Port Forwarding & Dynamic DNS both failing

Server PC: Win7 Pro SP1, i5, 3.4ghz, 6gb ram, dell OptiPlex 7010, service tag d32pcx1
Uses wifi connection to netgear wgr614v7 router, ATT DSL modem
router manual:

I'm trying to set up port forwarding and free NOIP.com dynamic dns hosting on an office router that gets a dynamic IP from ATT DSL. Here's what I did so far:
>      Set static IP on computer that is to be a software server (ipv4=static, ipv6=auto)
>      In static IP, set DNS server to be same IP as LOCAL ROUTER GATEWAY from ipconfig/all
>      Open future software's port number (TCP) on Windows Firewall
>      Forward port 10021 (TCP) on router to the static IP of the Win7 PC
>      Removed 2 existing forwards (for obsolete software, different ports)
>      Set up dynamic DNS hostname for router's external IP at NOIP.com
>      Download "No-IP’s Dynamic Update Client (DUC)", Set Up, Log In. Set to start with windows
>      Check to see if ATT DSL blocks this port 10021, they don't appear to.

>      The NOIP dns hosting / routing only works until the router external IP changes. So DUC isn't working.
>      Port testing is failing (using only online port testers so far). They say that the "Current Public IP Address" is the same as the one on the router status page.
>      As a test, opened port 20 in Win7 firewall, and forwarded to the Win7 static IP. The online pport testers say THIS PORT IS BLOCKED TOO.

Based on what I read at pcwintech.com, here's what I'm going to check when I go back:
>      Try diff port test tools (local software on PC)
>      See if "general security level" of router set too high (if I can FIND it! see below)
>      Check for 2nd router (tho above suggests no)
>      Reset router, reapply settings
>      Turn off / repair windows firewall
>      See if DMZ isenabled on router
>      Restore old port forwards on router? (for older version of software?)


(1) I didn't see anywhere in the wgr614 v7 router config or manual to set a "level of security" or to configure individual ports, other than to do port forwarding. Where is it on the wgr614v7?

(2) I noticed on the router there was a page titled "Dynamic DNS", where I could choose DynDNS.ORG from a dropdown. Do I need to enter info THERE AS WELL? (NOIP setup never mentioned this.)

(3) I'm using the local gateway IP as the DNS Server IP in Win7's static IP setup. Because that's the DNS server I got from ipconfig/all. Plus that setup is allowing internet access from Win7. Could that be causing problems? Should I be using DNS IPs from the router status page?

(4) (gripe question) After I downloaded noip's DUC, installed it, and entered my id & password, only one of the 3 status lines were "green", the other 2 were red. Until I went into "manage hosts", put a "check" next to my host, and hit OK.  Then all 3 are green. How is that not default? Especially with one host! It's like setting up a bank account, and then after it's all done, still having to go online and check a box that says, "allow me to use my own money". Very frustrating. Or am I wrong?

(5) DUC must be failing still, because, whereas typing in our host URL (from NOIP) into a browser at the office loaded the netgear router admin page (normal, right?), now from home (12 hours later) it no longer works.  I'll review NOIP's literature. But any suggestions are welcome.

Thanks peepz
Who is Participating?

Improve company productivity with a Business Account.Sign Up

skullnobrainsConnect With a Mentor Commented:
if you start netcat and instruct it to listen on that port, yes. note that not all versions can accept several connections in a row so you probably will need to launch it in a loop.

if you are unfamiliar with the command line and netcat operation, it will probably be easier to use one of the above mentioned servers


there is no way it can NOT work. forwarding a port is trivial matter and not a single home router is buggy enough to not handle it once configured properly.

what protocol will your server be using ? there may be glitches with some of them. if you're in doubt, you had better post information.


you probably should gain some understanding of basic networking, though :

a closed port is a port that rejects the connection sending an icmp port-unreachable message when you try to connect to it. most kernels will do this normally whenever they receive a connection attempt on a port that nothing listens on as part of their normal IP operation. this is the way they are supposed to behave. this happens even without a firewall. kernels may implement different behaviour but they will certainly not accept a connection if no server software is bound to the port.

