• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2883
  • Last Modified:

Netcomm 3G21W 3G Router Port Forward

Below is the link of the emulator of my Netcomm 3G router, it is exactly the same i am having right now. Now making the long story really short, i am not able to do the PORT FORWARDING for my CCTV DVR on my 3G router, i have registered a host on DYNDNS but if i am trying to ping or try to access the device it is not able to connect, neither through WEB MANAGEMENT of the router i.e., (port 80) or my DVR port number


If i am not wrong , i tried specifying the PORT and IP ADDRESS going to ADVANCED SETTINGS--->NAT--->PORT FORWARDING

When it didn't worked i tried doing PORT TRIGGERING and using DMZ also. But it is still the same, i hope i am not missing anything or any expert here have come across this issue using NETCOMM routers. Thank you.
  • 8
  • 7
1 Solution
Are you using the private IP address of your DVR in the Port Forwarding section of your router?
ibrahim52Team LeaderAuthor Commented:
No its 3G, running from SIM and yeah its LAN address and PORT hosted by DYNDNS URL
Port Forwarding is to tunnel through the firewall to access one local IP:port scket on the LAN from 'outside' (WAN).
Port Triggering is to force something (e.g. a program) on the LAN to open a port (usually to a specific IP) on the 'outside' (WAN), and then the firewall will allow replies from the outside (from the same IP the port triggered to) back into the LAN.
So port triggering is not what you need in this case.

In Advanced Settings->DNS-Dynamic DNS, did you enter the
customhostname.dyndns.org in the Hostname field, and your username and password for DynDNS in the corresponding fields, then Apply/Save so your router will update automatically if your outside IP changes?
If so, you should be able to ping customhostname.dyndns.org and get a reply.

Have you setup a reserved IP address for your DVR in Advanced Settings->LAN so it gets the same IP every time ? (see attached)
Otherwise the Port Forwarding rule might be forwarding the connection to the wrong LAN IP anyway.

Forwarding port 80 from the outside to a specific LAN port isn't really considered best practice. Make it something in the dynamic range. Say, port 56000. On the inside you can have the Forward point to port 80 on the DVR's IP, no problem.
Then to connect to your DVR from outside you would open the socket
and port forwarding should then NAT that to your DVR using the DVR's.LAN.IP:80 socket.

Another way is to put the DVR's IP in the DMZ, which would eliminate the need for port forwarding, but would make it harder to access the DVR from the LAN, too. (Because the DMZ sits on the other side of the firewall from the LAN.)
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

ibrahim52Team LeaderAuthor Commented:
1) Yeah, the LAN IP for the DVR is and the PORT is 5200.
2) To keep the IP address remain the same i have started the DHCP from, and i have less than 5 users here
3) I tried the DYNDNS page as well but anyways i am having the updater in windows installed
4) If i am trying to ping it from the remote site i am able to get this kind of results

Pinging xxx..dyndns.org [86.xx.132.xx] with 32 bytes of data:

Request Timed Out
Request Timed Out

5) My isp is (unfortunately) ETISALAT, the service is really good but the support is AWFUL, this router is quite new in the market here and the tech support does not know except if the internet is working fine with the router, unfortunately the purpose of using 3G connection is because the site is located out of the city limits and the fixed line has not reached there yet.

6) I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection, i didn't get him because the DNS servers are same as fixed line and for my other clients DVRs are working fine.This is the first time i have tried dyndns on 3G connection.So i am really not sure, neither REMOTE DESKTOP works, neither ROUTER WEB MANAGEMENT works nor anything in the lan.

7) If you look the results of PING it resolves the IP but it is RTO

8) One last thing i would like to share is when i go to DYNDNS page of the router there is an option to chose two options from the INTERFACE menu one is "usb" and another one is "lan/br0), if i check "lan/br0" i am able to ping from the REMOTE computers but it shows the LAN ip address, it is
1 - The router is watching for contact on port 5200, and is forwarding that traffic to your DVR also on port 5200?  
Or is it a different port (say, 80) on the inside?

