?
Solved

Port forwarding 101 for a router lan comcast

Posted on 2013-11-26
8
Medium Priority
?
1,063 Views
Last Modified: 2013-12-13
I always have trouble with this stuff, but it seems really simple?

I have Comcast box (coax coming in and Cat 5 data cable going out, into the wan of my cisco small business firewall).

The cisco says it's wan IP is 10.1.10.10 and its gateway is 10.1.10.1

On the lan side of the cisco, devices have 192.168.1.0/24 ip addresses.

we put a security camera DVR on the lan with ip 192.168.1.9 and want to get to it from outside.

there's 2 ports the dvr company says we need to forward 40085 and 49009

in the cisco I have 2 rules doing that - in on 40085 , out on port 40085 to ip 192.168.1.9

then in the Comcast box, I logged in and under firewall, set up 2 port forwarding rules

40085-40085 forwards to 40085 and the IP is 10.1.10.10 (right, where the packets are going to - the wan of the cisco router?)

and

49009-49009 forwards to 49009 and the IP is 10.1.10.10

but

http://www.yougetsignal.com/tools/open-ports/

still says the ports are closed.  what am I doing wrong?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 9

Accepted Solution

by:
BigPapaGotti earned 668 total points
ID: 39678726
The WAN IP address that is being assigned to your Cisco router is a Private IP address and is not routable on the internet. You would need to contact Comcast and tell them you need a public IP address assigned to your Internet Service in order for this to work.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39678730
argh! I did some googling and added the cisco box as the DMZ on the Comcast device - that passes everything to the wan of the cisco.

port checking shows the port is still closed.  what's wrong?! I have the enable checked next to the 2 entries in port forwarding.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39678763
weird.  I put the 192.168.1.9 as the DMZ of the cisco router and it still shows the port is closed.  Any kinds of tests can I do?  I can ping the public IP from an outside machine and I get a ping back.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 9

Expert Comment

by:BigPapaGotti
ID: 39678808
May I ask what the Public IP address is that you are pinging?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39678857
76.116.205.44

there's a setting in the gateway to turn off pinging on the wan port.  While pinging and getting replies, I turned off pinging and the replies stopped. so I do have a public IP?  right, the 10.x.x.x and 192.x.x.x IPS are not routable.  but just like I can get out to the web with them, I should with port forwarding / dmz, be able to get back in?

I just used

http://www.ipfingerprints.com/portscan.php

and for the ports that are open, it said filtered rather than closed and the first port said: mit-ml-dev and cslistener
0
 
LVL 12

Assisted Solution

by:Infamus
Infamus earned 1332 total points
ID: 39678860
You have to use 10.1.10.x IP if the device is on DMZ.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39678934
yes, the wan of the cisco box is 10.1.10.10
0
 
LVL 12

Assisted Solution

by:Infamus
Infamus earned 1332 total points
ID: 39678982
The DVR device needs to be on 10.1.10.x subnet and the port forwarding needs to be done on comcast side.  If you want to manage your router, then camcast has to be on a bridge mode but I'm not sure if comcast allows that.  Most DSL providers would do that for you.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question