Port Forwarding

We are using a 3com x506 as our firewall. I have a couple of port forwards to servers on the inside. We have one system that we just got installed that I want to allow outside access to. No matter what I do I cannot port forward to this device. I'm not sure what kind of system it is, but we can access the system's web interface internally by IP on port 81 no problem. When I try to port forward in from the outside, I just get a page cannot be found message. I setup another server with an internal IP, set its website listening port to 81, and forwarded in no problem to make sure things were working through that port. I shut that server down and tried to access the other server and nothing. When I do a port scan online, my others servers show the firewall has the ports open to get to them. This server when says that port 81 is closed. Even though I can access internally. I am at a loss at this point, I have tried all kinds of things and no matter what nothing works. What else can I do or check  to try and figure out why I cannot port forward in to this server, but I can to any other server on our network.

Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Couple of possibilities:

Check the default gateway (and subnet mask) on the device.  You may be able to reach it locally since you are on the same subnet.  

What is the device?  It could have some access list that only allows access from a specific subnet.

Overall it is likely a config on the device itself.  Especially based on the troubleshooting steps you have already described.  

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
heydudeAuthor Commented:
I did a scan and it says that it is using a niagara web server? The problem that I have is I can't see the settings on the device unless the company comes in and pulls them up. I thought the network settings or some kind of blocking by the device. They said they changed the network settings to what we gave them and that their system doesn't block acess. I thought maybe there was a setting that would only allow connections from an internal ip, they say no. I'm kind of stuck right now. I'm wondering if I used wireshark to watch the traffic if that would tell me anything. I wish I could see the network settings without having to wait for them to come out.   At this point, everything seems to point to the device as the issue.
Interesting.  Usually see Niagara web servers on Sun boxes.

I think if you did a capture you would likely only see the packets towards the device but no responses.  

My suspicion is still either network settings or something else on the device.  

Is the device an appliance or a standard server?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

heydudeAuthor Commented:
It's a small box with an embedded server that monitors our air systems and allows the systems to be viewed through a web interface.
heydudeAuthor Commented:
It is a small little box that monitors the air systems and presents a web interface to configure the systems.
Just a thought, and someone more knowledgeable than me can correct the details, but apart from network layer issues, the server might only be listening on an internal host name, or rather internal ip address - so it's not so much "blocking" as not really paying attention (ie the other company's not telling lies).

If you have a reverse proxy of some description sitting about, you could direct the traffic to it, and get it to pass it onto the appliance, rewriting headers - just to check that that's the problem. Would be a problem to actually run it that way since it sounds like it authenticates...

The only other thing I was thinking is - and I'm not sure if that's what you've tried - to set up another server with the same IP as the appliance (disconnecting the appliance, obviously) and see if the router is actually sending stuff to that ip. I guess same deal as wireshark.
I agree, the configuration of the device sounds like it's the problem.  It could be the subnet mask, default gateway, firewall rules, hostname, or access control lists on the embedded web server.  

Do you use a host name or the private IP to access it internally with your web browser?
heydudeAuthor Commented:
To access the server we us the internal 192.168.x.x address. I have tried setting up another server on port 81 and that worked fine, I haven't tried setting up another server on the same ip and port number to see what happens. I'm going to give that a try on Monday. My feeling was the device having some sort of rules saying to block traffic from anything other than an internal IP or the subnet mask is setup as instead of
"My feeling was the device having some sort of rules saying to block traffic from anything other than an internal IP"

Lack of a properly configured default gateway can do exactly that.

heydudeAuthor Commented:
Resolved the issue and all is working fine. Company came in and we saw that the subnet mask was entered incorrectly. Fixed it, and everything was good.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.