Netcomm 3G21W 3G Router Port Forward
Below is the link of the emulator of my Netcomm 3G router, it is exactly the same i am having right now. Now making the long story really short, i am not able to do the PORT FORWARDING for my CCTV DVR on my 3G router, i have registered a host on DYNDNS but if i am trying to ping or try to access the device it is not able to connect, neither through WEB MANAGEMENT of the router i.e., (port 80) or my DVR port number
EMULATOR LINK :
http://emulators.netcomm.com.au/3G21WB/index.html
If i am not wrong , i tried specifying the PORT and IP ADDRESS going to ADVANCED SETTINGS--->NAT--->PORT FORWARDING
When it didn't worked i tried doing PORT TRIGGERING and using DMZ also. But it is still the same, i hope i am not missing anything or any expert here have come across this issue using NETCOMM routers. Thank you.
EMULATOR LINK :
http://emulators.netcomm.com.au/3G21WB/index.html
If i am not wrong , i tried specifying the PORT and IP ADDRESS going to ADVANCED SETTINGS--->NAT--->PORT FORWARDING
When it didn't worked i tried doing PORT TRIGGERING and using DMZ also. But it is still the same, i hope i am not missing anything or any expert here have come across this issue using NETCOMM routers. Thank you.
Are you using the private IP address of your DVR in the Port Forwarding section of your router?
ASKER
No its 3G, running from SIM and yeah its LAN address and PORT hosted by DYNDNS URL
Port Forwarding is to tunnel through the firewall to access one local IP:port scket on the LAN from 'outside' (WAN).
Port Triggering is to force something (e.g. a program) on the LAN to open a port (usually to a specific IP) on the 'outside' (WAN), and then the firewall will allow replies from the outside (from the same IP the port triggered to) back into the LAN.
So port triggering is not what you need in this case.
In Advanced Settings->DNS-Dynamic DNS, did you enter the
customhostname.dyndns.org in the Hostname field, and your username and password for DynDNS in the corresponding fields, then Apply/Save so your router will update automatically if your outside IP changes?
If so, you should be able to ping customhostname.dyndns.org and get a reply.
Have you setup a reserved IP address for your DVR in Advanced Settings->LAN so it gets the same IP every time ? (see attached)
Otherwise the Port Forwarding rule might be forwarding the connection to the wrong LAN IP anyway.
Forwarding port 80 from the outside to a specific LAN port isn't really considered best practice. Make it something in the dynamic range. Say, port 56000. On the inside you can have the Forward point to port 80 on the DVR's IP, no problem.
Then to connect to your DVR from outside you would open the socket
http://customhostname.dyndns.org:56000
and port forwarding should then NAT that to your DVR using the DVR's.LAN.IP:80 socket.
Another way is to put the DVR's IP in the DMZ, which would eliminate the need for port forwarding, but would make it harder to access the DVR from the LAN, too. (Because the DMZ sits on the other side of the firewall from the LAN.)
3G21WB-DHCPReserveIP.png
Port Triggering is to force something (e.g. a program) on the LAN to open a port (usually to a specific IP) on the 'outside' (WAN), and then the firewall will allow replies from the outside (from the same IP the port triggered to) back into the LAN.
So port triggering is not what you need in this case.
In Advanced Settings->DNS-Dynamic DNS, did you enter the
customhostname.dyndns.org in the Hostname field, and your username and password for DynDNS in the corresponding fields, then Apply/Save so your router will update automatically if your outside IP changes?
If so, you should be able to ping customhostname.dyndns.org and get a reply.
Have you setup a reserved IP address for your DVR in Advanced Settings->LAN so it gets the same IP every time ? (see attached)
Otherwise the Port Forwarding rule might be forwarding the connection to the wrong LAN IP anyway.
Forwarding port 80 from the outside to a specific LAN port isn't really considered best practice. Make it something in the dynamic range. Say, port 56000. On the inside you can have the Forward point to port 80 on the DVR's IP, no problem.
