Solved

Netcomm 3G21W 3G Router Port Forward

Posted on 2011-02-20
19
2,803 Views
Last Modified: 2012-05-11
Below is the link of the emulator of my Netcomm 3G router, it is exactly the same i am having right now. Now making the long story really short, i am not able to do the PORT FORWARDING for my CCTV DVR on my 3G router, i have registered a host on DYNDNS but if i am trying to ping or try to access the device it is not able to connect, neither through WEB MANAGEMENT of the router i.e., (port 80) or my DVR port number

EMULATOR LINK :
http://emulators.netcomm.com.au/3G21WB/index.html

If i am not wrong , i tried specifying the PORT and IP ADDRESS going to ADVANCED SETTINGS--->NAT--->PORT FORWARDING

When it didn't worked i tried doing PORT TRIGGERING and using DMZ also. But it is still the same, i hope i am not missing anything or any expert here have come across this issue using NETCOMM routers. Thank you.
0
Comment
Question by:ibrahim52
  • 8
  • 7
19 Comments
 
LVL 1

Expert Comment

by:TNP_Doug
ID: 34938242
Are you using the private IP address of your DVR in the Port Forwarding section of your router?
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 34938535
No its 3G, running from SIM and yeah its LAN address and PORT hosted by DYNDNS URL
0
 
LVL 44

Expert Comment

by:Darr247
ID: 34946147
Port Forwarding is to tunnel through the firewall to access one local IP:port scket on the LAN from 'outside' (WAN).
Port Triggering is to force something (e.g. a program) on the LAN to open a port (usually to a specific IP) on the 'outside' (WAN), and then the firewall will allow replies from the outside (from the same IP the port triggered to) back into the LAN.
So port triggering is not what you need in this case.

In Advanced Settings->DNS-Dynamic DNS, did you enter the
customhostname.dyndns.org in the Hostname field, and your username and password for DynDNS in the corresponding fields, then Apply/Save so your router will update automatically if your outside IP changes?
If so, you should be able to ping customhostname.dyndns.org and get a reply.

Have you setup a reserved IP address for your DVR in Advanced Settings->LAN so it gets the same IP every time ? (see attached)
Otherwise the Port Forwarding rule might be forwarding the connection to the wrong LAN IP anyway.

Forwarding port 80 from the outside to a specific LAN port isn't really considered best practice. Make it something in the dynamic range. Say, port 56000. On the inside you can have the Forward point to port 80 on the DVR's IP, no problem.
Then to connect to your DVR from outside you would open the socket
http://customhostname.dyndns.org:56000
and port forwarding should then NAT that to your DVR using the DVR's.LAN.IP:80 socket.

Another way is to put the DVR's IP in the DMZ, which would eliminate the need for port forwarding, but would make it harder to access the DVR from the LAN, too. (Because the DMZ sits on the other side of the firewall from the LAN.)
3G21WB-DHCPReserveIP.png
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 34946404
1) Yeah, the LAN IP for the DVR is 192.168.1.110 and the PORT is 5200.
2) To keep the IP address remain the same i have started the DHCP from 192.168.1.135-192.168.1.250, and i have less than 5 users here
3) I tried the DYNDNS page as well but anyways i am having the updater in windows installed
4) If i am trying to ping it from the remote site i am able to get this kind of results

Pinging xxx..dyndns.org [86.xx.132.xx] with 32 bytes of data:

Request Timed Out
Request Timed Out

5) My isp is (unfortunately) ETISALAT, the service is really good but the support is AWFUL, this router is quite new in the market here and the tech support does not know except if the internet is working fine with the router, unfortunately the purpose of using 3G connection is because the site is located out of the city limits and the fixed line has not reached there yet.

6) I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection, i didn't get him because the DNS servers are same as fixed line and for my other clients DVRs are working fine.This is the first time i have tried dyndns on 3G connection.So i am really not sure, neither REMOTE DESKTOP works, neither ROUTER WEB MANAGEMENT works nor anything in the lan.

7) If you look the results of PING it resolves the IP but it is RTO

8) One last thing i would like to share is when i go to DYNDNS page of the router there is an option to chose two options from the INTERFACE menu one is "usb" and another one is "lan/br0), if i check "lan/br0" i am able to ping from the REMOTE computers but it shows the LAN ip address, it is 192.168.1.1
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 500 total points
ID: 34948577
1 - The router is watching for contact on port 5200, and is forwarding that traffic to your DVR also on port 5200?  
Or is it a different port (say, 80) on the inside?

