Solved

Why can I not access this IP and Port from outside?

Posted on 2014-02-05
14
510 Views
Last Modified: 2014-02-05
Hello Experts,

On my router, I have configured 'Apps and Gaming', 'Single Port Forwarding' to: External Port= 25565, Internal Port= 25565, Protocol= Both, Device IP#= 192.168.1.141, Enabled= true.

I am able to telnet from my LAN, 192.168.1.117 25565, but unable to access it from outside (looked up .141 external IP address). Any ideas why?

below are my iptables rules:
[root@localhost minecraft]# /sbin/iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:25565 
   31  1592 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25565 
 248K   18M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 227K packets, 52M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   48  6835 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   23  1900 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
 5990  679K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
 210K   14M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
27773 2171K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 
 1070  251K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445 
 2748  884K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Open in new window


to look up this box, .141, IP address, I went to www.ipchicken.com.
then used the address to test if I could access the box by trying to telnet to it via 25565...

telnet ok via LAN.
telnet not ok outside LAN...

any ideas?
thx for your help...

Regards,
0
Comment
Question by:epifanio67
  • 7
  • 5
14 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39836966
You must forward the port to the internal server's IP .117, not to the router's IP.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39836977
... then you can telnet from outside to the .141 address with port 25565 and you will reach the .107 machine on that port.
0
 
LVL 7

Expert Comment

by:Lee Ingalls
ID: 39836979
It's an internal IP that needs to forwarded to your external IP.  What IP is assigned to your router from your service provider. IP Port Forwarding...
0
 

Author Comment

by:epifanio67
ID: 39837012
boy... I am not following...
the box I want accessible for my kids vid games is 192.168.1.141 25565
which I set for port forwarding on the route....

what should I do again? so sorry... a bit slow...

Regards,
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837028
What is the external IP of your router (the one you looked up at ipchicken)?
It's certainly not 192.168.1.141! That's a private address which cannot be used in public networks.

Basically you must configure your router to forward the port 25565 to the internal IP which you want to reach (seems that's what you did), but then telnet from outside to the external IP as detected by ipchicken!
0
 

Author Comment

by:epifanio67
ID: 39837077
ha!
I followed that... thank you....

correct, that's what I did... but only works from inside the LAN....

my router is configured to forward the port 25565 to the internal address 192.168.1.141.
then,
I logged in to the .141 box, launched firefox and went to ipchicken.com... got the external IP....

then,
try to telnet from outside telnet 6x.xx.xx.1xx 25565...
unable to connect...

I think we are in the same page.... but, is this what you mean?

thx,
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837117
Yes, that's what I mean.

Are you able to ping 6x.xx.xx.1xx (from a CMD box)?

And is this still your external IP? The usual dynamic addresses change at regular intervals (depending on your provider).
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837138
Your address is from a College Network, right? Are you sure that there isn't a firewall blocking external access?
0
 

Author Comment

by:epifanio67
ID: 39837195
thanks so much for your help....

I am unable to ping the external address 6x.xx.xx.1xx (from a CMD box)...

that's what's puzzling me... not sure why....

(no, it is not from College Network).

firewall.... hmmm....

the iptables allow traffic to flow on port 25565 (see above)
SELinux is disabled...

I also stopped iptables
/sbin/service iptables stop

and tried to ping the external address 6x.xx.xx.1xx (from a CMD box)... nothing...

any other tests you may suggest?

Thanks again ....
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39837226
iptables is an internal thing which is not related to your router's accessibility from the outside world.

Try to ping some well known IP like 4.2.2.2 (a public DNS server).

If this succeeds then the external network where your router is in is actually isolated from external access, one way or the other, and I think you will have to ask your network provider (NETnet?) what's it all about!
0
 

Author Comment

by:epifanio67
ID: 39837259
thank you....

ping ok public DNS servers

ping yahoo.com ok
ping 4.2.2.2 ok

odd....
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837288
It might well be that the network admins blocked access from the outside world to that subnet (which has nothing to do with accessing the outside world from it, by the way).
0
 

Author Closing Comment

by:epifanio67
ID: 39837559
thank you so much for your help....

you are right, the network is isolated from external access.... I guess to keep people from hosting their own server :-)

Thanks again... good lesson...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now