Then to connect to your DVR from outside you would open the socket
http://customhostname.dyndns.org:56000
and port forwarding should then NAT that to your DVR using the DVR's.LAN.IP:80 socket.
Another way is to put the DVR's IP in the DMZ, which would eliminate the need for port forwarding, but would make it harder to access the DVR from the LAN, too. (Because the DMZ sits on the other side of the firewall from the LAN.)
3G21WB-DHCPReserveIP.png
ASKER
1) Yeah, the LAN IP for the DVR is 192.168.1.110 and the PORT is 5200.
2) To keep the IP address remain the same i have started the DHCP from 192.168.1.135-192.168.1.25
3) I tried the DYNDNS page as well but anyways i am having the updater in windows installed
4) If i am trying to ping it from the remote site i am able to get this kind of results
Pinging xxx..dyndns.org [86.xx.132.xx] with 32 bytes of data:
Request Timed Out
Request Timed Out
5) My isp is (unfortunately) ETISALAT, the service is really good but the support is AWFUL, this router is quite new in the market here and the tech support does not know except if the internet is working fine with the router, unfortunately the purpose of using 3G connection is because the site is located out of the city limits and the fixed line has not reached there yet.
6) I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection, i didn't get him because the DNS servers are same as fixed line and for my other clients DVRs are working fine.This is the first time i have tried dyndns on 3G connection.So i am really not sure, neither REMOTE DESKTOP works, neither ROUTER WEB MANAGEMENT works nor anything in the lan.
7) If you look the results of PING it resolves the IP but it is RTO
8) One last thing i would like to share is when i go to DYNDNS page of the router there is an option to chose two options from the INTERFACE menu one is "usb" and another one is "lan/br0), if i check "lan/br0" i am able to ping from the REMOTE computers but it shows the LAN ip address, it is 192.168.1.1
2) To keep the IP address remain the same i have started the DHCP from 192.168.1.135-192.168.1.25
3) I tried the DYNDNS page as well but anyways i am having the updater in windows installed
4) If i am trying to ping it from the remote site i am able to get this kind of results
Pinging xxx..dyndns.org [86.xx.132.xx] with 32 bytes of data:
Request Timed Out
Request Timed Out
5) My isp is (unfortunately) ETISALAT, the service is really good but the support is AWFUL, this router is quite new in the market here and the tech support does not know except if the internet is working fine with the router, unfortunately the purpose of using 3G connection is because the site is located out of the city limits and the fixed line has not reached there yet.
6) I spoke to a couple of techsupport guys and they told me something strange, that our ISP has might blocked port forward on 3G connection, i didn't get him because the DNS servers are same as fixed line and for my other clients DVRs are working fine.This is the first time i have tried dyndns on 3G connection.So i am really not sure, neither REMOTE DESKTOP works, neither ROUTER WEB MANAGEMENT works nor anything in the lan.
7) If you look the results of PING it resolves the IP but it is RTO
8) One last thing i would like to share is when i go to DYNDNS page of the router there is an option to chose two options from the INTERFACE menu one is "usb" and another one is "lan/br0), if i check "lan/br0" i am able to ping from the REMOTE computers but it shows the LAN ip address, it is 192.168.1.1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"... USB ports on this modem are for ..."
should say
"... USB ports on this router are for ..."
didn't catch it in Preview.
should say
"... USB ports on this router are for ..."
didn't catch it in Preview.
ASKER
1. It is properly configured on 5200 from the inside and i am able to open the same through http://192.168.1.110:5200
2. Its a STATIC IP, yes manually changed by going to DVR firmware
3. Yes there is no issue with the updater and the IP is also being updated correctly but the results are RTO.
4. If you look at the whole PDF it is just the brief description of the settings which is there in the emulator and yeah ETISALAT has changed the firmware slight and made it 3GW21(E) actually its 3GW21B only.Its only a name difference.