2 - So, you have set the DVR's IP address static, manually?

3 and 4 - if when you ping the customhostname.dyndns.org address it's resolving your real current outside IP correctly, then I would say the Dynamic DNS page is configured correctly and the updater should not make a difference.

5 - The closest manual I could find is for the 3G21WB:
http://www.netcomm.com.au/__data/assets/pdf_file/0019/28621/BigPond-3G21WB-Elite-Wireless-Gateway-User-Guide_11.12.09.pdf

Could you take a look at that and see how close it is to the 3G21W mentioned in the title?


6
I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection


Well, port forwarding takes place inside your router, so they can't block port forwarding per se. The only way they could block it is by blocking ports completely... but they should not be blocking any well known or registered ports, or they would break a lot of applications and services, like FTP, Telnet, Network Printing, et cetera.
e.g. see http://www.iana.org/assignments/port-numbers


7 - 3&4 point to the DynDNS settings working correctly, so it sounds like the firewall is still blocking ICMP messages... it looks like there should be a way to open up a port or range of ports using rules in the Advanced->Security->IP Filtering section, but there aren't many (any?) real world examples given.

8 - often, on routers with both a RJ45 and USB port, you can connect the modem to either (some modems have only USB output), but I'm not sure that's what the USB ports on this modem are for... the 3G21WB manual shows them only as network storage or network printer ports.  You say you are able to ping from REMOTE computers with lan/br0 selected, so that sounds like the correct choice.  It sounds like your only concern is that it's showing the LAN IP in the responses. (?)

While 5200 is a registered port, unless you're actually using the targus-getdata service it should not interfere with anything on your network.
ergo, using the name you gave, going to http://xxx..dyndns.org:5200 should take you to the DVR's http interface.

Oh, yeah - are you able to bring up your DVR on http://192.168.1.110:5200 from inside your LAN?

I find it odd that Netcomm makes the router's web interface available from outside the LAN on port 80, as mention in the original post... usually manufacturers make it a little harder to find, like on port 8080, but I don't see anywhere in the emulator to change it (or even to turn off remote management altogether).

Going back to #7, try making an incoming filter rule as shown in the attached. The emulator would not let me save one, so I'm not sure of the exact format to use to indicate allowing ANY external IPs in on port 5200. If leaving them blank does not work, try 0.0.0.0/255.255.255.255 and-or 0.0.0.0/0.0.0.0 and-or 255.255.255.255/0.0.0.0 in the IP address/subnet mask fields.
3G21WB-InboundFilter.png
0
 
LVL 44

Expert Comment

by:Darr247
ID: 34948590
"... USB ports on this modem are for ..."

should say

"... USB ports on this router are for ..."

didn't catch it in Preview.
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 34956261
1. It is properly configured on 5200 from the inside and i am able to open the same through http://192.168.1.110:5200

2. Its a STATIC IP, yes manually changed by going to DVR firmware

3. Yes there is no issue with the updater and the IP is also being updated correctly but the results are RTO.

4. If you look at the whole PDF it is just the brief description of the settings which is there in the emulator and yeah ETISALAT has changed the firmware slight and made it 3GW21(E) actually its 3GW21B only.Its only a name difference.

5. Thanks for your link it was very informative on PORTS and yeah i think its right they cannot block the custom made ports.(e.g 5200 or 52000) because usually for all the clients i use the same port and never had an issue.

6. That's true, even i am wondering the same, If you check all the settings in the router you don't have option to chose between the two interface (usb/lan0) except only in DYNDNS page and IP FILTERING

7. No i am sure the two USB ports are just for filesharing and for printer sharing and nothing else.

8. Yes inside the LAN there is no issue at all, i am able to access it without any issues.

9. To change the WEB MANAGEMENT PORT there is an option going to ACCESS CONTROL ---> SERVICES and i tried that even but it is not working from the remote site.I tried to PORT FORWARD 80 or 8080 but it doesn't work at all.

10. using 0.0.0.0  it does not now allow to save in SOURCE IP ADDRESS ,it says 0.0.0.0 as wrong IP but yeah keeping it blank and giving "5200" in source port blank and filling up the rest of the "destination" blanks , it allows to SAVE the configuration but as usual there is NO CHANGE.

