epifanio67
asked on
Why can I not access this IP and Port from outside?
Hello Experts,
On my router, I have configured 'Apps and Gaming', 'Single Port Forwarding' to: External Port= 25565, Internal Port= 25565, Protocol= Both, Device IP#= 192.168.1.141, Enabled= true.
I am able to telnet from my LAN, 192.168.1.117 25565, but unable to access it from outside (looked up .141 external IP address). Any ideas why?
below are my iptables rules:
to look up this box, .141, IP address, I went to www.ipchicken.com.
then used the address to test if I could access the box by trying to telnet to it via 25565...
telnet ok via LAN.
telnet not ok outside LAN...
any ideas?
thx for your help...
Regards,
On my router, I have configured 'Apps and Gaming', 'Single Port Forwarding' to: External Port= 25565, Internal Port= 25565, Protocol= Both, Device IP#= 192.168.1.141, Enabled= true.
I am able to telnet from my LAN, 192.168.1.117 25565, but unable to access it from outside (looked up .141 external IP address). Any ideas why?
below are my iptables rules:
[root@localhost minecraft]# /sbin/iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:25565
31 1592 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25565
248K 18M RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 227K packets, 52M bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
48 6835 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
23 1900 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
5990 679K ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
210K 14M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
27773 2171K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
1070 251K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445
2748 884K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
to look up this box, .141, IP address, I went to www.ipchicken.com.
then used the address to test if I could access the box by trying to telnet to it via 25565...
telnet ok via LAN.
telnet not ok outside LAN...
any ideas?
thx for your help...
Regards,
You must forward the port to the internal server's IP .117, not to the router's IP.
... then you can telnet from outside to the .141 address with port 25565 and you will reach the .107 machine on that port.
It's an internal IP that needs to forwarded to your external IP. What IP is assigned to your router from your service provider. IP Port Forwarding...
ASKER
boy... I am not following...
the box I want accessible for my kids vid games is 192.168.1.141 25565
which I set for port forwarding on the route....
what should I do again? so sorry... a bit slow...
Regards,
the box I want accessible for my kids vid games is 192.168.1.141 25565
which I set for port forwarding on the route....
what should I do again? so sorry... a bit slow...
Regards,
What is the external IP of your router (the one you looked up at ipchicken)?
It's certainly not 192.168.1.141! That's a private address which cannot be used in public networks.
Basically you must configure your router to forward the port 25565 to the internal IP which you want to reach (seems that's what you did), but then telnet from outside to the external IP as detected by ipchicken!
It's certainly not 192.168.1.141! That's a private address which cannot be used in public networks.
Basically you must configure your router to forward the port 25565 to the internal IP which you want to reach (seems that's what you did), but then telnet from outside to the external IP as detected by ipchicken!
ASKER
ha!
I followed that... thank you....
correct, that's what I did... but only works from inside the LAN....
my router is configured to forward the port 25565 to the internal address 192.168.1.141.
then,
I logged in to the .141 box, launched firefox and went to ipchicken.com... got the external IP....
then,
try to telnet from outside telnet 6x.xx.xx.1xx 25565...
unable to connect...
I think we are in the same page.... but, is this what you mean?
thx,
I followed that... thank you....
correct, that's what I did... but only works from inside the LAN....
my router is configured to forward the port 25565 to the internal address 192.168.1.141.
then,
I logged in to the .141 box, launched firefox and went to ipchicken.com... got the external IP....
then,
try to telnet from outside telnet 6x.xx.xx.1xx 25565...
unable to connect...
I think we are in the same page.... but, is this what you mean?
thx,
Yes, that's what I mean.
Are you able to ping 6x.xx.xx.1xx (from a CMD box)?
And is this still your external IP? The usual dynamic addresses change at regular intervals (depending on your provider).
Are you able to ping 6x.xx.xx.1xx (from a CMD box)?
And is this still your external IP? The usual dynamic addresses change at regular intervals (depending on your provider).
Your address is from a College Network, right? Are you sure that there isn't a firewall blocking external access?
ASKER
thanks so much for your help....
I am unable to ping the external address 6x.xx.xx.1xx (from a CMD box)...
that's what's puzzling me... not sure why....
(no, it is not from College Network).
firewall.... hmmm....
the iptables allow traffic to flow on port 25565 (see above)
SELinux is disabled...
I also stopped iptables
/sbin/service iptables stop
and tried to ping the external address 6x.xx.xx.1xx (from a CMD box)... nothing...
any other tests you may suggest?
Thanks again ....
I am unable to ping the external address 6x.xx.xx.1xx (from a CMD box)...
that's what's puzzling me... not sure why....
(no, it is not from College Network).
firewall.... hmmm....
the iptables allow traffic to flow on port 25565 (see above)
SELinux is disabled...
I also stopped iptables
/sbin/service iptables stop
and tried to ping the external address 6x.xx.xx.1xx (from a CMD box)... nothing...
any other tests you may suggest?
Thanks again ....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you....
ping ok public DNS servers
ping yahoo.com ok
ping 4.2.2.2 ok
odd....
ping ok public DNS servers
ping yahoo.com ok
ping 4.2.2.2 ok
odd....
It might well be that the network admins blocked access from the outside world to that subnet (which has nothing to do with accessing the outside world from it, by the way).
ASKER
thank you so much for your help....
you are right, the network is isolated from external access.... I guess to keep people from hosting their own server :-)
Thanks again... good lesson...
you are right, the network is isolated from external access.... I guess to keep people from hosting their own server :-)
Thanks again... good lesson...