Port forwarding hell

[Shadow_Storm56]

So I have 2 levels of network to open ports in, My bell box has a router built in which I opened the ports, then my asus router I opened the ports. All seems good except the ports are still not showing as open even when I checked on my website pc which is directly connected to the bell router and has some ports open for it they were still showing as closed on the online tests. So here is my question....how do you open ports when port forwarding does not open them ? 

[beersykins]

Did you port forward from router 1 to router 2, and then port forward from router 2 to your host?  What about firewall policies on the host?

[Shadow_Storm56]

1 hour ago, beersykins said:

Did you port forward from router 1 to router 2, and then port forward from router 2 to your host?  What about firewall policies on the host?

No I just left the source IP blank so it should just be open. It's for black ops so there is no specific host IP for me to forward To. Forwarding from one router to the other would help

 

[beersykins]

If you leave it blank it's never going to work lol.  

 

On the bell device try putting your Asus as the dmz and then use upnp on your inside network to dynamically open ports for black ops.

[Shadow_Storm56]

10 minutes ago, beersykins said:

If you leave it blank it's never going to work lol.  

 

On the bell device try putting your Asus as the dmz and then use upnp on your inside network to dynamically open ports for black ops.

What happend to the old days when you could just open a port put in the ip of the computer and not have to put in the ip of the connecting computer. How would a minecraft server work then as you would have to enter the IP address of all the computers that were going to connect. Or did you think I meant leave the IP blank in general because I have the option of source ip and destination ip I left the one blank that should be able to be anything 

[Alex Atkin UK]

7 hours ago, Shadow_Storm56 said:

What happend to the old days when you could just open a port put in the ip of the computer and not have to put in the ip of the connecting computer. How would a minecraft server work then as you would have to enter the IP address of all the computers that were going to connect. Or did you think I meant leave the IP blank in general because I have the option of source ip and destination ip I left the one blank that should be able to be anything 

Those days are still here, if you don't do something none-standard and have two routers causing a double-NAT.

[Shadow_Storm56]

1 hour ago, Alex Atkin UK said:

Those days are still here, if you don't do something none-standard and have two routers causing a double-NAT.

It's a bell fibre thing.... you can't not have their router but I need really high power to get it to whare I need so I can't use there wifi router for it. Thus 2 routers, I also don't think I can disable their  built in router and I doubt it will handel managing a network with 40 to 60 devices

[Alex Atkin UK]

Have you Googled to see if bridge mode is available?

[Shadow_Storm56]

21 minutes ago, Alex Atkin UK said:

Have you Googled to see if bridge mode is available?

No but considering the bell modem controls all the TVs and stuff I don't think I can bridge it. I put the main router in DMZ so it's outside of the bell one 

[Alex Atkin UK]

Not necessarily, the TV and Internet will be on different VLANs.

Is this relevant? http://blog.ngpixel.com/post/104449747538/how-to-bypass-bell-fibe-hub-and-use-your-own-router

[beersykins]

16 hours ago, Shadow_Storm56 said:

How would a minecraft server work then as you would have to enter the IP address of all the computers that were going to connect

You're thinking in the wrong direction.  Are you familiar with why port forwarding even exists?  Your router simply needs to know which internal host to forward inbound connections to on that particular port from the internet, which would be a single statement for the server.

[Donut417]

13 hours ago, Shadow_Storm56 said:

It's a bell fibre thing.... you can't not have their router but I need really high power to get it to whare I need so I can't use there wifi router for it. Thus 2 routers, I also don't think I can disable their  built in router and I doubt it will handel managing a network with 40 to 60 devices

Have you considered putting the Second router in AP mode? Thus eliminating the need for double NAT. 

[MangetsuNeko]

1 hour ago, Donut417 said:

Have you considered putting the Second router in AP mode? Thus eliminating the need for double NAT. 

I was thinking this same thing... If you can just configure your Asus router so that it is acting as an access point, then you shouldn't have to worry anymore about being double-NAT'ed. If it doesn't have an exclusive mode for this, try disabling DHCP server and assign a static IP to it that is on the same network as your Bell Fibre router and is also reserved on the Bell Fibre router or exluded from its DHCP range so that you do not risk an IP Conflict. Not 100% sure this would work, but you could try.

[AbsoluteFool]

On 11/4/2018 at 9:11 PM, Shadow_Storm56 said:

What happend to the old days when you could just open a port put in the ip of the computer and not have to put in the ip of the connecting computer. How would a minecraft server work then as you would have to enter the IP address of all the computers that were going to connect. Or did you think I meant leave the IP blank in general because I have the option of source ip and destination ip I left the one blank that should be able to be anything 

Add the ip of every computer that's gonna connect? You just add the IP of the server itself. not the clients. Your mess is using two routers instead of having one of them in bridge mode.

[Shadow_Storm56]

42 minutes ago, AbsoluteFool said:

Add the ip of every computer that's gonna connect? You just add the IP of the server itself. not the clients. Your mess is using two routers instead of having one of them in bridge mode.

Yea that's what I thought. Well if I could bridge it and just use the asus router I would 

[Shadow_Storm56]

1 hour ago, MangetsuNeko said:

I was thinking this same thing... If you can just configure your Asus router so that it is acting as an access point, then you shouldn't have to worry anymore about being double-NAT'ed. If it doesn't have an exclusive mode for this, try disabling DHCP server and assign a static IP to it that is on the same network as your Bell Fibre router and is also reserved on the Bell Fibre router or exluded from its DHCP range so that you do not risk an IP Conflict. Not 100% sure this would work, but you could try.

It would but then the little fibre op router would be in charge  of the 40 to 60 devices 

[Alex Atkin UK]

On 11/5/2018 at 9:44 PM, Shadow_Storm56 said:

It would but then the little fibre op router would be in charge  of the 40 to 60 devices 

Which might be okay, it would at least not have the WiFi to deal with and only one set of port forwards.

Don't forget, with double-NAT you aren't really relieving that much off the main router anyway as its STILL performing NAT for those 60 devices, they just all point to the second router.  A big reason for having your own router is because the main routers NAT can't cope with so many clients, but in a double-NAT you are still subject to any NAT limit of the main router.

 

The only benefits would be static routes routes, running a VPN on the router so its integrated into the main routing table, better control of your static DHCP leases and QoS.  Any flaws with port forwarding in the main router would still be a problem unless you bridge it or have enough public IP addresses to use it as a proper WAN side router.

If you aren't doing any of those things, double-NAT is just adding more latency and complication to the connection.