5. Thanks for your link it was very informative on PORTS and yeah i think its right they cannot block the custom made ports.(e.g 5200 or 52000) because usually for all the clients i use the same port and never had an issue.
6. That's true, even i am wondering the same, If you check all the settings in the router you don't have option to chose between the two interface (usb/lan0) except only in DYNDNS page and IP FILTERING
7. No i am sure the two USB ports are just for filesharing and for printer sharing and nothing else.
8. Yes inside the LAN there is no issue at all, i am able to access it without any issues.
9. To change the WEB MANAGEMENT PORT there is an option going to ACCESS CONTROL ---> SERVICES and i tried that even but it is not working from the remote site.I tried to PORT FORWARD 80 or 8080 but it doesn't work at all.
10. using 0.0.0.0 it does not now allow to save in SOURCE IP ADDRESS ,it says 0.0.0.0 as wrong IP but yeah keeping it blank and giving "5200" in source port blank and filling up the rest of the "destination" blanks , it allows to SAVE the configuration but as usual there is NO CHANGE.
11. The problem is here in United Arab of Emirates, ETISALAT is the only ISP and the profile of tech support i have already mentioned it earlier ;) . The other issue is 3G internet on SIM is not so popular so i don't even know anyone else who'd be using a similar 3G internet connection or a different router.HONESTLY the 3G ROUTER here is really EXPENSIVE and i cant take risk ordering the new one and trying it.
12. THANK YOU very much for providing detailed information and sharing your EXPERTise :)
2. Its a STATIC IP, yes manually changed by going to DVR firmware
3. Yes there is no issue with the updater and the IP is also being updated correctly but the results are RTO.
4. If you look at the whole PDF it is just the brief description of the settings which is there in the emulator and yeah ETISALAT has changed the firmware slight and made it 3GW21(E) actually its 3GW21B only.Its only a name difference.
5. Thanks for your link it was very informative on PORTS and yeah i think its right they cannot block the custom made ports.(e.g 5200 or 52000) because usually for all the clients i use the same port and never had an issue.
6. That's true, even i am wondering the same, If you check all the settings in the router you don't have option to chose between the two interface (usb/lan0) except only in DYNDNS page and IP FILTERING
7. No i am sure the two USB ports are just for filesharing and for printer sharing and nothing else.
8. Yes inside the LAN there is no issue at all, i am able to access it without any issues.
9. To change the WEB MANAGEMENT PORT there is an option going to ACCESS CONTROL ---> SERVICES and i tried that even but it is not working from the remote site.I tried to PORT FORWARD 80 or 8080 but it doesn't work at all.
10. using 0.0.0.0 it does not now allow to save in SOURCE IP ADDRESS ,it says 0.0.0.0 as wrong IP but yeah keeping it blank and giving "5200" in source port blank and filling up the rest of the "destination" blanks , it allows to SAVE the configuration but as usual there is NO CHANGE.
11. The problem is here in United Arab of Emirates, ETISALAT is the only ISP and the profile of tech support i have already mentioned it earlier ;) . The other issue is 3G internet on SIM is not so popular so i don't even know anyone else who'd be using a similar 3G internet connection or a different router.HONESTLY the 3G ROUTER here is really EXPENSIVE and i cant take risk ordering the new one and trying it.
12. THANK YOU very much for providing detailed information and sharing your EXPERTise :)
11 - Cisco makes an HWIC module that takes a SIM card too - HWIC-3G-GSM - which slides into an open slot on the 1800, 2800 or 3800 series routers. I think I would wager that's more expensive than the Netcomm unit.
There are many 3G routers that accept external adapters, in USB, CardBus and ExpressCard form, but not too many that take SIM cards.