2 - So, you have set the DVR's IP address static, manually?

3 and 4 - if when you ping the customhostname.dyndns.org address it's resolving your real current outside IP correctly, then I would say the Dynamic DNS page is configured correctly and the updater should not make a difference.

5 - The closest manual I could find is for the 3G21WB:

Could you take a look at that and see how close it is to the 3G21W mentioned in the title?

I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection

Well, port forwarding takes place inside your router, so they can't block port forwarding per se. The only way they could block it is by blocking ports completely... but they should not be blocking any well known or registered ports, or they would break a lot of applications and services, like FTP, Telnet, Network Printing, et cetera.
e.g. see http://www.iana.org/assignments/port-numbers

7 - 3&4 point to the DynDNS settings working correctly, so it sounds like the firewall is still blocking ICMP messages... it looks like there should be a way to open up a port or range of ports using rules in the Advanced->Security->IP Filtering section, but there aren't many (any?) real world examples given.

8 - often, on routers with both a RJ45 and USB port, you can connect the modem to either (some modems have only USB output), but I'm not sure that's what the USB ports on this modem are for... the 3G21WB manual shows them only as network storage or network printer ports.  You say you are able to ping from REMOTE computers with lan/br0 selected, so that sounds like the correct choice.  It sounds like your only concern is that it's showing the LAN IP in the responses. (?)

While 5200 is a registered port, unless you're actually using the targus-getdata service it should not interfere with anything on your network.
ergo, using the name you gave, going to http://xxx..dyndns.org:5200 should take you to the DVR's http interface.

Oh, yeah - are you able to bring up your DVR on from inside your LAN?

I find it odd that Netcomm makes the router's web interface available from outside the LAN on port 80, as mention in the original post... usually manufacturers make it a little harder to find, like on port 8080, but I don't see anywhere in the emulator to change it (or even to turn off remote management altogether).

Going back to #7, try making an incoming filter rule as shown in the attached. The emulator would not let me save one, so I'm not sure of the exact format to use to indicate allowing ANY external IPs in on port 5200. If leaving them blank does not work, try and-or and-or in the IP address/subnet mask fields.
"... USB ports on this modem are for ..."

should say

"... USB ports on this router are for ..."

didn't catch it in Preview.
ibrahim52Team LeaderAuthor Commented:
1. It is properly configured on 5200 from the inside and i am able to open the same through

2. Its a STATIC IP, yes manually changed by going to DVR firmware

3. Yes there is no issue with the updater and the IP is also being updated correctly but the results are RTO.

4. If you look at the whole PDF it is just the brief description of the settings which is there in the emulator and yeah ETISALAT has changed the firmware slight and made it 3GW21(E) actually its 3GW21B only.Its only a name difference.

5. Thanks for your link it was very informative on PORTS and yeah i think its right they cannot block the custom made ports.(e.g 5200 or 52000) because usually for all the clients i use the same port and never had an issue.

6. That's true, even i am wondering the same, If you check all the settings in the router you don't have option to chose between the two interface (usb/lan0) except only in DYNDNS page and IP FILTERING

7. No i am sure the two USB ports are just for filesharing and for printer sharing and nothing else.

8. Yes inside the LAN there is no issue at all, i am able to access it without any issues.

9. To change the WEB MANAGEMENT PORT there is an option going to ACCESS CONTROL ---> SERVICES and i tried that even but it is not working from the remote site.I tried to PORT FORWARD 80 or 8080 but it doesn't work at all.

10. using  it does not now allow to save in SOURCE IP ADDRESS ,it says as wrong IP but yeah keeping it blank and giving "5200" in source port blank and filling up the rest of the "destination" blanks , it allows to SAVE the configuration but as usual there is NO CHANGE.