when a port is firewalled, in many cases, the firewall unfortunately does not answer at all and the connection attempt times out after a while. other behaviors exist but they mostly will produce either of these results from the remote user's perspective.
1) Don't know. will take a look at that manual next.
2) No, you would use one or the other.
3) I suspect they want you to use the same DNS on your computer, that you see when you go into the router's status page.  This status page will show you all of your internet settings, as provided by your ISP.  If you are using your router itself as the DNS server, it should pass on the DNS request/replies to the ISP for you.  If you are browsing ok, I don't think this is your problem.
4) Never used that software.
5) This test is not conclusive, we need to make sure it works from home at the same time it's working in the office (otherwise it could be some other office vs home dns issue).  Still, I suspect the software is not updating the address properly.  You can confirm this by doing a ping of the dynamic domain name and note the IP address it returns- then see if this changes when your external IP address changes.  I have not used NOIP.com in particular, but usually there is a "heartbeat" setting that specifies how often to check for a changed IP address.   Alternative:  use the dynDNS on the router instead of the software you are currently using- I've had great luck with that product.
1) Took a look at that manual.  Looks like port forwarding is the only way to configure network security.  By default all incoming connections are blocked.  You need to specify the port number of every service you would like to listen for, along with which computer on your network is doing the listening.  It does NOT seem to have any outbound security other than content filtering.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

dgrrrAuthor Commented:
So if I try using the router webpage for Dynamic DNS with NOIP, should I disable the NOIP DUC software?

Alternatively, you are suggesting getting an account with another such service, namely DynDNS.com?

PS - I put the Win7 Server IP just outside the DHCP range, which is 0.2 to 0.50. I set Win7 to 0.60.

PS - I set up all the same things on my home computer, and i'm getting exactly the same failures. Except:
> at home when I put the current external IP or my NOIP dynamic domain name into a browser address bar, I get nothing, whereas at work I get the router login page
> when I  use PcWinCheck's "simple port tester" it says the port is open - BUT it's listening to my local computer's IP, NOT referring to the external IP, as the online ones do.
> when I ping my new NOIP dynamic domain name, it returns my current external router IP. The one at work gets no response.
dgrrrAuthor Commented:
Plus I can't test trying dynamic dns settings on my HOME router coz "This Page Currently Not Supported". (bad arris!)

I need to do an idiot check, I feel like I'm missing something basic  --
Normally, if Xfinity Cable or ATT DSL installs a router in somebody's house (for normal default residential use), and I go somewhere else and type their router's external IP into a browser... What's supposed to happen?   Nothing ("no data received"), right?   So why, on the above office router, did I get the router login page instead of "no data received"? That had nothing to do with a port.  It seems like there must be something PRIOR to port forwarding in order to allow any kind of incoming access. Not just to a port, but to the router itself? Am I wrong?
KorbusConnect With a Mentor Commented:
check out page 16-6: remote management, in the router manual.  you probably have this enabled which is why you see a web page when you browse the office's external ip address.
You should probably turn this off, for security. You are SUPPOSED to see nothing when browsing to your external IP address (unless intentionally hosting a public web page or something). I generally use ping to test connectivity, rather than browsing. (note: Some routers don't respond to pings either, also for security reasons (see page 6-8 of your router manual))
To use dynDNS instead of the software, yes, you would probably need to create an account with them.
It is probably not necessary to disable the software if you switch to dynDNS, as long as different dynamic domain names are used.  (but you don't NEED both)
at home when I put the current external IP or my NOIP dynamic domain name into a browser address bar, I get nothing, whereas at work I get the router login page

this is normal. i don't think your router does nat reflection so your external ip is not available from your lan. additionally there should be antispoof mesures that prevent accessing even a local service using the wan ip from the lan

It seems like there must be something PRIOR to port forwarding in order to allow any kind of incoming access. Not just to a port, but to the router itself?

the router has a port dedicated to administration. you should not forward that same port to a LAN host. if the port you forward is a different one, it does not matter (but is insecure as stated above)


regarding the issue with the open port appearing to be closed, do you actually have a server running ? if not the port will be closed regardless the fact it is open or not in windows firewall. first make sure your server is accessible internally, then take care of port forwarding.


regarding the issue with noip, i've been using their services for years without problem with various update clients including a simple shell script. you need to recheck your external ip frequently, and enable log or at least manually perform an update and check it does work. can't help about the first and second line stuff without better information or possibly a screenshot. i'm not running the DUC currently and don't even have a windows around to check
dgrrrAuthor Commented:
to skullnobrains:  we don't have the server software yet (it's very expensive) - we want to get everything else working first.  So I guess I'd have to set up some other server software (like an ftp program)?

