How to allow inbound UDP 1227 on Dlink router (624)
Hi,
I have Dns2go running on my W2K server. I checked the event log today and noticed it said port 1227 UDP is being blocked inbound. I thought I had put the correct information in the router on Applications, but it seems I have not. Any suggestions?
Thanks!
Ian
I have Dns2go running on my W2K server. I checked the event log today and noticed it said port 1227 UDP is being blocked inbound. I thought I had put the correct information in the router on Applications, but it seems I have not. Any suggestions?
Thanks!
Ian
ASKER
Ok, added "virtual server" rule. - still getting error in dns2go log.
Checked TCP/IP settings - no filtering of any kind enabled
Modem is a Motorolla Surfboard, to my knowledge has no router built into it.
I have an web and ftp server running on the same W2K server at the same address as the dns2go and they are running error free.
I can't see any option on the Tools/Misc page to add a ddns service. There is a DDNS tab on the Tools page, is that the spot? This page only allows for DynDns.org and a couple of other services.
If I put the ip address of the dns2go service as a DMZ temp. Will this open up everything? If the error is still there after that, I will call Dns2go, if not, it must be something else....what do you think?
Thanks for your suggestions so far...
Ian
Checked TCP/IP settings - no filtering of any kind enabled
Modem is a Motorolla Surfboard, to my knowledge has no router built into it.
I have an web and ftp server running on the same W2K server at the same address as the dns2go and they are running error free.
I can't see any option on the Tools/Misc page to add a ddns service. There is a DDNS tab on the Tools page, is that the spot? This page only allows for DynDns.org and a couple of other services.
If I put the ip address of the dns2go service as a DMZ temp. Will this open up everything? If the error is still there after that, I will call Dns2go, if not, it must be something else....what do you think?
Thanks for your suggestions so far...
Ian
Stumbled on this if you want to verify your port forwarding:
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm
Are there any software firewalls running on the server that might be blocking traffic such as Zone Alarm, Symantec, and such?
If you are not paying for the service I would switch to DynDns as configuring on the router eliminates the need for port forwarding, the server being on, installation of the client and configuring as a service, and most importantly it updates faster.
As for the DMZ, it may resolve the issue, but I strongly recommend you do not put your server on the DMZ, due to security risks.
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm
Are there any software firewalls running on the server that might be blocking traffic such as Zone Alarm, Symantec, and such?
If you are not paying for the service I would switch to DynDns as configuring on the router eliminates the need for port forwarding, the server being on, installation of the client and configuring as a service, and most importantly it updates faster.
As for the DMZ, it may resolve the issue, but I strongly recommend you do not put your server on the DMZ, due to security risks.
ASKER
DMZ was goiing to be literally for 3 mins....to see if the error was reported or not.....thanks for the words of caution though!
No software firewalls...I do have peer gaurdian running...shouldn't block a port...but will turn it and Emule off while testing.
Will try port forward test on Monday....
Thanks!
Ian
No software firewalls...I do have peer gaurdian running...shouldn't block a port...but will turn it and Emule off while testing.
Will try port forward test on Monday....
Thanks!
Ian
Let us know how it goes.
As you suggested I would turn off Peer Guardian as a test, from the download site "Peer Guardian works by blocking and logging all TCP/IP connections to and from known IP ranges " It could be directly related, depending how it is configured.
As you suggested I would turn off Peer Guardian as a test, from the download site "Peer Guardian works by blocking and logging all TCP/IP connections to and from known IP ranges " It could be directly related, depending how it is configured.
ASKER
Peer Guardian is of, Emule is off. No change...still get error message. Went to:
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm
Everything looks good, I didn't have the TCP forwarded, so I made it both instead of just UDP...no change. I wonder if I need to stop and start the service when these changes take place...will try that next!
Tried DMZ for server for 5 mins. Still get error....I am going to contact DNS2Go and see if it is something the software is doing. If they don't resolve this, I will take your recommendation for DynDns.
I will let you know.
Thanks!
Ian
https://portforward.com/english/routers/port_forwarding/Dlink/DI-604/DNS2Go.htm
Everything looks good, I didn't have the TCP forwarded, so I made it both instead of just UDP...no change. I wonder if I need to stop and start the service when these changes take place...will try that next!