12 - You're welcome, but I regret it's still not working for you. I'm pretty sure the ultimate solution is going to be in creating a proper rule in the Advanced->Security->IP Filter - Incoming... there has to be some way to open a hole in the router's firewall to allow incoming forwards and responses to ping (ICMP) traffic, but neither the manual nor the emulator clarifies how to do that.
There are many 3G routers that accept external adapters, in USB, CardBus and ExpressCard form, but not too many that take SIM cards.
12 - You're welcome, but I regret it's still not working for you. I'm pretty sure the ultimate solution is going to be in creating a proper rule in the Advanced->Security->IP Filter - Incoming... there has to be some way to open a hole in the router's firewall to allow incoming forwards and responses to ping (ICMP) traffic, but neither the manual nor the emulator clarifies how to do that.
ASKER
Guess what, i tried to call some IT guys i know who are working for contracting companies and their sites are out of city limits. Now according to one or two guys i spoke they said that they came across the similar issue and there was no SOLUTION because 3G technology is totally different and it does not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.It was quite hard to digest for me but still, anyways i have called my ISP and ask them if the WIMAX facility is available there because it has PPPOE services where i can simply connect any router and do the PORT FORWARD easily but the fingers are crossed as they are going to check first whether WIMAX can be really install in that location as that site is in the middle of the desert so cannot say anything but lets see, meanwhile i am trying my best to get this thing solved. But i want to ask one thing if it really makes sense that "3G is a total diff. technology and some services are limited" as what i have been suggest from the IT pro here ?
> Now according to one or two guys i spoke they said that they came across the similar
> issue and there was no SOLUTION because 3G technology is totally different and it does
> not have that capability of doing the PORT FORWARD or ALLOW any INCOMING FILTERS.
For the record, I disagree with that viewpoint.
Port forwarding works fine for my 3G connection using a router built by DLink (marketed by Kyocera). However, the 3G service I have through Sprint is CDMA-based, not GSM.
If ETISALAT offers a USB or Cardbus adapter, there would be more options for routers than there are for SIM cards.
e.g. all the Draytek Dual WAN 2820, 2830, 2910, 2920 and the 2955 models support 3G USB adapters in place of WAN 2...
DataVoiz sells Draytek - http://www.datavoiz.com/index.php?option=com_content&view=article&id=267&Itemid=495 - but the only one of those Draytek models I see on DataVoiz is the 2955 (http://www.draytek.com/user/PdInfoDetail.php?Id=113 ).
ASKER
That's true, sorry for being away from this topic as i was quite busy.Well, currently the site has still the same 3G with SIM , no news of my client i don't know what they are planning but i am having a news that they are going to change it to WIMAX soon. Till than i am not sure if i mentioned earlier that in the same site one of the computer is having 3G USB adapter and luckily one of my client is having WAN router with 3G USB port. Well but again unfortunately i am not able to get my hands on that USB adapter as i told that the site is totally out of the city limits, so i think only this upcoming weekend i might be able to get a chance to try. Thanks Darr247 for all your support :) so far.
Hmmm... looks like I posted the wrong link on DataVoiz... I meant to post
http://www.datavoiz.com/index.php?option=com_content&view=article&id=259&Itemid=487
which has the Vigor 2955 down at the bottom.
Even though DataVoiz does not show the USB port in that matrix, the link I gave to the 2955 page on Draytek's site does show that capability.
http://www.datavoiz.com/index.php?option=com_content&view=article&id=259&Itemid=487
which has the Vigor 2955 down at the bottom.
Even though DataVoiz does not show the USB port in that matrix, the link I gave to the 2955 page on Draytek's site does show that capability.
ASKER
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
ASKER
Thank you, if the situation remains still the same after the weekend i would try this links. Thanks once again
ASKER
Unfortunately, it did not resolve my problem but still thanks for all your efforts darr247 to explain everything in detail and trying your best.
The Internet Assigned Numbers Authority (IANA) has changed the link to their list of well-known/assigned ports...
here are the new URLs:
XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
here are the new URLs:
XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt