Setting up Port Forward help

Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware
View previous topic :: View next topic  
Author Message
Sauva
DD-WRT Novice


Joined: 19 Aug 2011
Posts: 41
PostPosted: Thu Nov 17, 2011 17:54    Post subject: Setting up Port Forward help Reply with quote
I'm trying to set up a port forward so that afp traffic (port 548) get's passed to my home server. I can access the afp server just fine on lan via the static dhcp addy I set for it (192.168.1.2), but I can't get to the server from wan (either addressable IP or dyndns, inadyn running fine on the Asus box). I always get a server time-out error. According to the router it should be forwarding traffic on port 548 to 192.168.1.2:548 but nmap does not show that as an open port and I can't seem to access it. There's no firewall on the server (I turned it off to check). Please help! Here's the output from nmap and from the router itself.

Code:

root@EmeraldServer:~# iptables -t nat -vnL PREROUTING;iptables -vnL FORWARD
Chain PREROUTING (policy ACCEPT 38 packets, 3756 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  133  8492 DNAT       tcp  --  *      *       0.0.0.0/0            24.183.###.##       tcp dpt:8080 to:192.168.1.1:80
   19  1260 DNAT       tcp  --  *      *       0.0.0.0/0            24.183.###.##       tcp dpt:443 to:192.168.1.1:22
    5   680 DNAT       icmp --  *      *       0.0.0.0/0            24.183.###.##       to:192.168.1.1
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            24.183.###.##       tcp dpt:548 to:192.168.1.2:548
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            24.183.###.##       tcp dpt:4040 to:192.168.1.2:22
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            24.183.###.##       udp dpt:4040 to:192.168.1.2:22
   27  1864 TRIGGER    0    --  *      *       0.0.0.0/0            24.183.###.##       TRIGGER type:dnat match:0 relate:0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.2         tcp dpt:548
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.2         tcp dpt:22
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.2         udp dpt:22
    0     0 TRIGGER    0    --  vlan2  br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           state NEW


Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-17 12:39 EST
NSE: Loaded 57 scripts for scanning.
Initiating Ping Scan at 12:39
Scanning MYnet.dyndns.org (24.183.###.##) [4 ports]
Completed Ping Scan at 12:39, 0.05s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:39
Completed Parallel DNS resolution of 1 host. at 12:39, 0.08s elapsed
Initiating SYN Stealth Scan at 12:39
Scanning MYnet.dyndns.org (24.183.###.##) [1000 ports]
Discovered open port 8080/tcp on 24.183.###.##
Discovered open port 80/tcp on 24.183.###.##
Discovered open port 443/tcp on 24.183.###.##
Completed SYN Stealth Scan at 12:39, 5.93s elapsed (1000 total ports)
Initiating Service scan at 12:39
Scanning 3 services on MYnet.dyndns.org (24.183.###.##)
Completed Service scan at 12:39, 6.13s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against MYnet.dyndns.org (24.183.###.##)
Retrying OS detection (try #2) against MYnet.dyndns.org (24.183.###.##)
Initiating Traceroute at 12:39
Completed Traceroute at 12:39, 0.02s elapsed
Initiating Parallel DNS resolution of 4 hosts. at 12:39
Completed Parallel DNS resolution of 4 hosts. at 12:39, 0.00s elapsed
NSE: Script scanning 24.183.###.##.
Initiating NSE at 12:39
Completed NSE at 12:39, 1.40s elapsed
Nmap scan report for MYnet.dyndns.org (24.183.###.##)
Host is up (0.0084s latency).
rDNS record for 24.183.###.##: 24-183-224-40.dhcp.kgpt.tn.charter.com
Not shown: 994 filtered ports
PORT     STATE  SERVICE   VERSION
20/tcp   closed ftp-data
21/tcp   closed ftp
80/tcp   open   http      DD-WRT milli_httpd
|_http-title: 401 Unauthorized
| http-auth: HTTP/1.1 401 Unauthorized
|
|_Basic realm=EmeraldServer
443/tcp  open   ssh       Dropbear sshd 0.52 (protocol 2.0)
|_ssh-hostkey: 1040 34:fa:32:ea:18:63:fa:7d:bd:01:eb:5c:1f:0f:14:1e (RSA)
8080/tcp open   http      DD-WRT milli_httpd
|_http-title: 401 Unauthorized
| http-auth: HTTP/1.0 401 Unauthorized
|
|_Basic realm=EmeraldServer
8443/tcp closed https-alt
OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
No OS matches for host
Uptime guess: 31.025 days (since Mon Oct 17 13:03:14 2011)
Network Distance: 4 hops
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IP ID Sequence Generation: Random positive increments
Service Info: Host: EmeraldServer; OS: Linux

