Solved

How to allow inbound UDP 1227 on Dlink router (624)

Posted on 2006-11-10
16
694 Views
Last Modified: 2013-11-29
Hi,
I have Dns2go running on my W2K server.  I checked the event log today and noticed it said port 1227 UDP is being blocked inbound.  I thought I had put the correct information in the router on Applications, but it seems I have not.  Any suggestions?

Thanks!
Ian
0
Comment
Question by:isitcomputers
  • 8
  • 8
16 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17919672
-On a D-link 604 you need to create a new "virtual server' rule on the Advanced/Virtual server page. You would enable the rule, create a name for the rule, specify the IP of the server running DNS2Go, Choose UDP, select the private and public ports, both of which would be 1227, and then under schedule choose always, and save.
-This is likely the problem if reported by the DNS2Go log, but if it is the Windows log check under network connections | Right click on the network adapter and choose properties | highlight Internet protocol (TCP/IP) and choose properties | advanced | options | TCP/IP filtering -Properties | see if any UDP filtering is enabled.
-The other possibility is you have a modem that is a combined router and modem. If so it too needs port forwarding enabled to forward 1227 traffic to the D-link, or be put i bridge mode, disabling it's router capabilities.
-Having said all of that, it is not usually necessary to configure any Port forwarding or open any ports on the router for a DDNS service
-A final option on a D-Link router you should also be able to add the service to the router rather than running the client on the server. This is done on the Tools/Misc page near the bottom.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17924211
Ok, added "virtual server" rule. - still getting error in dns2go log.
Checked TCP/IP settings - no filtering of any kind enabled
Modem is a Motorolla Surfboard, to my knowledge has no router built into it.
I have an web and ftp server running on the same W2K server at the same address as the dns2go and they are running error free.  
I can't see any option on the Tools/Misc page to add a ddns service.  There is a DDNS tab on the Tools page, is that the spot?  This page only allows for DynDns.org and a couple of other services.
If I put the ip address of the dns2go service as a DMZ temp.  Will this open up everything?  If the error is still there after that, I will call Dns2go, if not, it must be something else....what do you think?
Thanks for your suggestions so far...
Ian
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17925086
Stumbled on this if you want to verify your port forwarding:
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm

Are there any software firewalls running on the server that might be blocking traffic such as Zone Alarm, Symantec, and such?

If you are not paying for the service I would switch to DynDns as configuring on the router eliminates the need for port forwarding, the server being on, installation of the client and configuring as  a service, and most importantly it updates faster.

As for the DMZ, it may resolve the issue, but I strongly recommend you do not put your server on the DMZ, due to security risks.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17925652
DMZ was goiing to be literally for 3 mins....to see if the error was reported or not.....thanks for the words of caution though!
No software firewalls...I do have peer gaurdian running...shouldn't block a port...but will turn it and Emule off while testing.
Will try port forward test on Monday....
Thanks!
Ian
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17925748
Let us know how it goes.
As you suggested I would turn off Peer Guardian as a test, from the download site "Peer Guardian works by blocking and logging all TCP/IP connections to and from known IP ranges " It could be directly related, depending how it is configured.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17929721
Peer Guardian is of, Emule is off.  No change...still get error message.  Went to:
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm
Everything looks good, I didn't have the TCP forwarded, so I made it both instead of just UDP...no change.  I wonder if I need to stop and start the service when these changes take place...will try that next!
Tried DMZ for server for 5 mins.  Still get error....I am going to contact DNS2Go and see if it is something the software is doing.  If they don't resolve this, I will take your recommendation for DynDns.
I will let you know.

Thanks!
Ian
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17929916
Curious as to what DNS2go has to say. Interesting this is the only client I have seen that requires port forwarding.'

You can verify if the port forwarding is configured and working properly. From the machine with the Dns2go client installed, go to http://canyouseeme.org  and test for the appropriate port. If that is OK, then the problem must be with the client.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17930030
http://canyouseeme.org
I get "Connection refused".
Emailed DNS2GO to see what they say.

