is port forwarding only used when accessing machines on a LAN from the internet.

rookie1010 · May 2, 2007

hello,

is port forwarding only used when accessing machines on a LAN from the internet.
what i mean to ask is, is there any use of port forwarding on a local area network

jlazzaro · May 2, 2007

Originally posted by: rookie1010
is port forwarding only used when accessing machines on a LAN from the internet.

traditionally, yes. remember, port forwarding is the function of the router. i think what you're looking for is more along the lines of port translation...

since you will be communicating on the same segment in your LAN environment (well, usually), you wouldnt touch L3+, only L2.

nweaver · May 2, 2007

you are confused I think...

no, there is no need to do port forwarding, as there is no network address translation (i.e. NAT) happening inside a local subnet/network. If you cross a routed segment (different subnet) then you MAY need it, depending on your configuration.

rookie1010 · May 2, 2007

thanks for the replies,

i am not sure what Port translation is, i did a quick search, and what i understood is that PAT is similar to NAT, only that it combines port forwarding too, correct?

from that perspective, port translation is also not applicable within a LAN,correct?

if there is a device on the LAN which has a firewall installed and one cant reach say port 1900, can port forwarding be used in some way to circumvent the firewall (this does not make any sense to me, but this is what i was advised by technical support).

nweaver · May 2, 2007

Originally posted by: rookie1010
thanks for the replies,

i am not sure what Port translation is, i did a quick search, and what i understood is that PAT is similar to NAT, only that it combines port forwarding too, correct?

from that perspective, port translation is also not applicable within a LAN,correct?

if there is a device on the LAN which has a firewall installed and one cant reach say port 1900, can port forwarding be used in some way to circumvent the firewall (this does not make any sense to me, but this is what i was advised by technical support).

Tech support is a trained monkey who doesn't even understand the OSI then...

POST WHAT YOU ARE TRYING TO DO...then we can help, all these random threads are just ticking off the regulars who can help you.

On a traditional LAN there is no need for port forwarding. Either the port is OPEN or CLOSED, and you can connect or you cannot.

jlazzaro · May 2, 2007

i believe this is the root thread...

rookie1010 · May 2, 2007

thanks for the reply,

what i have is a

1. Philips SLM5500 Streamium multimedia adaptor,
2. Nokia N95
3. laptop running simple center (upnp AV server), philips media manager. (trying to get windows media connect & twonkyvision 4.1)
4. netgear wireless router

the first three devices are "attached" to the netgear router.
my aim is to take pictures/videos using the N95 and push them onto the streamium device.
the philips streamium device can see the nokia N95 and the other devices around and pull content (pictures) from them, but not the other way round.

i did a bit of googling and saw an article which says that there is an inbuilt firewall in the philips streamium, called up philips to find out how to access the firewall, and they saw no there is no firewall.

(A firewall would make sense if the firewall is blocking all inward packets on port 1900, which would prevent the identification of the streamium as a UPnP AV streaming device, and if the firewall allowed the outward transmission of port 1900 packets, the streamium could see all the devices)

that is why i have been asking you guys basic questions about how to find out if there is a firewall. some one suggested that i use nmap, and i have downloaded it, but cant get it to work, i tried to install it after installing the latest version of winpcap (4.1 i beleive), when i click on nmap, i get the command screen for 1/2 second which then disappears.

i plan to try and push content from the laptop running simplecentre (if that doe work i will try philips media manager, windows media connect, twonkyvision 4.1)
if i can push content from a laptop then i can then proceed onto pushing content from the N95 (by the ways i can push content from the N95 to the laptop running simple centre)

So i want to see what is happening with the wireless network.
and if there is a firewall on the streamium, turn it off some how. (a firewall would make sense since it can be connected to the internet, and potentially people on the net can access it since it is upnp, so perhaps philips came up with a solution of putting it behind a firewall)

i think i have got quite a long post, i hope i am not ticking people off. my intention was to break the problem into little bits and ask around.

if the port is closed, then that means that there is some sort of firewall, correct?

jlazzaro · May 2, 2007

Originally posted by: rookie1010
i read an article which states that the SLM5500 has a built in firewall when i called phillips they say it does

Originally posted by: rookie1010
called up philips to find out how to access the firewall, and they saw no there is no firewall.

contradictory...

