Port Forwarding problems

[Hanscento]

hi

i have a server with windows server 2019 and connectify Hotspot/Dispatch PRO installed, my problem is that even if i disable the windows firewall i can remotly access the server only via LAN, if i forward a port like 22 (which is the one that i need), from external network it is not reachable, i think that the problem may be Connectify Driver but i'm not sure.

Some advice?

PS i have other servers that uses ports too, i have tested port 221 on another and it worked so i'm sure the problem is the Computer that i have described before

[Master Disaster]

Are you forwarding the port through both the Router firewall and Windows built in firewall? With Windows you can allow access by port or by app name, either works in my experience.

 

Never mind, turns out I no english read good

[Hanscento]

1 minute ago, Master Disaster said:

Are you forwarding the port through both the Router firewall and Windows built in firewall? With Windows you can allow access by port or by app name, either works in my experience.

Yeah, absolutely, for testing purposes I have even disabled windows firewall.

[Master Disaster]

23 minutes ago, Hanscento said:

Yeah, absolutely for testing purposes I have even disabled windows firewall.

Apologies, for what ever reason I totally skipped over the part in your OP where you said as much.

 

To test your theory try forwarding a Windows/different service to the net (RDP, IIS or even Apache/NGINX) and see if you can access that remotely.

 

I'm sure I'm preaching to the choir here but don't leave RDP public facing for long. Its fine for a quick test but leaving RDP exposed to the net is generally bad practice (unless you have a very specific reason).

 

Edit RDP is 3389 and I believe IIS runs on the default http port of 80. A nice quick test would be FTP (21) or SSH (22), both can be set up quickly without a server reboot. OpenSSH is great for Windows.

[Hanscento]

6 minutes ago, Master Disaster said:

Apologies, for what ever reason I totally skipped over the part in your OP where you said as much.

 

To test your theory try forwarding a Windows service to the net (RDP, IIS or even Apache/NGINX) and see if you can access that remotely.

 

I'm sure I'm preaching to the choir here but don't leave RDP public facing for long. Its fine for a quick test but leaving RDP exposed to the net is generally bad practice (unless you have a very specific reason).

I have tried with RDP, but don’t work either

[Master Disaster]

Calling @Eigenvektorand @leadeaterto theatre 1.

 

1 minute ago, Hanscento said:

I have tried with RDP, but don’t work either

That's very strange. I've never heard of Connectify or Dispatch but I'm wondering if there's some kind of double NAT happening? Does that software create virtual subdomains? Also do you have multiple routers or any managed switches on your network?

 

My experience with Windows Server is limited but I've paged 2 people I know are far more knowledgeable than I am

[leadeater]

Some ISP's restricted inbound port access to commonly abused ports like 21, 22, 25, 3389 etc so it may be a case of your ISP blocking it before it even gets to your router. Try setting up a port forward rule that maps an external port number above 1023 to the internal port number of 22 i.e. [external IP]:2222 to [internal IP]:22. Then all you need to do is point your application to the external IP and use port 2222 in the connection settings.

 

If it's working internally you can pretty much rule out the server being the issue which means it has to be related to port forwarding configuration or port filtering done by your ISP.

[Hanscento]

28 minutes ago, leadeater said:

Some ISP's restricted inbound port access to commonly abused ports like 21, 22, 25, 3389 etc so it may be a case of your ISP blocking it before it even gets to your router. Try setting up a port forward rule that maps an external port number above 1023 to the internal port number of 22 i.e. [external IP]:2222 to [internal IP]:22. Then all you need to do is point your application to the external IP and use port 2222 in the connection settings.

 

If it's working internally you can pretty much rule out the server being the issue which means it has to be related to port forwarding configuration or port filtering done by your ISP.

I’ll try but on other pc on the same LAN I can use port 22 so I don’t think that is neither my ISP or my router

[Eigenvektor]

4 hours ago, Hanscento said:

I’ll try but on other pc on the same LAN I can use port 22 so I don’t think that is neither my ISP or my router

So you can forward port 22 to that other PC and reach it from outside, but it doesn't work on the Windows server? Or am I misunderstand something?

[Hanscento]

Just now, Eigenvektor said:

So you can forward port 22 to that other PC and reach it from outside, but it doesn't work on the Windows server? Or am I misunderstand something?

no maybe I said that badly however 

i have 2 servers with windows server 2019 and i need port 22 on one of those, but the server that i need have also Connectify installed (maybe that is not important but i tell you) if i forward port 22 to the server with connectify i can't reach it from outside the network, if i forward the port to the other server which do NOT have connectify installed i can reach it from outside the network.

i have also VNC installed on both and the same issue appear again (obviusly i use different ports for VNC and when i switch pc for testing port 22 i remove the forwarding in the router )

PS i use the same software on both the only difference is Connectify

[Master Disaster]

Can you explain what Connectify is/does?

[Hanscento]

1 minute ago, Master Disaster said:

Can you explain what Connectify is/does?

Connectify act like a Router/Hotspot so NAT (without the possibility to port forward)  and also does link aggregation.

my theory is that Connectify act as a firewall also in the pc where it is installed.

[Eigenvektor]

45 minutes ago, Hanscento said:

Connectify act like a Router/Hotspot so NAT (without the possibility to port forward)  and also does link aggregation.

my theory is that Connectify act as a firewall also in the pc where it is installed.

Yep, that seems to be true. Here's a page from their support pages: https://support.connectify.me/article/206-command-line

Search for "firewall". But it doesn't look like you can configure too many options.

 

You could try the steps from here, to see if port 22 is shown as listening and whether the Windows firewall reports dropped packets when you try to connect:

https://serverfault.com/a/26581

[Hanscento]

5 minutes ago, Eigenvektor said:

Yep, that seems to be true. Here's a page from their support pages: https://support.connectify.me/article/206-command-line

Search for "firewall". But it doesn't look like you can configure too many options.

 

You could try the steps from here, to see if port 22 is shown as listening and whether the Windows firewall reports dropped packets when you try to connect:

https://serverfault.com/a/26581

ok thank you.

Connectify is not so important for me so i think i will unistall it from my server and put it on another pc that i don't care about

thank you again and have a good day.

bye