Ian
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 77

Expert Comment

by:Rob Williams
ID: 17930147
Then the problem is not likely DNS2go, but rather your port forwarding. Something else is blocking the traffic, or port forwarding is not configured correctly.
You could try connecting directly to the modem, but if doing so you make sure your windows updates are current, virus software installed and current, and the Windows firewall enabled. With the firewall enabled you will have to create an exception for port 1227.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17965102
Just an update....the DNS2GO team are looking at the problem.  I am going to re-check all settings for....ahem...human error...lol!  If it is a human error, I will probably lie and say "Sun Spots" was the cause....lol!
I will update you as I receive information.
Thanks!
Ian
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17966741
Thanks for the update Ian. Let us know how it goes. Very curious.
--Rob
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17966830
I just had a thought, do ISP's block ports?  I have Rogers here outside of Toronto and I heard a while back about them blocking or limiting UDP traffic, especially Bit Torrent....hmmmmm....
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17966905
Rogers in central and western Canada has defiantly taken to blocking ports, on non commercial (dynamic IP) accounts. As to what they are blocking, I don't know but it is targeted at incoming services. The ones I am aware of are 25, and 80 to block mail and web servers, which are considered commercial use. I would be surprised if they are blocking 1227, but then again that is specifically for getting around dynamic IP's and hosting services. Might be worth a call.

Or try www.DynDNS.com for DDNS. It is free and requires no port forwarding. Better yet if your router supports DDNS, you can install it on the router without even needing a client/software.
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17967148
I will probably give DynDNS.com a try if DNS2Go doesn' t resolve this soon!
0
 
LVL 1

Author Comment

by:isitcomputers
ID: 17986989
Okay, I called Rogers, they assure me no ports are blocked.  They limit Bit Torrent ports but that is all.
I can't spend anymore time on this so I am going to just monitor the DNS2GO agent for any ip changes and make them myself.  I think the udp port was for notification of an ISP IP change.  I can do that manually...until my subscription runs out and I can change to DynDNS.com!

Thanks for your help!
Ian

P.S
Here is some of the diagnostic work done by the DNS2GO tech:

 Hello Ian;

Try opening DNS2Go and go to the Options tab then Advanced. From here go to Server Connection and specify the following server:

207.89.233.94

on port 1227 and see if this helps anything.
--------------------------------------------------------------------------------------------------------

 Hi Ian,

I have enabled debug logging on this end to try to figure out what is going on.

Can you please set the DNS2Go Server to: d2gpip1.dns2go.com

This setting is on the Options, Advanced, Server Connection tab.

I will let you know what I find.
---------------------------------------------------------------------------------------------------------

Can you please tell me what d2gpip1.dns2go.com resolves to for you?

From a command prompt, type nslookup.exe, in the resulting nslookup prompt, type d2gpip1.dns2go.com, it should return an IP address.

If it doesn't return "207.89.233.158"

If that doesn't work, please change the server in the DNS2Go client to "207.89.233.158" (without the double quotes").

Thank you for your patience... we'll hopefully get this sorted out soon.
-------------------------------------------------------------------------------------------------------------

 This is what I got:


d2gpip1.dns2go.com
Server: UnKnown
address: 10.1.1.2

n-authoritative answer:
Name: d2gpip1.dns2go.com
address: 63.64.164.93

------------------------------------------------------------------------------------------------------------------

I have tested a couple of different clients against this server and the UDP heartbeats appear to be functioning just fine.

You mentioned in a previous post about having opened UDP ports on your firewall... is this something you could confirm for me?

Basically, we just need to allow UDP Port 1227 both in and out.

Also, you can set the client back to automatically choose a server now.
-------------------------------------------------------------------------------------------------------------------

Can you please modify your router to allow the UDP source port from your computer to be "any" port and the destination UDP port to be 1227?

Also on the inbound UDP, the source port should be "any" and the destination port (on your computer) should be port 1227.

The UDP packets do not necessarily originate on port 1227, they could be dynamically assigned by the Operating System, the destination ports are always 1227.
---------------------------------------------------------------------------------------------------------------------

No change on this end... I still only see TCP heartbeats... any chance you could check with your ISP to see if they're blocking any UDP ports?

Beyond that, I really don't know what is happening to them, as we have thousands of other DNS2Go users where the UDP heartbeats are working perfectly.
----------------------------------------------------------------------------------------------------------------------

The difference with the ports you listed and the one we're talking about is they are TCP ports, which are working fine, but the DNS2Go UDP port 1227 is being blocked somewhere.

So TCP 1227 works, UDP 1227 does not.

Your firewall configuration looks fine, so the question is what's the next link up the line... or is there a firewall running on the DNS2Go computer?
------------------------------------------------------------------------------------------------------------------------
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17988017
Thanks for the update and points isitcomputers. Interesting Rogers says they are not blocking any traffic. I know a fellow who has set up a few small business servers using Rogers, somewhere in Ontario, and he had to purchase a service from  www.no-ip.com to change the default mail server port, as Rogers admitted they were blocking port 25, on dynamic accounts. Also I read, as you suggested they are controlling P2P traffic, but there are some flaws in the method that seem to be affecting other services:
http://torrentfreak.com/canadian-isp-is-throttling-bittorrent-traffic/

Good luck with it,
--Rob
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now