Originally posted by: rookie1010
if the port is closed, then that means that there is some sort of firewall, correct?

either that, or there is no service running that requires that specific port.

rookie1010 · May 2, 2007

i ran nmap in the following configurations.

c:\programs\nmap>nmap --open 192.168.1.7 -sV

Starting nmap 4.20 < http://insecure.org > at 2007-05-02 11:01 Pacific Daylight Time
Interesting ports on 192.168.1.7:
Not shown: 1696 closed ports
PORT STATE SERVICE VERSION
8080/tcp open tcpwrapped
MAC Address: 00:XY:ZA:BC

e:fg <Arcadyan Technology>

Service detection performed. Please report any incorrect results at http:insecure.org/nmap/submit/ .
Nmap finished: 1 IP address <1 host up> scanned in 20.129 seconds.

I guess this means that there is only one port open, the 8-8- port which allows the streaming n of content from the external internet.
is that correct?

why is it showing only 1696 ports, there are over 60000 ports, correct?

i tried to scan port 1900, by doing the following
c:\programs\nmap>nmap --open 192.168.1.7 -p 1900

Starting nmap 4.20 < http://insecure.org > at 2007-05-02 11:01 Pacific Daylight Time
the 1 scanned port on 192.168.1.7 is closed.

MAC Address: 00:XY:ZA:BC

e:fg <Arcadyan Technology>

Service detection performed. Please report any incorrect results at http:insecure.org/nmap/submit/ .
Nmap finished: 1 IP address <1 host up> scanned in 13.510 seconds.

i tried the following
c:\programs\nmap>nmap --open 192.168.1.7 -PS

Starting nmap 4.20 < http://insecure.org > at 2007-05-02 11:01 Pacific Daylight Time
Interesting ports on 192.168.1.7:
Not shown: 1696 closed ports
PORT STATE SERVICE VERSION
8080/tcp open http-proxy
MAC Address: 00:XY:ZA:BC

e:fg <Arcadyan Technology>

Nmap finished: 1 IP address <1 host up> scanned in 19.478 seconds.

port 1900 is to my understanding the port for service discovery, however when i tried to probe it (as above), it came up with port closed, you think that would be a firewall in operation?

some one told me to try and telnet to the different ports and that would indicate if the port was available(close or open), is that correct?

do you think i should run nmap with any other switches/arguments

is there any way i can open the ports on the streamium?

nweaver · May 2, 2007

you could try (and my formatting is diffent, I only use Linux) "nmap -p 1200-2200 ip.of.machine"

that would scan a large range of ports not normally scanned....

when you do http://ip.of.device:8080 does it have a web server running. Does that webserver have UPNP options or firewall options?

try "telnet ip.of.device 1900" and post the output. Hit return a few times and wait a while on it, unless it closes right away

rookie1010 · May 3, 2007

thanks for the replies,
will try your recommendations

does nmap support udp scans?
why does it scan only 1697 ports, there are over 65000 ports to scan correct?
what determines if the port is open or closed (firewall or the devices firmware or both)
how can i check if a webserver has upnp or firewall optiosn from the command prompt?
can i telnet to a non-telnet port(i thought telnet only worked on port 23)

nweaver · May 3, 2007

Originally posted by: rookie1010
thanks for the replies,
will try your recommendations

does nmap support udp scans?
why does it scan only 1697 ports, there are over 65000 ports to scan correct?
what determines if the port is open or closed (firewall or the devices firmware or both)
how can i check if a webserver has upnp or firewall optiosn from the command prompt?
can i telnet to a non-telnet port(i thought telnet only worked on port 23)

yes, it's a flag for nmap

it only scans the 1697 ports by default, since they are the most common ones folks care about. Scanning 65K ports takes a wile, and can cause issues with the other device.
FIrewall determines open/closed status
check the webserver for firewall stuff by opening it in a web page and looking around

telnet works on non default ports fine, telnet ip.address port so to telnet to google's we bserver, I would type "telnet www.google.com 80"

