Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 537
  • Last Modified:

Why can I not access this IP and Port from outside?

Hello Experts,

On my router, I have configured 'Apps and Gaming', 'Single Port Forwarding' to: External Port= 25565, Internal Port= 25565, Protocol= Both, Device IP#= 192.168.1.141, Enabled= true.

I am able to telnet from my LAN, 192.168.1.117 25565, but unable to access it from outside (looked up .141 external IP address). Any ideas why?

below are my iptables rules:
[root@localhost minecraft]# /sbin/iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:25565 
   31  1592 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25565 
 248K   18M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 227K packets, 52M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   48  6835 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   23  1900 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
 5990  679K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
 210K   14M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
27773 2171K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 
 1070  251K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445 
 2748  884K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Open in new window


to look up this box, .141, IP address, I went to www.ipchicken.com.
then used the address to test if I could access the box by trying to telnet to it via 25565...

telnet ok via LAN.
telnet not ok outside LAN...

any ideas?
thx for your help...

Regards,
0
epifanio67
Asked:
epifanio67
  • 7
  • 5
1 Solution
 
woolmilkporcCommented:
You must forward the port to the internal server's IP .117, not to the router's IP.
0
 
woolmilkporcCommented:
... then you can telnet from outside to the .141 address with port 25565 and you will reach the .107 machine on that port.
0
 
Lee IngallsDirector of IT/TS, Quality and FinanceCommented:
It's an internal IP that needs to forwarded to your external IP.  What IP is assigned to your router from your service provider. IP Port Forwarding...
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
epifanio67Author Commented:
boy... I am not following...
the box I want accessible for my kids vid games is 192.168.1.141 25565
which I set for port forwarding on the route....

what should I do again? so sorry... a bit slow...

Regards,
0
 
woolmilkporcCommented:
What is the external IP of your router (the one you looked up at ipchicken)?
It's certainly not 192.168.1.141! That's a private address which cannot be used in public networks.

Basically you must configure your router to forward the port 25565 to the internal IP which you want to reach (seems that's what you did), but then telnet from outside to the external IP as detected by ipchicken!
0
 
epifanio67Author Commented:
ha!
I followed that... thank you....

correct, that's what I did... but only works from inside the LAN....

my router is configured to forward the port 25565 to the internal address 192.168.1.141.
then,
I logged in to the .141 box, launched firefox and went to ipchicken.com... got the external IP....

then,
try to telnet from outside telnet 6x.xx.xx.1xx 25565...
unable to connect...

I think we are in the same page.... but, is this what you mean?

thx,
0
 
woolmilkporcCommented:
Yes, that's what I mean.

Are you able to ping 6x.xx.xx.1xx (from a CMD box)?

And is this still your external IP? The usual dynamic addresses change at regular intervals (depending on your provider).
0
 
woolmilkporcCommented:
Your address is from a College Network, right? Are you sure that there isn't a firewall blocking external access?
0
 
epifanio67Author Commented:
thanks so much for your help....

I am unable to ping the external address 6x.xx.xx.1xx (from a CMD box)...

that's what's puzzling me... not sure why....

(no, it is not from College Network).

firewall.... hmmm....

the iptables allow traffic to flow on port 25565 (see above)
SELinux is disabled...

I also stopped iptables
/sbin/service iptables stop

and tried to ping the external address 6x.xx.xx.1xx (from a CMD box)... nothing...

any other tests you may suggest?

Thanks again ....
0
 
woolmilkporcCommented:
iptables is an internal thing which is not related to your router's accessibility from the outside world.

Try to ping some well known IP like 4.2.2.2 (a public DNS server).

If this succeeds then the external network where your router is in is actually isolated from external access, one way or the other, and I think you will have to ask your network provider (NETnet?) what's it all about!
0
 
epifanio67Author Commented:
thank you....

ping ok public DNS servers

ping yahoo.com ok
ping 4.2.2.2 ok

odd....
0
 
woolmilkporcCommented:
It might well be that the network admins blocked access from the outside world to that subnet (which has nothing to do with accessing the outside world from it, by the way).
0
 
epifanio67Author Commented:
thank you so much for your help....

you are right, the network is isolated from external access.... I guess to keep people from hosting their own server :-)

Thanks again... good lesson...
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now