11. The problem is here in United Arab of Emirates, ETISALAT is the only ISP and the profile of tech support i have already mentioned it earlier ;) . The other issue is 3G internet on SIM is not so popular so i don't even know anyone else who'd be using a similar 3G internet connection or a different router.HONESTLY the 3G ROUTER here is really EXPENSIVE and i cant take risk ordering the new one and trying it.

12. THANK YOU very much for providing detailed information and sharing your EXPERTise :)
11 - Cisco makes an HWIC module that takes a SIM card too - HWIC-3G-GSM - which slides into an open slot on the 1800, 2800 or 3800 series routers. I think I would wager that's more expensive than the Netcomm unit.

There are many 3G routers that accept external adapters, in USB, CardBus and ExpressCard form, but not too many that take SIM cards.

12 - You're welcome, but I regret it's still not working for you. I'm pretty sure the ultimate solution is going to be in creating a proper rule in the Advanced->Security->IP Filter - Incoming... there has to be some way to open a hole in the router's firewall to allow incoming forwards and responses to ping (ICMP) traffic, but neither the manual nor the emulator clarifies how to do that.  
ibrahim52Team LeaderAuthor Commented:
Guess what, i tried to call some IT guys i know who are working for contracting companies and their sites are out of city limits. Now according to one or two guys i spoke they said that they came across the similar issue and there was no SOLUTION because 3G technology is totally different and it does not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.It was quite hard to digest for me but still, anyways i have called my ISP and ask them if the WIMAX facility is available there because it has PPPOE services where i can simply connect any router and do the PORT FORWARD easily but the fingers are crossed as they are going to check first whether WIMAX can be really install in that location as that site is in the middle of the desert so cannot say anything but lets see, meanwhile i am trying my best to get this thing solved. But i want to ask one thing if it really makes sense that "3G is a total diff. technology and some services are limited" as what i have been suggest from the IT pro here ?
> Now according to one or two guys i spoke they said that they came across the similar
issue and there was no SOLUTION because 3G technology is totally different and it does
not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.

For the record, I disagree with that viewpoint.
Port forwarding works fine for my 3G connection using a router built by DLink (marketed by Kyocera).  However, the 3G service I have through Sprint is CDMA-based, not GSM.

If ETISALAT offers a USB or Cardbus adapter, there would be more options for routers than there are for SIM cards.
e.g. all the Draytek Dual WAN 2820, 2830, 2910, 2920 and the 2955 models support 3G USB adapters in place of WAN 2...
DataVoiz sells Draytek - http://www.datavoiz.com/index.php?option=com_content&view=article&id=267&Itemid=495 - but the only one of those Draytek models I see on DataVoiz is the 2955 (http://www.draytek.com/user/PdInfoDetail.php?Id=113 ).
ibrahim52Team LeaderAuthor Commented:
That's true, sorry for being away from this topic as i was quite busy.Well, currently the site has still the same 3G with SIM , no news of my client i don't know what they are planning but i am having a news that they are going to change it to WIMAX soon. Till than i am not sure if i mentioned earlier that in the same site one of the computer is having 3G USB adapter and luckily one of my client is having WAN router with 3G USB port. Well but again unfortunately i am not able to get my hands on that USB adapter as i told that the site is totally out of the city limits, so i think only this upcoming weekend i might be able to get a chance to try. Thanks Darr247 for all your support :) so far.
Hmmm... looks like I posted the wrong link on DataVoiz...  I meant to post
which has the Vigor 2955 down at the bottom.

Even though DataVoiz does not show the USB port in that matrix, the link I gave to the 2955 page on Draytek's site does show that capability.
ibrahim52Team LeaderAuthor Commented:
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
ibrahim52Team LeaderAuthor Commented:
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
ibrahim52Team LeaderAuthor Commented:
Unfortunately, it did not resolve my problem but still thanks for all your efforts darr247 to explain everything in detail and trying your best.
The Internet Assigned Numbers Authority (IANA) has changed the link to their list of well-known/assigned ports...

here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now