DD-WRT (Kong Build) - Unable to Port Forward.

[s0me0nesmind1]

Hey folks

Motorola Modem + Router - Running in Bridged Mode to my REAL Router...
Netgear Nighthawk R7000 Router
Setup Static IPs, etc..
Setup a rule to Port Forward for my static IP.

Aaaaaaand it refuses to work. I can't for the life of me figure out why. I don't have any other firewalls running other than Windows 10 defaults. Am I missing something?

I went through most of this checklist but I'm still coming up empty. https://www.dd-wrt.com/wiki/index.php/Port_Forwarding_Troubleshooting

For source net I put "0.0.0.0/0" as been told by others - I've also left it blank, neither seem to work. Any network experts out here that can possibly figure this out for me?

 

[ch33zw1z]

Post pic of the port forwarding config. In the past, it was in port > out port> lan IP, and possibly a range of ports if needed.

Also confirm you're in bridge mode, wan IP in ddwrt device should be public.

I don't recall having to set a network of 0.0.0.0 wrt port forwarding

 

[s0me0nesmind1]

Pretty straight forward to me? Unless I'm crazy?

Again - For Source Net I have to stress that I tried it blank and with what is currently there - rebooting the router inbetween. Same result regardless.

 

[s0me0nesmind1]

Post pic of the port forwarding config. In the past, it was in port > out port> lan IP, and possibly a range of ports if needed.

Also confirm you're in bridge mode, wan IP in ddwrt device should be public.

I don't recall having to set a network of 0.0.0.0 wrt port forwarding

WAN IP looks to be public based on the dd-wrt write-up, it's 98.196.119.xxx

Confirmed the modem/router is in bridged mode.

 

[ch33zw1z]

Change one of the source ports. Can't forward the same port to different IP's

Unless maybe if they're different source ip

 

[s0me0nesmind1]

Change one of the source ports. Can't forward the same port to different IP's

Unless maybe if they're different source ip

Perhaps I'm high - or simply that I don't understand this type of networking knowledge... but If I want to open a certain port - in this case 1337 - wouldn't it be the same port in/out? This is what every guide I've ever read says.

And even if that is not correct, if I want port X to be open, do I want port X to be the "Port From" or the "Port to"?

 

[ch33zw1z]

The source ports (incoming port, aka from port) can be anything you want. I typically use >10,000 such as 10,999.

That is just saying to the router, put a hole in the firewall at this port. The source net option allows you to define what IP the incoming connection will be on, enhancing security for the hole.

Port forwarding is a function that says: router, when you see a request on this port (source / WAN), forward it to this internal port and IP (lan IP). These ports dont need to be the same, you just need to not conflict with predefined ports, or with each rule.

The internal port needs to be what is defined for the service your PC is running. For instance, 21 for ftp, 22 for ssh, etc.. these are defined by the software service you want to to access.

So it you have two PC's running windows RDP, you want two rules, just an example here...where the source port can be anything you want, but RDP port is preconfigure to run on 3389

Pc1: source port: 10,000 to port 3389 on IP x.x.x.200

Pc2: source port: 11,000 to port 3389 on IP x.x.x.210

Whereas, outside your network, connection to PC for RDP would work using WAN IP x.x.x.x:10000 goes to .200, and :11000 would go to .210

If you know which IP you'll be hitting the WAN from, put that in the source IP. Such as if your RDPing in from work, you put the work IP/SM

In my example, If you make the source port the same, then the router is going to forward RDP to two addresses from the same request, which will fail. The router gets the request, checks it's rule list, and (depending on vendor code) may or may not create a connection because there's two conflicting rules that forward the same request to different locations internally.

What service are you trying to access on those PC's? Sometimes you can change what port the software is listening on, but it's not really necessary for most things.

 

[s0me0nesmind1]

The source ports (incoming port, aka from port) can be anything you want. I typically use >10,000 such as 10,999.

That is just saying to the router, put a hole in the firewall at this port. The source net option allows you to define what IP the incoming connection will be on, enhancing security for the hole.

Port forwarding is a function that says: router, when you see a request on this port (source / WAN), forward it to this internal port and IP (lan IP). These ports dont need to be the same, you just need to not conflict with predefined ports, or with each rule.

The internal port needs to be what is defined for the service your PC is running. For instance, 21 for ftp, 22 for ssh, etc.. these are defined by the software service you want to to access.

So it you have two PC's running windows RDP, you want two rules, just an example here...where the source port can be anything you want, but RDP port is preconfigure to run on 3389

Pc1: source port: 10,000 to port 3389 on IP x.x.x.200

Pc2: source port: 11,000 to port 3389 on IP x.x.x.210

Whereas, outside your network, connection to PC for RDP would work using WAN IP x.x.x.x:10000 goes to .200, and :11000 would go to .210

If you know which IP you'll be hitting the WAN from, put that in the source IP. Such as if your RDPing in from work, you put the work IP/SM

In my example, If you make the source port the same, then the router is going to forward RDP to two addresses from the same request, which will fail. The router gets the request, checks it's rule list, and (depending on vendor code) may or may not create a connection because there's two conflicting rules that forward the same request to different locations internally.

What service are you trying to access on those PC's? Sometimes you can change what port the software is listening on, but it's not really necessary for most things.

Sorry for the slow reply - I have to travel during the week.

Got around to changing the port from field - still showing that I have a limited connection on my torrent client (that I use to download Linux distros)

 

[ch33zw1z]

No worries, reply when you can.

Ok, what are you trying to access behind your router? A torrent server?

 

[s0me0nesmind1]

No worries, reply when you can.

Ok, what are you trying to access behind your router? A torrent server?

Just trying to make sure that my torrent client is able to access/connect to all the peers, I guess?

I utilize the uTorrent Setup Guide and it always reports that the port is not open:

 

[ch33zw1z]

If you uncheck automatic port mapping, does it change?

Here's the guide for uTorrent

http://help.utorrent.com/customer/portal/articles/1753715

 

[s0me0nesmind1]

If you uncheck automatic port mapping, does it change?

Here's the guide for uTorrent

http://help.utorrent.com/customer/portal/articles/1753715

Nope - I've also tried port forward testing websites as well.

 

[ch33zw1z]

Hey, so there's a few YouTube videos on how to do this. Have you watched any of those?

I would also start with only one rule and get it working before adding another. It's seems uTorrent is going to want the source and destination port to be the same, upnp also running.

 

[PliotronX]

I wonder if UPnP might actually cause a conflict if static port mapping is in place. This all should be moot if UPnP is enabled as UT takes care of the forwarding automatically. Is your windows network location profile set as public by chance?

 

[ch33zw1z]

I agree, a static port mapping should make upnp unnecessary, and the uTorrent guide says the same. Other tutorials are doing both.

A good point about public or private network, maybe it's that simple.