Router Config Linksys RV082

Have Linksys RV082
Client requested that port 6000~6002 Via UDP,  be port forwarded to machine on inside of firewall.

I did the following
Created Service called "AudioApp" Port range 6000~6002 UDP and forwarded it an internal IP 192.168.0.xxx

When the user tries to run the Audio Application is says the ports are not mapped.  When I check the ports from the outside(Public Interface of the router), it says they are closed.

What am I doing wrong, how can I check to see if the ports work from the user's machine to the firewall on the inside.

Thanks,

C
LVL 3
tech911Asked:
Who is Participating?
 
tech911Author Commented:
We are replacing the firewall, I am noticing too many errors and other issues.
0
 
Michael OrtegaSales & Systems EngineerCommented:
I know this sounds like a silly question, but did you actually check the "Enable" box?

In SETUP | FORWARDING | SERVICE MANAGEMENT you should see your custom fowarding service. If you select it is the "Enable" box checked?

MO
0
 
tech911Author Commented:
Yes sir I did.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
Michael OrtegaSales & Systems EngineerCommented:
Does the internal device that's listenting on UDP 6000-6002 have any firewall enabled?

MO
0
 
tech911Author Commented:
No

Its a Win XP machine, firewall is disabled,  I can ping it from anywhere on the network and it can ping the internal IP (read = gateway) on the firewall.

Do you know how I can test to see if those ports (6000, 6001, 6002) are available on the workstation.

I want to make sure that we can get from the workstation to the firewall over those ports, making sure they are functional.
0
 
Michael OrtegaSales & Systems EngineerCommented:
run a netstat -aon | more on the machine from a command line to see if any services are even listing on those ports. If you don't see any services listening then they are either the wrong ports or the service/application isn't running on the machine.

MO
0
 
tech911Author Commented:
When the application runs, user logs in to a test site and ports DO show up in netstat, but don't show up from outside the firewall if you use http://yougetsignal.com



0
 
Michael OrtegaSales & Systems EngineerCommented:
When you checked and verified that the system in question is listening on those ports (6000-6002) did you verify that it's the correct Process ID? Simply compare the process ID from netstat with the processes in task manager. Make sure to add the PID column to you view. If they are associated to the correct process then perhaps something is wrong with the router. Try and setup a different port forwarding rule to the same machine and test that, e.g. RDP (TCP3389).

MO
0
 
Oliver TANGIRINetwork EngineerCommented:
Here is a simple way to test your ports on that computer....and follow this to isolate the issue completely.

a) On the command prompt,  do Telnet 192.168.0.xxx  6000  from within your LAN.  If this gives you a blank screen, without any error message then the port is open. Try same for all the ports.
b) Validate (a) by doing telnet through port 3389 just to make sure that the test works.
c) Do the test from the WAN to see if the router let's the port go through.

What modem do you have? You are sure you have a modem and not one of the basic router/firewalls provided by ISPs?  Have you successfully passed any ports through your linksys before?

By the way, feel free to type your complete internal(private class C) IP address here. There is no security risk involved with that.  It is your WAN IP that you shouldn't share carelessly.
0
 
Michael OrtegaSales & Systems EngineerCommented:
Bokis, these are UDP ports. Telnet will not work. If you read my post I already suggested testing a different port, e.g. RDP on TCP3389. Thanks for repeating that same information though.

As Bokis comments, it would be good to verify your WAN configuration. How's the ISP's router or modem setup? Needs to be Bridged if you're using the RV082. Is your RV082 set with static IP information or is it dynamic?

MO
0
 
Oliver TANGIRINetwork EngineerCommented:
MO, sorry for failing to acknowledge your first mention of port 3389......I was only using it in the context of my suggested test.
Having said that, I still think doig the following command on a comman prompt will verify if the port is open or not.
Telnet <IP address of computer> <space here> <port number here>
 will work regardless of udp or tcp.
I have customer who uses Open Table Software and I had to pass UDP port 61031 through the firewall. I just tested again before doing this post and it works albeit gives you a few meaningless characters on the prompt unlike like a TCP port which gives you a clean blank screen.  

Good point on the bridging suggestion. For DSL line modems that do PPOE with or without authentication, it is a smooth solution. However, for those large routers provided by say verizon, all I would do is put my linksys on the ISP's LAN with a fixed IP and then make sure that IP is on the ISP's DMZ.......passing everything through. That is another story if we establish that this is in fact the case here. I am on standby for feedback from tech911.
0
 
tech911Author Commented:
Sorry for the delay in responding.

1.) Router/Firewall DOES pass traffic over 3389 through the firewall and using a port scanner from the outside, one can see that 3389 is open and it works.

2.) Same test with 6000, 6001, 6002 does not work.

3.)  In my config, 3389 is routed to a server inside and I can connect no problem.

4.)  The thing I find most interesting is that the connection to 6000 ~ 6002 begins from the application inside the firewall, thus it is Solicited traffic and should go through, but I its not, which I find very odd.  I am going meet with my client and ask that we get the software vendor involved.

I will post my results shortly.
0
 
Michael OrtegaSales & Systems EngineerCommented:
If you make a connection from inside the gateway firewall to the host system and all is well, but it doesn't work from outside the network then the focus is on the Linksys or the ISP. ISP's will sometimes block non standard ports. Have you checked with your service provider to confirm? The only other thing I can think of is replacing the Linksys just for testing to see if the problem persists even with different equipment.

MO
0
 
tech911Author Commented:
I am going to this client site tomorrow, will advise once I have a view of the application and a status on site.
0
 
tech911Author Commented:
I think it might be the application, we are going to test, stand by...
0
 
Oliver TANGIRINetwork EngineerCommented:
I may have missed it but I don't see where it is confirmed that those ports are open and reachable from within the LAN.
0
 
Michael OrtegaSales & Systems EngineerCommented:
You already did an internal telnet test to the system on ports 6000 - 6002 as suggested in an earlier post, right? I think I had you verify that the system was listing on the correct ports first and then Bokis suggested that you telnet to that system from the LAN using those ports. I'm not sure we got a definitive answer on whether you verified that the listing ports matched the correct application process or that the telnet from the LAN worked.

Can you confirm?

MO
0
 
tech911Author Commented:
We really didn't find a solution, we just went a different direction.
0
 
Oliver TANGIRINetwork EngineerCommented:
Hmmm, so your accepted solution is an  unanswered question that MO asked you about previous things we all, in separate comments, pointed you on how to isolate the issue?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.