS - http://www.xitami.com/download.htm
Well, they don't in the UK. I'm running BT Yahoo Broadband and have a web server running fine ! :P
Should 192.168.0.3 be your default gateway ? Is this the internal address of your Linksys ?
Have you followed the link I posted up ?
Reasonably good, free web server you could try instead of IIS - http://www.xitami.com/download.htm
1. Many SOHO routers don't allow loopback (using your WAN IP from your own LAN), so the only sure way of testing on your own network is to use http://192.168.0.5 if this doesn't work from another PC then you have a firewall blocking the connection.
2. Some routers don't like you using the same port as you use for the router management, many routers allow you to change the management port, if it does then change to 8080 then to access router use http://192.168.0.3:8080
3. I don't believe BT block ports, especially 80
4. Have you powered off the router since adding the virtual server settings, some routers don't action these settings until the power has been cycled.
2. Some routers don't like you using the same port as you use for the router management, many routers allow you to change the management port, if it does then change to 8080 then to access router use http://192.168.0.3:8080
3. I don't believe BT block ports, especially 80
4. Have you powered off the router since adding the virtual server settings, some routers don't action these settings until the power has been cycled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
purple, im sorry, my post about ISPs was only in reference to ISPs in america. i forget that there are other countries sometimes.
Are you trying to run IIS on Windows XP ?
ie as per - http://www.webwizguide.com/asp/tutorials/installing_iis_winXP_pro.asp ?
ie as per - http://www.webwizguide.com/asp/tutorials/installing_iis_winXP_pro.asp ?
To narrow it down a lil to an IIS or Firewall problem (excellent choice of your firewall, btw...IMO you've got the best free one out there for a doze app layer fw): Open up a command prompt, and type:
netstat -an
Look for a line that says:
TCP 192.168.0.5 0.0.0.0:888 LISTENING
or:
TCP 0.0.0.0 0.0.0.0:888 LISTENING
(assuming you've changed IIS to listen on port 888...replace the 888 above w/ 80 if you haven't changed or changed it back to listen on port 80)
If there is a line like above in the netstat output, then it is a firewall configuration problem. If there is no line showing that your computer is listening on your web port configured in IIS, then it is an IIS configuration problem.
That'll make the next troubleshooting steps easier...
netstat -an
Look for a line that says:
TCP 192.168.0.5 0.0.0.0:888 LISTENING
or:
TCP 0.0.0.0 0.0.0.0:888 LISTENING
(assuming you've changed IIS to listen on port 888...replace the 888 above w/ 80 if you haven't changed or changed it back to listen on port 80)
If there is a line like above in the netstat output, then it is a firewall configuration problem. If there is no line showing that your computer is listening on your web port configured in IIS, then it is an IIS configuration problem.
That'll make the next troubleshooting steps easier...
ASKER
@purplepomegranite
My Windows Firewall was enabled, thats solved my internal site access problems! Thanks! I will split the points between you and the person who is able to help me solved my external site access problems.
@fixnix
Thanks for your response, netstats showed both. I've got internal access running now.
I used to have Zone Alarm - didnt like it!
I am going to try to connect externally from work later today. Will keep you guys updated.
My Windows Firewall was enabled, thats solved my internal site access problems! Thanks! I will split the points between you and the person who is able to help me solved my external site access problems.
@fixnix
Thanks for your response, netstats showed both. I've got internal access running now.
I used to have Zone Alarm - didnt like it!
I am going to try to connect externally from work later today. Will keep you guys updated.
ASKER
Hi all
I tried accessing the site (IIS is listening on port 888) so i used external_IP:888 in the browser address bar. No luck! Any suggestions?
I tried accessing the site (IIS is listening on port 888) so i used external_IP:888 in the browser address bar. No luck! Any suggestions?
ASKER
P.S. Im able to RDC to my computer, I have setup port forwarding for RDC on the gateway to the server, if that helps or gives you a clue.
So you have set up a port forwarding rule for RDC (port 3389?), and for HTTP (currently 888), and RDC works yet the web-server doesn't?
I solved the internal problem, but the other problem hasn't been solved due to lack of more input!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Agreed Snerkel... though the asker has already said he will split the points between myself and the person that solves the external problem. Looks like we won't get a chance to solve that one though.
I have no objection to split points however.
I have no objection to split points however.
"This rule will allow both incoming and outgoing traffic to/from all hosts on TCP remote port(s) 80 to/from TCP local port(s) 80. This rule will be applied to all network interface cards. The following applications will be affected in this rule: Internet Information Services."
--------------------------
the source port from remote computers is not always 80.
if you can, change the rule to allow any connection to local port 80.