Solved

Why can I not access this IP and Port from outside?

Posted on 2014-02-05
14
514 Views
Last Modified: 2014-02-05
Hello Experts,

On my router, I have configured 'Apps and Gaming', 'Single Port Forwarding' to: External Port= 25565, Internal Port= 25565, Protocol= Both, Device IP#= 192.168.1.141, Enabled= true.

I am able to telnet from my LAN, 192.168.1.117 25565, but unable to access it from outside (looked up .141 external IP address). Any ideas why?

below are my iptables rules:
[root@localhost minecraft]# /sbin/iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:25565 
   31  1592 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25565 
 248K   18M RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 227K packets, 52M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   48  6835 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   23  1900 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 255 
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0           
 5990  679K ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251         udp dpt:5353 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:631 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631 
 210K   14M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
27773 2171K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 
 1070  251K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445 
 2748  884K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Open in new window


to look up this box, .141, IP address, I went to www.ipchicken.com.
then used the address to test if I could access the box by trying to telnet to it via 25565...

telnet ok via LAN.
telnet not ok outside LAN...

any ideas?
thx for your help...

Regards,
0
Comment
Question by:epifanio67
  • 7
  • 5
14 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39836966
You must forward the port to the internal server's IP .117, not to the router's IP.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39836977
... then you can telnet from outside to the .141 address with port 25565 and you will reach the .107 machine on that port.
0
 
LVL 7

Expert Comment

by:Lee Ingalls
ID: 39836979
It's an internal IP that needs to forwarded to your external IP.  What IP is assigned to your router from your service provider. IP Port Forwarding...
0
 

Author Comment

by:epifanio67
ID: 39837012
boy... I am not following...
the box I want accessible for my kids vid games is 192.168.1.141 25565
which I set for port forwarding on the route....

what should I do again? so sorry... a bit slow...

Regards,
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837028
What is the external IP of your router (the one you looked up at ipchicken)?
It's certainly not 192.168.1.141! That's a private address which cannot be used in public networks.

Basically you must configure your router to forward the port 25565 to the internal IP which you want to reach (seems that's what you did), but then telnet from outside to the external IP as detected by ipchicken!
0
 

Author Comment

by:epifanio67
ID: 39837077
ha!
I followed that... thank you....

correct, that's what I did... but only works from inside the LAN....

my router is configured to forward the port 25565 to the internal address 192.168.1.141.
then,
I logged in to the .141 box, launched firefox and went to ipchicken.com... got the external IP....

then,
try to telnet from outside telnet 6x.xx.xx.1xx 25565...
unable to connect...

I think we are in the same page.... but, is this what you mean?

thx,
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837117
Yes, that's what I mean.

Are you able to ping 6x.xx.xx.1xx (from a CMD box)?

And is this still your external IP? The usual dynamic addresses change at regular intervals (depending on your provider).
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837138
Your address is from a College Network, right? Are you sure that there isn't a firewall blocking external access?
0
 

Author Comment

by:epifanio67
ID: 39837195
thanks so much for your help....

I am unable to ping the external address 6x.xx.xx.1xx (from a CMD box)...

that's what's puzzling me... not sure why....

(no, it is not from College Network).

firewall.... hmmm....

the iptables allow traffic to flow on port 25565 (see above)
SELinux is disabled...

I also stopped iptables
/sbin/service iptables stop

and tried to ping the external address 6x.xx.xx.1xx (from a CMD box)... nothing...

any other tests you may suggest?

Thanks again ....
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39837226
iptables is an internal thing which is not related to your router's accessibility from the outside world.

Try to ping some well known IP like 4.2.2.2 (a public DNS server).

If this succeeds then the external network where your router is in is actually isolated from external access, one way or the other, and I think you will have to ask your network provider (NETnet?) what's it all about!
0
 

Author Comment

by:epifanio67
ID: 39837259
thank you....

ping ok public DNS servers

ping yahoo.com ok
ping 4.2.2.2 ok

odd....
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39837288
It might well be that the network admins blocked access from the outside world to that subnet (which has nothing to do with accessing the outside world from it, by the way).
0
 

Author Closing Comment

by:epifanio67
ID: 39837559
thank you so much for your help....

you are right, the network is isolated from external access.... I guess to keep people from hosting their own server :-)

Thanks again... good lesson...
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now