So for the sake of testing - Are there many kinds of free server software that let you choose your own port?
most server software will let you choose the port

there is a netcat port for windows i have never used which is able to listen on any random port and basically do nothing. the same utility is available through cygwin.

other than that, you can install a web server like apache (stick a "listen PORTNUMBER" directive  in httpd.conf), a trivial mail redirector, a vnc server (for an easy graphic config. if you don't setup a password, it will accept connection and provide no access whatever the password you type).... dozens of stuff

you can use an ftp server such as cerberus (easy graphic config as well) but you won't be able to actually do ftp on a single port
dgrrrAuthor Commented:
So if the lack of a listening server on that port is causing the online port forwarding checkers to say "port not open", then installing "netcat port for windows" could fix this?

(I need to be able to say it's working before we buy the server software)

dgrrrAuthor Commented:
I found a tool called Port Listener; whenever I told it to listen on a forwarded port, that port tested as open / forwarded on all the port testers.

So now I'm just trying to understand a few more basics:

I set up several kinds of servers on my home desktop PC (easy file servers, tiny web servers, etc). I could access them with my laptop, but only by typing in the desktop's internal IP (10.0.0.xxx). When I type in the no-ip host, it never works, even with all the specified ports forwarded & open in the router & Win firewall.  This is probably because I'm behind an Arris TG862G/GT router that doesn't allow NAT Loopback -- is that right? Or is it because this router NEVER allows such access regardess of setup? (See router manual, page 2-2, "Computers Hidden by NAT")

As you said, each server program requires me to choose a particular port. (And each port I used was forwarded to my home server static internal IP.)  But some server programs require that (on the laptop, client end) I include that port the browser address box; other's don't. (e.g., vs  Why is this?

TinyServer (a web server) allows access regardless of which port I put it on, even if that port is NOT forwarded, as long as I browse to it using a port,e.g. "10.0.0.xxx:portnum".  Why is this?
KorbusConnect With a Mentor Commented:
It's not really a good idea to test the accessibility of your home network from the internet, while INSIDE home your network, as you have discovered.  You will need to test from another location on the internet (like your smart phone [unless on home wifi], a friends house, or the office) to test this properly.  It's not just your arris router, most routers will have problems with this.  

If you do NOT put a port into your web browsers address bar, it assumes port 80, which is the standard web HTTP port.  I suspect this is what port "tinyserver" is listening on.
I found a tool called Port Listener; whenever I told it to listen on a forwarded port, that port tested as open / forwarded on all the port testers.

good, so forwarding the port (and opening it in the firewall) worked as expected

This is probably because I'm behind an Arris TG862G/GT router that doesn't allow NAT Loopback

yes. this is what i called nat reflection above. there is no official term. most home routers don't handle it, and those which do usually have it disabled by default

Computers Hidden by NAT

i have no time for the man page, but forwarding the port is what makes you not concerned by being hidden by NAT* vs  Why is this?

as mentioned by @korbus, when you use a web browser, a.b.c.d is the same as a.b.c.d.:80 because a web browser assumes you want to query a web server and uses the default www port when not instructed otherwise

TinyServer (a web server) allows access regardless of which port I put it on, even if that port is NOT forwarded, as long as I browse to it using a port,e.g. "10.0.0.xxx:portnum".  Why is this?

if it works with all ports, i have no idea. if it is a specific port (or set of ports), tinyserver may have a bug that makes it ignore the port you set, may be configured to listen on a specific port AND another one (builtin), maybe it's admin port... if you browse on your local machine, maybe it configured itself as a proxy for all ports and redirects everything it sees to it's page..

this is completely unrelated to your question, but you can easily check which port it listens on using netstat, or if you want a graphic program, try process explorer which features a tcp tab where you can see listening and active connections of a specific process
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.