Tried DMZ for server for 5 mins. Still get error....I am going to contact DNS2Go and see if it is something the software is doing. If they don't resolve this, I will take your recommendation for DynDns.
I will let you know.
Thanks!
Ian
Curious as to what DNS2go has to say. Interesting this is the only client I have seen that requires port forwarding.'
You can verify if the port forwarding is configured and working properly. From the machine with the Dns2go client installed, go to http://canyouseeme.org and test for the appropriate port. If that is OK, then the problem must be with the client.
You can verify if the port forwarding is configured and working properly. From the machine with the Dns2go client installed, go to http://canyouseeme.org and test for the appropriate port. If that is OK, then the problem must be with the client.
ASKER
Then the problem is not likely DNS2go, but rather your port forwarding. Something else is blocking the traffic, or port forwarding is not configured correctly.
You could try connecting directly to the modem, but if doing so you make sure your windows updates are current, virus software installed and current, and the Windows firewall enabled. With the firewall enabled you will have to create an exception for port 1227.
You could try connecting directly to the modem, but if doing so you make sure your windows updates are current, virus software installed and current, and the Windows firewall enabled. With the firewall enabled you will have to create an exception for port 1227.
ASKER
Just an update....the DNS2GO team are looking at the problem. I am going to re-check all settings for....ahem...human error...lol! If it is a human error, I will probably lie and say "Sun Spots" was the cause....lol!
I will update you as I receive information.
Thanks!
Ian
I will update you as I receive information.
Thanks!
Ian
Thanks for the update Ian. Let us know how it goes. Very curious.
--Rob
--Rob
ASKER
I just had a thought, do ISP's block ports? I have Rogers here outside of Toronto and I heard a while back about them blocking or limiting UDP traffic, especially Bit Torrent....hmmmmm....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will probably give DynDNS.com a try if DNS2Go doesn' t resolve this soon!
ASKER
Okay, I called Rogers, they assure me no ports are blocked. They limit Bit Torrent ports but that is all.
I can't spend anymore time on this so I am going to just monitor the DNS2GO agent for any ip changes and make them myself. I think the udp port was for notification of an ISP IP change. I can do that manually...until my subscription runs out and I can change to DynDNS.com!
Thanks for your help!
Ian
P.S
Here is some of the diagnostic work done by the DNS2GO tech:
Hello Ian;
Try opening DNS2Go and go to the Options tab then Advanced. From here go to Server Connection and specify the following server:
207.89.233.94
on port 1227 and see if this helps anything.
--------------------------
Hi Ian,
I have enabled debug logging on this end to try to figure out what is going on.
Can you please set the DNS2Go Server to: d2gpip1.dns2go.com
This setting is on the Options, Advanced, Server Connection tab.
I will let you know what I find.
--------------------------
Can you please tell me what d2gpip1.dns2go.com resolves to for you?
From a command prompt, type nslookup.exe, in the resulting nslookup prompt, type d2gpip1.dns2go.com, it should return an IP address.
If it doesn't return "207.89.233.158"
If that doesn't work, please change the server in the DNS2Go client to "207.89.233.158" (without the double quotes").
Thank you for your patience... we'll hopefully get this sorted out soon.
--------------------------
This is what I got:
d2gpip1.dns2go.com
Server: UnKnown
address: 10.1.1.2
n-authoritative answer:
Name: d2gpip1.dns2go.com
address: 63.64.164.93
--------------------------
I have tested a couple of different clients against this server and the UDP heartbeats appear to be functioning just fine.
You mentioned in a previous post about having opened UDP ports on your firewall... is this something you could confirm for me?
Basically, we just need to allow UDP Port 1227 both in and out.
Also, you can set the client back to automatically choose a server now.
--------------------------
Can you please modify your router to allow the UDP source port from your computer to be "any" port and the destination UDP port to be 1227?
Also on the inbound UDP, the source port should be "any" and the destination port (on your computer) should be port 1227.
The UDP packets do not necessarily originate on port 1227, they could be dynamically assigned by the Operating System, the destination ports are always 1227.
--------------------------
No change on this end... I still only see TCP heartbeats... any chance you could check with your ISP to see if they're blocking any UDP ports?
Beyond that, I really don't know what is happening to them, as we have thousands of other DNS2Go users where the UDP heartbeats are working perfectly.
--------------------------
The difference with the ports you listed and the one we're talking about is they are TCP ports, which are working fine, but the DNS2Go UDP port 1227 is being blocked somewhere.
So TCP 1227 works, UDP 1227 does not.
Your firewall configuration looks fine, so the question is what's the next link up the line... or is there a firewall running on the DNS2Go computer?
--------------------------
I can't spend anymore time on this so I am going to just monitor the DNS2GO agent for any ip changes and make them myself. I think the udp port was for notification of an ISP IP change. I can do that manually...until my subscription runs out and I can change to DynDNS.com!
Thanks for your help!
Ian
P.S
Here is some of the diagnostic work done by the DNS2GO tech:
Hello Ian;
Try opening DNS2Go and go to the Options tab then Advanced. From here go to Server Connection and specify the following server:
207.89.233.94
on port 1227 and see if this helps anything.
--------------------------
Hi Ian,
I have enabled debug logging on this end to try to figure out what is going on.
Can you please set the DNS2Go Server to: d2gpip1.dns2go.com
This setting is on the Options, Advanced, Server Connection tab.
I will let you know what I find.
--------------------------
Can you please tell me what d2gpip1.dns2go.com resolves to for you?
From a command prompt, type nslookup.exe, in the resulting nslookup prompt, type d2gpip1.dns2go.com, it should return an IP address.
If it doesn't return "207.89.233.158"
If that doesn't work, please change the server in the DNS2Go client to "207.89.233.158" (without the double quotes").
Thank you for your patience... we'll hopefully get this sorted out soon.
--------------------------
This is what I got:
d2gpip1.dns2go.com
Server: UnKnown
address: 10.1.1.2
n-authoritative answer:
Name: d2gpip1.dns2go.com
address: 63.64.164.93
--------------------------
I have tested a couple of different clients against this server and the UDP heartbeats appear to be functioning just fine.
You mentioned in a previous post about having opened UDP ports on your firewall... is this something you could confirm for me?
Basically, we just need to allow UDP Port 1227 both in and out.
Also, you can set the client back to automatically choose a server now.
--------------------------
Can you please modify your router to allow the UDP source port from your computer to be "any" port and the destination UDP port to be 1227?
Also on the inbound UDP, the source port should be "any" and the destination port (on your computer) should be port 1227.
The UDP packets do not necessarily originate on port 1227, they could be dynamically assigned by the Operating System, the destination ports are always 1227.
--------------------------
No change on this end... I still only see TCP heartbeats... any chance you could check with your ISP to see if they're blocking any UDP ports?
Beyond that, I really don't know what is happening to them, as we have thousands of other DNS2Go users where the UDP heartbeats are working perfectly.
--------------------------
The difference with the ports you listed and the one we're talking about is they are TCP ports, which are working fine, but the DNS2Go UDP port 1227 is being blocked somewhere.
So TCP 1227 works, UDP 1227 does not.
Your firewall configuration looks fine, so the question is what's the next link up the line... or is there a firewall running on the DNS2Go computer?
--------------------------
Thanks for the update and points isitcomputers. Interesting Rogers says they are not blocking any traffic. I know a fellow who has set up a few small business servers using Rogers, somewhere in Ontario, and he had to purchase a service from www.no-ip.com to change the default mail server port, as Rogers admitted they were blocking port 25, on dynamic accounts. Also I read, as you suggested they are controlling P2P traffic, but there are some flaws in the method that seem to be affecting other services:
http://torrentfreak.com/canadian-isp-is-throttling-bittorrent-traffic/
Good luck with it,
--Rob
http://torrentfreak.com/canadian-isp-is-throttling-bittorrent-traffic/
Good luck with it,
--Rob
-This is likely the problem if reported by the DNS2Go log, but if it is the Windows log check under network connections | Right click on the network adapter and choose properties | highlight Internet protocol (TCP/IP) and choose properties | advanced | options | TCP/IP filtering -Properties | see if any UDP filtering is enabled.
-The other possibility is you have a modem that is a combined router and modem. If so it too needs port forwarding enabled to forward 1227 traffic to the D-link, or be put i bridge mode, disabling it's router capabilities.
-Having said all of that, it is not usually necessary to configure any Port forwarding or open any ports on the router for a DDNS service
-A final option on a D-Link router you should also be able to add the service to the router rather than running the client on the server. This is done on the Tools/Misc page near the bottom.