JackMDS · May 3, 2007

May be this can Help, http://www.ezlan.net/routers1.html

rookie1010 · May 3, 2007

thansk for the replies

i did do
nmap -p 1200-2200 192.168.1.5 (the command works for windows as well)

all the 1001 ports are scanned.

i tried to do http://192.168.1.5:8080 in an internet explorer window and what i got was "the webpage cannot be found".
does that mean that there is no webserver that is running? or does it mena that a firewall has blocked access to the webserver. i guess the webserver is the service on the device which would host the page.
what are the other ways of "looking around"?

I tried 192.168.1.5 1900 and what i got was
connecting to 192.168.1.5... Could not open connection to the host, on port 1900: connnect failed.

(why is the syntax 192.168.1.5 1900 and not 192.168.1.5:1900?)

i tried nmap --open 192.168.1.5 -p 1-65535

and i get the folllowing

INteresting ports on 192.168.1.5:
Not shown 65534 closed ports
PORT STATE SERVICE
8080/tcp open http-proxy

so by default all ports are open, and a firewall is required to close ports.
if nmap turns up with closed ports, there has to be a firewall which has closed them, correct?
could here be some sort of firewall in my router (i have gone through the netgear router settings and it does not seem to have a firewall.)

does nmap support udp scans?

JackMDS · May 3, 2007

The Internet does not know from Loacal IP.

If you want to accaess from the Intrenet it is done this way, http://www.ezlan.net/myip.html

If you have any software Firewalls (including WinXP Native Firewall
) disable them until you sort things out.

nweaver · May 3, 2007

nmaps man page shows -sU to do UDP scans

what service runs on port 8080 then? telnet to port 8080 and see what (if anything) you get

nweaver · May 3, 2007

it looks like you configure this through the TV? Is there anything in there about a firewall?

rookie1010 · May 3, 2007

i geuss inthe phillips treamium there could be a native firewall(philllips implmentation)

i tried telnet 192.168.1.5 1900 and what i got was
connecting to 192.168.1.5... Could not open connection to the host, on port 1900: connnect failed.

i will use the -sU to do UDP scans?

i tried to conifgure it through the TV, but there seems to be any settings with regards to the firewall.

since all the tcp ports with the exception of 8080 (is my understanding correct?) are closed, hence a firewall is present, correct?

jlazzaro · May 3, 2007

Originally posted by: jlazzaro

Originally posted by: rookie1010
if the port is closed, then that means that there is some sort of firewall, correct?

Click to expand...

either that, or there is no service running on that paticular port.

Red Squirrel · May 3, 2007

When setting up a LAN with PAT/NAT (typical home router) you should always have 0 port forwards set. Unless of course you have a server on your network that you want to give others access to from outside your network.

Server would have IP 10.1.1.10 lets say, while your router's internal IP is 10.1.1.1 and the IP your router gets from the ISP is 123.123.123.123. So you forward port 80 to 10.1.1.10 so people connect to 123.123.123.123:80 and can access the server that is actually on 10.1.1.10:80. But if the server is only needed on the LAN then it can be connectd to by 10.1.1.10:80 from behind the router.

rookie1010 · May 4, 2007

thanks for the reply redSquirrel, i have set up a standaone LAN which is not connected to the outside world, do you r recommendations hold true for my case too.

because what i understood was that NAT/PAT is only used when you are connected to the outside world.

when there is no service running on a port, is there any way one can open it from a second device on the LAN?

is port forwarding only used when accessing machines on a LAN from the internet.

Senior member

Golden Member

Diamond Member

Senior member

Diamond Member

Golden Member

Senior member

Golden Member

Senior member

Diamond Member

Senior member

Diamond Member

Elite Member

Senior member

Elite Member

Diamond Member

Diamond Member

Senior member

Golden Member

No Lifer

Senior member