Port Forwarding, what are the minimum changes required
bmwsandman
Enthusiast - Level 3

What are the minimum changes required on the actiontec (see my specs below) to port forward one port to an internal pc?

this is my hardware

Firmware Version: 4.0.16.1.56.0.10.11.6 Model Name: MI424-WR

my firewall is set to "Typical Security" but i have tried Minimum Security  as well

do i need to create an Advanced Filtering entry as well?

0 Likes
Reply
13 Replies
Hubrisnxs
Legend

You should just need to forward the actual port, so you will need to assign your PC a static LAN address (192.168.1.70 or something outside the dhcp range) and then forward a port to that ip address.  

make sure that your source port is set to any and then put in whatever you need it to be for the destination port.

it may look something like this when you are done

TCP any -> 8080 (sample port number, you can put whatever you want there that will work)

additional resources can be found at www.portforward.com

bmwsandman
Enthusiast - Level 3

so i can leave the firewall setting to Typical Security and i must have a static ip on the internal pc that i am trying to port forward, Correct?

0 Likes
Reply
Hubrisnxs
Legend

You should be able to leave it to typical no problem, and you might be able to forward to a host name instead of an ip but then you have to know what the host name for your PC is, and I am not sure how well that works,  so I couldn't vouch for or tell you if it hiccups or acts wierd like that or anything.  I know the way with the static ip address works the best, and that link shows you how to set that up on the pc

0 Likes
Reply
bmwsandman
Enthusiast - Level 3

With "typical security" set, my connection is being blocked according to the Security Log.

If i put in an Advanced Filter, in the Initial Rules section, I now see that my connection is accepted

I need to reboot the destination pc (so i will pickup the static ip i assigned) before i can test the rest.

0 Likes
Reply
bmwsandman
Enthusiast - Level 3

This router makes no sense. i am trying to port forward remote desktop to an internal laptop with a static IP on wifi lan.

in the port forward configuration

if i use the "Specify Public IP Address" and put in a valid IP address than the initial inbound request is blocked (Blocked - Default policy from the security log)

but if i don't check the box (ie unchecked), then the inbound traffic status is "Accepted - Service"  (from the security log). os thats good...

so leaving the box unchecked starts to work.... i get a remote desktop session started, login and then the dest laptop drops offline (the ip addr seems to be lost and thus starts to reconnect)

why is this so difficult

0 Likes
Reply
Hubrisnxs
Legend

The router definetly leaves something to be desired,   if you connect on one, and it boots off the other, it might be an ip conflict.  change the ip by 1 single number or verify on the other if they are the same ip's.  

0 Likes
Reply
viafax999
Community Leader
Community Leader

@bmwsandman wrote:

What are the minimum changes required on the actiontec (see my specs below) to port forward one port to an internal pc?

this is my hardware

Firmware Version: 4.0.16.1.56.0.10.11.6 Model Name: MI424-WR

my firewall is set to "Typical Security" but i have tried Minimum Security  as well

do i need to create an Advanced Filtering entry as well?


Should look like this attachment

I actually change the listener port just to make hacking a little more difficult

I have security set at Typical (Medium), I have no advanced filtering.

Actually have 2 rdp entries on different ports so that I can get to 2 different machines.

0 Likes
Reply
bmwsandman
Enthusiast - Level 3

@viafax999 wrote:

@bmwsandman wrote:

What are the minimum changes required on the actiontec (see my specs below) to port forward one port to an internal pc?

this is my hardware

Firmware Version: 4.0.16.1.56.0.10.11.6 Model Name: MI424-WR

my firewall is set to "Typical Security" but i have tried Minimum Security  as well

do i need to create an Advanced Filtering entry as well?


Should look like this attachment

I actually change the listener port just to make hacking a little more difficult

I have security set at Typical (Medium), I have no advanced filtering.

Actually have 2 rdp entries on different ports so that I can get to 2 different machines.


Hey viafax999,

I have this same port config. i turned on wireshark on the internal pc so could see the traffic. I am seeing the remote address connect to the internal pc, but there are packets being dropped.

i can narrow down the problem to the linksys router that connects my two subnets (from my other post you commented on)

But i can't find a solution. I even loaded a dd-wrt firmware on the linksys router thinking it would have better packet management, but no luck.

0 Likes
Reply
viafax999
Community Leader
Community Leader

@bmwsandman wrote:

Hey viafax999,

I have this same port config. i turned on wireshark on the internal pc so could see the traffic. I am seeing the remote address connect to the internal pc, but there are packets being dropped.

i can narrow down the problem to the linksys router that connects my two subnets (from my other post you commented on)

But i can't find a solution. I even loaded a dd-wrt firmware on the linksys router thinking it would have better packet management, but no luck.


Are you trying to rdp to something on the 10.x.x.x subnet? certainly sound like it from your reference to the linksys.

If so what you need to do is to forward the port to 192.168.1.254 (think that was your linksys address wasn't it?) and then set a forwarding rule in the linksys for the port to go the the machine on the 10.x.x.x subnet.

Your route table entry will get the rdp traffic to the linksys but the firewall ther will throw the packets away without a corresponding forwarding rule.

From your other thread

I actually have a Westell router that connects to a Dlink dir-655 and then on to a Linksys wrt54g.

I asked how you set the route because I couldn't get it to work on the Dlink and still can't.  my Dlink is on subnet 192.168.3.0 and the Linksys on 192.168.2.0.  I get a routing error when I save the setup - pic attached.  Did I configure it incorrectly??

From the error messsage it would appear it's trying to create the route for the wrong interface however the interface dropdown only has a WAN selection.

 I have a couple of Linksys befr41's laying around.  Think I'll connect one of the up and see if I can get it to work on that first - the wrt54g is a separate subnet that my son has his machines on and he'll probably get upset if I mess up his connectionSmiley Mad

0 Likes
Reply
bmwsandman
Enthusiast - Level 3

@viafax999 wrote:
Are you trying to rdp to something on the 10.x.x.x subnet? certainly sound like it from your reference to the linksys.

If so what you need to do is to forward the port to 192.168.1.254 (think that was your linksys address wasn't it?) and then set a forwarding rule in the linksys for the port to go the the machine on the 10.x.x.x subnet.

Your route table entry will get the rdp traffic to the linksys but the firewall ther will throw the packets away without a corresponding forwarding rule.

From your other thread

I actually have a Westell router that connects to a Dlink dir-655 and then on to a Linksys wrt54g.

I asked how you set the route because I couldn't get it to work on the Dlink and still can't.  my Dlink is on subnet 192.168.3.0 and the Linksys on 192.168.2.0.  I get a routing error when I save the setup - pic attached.  Did I configure it incorrectly??

From the error messsage it would appear it's trying to create the route for the wrong interface however the interface dropdown only has a WAN selection.


yes i am trying to rdp to the 10.0.0.0 subnet. I now think this is a linksys router issue not a fios router config issue.

regarding your setup, as i understand , you only need to do the double port forward if you are doing double nat; i am not doing doubt NAT. But i did try it once just to make sure; didn't help. as i mentioned (somewhere) the 10.0.0.2 pc is seeing the rdp traffic.

so on to your setup

you wrote,  "my Dlink is on subnet 192.168.3.0 and the Linksys on 192.168.2.0"

which one is connected to the fios router? I'll make an assumption and you can adjust accordingly

assuming the linksys wan is connected to the fios lan, and the fios lan is 192.168.1.0

here is how i would configure the linksys 

set the linksys to "router" mode, turn off the firewall and turn off dhcp. this is going to be a true router, not a gateway, fw, etc. it will not have its own subnet.

on the linksys put a static ip in the WAN that is on the fios subnet (eg 192.168.1.254)

set the linksys LAN ip to an addr on the dlink subnet (eg 192.168.3.254).  the linksys will automatically built the routes it needs (see the route table on adv routing tab). don't add any static routes on the linksys.

these two IPs are your two gateways for static routes to be added to the dlink and fios routers

now for the static routes:

add a static route on the dlink: dest lan 192.168.1.0, mask 255.255.255.0, gateway 192.168.3.254

add a static route on the fios router: dest lan 192.168.3.0, mask 255.255.255.0, gateway 192.168.1.254, metric 1

On the fios router, I also had to add three advanced filters: allow output traffic from subnet 192.168.1.0 to subnet  192.168.3.0 and allow two input filters to allow traffic in both directions form each subnet to the other subnet.

    note: create network object of these subnets first and then use the object names in the rules, much easier

i put these filters in their respective "Network (Home/Office) Rules" rule sections

this is basically the setup i have with a sonicwall instead of a dlink.

I hope this helps assuming you are trying to connect your fios lan (with pcs) to your dlink lan (with other pcs)

0 Likes
Reply
bmwsandman
Enthusiast - Level 3
i forgot to mention one or two things, i initially was using a wrt54g v2.0 as the router, and it didn't work (firmware bug i guess). i droppped in a wrt54g v6.0 and it worked just fine. so beware. after reading you previous post again, i guess you need to reverse my instructions and put the dlink between the linksys and fios router. hope the dlink is up for the challenge of being a true router. the linksys aren't i guess based on my experience. good luck
0 Likes
Reply
viafax999
Community Leader
Community Leader

@bmwsandman wrote:
i forgot to mention one or two things, i initially was using a wrt54g v2.0 as the router, and it didn't work (firmware bug i guess). i droppped in a wrt54g v6.0 and it worked just fine. so beware. after reading you previous post again, i guess you need to reverse my instructions and put the dlink between the linksys and fios router. hope the dlink is up for the challenge of being a true router. the linksys aren't i guess based on my experience. good luck

Yes, this assumption is the correct one.

The Dlink is a far superior router to the Linksys, also happens to be 11n with a gigabit switch.  However I think the issue here is the firmware as I feel the static route should be applied to the LAN interface not the WAN interface

My WRT54G is a V8 so that shouldn't be an issue however I'll try connecting a befr41 to the fios sement and see if I can get that configured first.

I sent you a PM

0 Likes
Reply
viafax999
Community Leader
Community Leader

Fios Westell 192.168.1.0  has a static connection 192.168.1.254 ( Dlink router)

Dlink dir-655 192.168.3.0 has a static connection 192.168.3.254 (Linksys router)

Linksys wrt54g 192.168.2.1

I don't use the fios subnet for anything except the stb's and a couple of virtual servers that are hosted off of a real server on the dlink segment - the real server has multiple nics that are connected to the 2 segments but only the host nic is running in true nic mode the other are running in virtual server services only.  Port forwarding is enabled for http, ftp and rdp, on custom ports, with the http traffic receiving the true address and port assignment via dyndns and a page forwarder on my isp.  Also port forward on another port for access thru the double nat with port forward rules on the fios and dlink router.

What I wanted to do was to get access to the linksys segment so I set the static route on the Dlink router, is this incorrect?

0 Likes
Reply