2Wire router port forwarding - networking

I am having some trouble allowing my 2wire router (provided by AT&T to forward certain ports.
I have a raspberry pi running subsonic (a music server) and I would like to access it from the outside internet. I have configured the pi with a static LAN IP address and have opened the specified ports (4040 and 80) on both TCP and UDP. I have also confirmed the service is active and is listening on the specified ports via netstat.
When I attempt to connect, however, from my WAN IP I am confronted with a connection refused dialog. Checking the firewall logs on my router, I see this message
IN=br1 MAC=--:--:--:--:--:-- SRC=(my computer IP) DST=(My WAN IP) LEN=40 TTL=240 PROTO=TCP DPT=5060 Unknown inbound session stopped
It appears that my firewall is still blocking the external connection. What strikes me as odd is, although I am unable to connect I can still see that the port is open from an outside port scanner. Using the service provided from http://www.yougetsignal.com/tools/open-ports/ I have confirmed that my IP has port 4040 to be open.
Once again, I have confirmed that the service is indeed listening on the raspberry pi, setup a static LAN address and created the protocol for both TCP and UDP....
Any help on this matter would be greatly appreciated.
Thanks in advance!

Ok so for whatever reason it was working all along. Apparently it was just getting confused by me trying to connect to my own router. I confirmed this by connecting to the server via 4G on my phone.
Dumb mistake by me.

Related

If someone knows my external address and port, can public internet computer start a TCP socket towards my computer without router port forwarding?

I'm trying to build a peer-to-peer game, where each player is both a server and a client with tcp sockets. The sockets can connect fine when I'm using local ip:s, but of course fails when I'm trying to use external ip:s.
But I'm thinking that the players should be able to connect to each other if they just knew the external address + port that the router assigns to them.
Setting up port forwarding is out if the question since I don't have access to the players routers.
I'm thinking of having a server in between, just to be able to read the external address and port of the players, and tell the other player about it so that it can connect.
But I haven't found any info anywhere if that's how port forwarding works. If computer A makes a request from a local address and a port to the server, and the router assigns this address + port to an external address + port, and the server tell computer B which address + port to use. Can computer B use that external address + port to connect to the computer A and start a tcp socket with it? Is there any way to know that this external address + port stays the same when another computer makes a request against them?
The problem is that most people don't expose their PC directly to the internet. They have a router that has an external address. When you send a packet to their IP address, it is going to their router. The router doesn't know where to forward it to and what port to use without port forwarding.
So, getting everyone to enable port forwarding is out of the question, as it should be. A simpler mechanism is to have a server on the internet that you control. It has a firewall with port forwarding setup. The clients are just clients, they connect to the server on a port and send and receive info about the current status of the game. That way, everyone has real-time updates on their local game engine. Plus, this way is much easier to program and implement.
No, TCP doesn't work like that.
The source port that has been used to talk to the rendezvous server will be transient and specific to that particular initial TCP socket connection and can only be used as a destination for return traffic on the same connection from the rendezvous server, and can't be used by a third party to make new inbound connections.
The typical (only?) practical solution when NATs are involved and port forwarding is not available is to have that central server relay all messages bidirectionally between the peers.
Hole punching is what I was looking for.
https://en.wikipedia.org/wiki/Hole_punching_(networking)

Connect to localhost with iPad

Trying to connect to localhost on my development machine with my iPad using wifi.
The webserver integrated in Visual studio.
Using ip number I get from ipconfig.
192.168.1.84:1144
I'm receiving http 400 error.
I've added port 1144 as TCP/IP port on firewall.
Anybody knows what I'm doing wrong?
does your machine have a static IP? with DHCP enabled, the ip of your machine keeps changing every now and then, so it might be the case that the address provided is no longer available!!
disconnect and reconnect to your network, then run ipconfig again and check if the IP has changed, if it has, then DHCP is enabled...

TCP/IP connection timed out

I wrote a java program of TCP/IP Client which is supposed to read data from TCPIP server device.
Problem is when I give the IP and Port of the Device, java gives error of "Connection Time out". Obviously this is problem of not connecting to that Device.
I want to know if there is way to know where the problem is? Whether that TCPIP server device is not reachable (if no, then how to check it )
whether Its the router / network issue that TCPIP Client and Server has to be on same network or use same router to communicate. OR Just IP:Port is enough.
How on my computer may I know that TCPIP server device is turned on and streaming??
P.S. That TCPIP Server device can also be connected with blutooth connection. can i read streaming through blutooth in Java?? if yes what/How should I do it?
I want to know if there is way to know where the problem is? Whether
that TCPIP server device is not reachable (if no, then how to check it
)
Use telnet from the client - it will try to connect to the remote server at the port that you specify. For example telnet google.com 80 attempts to reach google.com on port 80. You could also use an IP address in place of "google.com". If you are on a windows box, you might have to enable telnet first.
You can also use netstat on the server. It should say the ports that are currently open and the state that they are in. For example, your Java server program should be listening on the port, so the state should say LISTEN.

Open website via computer IP address while running tomcat locally with a router?

I'm working on a website for a friend, developing using Eclipse/Tomcat. I'm running it locally and trying to open it via my internet port IP address, but I can't get it to work. The computer I am running it from is connected to a router, so it is running off of 192.168.1.4, and http://192.168.1.4:8080/Mobile_Site/index.jsp works. However when I try and open it via my internet port IP, http://67.xxx.244.xx:8080/Mobile_Site/index.jsp it doesn't find it from any device, even outside my local network. Is there a way to send the link when running locally when connected to a router?
You have to configure your router port forwarding (or virtual servers depending on the router) to forward TCP connections from 67.xxx.244.xx:NNNN to 192.168.1.4:8080.
Then you give the 67.xxx.244.xx:NNNN address to your friend.
Note: NNNN at your router doesn't need to be 8080, as long as the port forwarding is set properly.

How to make Sun NFS works over Cisco ASA VPN connection with minimum ports opened?

I did a test of NFS service over Cisco ASA 5505 firewall.
With normal interface default ACL, which is "permit ip any any" on inside interface (Level 100), "deny ip any any" on outside interface (level 0). NFS server is connected to outside interface. Everything works great. By look at the the packets go through, I can see inside PC call NFS server's 111 port, negotiate a port using portmap. Finished this TCP connection. Then NFS server (outside PC) use the negotiated port to connect to inside PC and transfers data. Cisco ASA firewall keep TCP states very well and "remembered" the negotiated port, thus let outside PC using this port to talk to inside PC even the outside ACL is "deny ip any any". The firewall is fully stateful, every thing is great so far.
However, as long as I connected the NFS server (outside PC) to Cisco ASA firewall using VPN. Everything changed. By look at the packets, NFS can still go through firewall and negotiate a port by portmap. While after this TCP session is over. Firewall FORGET the negotiated port and block the outside PC using negotiated port to talk back to inside PC.
With or without VPN is the only change. There is just one ACL, on inside interface, permit ip any any. The NFS server is set to can be access from any subnet. There is no NAT and no service-policies setup on this firewall.
Can anyone please explain why Cisco Firewall rules is not "stateful" anymore over VPN? Is it designed to be? What is the best way to let NFS working over VPN without open a range of dynamical ports on outside interface?
One of the strong sides on NFSv4.0 is firewall friendly. No port map required. You need only single TCP port 2049 to be opened. All operations which have have a state on the server require client to send a heard bit, which is typically ~ 90 seconds. We you is in your firewalled setup and quite happy with it.

Resources