can't open ports:solved

[aBattleBorn]

hello guys, first of all, let me apology for my English.

For some reason I can't open any port on my router.

I switched my ISP modem hoping it would help to solve the problem but still nothing, what am I missing?(picture included, De-Militarized Zone enabled port forwarding rule is enabled)

thanks in advance.

 

 

edit: after talking with about 7 different isp representative i had the luck of talking with a good one that took me out of the nat so now i am getting the same public IP address for my dg

 

[badreg]

Two things:

1. Don't turn on DMZ unless you have a very specific reason to do so. It's dangerous if you don't know what you're doing.

2. The ports are forwarded, but do you actually have a running server listening on those ports? If not, incoming requests are rejected and will appear as if they're closed.

[Windows7ge]

How is internet provided to your home? Fiber? Coax? DSL? LTE?

 

How is your network setup? Do you have a Router connected to your Modem? Is it a Modem/Router combo? Something to watch out for is Double NAT.

[aBattleBorn]

19 hours ago, Windows7ge said:

How is internet provided to your home? Fiber? Coax? DSL? LTE?

 

How is your network setup? Do you have a Router connected to your Modem? Is it a Modem/Router combo? Something to watch out for is Double NAT.

coax.

and I usually have the isp router set to bridging which is than connected to my private router: Synology rt2600ac, but for now, because I am trying to troubleshoot this problem I am using my isp router as router and my Synology as an access point.

when I am using my Synology router and isp is set to bridging my isp modem is leasing a non-private IP address: 100.X.X.X/20(carrier-grade nat) and than my DG for the Synology router is the isp modem.

I have set up both port forwarding and firewall role for the port I want to access from outside my LAN, but nothing. even when i am using my ISP router I still can't open ports.

Do you think that my ISP is using 2 NAT'S for some reason?

 

thanks for your response

19 hours ago, badreg said:

Two things:

1. Don't turn on DMZ unless you have a very specific reason to do so. It's dangerous if you don't know what you're doing.

2. The ports are forwarded, but do you actually have a running server listening on those ports? If not, incoming requests are rejected and will appear as if they're closed.

1.i know,just set DMZ as part of troubleshooting attemps .

2.yea,if you look at my right monitor you see i have a program open that is listening to the same port i am trying to access.

 

thanks for your response

[Sir Asvald]

20 hours ago, aBattleBorn said:

hello guys, first of all, let me apology for my English.

For some reason I can't open any port on my router.

I switched my ISP modem hoping it would help to solve the problem but still nothing, what am I missing?(picture included, De-Militarized Zone enabled port forwarding rule is enabled)

thanks in advance.

 

You've entered the number 135 in the router settings. Shouldn't it be 136 on local and external ports?

[Windows7ge]

3 minutes ago, aBattleBorn said:

coax.

and I usually have the isp router set to bridging which is than connected to my private router: Synology rt2600ac, but for now, because I am trying to troubleshoot this problem I am using my isp router as router and my Synology as an access point.

when I am using my Synology router and isp is set to bridging my isp modem is leasing a non-private IP address: 100.X.X.X/20(carrier-grade nat) and than my DG for the Synology router is the isp modem.

I have set up both port forwarding and firewall role for the port I want to access from outside my LAN, but nothing. even when i am using my ISP router I still can't open ports.

Do you think that my ISP is using 2 NAT'S for some reason?

If your ISP puts you behind NAT64-CGN then Port Forwarding is basically a non-option but I've not heard of this with a Coax based WAN. It's most common with LTE connections.

 

If you can't Port Forward when directly connected to the main modem/router with Bridged Mode disabled then you'll have to call your ISP and ask if it's even an option. Most of the time when it's something that's easily fixable it's either because of a Double NAT or user mis-configuration.

1. You've eliminated Double NAT as even being a possibility.
2. I assume you've configured Port Forwarding correctly (it's not complicated).

May need to talk to them. If they have you behind their own Router then you're basically SOL. Have to get a different ISP.

[aBattleBorn]

2 minutes ago, Windows7ge said:

If your ISP puts you behind NAT64-CGN then Port Forwarding is basically a non-option but I've not heard of this with a Coax based WAN. It's most common with LTE connections.

 

If you can't Port Forward when directly connected to the main modem/router with Bridged Mode disabled then you'll have to call your ISP and ask if it's even an option. Most of the time when it's something that's easily fixable it's either because of a Double NAT or user mis-configuration.

1. You've eliminated Double NAT as even being a possibility.
2. I assume you've configured Port Forwarding correctly (it's not complicated).

May need to talk to them. If they have you behind their own Router then you're basically SOL. Have to get a different ISP.

I see, the thing is I talked to 4 different representatives and none of them really helped or knew to give answers to my questions, guess ill have to switch ISP.

thank you very much for your help,i really appreciate it.

have a good one.

10 minutes ago, Abdul201588 said:

You've entered the number 135 in the router settings. Shouldn't it be 136 on local and external ports?

it is a port range, in this particular rule port range 135-1124 should be open.

[Windows7ge]

1 minute ago, aBattleBorn said:

it is a port range, in this particular rule port range 135-1124 should be open.

Um...most people need to open 1,2,3 maybe 5 ports if they're hosting a couple of game servers, a File Server, or hosting a VPN but what could you possibly be doing to need to open 990 ports?

[aBattleBorn]

On 1/31/2020 at 7:36 PM, Windows7ge said:

Um...most people need to open 1,2,3 maybe 5 ports if they're hosting a couple of game servers, a File Server, or hosting a VPN but what could you possibly be doing to need to open 990 ports?

im just lazy lol.

i need 3 ports open(ssl vpn for synology vpn web login vpn and rdp from anywhere) which all happen to be some where in this range.

[Windows7ge]

2 minutes ago, aBattleBorn said:

im just lazy lol.

i need 3 ports open(ssl vpn for synology vpn web login vpn and rdp from anywhere) which all happen to be some where in this range.

You should really consider putting in the effort. Opening ports to your network is like leaving your front door unlocked. Whatever happens to come to it you have to make sure someone is there to greet them. If you've just opened a huge spectrum of ports that's like leaving every door window and vent in your home open. The server those ports point to is now vulnerable to an attack on all 990 ports. If any exploitable protocol happens to exist on one of those ports the server could be compromised entirely unnecessarily.

 

Port Forwarding is an exception list to your Routers firewall. Punching 990 holes in it is asking for trouble. Only open the ones you need.

[mtz_federico]

check if the wan ip on your router is the same as the one you get using an online ip checker like ipchicken.com to see if youa re behind carrier grade NAT

[beersykins]

Probably Windows Firewall.  Also you don't need extra port forwarding rules if using the DMZ function, since that will forward any unassigned  inbound connection to your PC, but I'd only forward the VPN service and connect via that to the rest of your network.

 

Exposing RPC (TCP 135) is dumb.