11. The problem is here in United Arab of Emirates, ETISALAT is the only ISP and the profile of tech support i have already mentioned it earlier ;) . The other issue is 3G internet on SIM is not so popular so i don't even know anyone else who'd be using a similar 3G internet connection or a different router.HONESTLY the 3G ROUTER here is really EXPENSIVE and i cant take risk ordering the new one and trying it.

12. THANK YOU very much for providing detailed information and sharing your EXPERTise :)
0
 
LVL 44

Expert Comment

by:Darr247
ID: 34958559
11 - Cisco makes an HWIC module that takes a SIM card too - HWIC-3G-GSM - which slides into an open slot on the 1800, 2800 or 3800 series routers. I think I would wager that's more expensive than the Netcomm unit.

There are many 3G routers that accept external adapters, in USB, CardBus and ExpressCard form, but not too many that take SIM cards.

12 - You're welcome, but I regret it's still not working for you. I'm pretty sure the ultimate solution is going to be in creating a proper rule in the Advanced->Security->IP Filter - Incoming... there has to be some way to open a hole in the router's firewall to allow incoming forwards and responses to ping (ICMP) traffic, but neither the manual nor the emulator clarifies how to do that.  
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 12

Author Comment

by:ibrahim52
ID: 34959426
Guess what, i tried to call some IT guys i know who are working for contracting companies and their sites are out of city limits. Now according to one or two guys i spoke they said that they came across the similar issue and there was no SOLUTION because 3G technology is totally different and it does not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.It was quite hard to digest for me but still, anyways i have called my ISP and ask them if the WIMAX facility is available there because it has PPPOE services where i can simply connect any router and do the PORT FORWARD easily but the fingers are crossed as they are going to check first whether WIMAX can be really install in that location as that site is in the middle of the desert so cannot say anything but lets see, meanwhile i am trying my best to get this thing solved. But i want to ask one thing if it really makes sense that "3G is a total diff. technology and some services are limited" as what i have been suggest from the IT pro here ?
0
 
LVL 44

Expert Comment

by:Darr247
ID: 34998087
> Now according to one or two guys i spoke they said that they came across the similar
> issue and there was no SOLUTION because 3G technology is totally different and it does
> not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.

For the record, I disagree with that viewpoint.
Port forwarding works fine for my 3G connection using a router built by DLink (marketed by Kyocera).  However, the 3G service I have through Sprint is CDMA-based, not GSM.

If ETISALAT offers a USB or Cardbus adapter, there would be more options for routers than there are for SIM cards.
e.g. all the Draytek Dual WAN 2820, 2830, 2910, 2920 and the 2955 models support 3G USB adapters in place of WAN 2...
DataVoiz sells Draytek - http://www.datavoiz.com/index.php?option=com_content&view=article&id=267&Itemid=495 - but the only one of those Draytek models I see on DataVoiz is the 2955 (http://www.draytek.com/user/PdInfoDetail.php?Id=113 ).
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 35002194
That's true, sorry for being away from this topic as i was quite busy.Well, currently the site has still the same 3G with SIM , no news of my client i don't know what they are planning but i am having a news that they are going to change it to WIMAX soon. Till than i am not sure if i mentioned earlier that in the same site one of the computer is having 3G USB adapter and luckily one of my client is having WAN router with 3G USB port. Well but again unfortunately i am not able to get my hands on that USB adapter as i told that the site is totally out of the city limits, so i think only this upcoming weekend i might be able to get a chance to try. Thanks Darr247 for all your support :) so far.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 35003720
Hmmm... looks like I posted the wrong link on DataVoiz...  I meant to post
http://www.datavoiz.com/index.php?option=com_content&view=article&id=259&Itemid=487
which has the Vigor 2955 down at the bottom.

Even though DataVoiz does not show the USB port in that matrix, the link I gave to the 2955 page on Draytek's site does show that capability.
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 35004968
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 35004973
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
0
 
LVL 12

Author Closing Comment

by:ibrahim52
ID: 35171925
Unfortunately, it did not resolve my problem but still thanks for all your efforts darr247 to explain everything in detail and trying your best.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 36536000
The Internet Assigned Numbers Authority (IANA) has changed the link to their list of well-known/assigned ports...

here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now