Discussion:
O/T: help! - port forwarding problem
David McNab
2011-04-04 20:18:48 UTC
Permalink
Hi all,

I've got a LAN behind a Dynalink ADSL2+ router, model RTA1320V6 (issued
by Telstra Clear).

I'm wanting to open up various ports in the router, to forward inbound
connections to my Debian workstation.

I've opened up ports 80, 21 and 5901, and on the router web interface
'virtual servers' page, they all show up as being open and forwarding
inbound TCP and UDP to my workstation.

However, while connections to ports 80 and 21 go through ok, connections
to 5901 hang in mid-air.

I've verified this by shutting down all servers, and using instances
'nc' in listen mode on these three ports.

Across the LAN, I can connect to 5901. But from the outer internet, I
can't.

Telstra Clear insist that they're not blocking off any inbound
connections. The Dynalink modem insists it's forwarding the connections.
But nothing happens.

Can anyone please suggest how I might track this issue down and fix it?

Cheers
David



_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Reed Wade
2011-04-04 20:39:32 UTC
Permalink
The first step would be to remove the router from the mix and connect
the line directly to your machine and see if you get any port 5901
traffic.

I don't have any specific knowledge about TelstraClear blocking 5901
but that's almost certainly what the problem will turn out to be.

-reed
Post by David McNab
Hi all,
I've got a LAN behind a Dynalink ADSL2+ router, model RTA1320V6 (issued
by Telstra Clear).
I'm wanting to open up various ports in the router, to forward inbound
connections to my Debian workstation.
I've opened up ports 80, 21 and 5901, and on the router web interface
'virtual servers' page, they all show up as being open and forwarding
inbound TCP and UDP to my workstation.
However, while connections to ports 80 and 21 go through ok, connections
to 5901 hang in mid-air.
I've verified this by shutting down all servers, and using instances
'nc' in listen mode on these three ports.
Across the LAN, I can connect to 5901. But from the outer internet, I
can't.
Telstra Clear insist that they're not blocking off any inbound
connections. The Dynalink modem insists it's forwarding the connections.
But nothing happens.
Can anyone please suggest how I might track this issue down and fix it?
Cheers
David
_______________________________________________
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Nevyn
2011-04-04 20:57:46 UTC
Permalink
Post by Reed Wade
The first step would be to remove the router from the mix and connect
the line directly to your machine and see if you get any port 5901
traffic.
I don't have any specific knowledge about TelstraClear blocking 5901
but that's almost certainly what the problem will turn out to be.
-reed
Quick question: What are you running on 5091? I ask because it seems
to be a port commonly used for SCTP which I'm guessing the router
might not support? Of course I'm probably completely wrong. My own
networking knowledge goes as far as to describe the 7 layers as "the 7
levels of hell". i.e. Never bothered to learn much beyond "this isn't
something I want to learn"

Regards,
Nevyn
http://nevsramblings.blogspot.com/

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Mark Foster
2011-04-04 21:25:36 UTC
Permalink
Post by Nevyn
Post by Reed Wade
The first step would be to remove the router from the mix and connect
the line directly to your machine and see if you get any port 5901
traffic.
I don't have any specific knowledge about TelstraClear blocking 5901
but that's almost certainly what the problem will turn out to be.
-reed
Quick question: What are you running on 5091? I ask because it seems
to be a port commonly used for SCTP which I'm guessing the router
might not support? Of course I'm probably completely wrong. My own
networking knowledge goes as far as to describe the 7 layers as "the 7
levels of hell". i.e. Never bothered to learn much beyond "this isn't
something I want to learn"
1) 5091 != 5901. 5901 is typical VNC (well, 5900 first, then add 1 for
each session in sequence).

2) If your router permits it, bind 5901 internally to another port
externally that you know works - say Port 80 temporarily (eliminates TCL's
network blocking the port - but I don't believe they would block it
anyway)

3) If you have the option, try another router, to eliminate your router
itself as the problem

4) Bind Remote Desktop/VNC to another port entirely both inside and
outside, see what happens

5) Ask your ISP helpdesk, as they will no doubt have reference material
and experience with rigging pinholes through NAT routers.

This is indeed offtopic....


Mark.

_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Bruce Clement
2011-04-04 21:25:57 UTC
Permalink
On Tue, Apr 5, 2011 at 8:18 AM, David McNab <***@rebirthing.co.nz> wrote:
[...]
Post by David McNab
Across the LAN, I can connect to 5901. But from the outer internet, I
can't.
Telstra Clear insist that they're not blocking off any inbound
connections. The Dynalink modem insists it's forwarding the connections.
Are you testing incoming connections on 5901 from within Telstra Clear or
from a user on another ISP? If it is Telstra Clear are you sure your traffic
remains within their network for its entire trip? Is it possible that the
other ISP is blocking 5901 for some reason?
--
Bruce Clement

Home: http://www.clement.co.nz/
Twitter: http://twitter.com/Bruce_Clement
Directory: http://www.searchme.co.nz/

"Before attempting to create something new, it is vital to have a good
appreciation of everything that already exists in this field." Mikhail
Kalashnikov
_______________________________________________
NZLUG mailing list ***@linux.net.nz
http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
Loading...