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   1.27 ms 128.219.0.1
2   0.34 ms swge4500n-327.ens.ornl.gov (160.91.0.250)
3   2.53 ms ornlgwy1-swge4500n.ens.ornl.gov (160.91.0.73)
4   1.73 ms 24-183-224-40.dhcp.kgpt.tn.charter.com (24.183.###.##)

Read data files from: /usr/local/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.95 seconds
           Raw packets sent: 2068 (94.332KB) | Rcvd: 46 (2.748KB)
Back to top View user's profile Send private message
Sponsor
Luniz2k1
DD-WRT Guru


Joined: 04 Oct 2007
Posts: 1258
Location: Ohio USA
PostPosted: Thu Nov 17, 2011 19:58    Post subject: Reply with quote
If you are trying to test from the LAN through the WAN port, then read the following:
r15760 breaks NAT loopback
NAT Loopback fix for 15760 and higher, (Port forward issue)
_________________
(05/02/17) std - 31924
Linksys WRT400N
Buffalo WHR-G300N

Got OpenDNS?
Back to top View user's profile Send private message
Sauva
DD-WRT Novice


Joined: 19 Aug 2011
Posts: 41
PostPosted: Thu Nov 17, 2011 20:13    Post subject: Reply with quote
Luniz2k1 wrote:
If you are trying to test from the LAN through the WAN port, then read the following:
r15760 breaks NAT loopback
NAT Loopback fix for 15760 and higher, (Port forward issue)


I'm testing the connection from work, not trying a loop. I'll bookmark that though in case I need to test at home.
Back to top View user's profile Send private message
Luniz2k1
DD-WRT Guru


Joined: 04 Oct 2007
Posts: 1258
Location: Ohio USA
PostPosted: Thu Nov 17, 2011 20:27    Post subject: Reply with quote
Sauva wrote:
Luniz2k1 wrote:
If you are trying to test from the LAN through the WAN port, then read the following:
r15760 breaks NAT loopback
NAT Loopback fix for 15760 and higher, (Port forward issue)


I'm testing the connection from work, not trying a loop. I'll bookmark that though in case I need to test at home.

Ok. It shows 548 is open from my connection (you hid your IP, but not the DNS):
Code:
Starting Nmap 5.51 ( http://nmap.org ) at 2011-11-17 15:22 EST
Initiating Ping Scan at 15:22
Scanning 24.183.224.40 [4 ports]
Completed Ping Scan at 15:22, 0.27s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:22
Completed Parallel DNS resolution of 1 host. at 15:22, 0.02s elapsed
Initiating SYN Stealth Scan at 15:22
Scanning 24-183-224-40.dhcp.kgpt.tn.charter.com (24.183.224.40) [1 port]
Discovered open port 548/tcp on 24.183.###.##
Completed SYN Stealth Scan at 15:22, 0.10s elapsed (1 total ports)
Nmap scan report for 24-183-224-40.dhcp.kgpt.tn.charter.com (24.183.###.##)
Host is up (0.24s latency).
PORT    STATE SERVICE
548/tcp open  afp

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
           Raw packets sent: 5 (196B) | Rcvd: 2 (72B)

Sounds like the connection/firewall at your work may be blocking it.
_________________
(05/02/17) std - 31924
Linksys WRT400N
Buffalo WHR-G300N

Got OpenDNS?
Back to top View user's profile Send private message
Sauva
DD-WRT Novice


Joined: 19 Aug 2011
Posts: 41
PostPosted: Thu Nov 17, 2011 21:10    Post subject: Reply with quote
Luniz2k1 wrote:

Ok. It shows 548 is open from my connection (you hid your IP, but not the DNS):
Sounds like the connection/firewall at your work may be blocking it.


Find/replace fail! Thanks for checking that though. I swapped my outgoing port request and it worked. Appreciate the help.

p.s. New to nmap, is there a way to scan and see what ports I'm allowed to open from behind my work's firewall?
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum