Recent Posts

Pages: [1] 2 3 ... 10
1
Port Forwarding / Re: Fritz!Box 6490 Cable not listed in SPF Pro v3.8.5
« Last post by trpted on February 04, 2019, 07:51:14 AM »
ISO language name = English. Native name (endonym) = English. 639-1 = en. 639-2/T = eng. 639-2/B. = eng. 639-3 = eng

I posted at (DSLR) -> Forums → Broadband and Networking → Networking → What if I have IPv6 w/DS-Lite (how to allow users to connect to me)?

Quote
While I like helping people, this one puzzles me.

They have IPv6, they are using DS-Lite and they want to allow users from the Internet to connect to them.

How does one do that?

Please and thank you

PS. Note the subject line is what it is because, it can only allow a certain number of characters.

and got answers (back in english, since that is the native language that I speak/type/understand) that will help you solve your issue, since you have IPv6 via DS-Lite and you want to allow users from the net to connect to you.

I got a the list of ISO codes from https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes

Powered by https://translate.google.com/

PS. Good luck

---

Name der ISO-Sprache = German. Geburtsname (Endonym) = Deutsch. 639. = de. 639-2/T = deu. 639-2/B = ger. 639-3 = deu

Ich habe am gepostet I posted at (DSLR) -> Forums → Broadband and Networking → Networking → What if I have IPv6 w/DS-Lite (how to allow users to connect to me)?

Quote

Während ich gerne Menschen helfe, rätselt es mich hier.

Sie haben IPv6, verwenden DS-Lite und möchten Benutzern aus dem Internet die Verbindung mit ihnen ermöglichen.

Wie macht man das?

Bitte und Danke

PS. Beachten Sie, dass die Betreffzeile so ist, weil sie nur eine bestimmte Anzahl von Zeichen zulässt.

und bekam Antworten (zurück in Englisch, da dies die Muttersprache ist, die ich spreche / schreibe / verstehe), die Ihnen helfen wird, Ihr Problem zu lösen, da Sie IPv6 über DS-Lite haben und Benutzern aus dem Internet die Verbindung ermöglichen möchten Sie.

Ich habe eine Liste der ISO-Codes von bekommen https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes

Unterstützt von https://translate.google.com/

PS. Viel Glück
2
Not sure because there is not enough info.

#1 Is access, via:

telnet?

SSH?

#2 You did not include the IP Address of the router.

ie..

a) cmd - > ipconfig /all.

b) Goes to the default gateway IP Address.

c) Log-ins with user name and password.

d) Goes to the status page.
3
Port Forwarding / Fritz!Box 6490 Cable not listed in SPF Pro v3.8.5
« Last post by 60erHarry on February 02, 2019, 03:20:09 AM »
Hello ;)
First of all: I`m a german and my english is very bad - so sorry for mistakes  :shy:

I have to open the port 50003 for bittorrent in my Router, Fritz!Box 6490 Cable but all i tryed failed  :undecided:
I`d opened the Fritz!Box, the Firewall-prog, The Windows-FW - all failed, i`m not reachable, no connection fom outside.
 I made screenshots for all these s*** and I hope anybody has a solution for this problem.

greetz
60erHarry
4
(Program) Router Screen Capture / could you help me giving a batch file for this task
« Last post by jraju on January 30, 2019, 06:00:23 PM »
Hi, i want to know the router status page details in the desktop
No , i am taking a long route of going to cmd as admin and thenpress Enter Key
the command screen closes to open another screen
userid: i supply the user id admin I then press Enter
it prompts for password, i enter password
the prompt goes to a dollar sign $ of which i do not know
just i type "show status"  and Enter key   and i iget the
router stas like date of firmware date, present date, adsl mode and speed parameters.
Now i want this as a batch file to be included in the task scheduler
I hope to receive the batch file as quick as possible
Shane or others plese provide the batch file
i am newbie to script writing.
5
(Program) Simple Port Tester / Re: port forwading not working HG8121H
« Last post by trpted on January 10, 2019, 07:57:18 AM »
Let us do this step by step. Starting off with pre-checks.

********************** Pre-check item one  **********************

#1 Most ISP have a TOS ( Terms Of Service )

#2 You need to find that TOS for your ISP.

#3 If your ISP does not say anything that you can not to run any servers of any kind - green light.

#4 If your ISP does not allow you to run any servers of any kind - yellow light.

-> Be sure to know the risk of running any kind of server.

-> You have to decide is worth the risk or not, based upon...

a) ..how easy you can get another ISP to serve you - for example.

b) ..how much does it cost to upgrade the type of account that you have with your ISP. Example from regular consumer to gaming or business plan.

********************** Pre-check item two  **********************

#1 As how to check what the IP Address is/are, Subnet Mask is/are, Default Gateway is, MAC Address(es) is/are, DNS Server(s) are of your computer, it depends on the OS and Version.

#2 Note: This example assumes that you are on Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 or Windows 10

a) Press the Windows Start key to open the Start screen.

b) Type cmd and press Enter to launch the command prompt.

Note: You do not need to click on anything on the Start screen—typing will automatically initiate a program search.

c) Type ipconfig /all at the command prompt to check the network card settings.

d) If not on Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 or Windows 10 and you do not know how to check that network info - then post what is your OS and Version is.

#4 You need to make sure that the Default Gateway on your computer is the same LAN IP as your NAT router.

************* Pre-check item three  ***************

#1 Go to http://ipv4.whatismyv6.com/

#2 On that web page is the non bogan IPv4 (Public) Address that users from Internet use to connect to you.

#3 In your NAT router, somewhere in there you must have the same non bogan IP Address.

Example non bogan IP Address is 999.888.777.666, but in the NAT router the WAN IP is 10.0.0.100 - this is not ok.

#4 Important note: This is not to say that the non bogan IP Address has to be Static.

Example yesterday's IP Address was 999.888.777.666 and today's IP Address is 999.888.777.555 - this is ok.

#5 If the WAN IP in the NAT router does not match the true WAN IP, well it matters what the WAN IP in the NAT router is.

a) If the WAN IP is from 100.64.0.0 - 100.127.255.255, then CGNAT/NAT444/LSN is present.

Quote

If you want more details about CGNAT/NAT444/LSN, you can look at

http://en.wikipedia.org/wiki/Carrier-grade_NAT

The possible fixes to fix your issue if CGNAT/NAT444/LSN is present.

#1 Have them in their NAT router forward the ports to the WAN IP of your NAT router..

#2 Upgrading the type of plan that you are on with your ISP so that you get a non bogan WAN IP Address.

For example if you are a Residential Service Plan, consider going to a Business Service Plan.

#3 Consider switching to another ISP that can give you you a non bogan WAN IP Address.

#4 For the long term future, get IPv6 working.


b) If the WAN IP is one of the RFC 1918 IPs (Meaning 10.0.0.0 to 10.255.255.255, from 172.16.0.0 to 172.31.255.255 OR from 192.168.0.0 to 192.168.255.255) and if your NAT router is a RJ-45 WAN port router:

Step 1: Physically find your NAT Router

Step 2: Find the WAN port of it.

Info: WAN port could be called Internet or To Modem or To ONT port.

Step 3: Report back what the brand and model of the device that is connected at the other end of the wire that is connected to the WAN port of the NAT router.

c) If the WAN IP is one of the RFC 1918 IPs and if your NAT router is NOT a RJ-45 WAN port router, then CGNAT/NAT444/LSN is present (See fix above if the case).

d) If the WAN IP is one of the RFC 1918 IPs  if your NAT router is a gateway NAT router, it matters how it is connected to the Internet (RJ-45 WAN port or acting a modem combo).

e) If the WAN IP is one of the RFC 1918 IPs and you do not know the type of NAT router yours is, it would help to know the brand and model it is - if you did not post already.

Since you posted the brand and model of your router, it (HG8121H) is a modem combo.

f) If the WAN IP was not any of those, it would be a good idea to check to see how the non bogan IP Address is not the same (and not NAT). If you need help finding why that is, you are to asking for help doing so.

g) Updating copy and paste info. If there is more than one WAN IP, that is fine as long as one of them matches.

In your case not one of the WAN IPs match. One is 10.x.x.x and the other is 172.16.x.x

************* Pre-check item four  ***************

When forwarding manually remember to forward to your local IP Address, that is unless you are trying to forward some other computer (example to Xbox)

So if you get output...

IP Address 192.168.1.6
Subnet Mask 255.255.255.0
Default Gateway 192.168.1.1
At least one DNS 192.168.1.1

-> you would forward to 192.168.1.6

*** Rest of directions **

#1 if asked for a remote/source IP Address it goes like this.

a) Let us say that the fictional IP Address of 999.888.777.666 existed ( I can assure it does not as IPv4 is only 0.0.0.0 to 255.255.255.255 and IPv6 is all hex with colons between ), it was mine, I did not share my connection with others (parents/son/daughter), and you wanted to only allow me to connect through your NAT router to your computer - then it case you would type in 999.888.777.666

b) If you do not want to only allow only a certain IP Address (OR IP Address Range) to connect to you, it has to be either blank (not filled in) OR if you can not leave it blank then it has to be 0.0.0.0

#2 From DSLR (dslreports.com) -> Forums -> Broadband and Networking -> Networking -> How to know if ports are reaching my computer from outside the post by DSLR user mackey (user # 1479488) on 2015-Sep-24 at 8:05 pm - if you wanted to test port 5154, besides using an inbound client side port checker:

Quote
Run tcpdump (`tcpdump -p -n -i <interface> port 5154` would be a good command to start with). If you see incoming TCP SYN packets (not SYN/ACK), or incoming UDP packets from an IP which did not have an outgoing packet first, then the port is open.

b) For tcpdump on Windows I found this info https://uwnthesis.wordpress.com/2014/05/26/windump-how-to-use-windump-tcpdump-on-windows-7-the-visual-guide/

#3 For a TCP and a UDP port checker you can use https://www.ipfingerprints.com/portscan.php

#4 Using a packet sniffer (like tcpdump = command line / like wireshark = GUI) you should see the traffic from an outside IP address reaching your computer, like I did (when you are forwarding the ports to your computer).

Code: [Select]
    user-name@pc-name:~$ tcpdump -p -n -i eth0 port 5154
    tcpdump: eth0: You don't have permission to capture on that device
    (socket: Operation not permitted)
    user-name@pc-name:~$ sudo tcpdump -p -n -i eth0 port 5154
    [sudo] password for user-name:
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    08:40:24.169428 IP 192.168.2.138.50157 > 192.168.2.255.5154: UDP, length 6
    08:42:15.839461 IP 4.79.142.206.37174 > 192.168.2.138.5154: Flags [S], seq 1464127243, win 8192, options [mss 1460], length 0
    08:49:05.773987 IP 90.145.69.116.51145 > 192.168.2.138.5154: UDP, length 0
    08:49:06.938818 IP 90.145.69.116.36530 > 192.168.2.138.5154: UDP, length 0
    08:57:57.580814 IP 198.199.98.246.42092 > 192.168.2.138.5154: Flags [S], seq 3027635480, win 14600, options [mss 1460,sackOK,TS val 4240686068 ecr 0,nop,wscale 8], length 0
    08:57:57.712334 IP 198.199.98.246.42093 > 192.168.2.138.5154: Flags [S], seq 1267700791, win 14600, options [mss 1460,sackOK,TS val 4240686102 ecr 0,nop,wscale 8], length 0
    08:57:57.840328 IP 198.199.98.246.42095 > 192.168.2.138.5154: Flags [S], seq 1515263633, win 14600, options [mss 1460,sackOK,TS val 4240686134 ecr 0,nop,wscale 8], length 0
    ^C
    7 packets captured
    7 packets received by filter
    0 packets dropped by kernel
    user-name@pc-name:~$


tcpdump -p -n -i eth0 port 5353 or port 8080

**

#5 Some notes about my testing..

a) 192.168.2.138.50157 is from this same computer.

b) As noted at grc.com -> Services -> Shield's Up they own 4.79.142.192 -thru- 4.79.142.207.

c) I believe 198.199.98.246 is from http://www.yougetsignal.com/tools/open-ports/ as it only checks TCP ports.

d) As you can see, I checked port 5154.

#6 The only UDP ports that grc.com checks, that I know of, are:

a) DNS (53) grc.com -> Freeware -> Utilities -> DNS Benchmark -> DNS Spoofability Test Introduction (or grc.com -> Services -> DNS Spoofability Test)

b) Universal Plug n'Play (UPnP) = 1900

https://www.grc.com/port_5000.htm

From grc.com -> Services -> Shield's Up: Click on Proceed and then GRC's Instant UPnP Exposure Test.

#7 Here are some notes about listening:

Quote

a) If you are on Windows I point you to http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/

b) If you are not on Windows (Mac, Unix/Linux), go look lookup listen on port and then your OS name using Google (or your other favorite search engine).

c) If nothing is listening any TCP ports that you check with a web based port checker, then TCP ports does not show up as open.

d) Be advised that you can not have two servers listening on the same the port on the same computer. So for example before you use an inbond-client side port checker you must make sure that uTorrent is not running - which explains on http://portforward.com/softwareguides/utorrent/utorrent.htm that they say

Quote
If uTorrent is currently open, you will need to completely close it at this time. Make sure that the green uTorrent icon is not still hiding in your notification area (next to your clock). If it is, right click on it and choose "Exit". Before moving forward to things like selecting torrents, seeders, and leachers, we need to verify that your port is open. We recommend downloading our free Open Port Check Tool to test if incoming connections are being allowed through your router on your uTorrent Listening Port

e) And generally if the program/app is running that you are trying to forward for, then the server is listening.

#8 Here are some catches about ping:

a) If the server that you forwarded requires that you reply to ping, well then you must enable responding to ping in the NAT router.

b) If the server that you forwarded does not require that you reply to ping, well that depends on another factor..

As to what that other factor is, I point to and quote the post by nwrickert (DSLR user #1070900) in DSLR (dslreports.com) Forums >Broadband Tech > Security > Security > DMZ and portforwarding are equally dangerous? on 2010-08-21 at 13:53:23.
Quote
Quote
While he tells people that responding to ping is dangerous, he replys to ping.

That's a pretty minor point. The reason some people prefer to not respond to ping, is to avoid demonstrating their presence on the net. Gibson has a public site whose presence on the net is well known, so that reason for not responding to ping simply does not apply.

While Steve Gibson does sometimes say some useful things, he mostly seems to be making mountains out of molehills

Note: Sorry for my misspelling, I meant replies.

c) There are certain troubleshooting tools that require that you reply to ping.

For example if you wanted to use the followings tool(s) at DSLR (dslreports.com) -> Tools: Smokeping, Line quality - Ping Test, and for 24x7 Line Monitoring...

d) If the ports are open (this means not just in the NAT router) but the program/app does not work: I have an odd feeling that with this server, you must reply to ping.

#9

You must provide to users from the outside either your non bogan IP Address or DDNS.

What DNS is, here is the simple as possible version as how it works.

Quote
I know of a given domain name. What is their IP Address for that domain?

The first D in DDNS means/allows you to have a domain name the follows your non static non bogan IP Address. Which is a lot easier to provide and normally most people use DNS over the IP Address for the content servers that they want to connect to.. ;)

--

In your case your DDNS info points to 172.16.49.85, which is with-in RFC 1918. I found out what the IP Address is by pinging or by using trace route to the DDNS Host Name.

Code: [Select]
user-name@pc-name:~$ping -c4 jog2134.ddns.net
PING jog2134.ddns.net (172.16.49.85) 56(84) bytes of data.
^C
user-name@pc-name:~$ traceroute google.com
traceroute to google.com (172.217.10.78), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  0.702 ms  27.853 ms  27.830 ms
 2  10.229.240.1 (10.229.240.1)  13.811 ms  14.653 ms  15.480 ms
 3  gateway2-t4-1-ban22sm2-2-dwdmch31.ban.ptd.net (207.44.121.29)  20.192 ms  21.104 ms  22.026 ms
 4  gateway2-be4-nyc122str.nyc1.ptd.net (207.44.112.97)  24.623 ms  23.644 ms  25.421 ms
 5  pni-google.nyc1.ptd.net (207.44.112.2)  31.852 ms  31.058 ms  30.156 ms
 6  108.170.248.33 (108.170.248.33)  32.748 ms 108.170.248.97 (108.170.248.97)  15.687 ms  19.331 ms
 7  216.239.42.165 (216.239.42.165)  18.299 ms  31.988 ms  33.503 ms
 8  lga34s14-in-f14.1e100.net (172.217.10.78)  32.490 ms  30.049 ms  29.145 ms
user-name@pc-name:~$

It is fine during trace route if there is RFC 1918 IP Addresses as long as the WAN IP the router matches. Yes in my case the WAN IP at 192.168.1.1 matches the true WAN IP even while the net hop is also RFC 1918.
6
Program & Tools Requests / Re: port forward program
« Last post by trpted on January 10, 2019, 07:13:35 AM »
Let us do this step by step. Starting off with pre-checks.

********************** Pre-check item one  **********************

#1 Most ISP have a TOS ( Terms Of Service )

#2 You need to find that TOS for your ISP.

#3 If your ISP does not say anything that you can not to run any servers of any kind - green light.

#4 If your ISP does not allow you to run any servers of any kind - yellow light.

-> Be sure to know the risk of running any kind of server.

-> You have to decide is worth the risk or not, based upon...

a) ..how easy you can get another ISP to serve you - for example.

b) ..how much does it cost to upgrade the type of account that you have with your ISP. Example from regular consumer to gaming or business plan.

********************** Pre-check item two  **********************

#1 As how to check what the IP Address is/are, Subnet Mask is/are, Default Gateway is, MAC Address(es) is/are, DNS Server(s) are of your computer, it depends on the OS and Version.

#2 Note: This example assumes that you are on Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 or Windows 10

a) Press the Windows Start key to open the Start screen.

b) Type cmd and press Enter to launch the command prompt.

Note: You do not need to click on anything on the Start screen—typing will automatically initiate a program search.

c) Type ipconfig /all at the command prompt to check the network card settings.

d) If not on Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8 or Windows 10 and you do not know how to check that network info - then post what is your OS and Version is.

#4 You need to make sure that the Default Gateway on your computer is the same LAN IP as your NAT router.

************* Pre-check item three  ***************

#1 Go to http://ipv4.whatismyv6.com/

#2 On that web page is the non bogan IPv4 (Public) Address that users from Internet use to connect to you.

#3 In your NAT router, somewhere in there you must have the same non bogan IP Address.

Example non bogan IP Address is 999.888.777.666, but in the NAT router the WAN IP is 10.0.0.100 - this is not ok.

#4 Important note: This is not to say that the non bogan IP Address has to be Static.

Example yesterday's IP Address was 999.888.777.666 and today's IP Address is 999.888.777.555 - this is ok.

#5 If the WAN IP in the NAT router does not match the true WAN IP, well it matters what the WAN IP in the NAT router is.

a) If the WAN IP is from 100.64.0.0 - 100.127.255.255, then CGNAT/NAT444/LSN is present.

Quote

If you want more details about CGNAT/NAT444/LSN, you can look at

http://en.wikipedia.org/wiki/Carrier-grade_NAT

The possible fixes to fix your issue if CGNAT/NAT444/LSN is present.

#1 Have them in their NAT router forward the ports to the WAN IP of your NAT router..

#2 Upgrading the type of plan that you are on with your ISP so that you get a non bogan WAN IP Address.

For example if you are a Residential Service Plan, consider going to a Business Service Plan.

#3 Consider switching to another ISP that can give you you a non bogan WAN IP Address.

#4 For the long term future, get IPv6 working.


b) If the WAN IP is one of the RFC 1918 IPs (Meaning 10.0.0.0 to 10.255.255.255, from 172.16.0.0 to 172.31.255.255 OR from 192.168.0.0 to 192.168.255.255) and if your NAT router is a RJ-45 WAN port router:

Step 1: Physically find your NAT Router

Step 2: Find the WAN port of it.

Info: WAN port could be called Internet or To Modem or To ONT port.

Step 3: Report back what the brand and model of the device that is connected at the other end of the wire that is connected to the WAN port of the NAT router.

c) If the WAN IP is one of the RFC 1918 IPs and if your NAT router is NOT a RJ-45 WAN port router, then CGNAT/NAT444/LSN is present (See fix above if the case).

d) If the WAN IP is one of the RFC 1918 IPs  if your NAT router is a gateway NAT router, it matters how it is connected to the Internet (RJ-45 WAN port or acting a modem combo).

e) If the WAN IP is one of the RFC 1918 IPs and you do not know the type of NAT router yours is, it would help to know the brand and model it is - if you did not post already.

Since you posted the brand and model of your router, it (motorola nvg510) is a modem combo.

f) If the WAN IP was not any of those, it would be a good idea to check to see how the non bogan IP Address is not the same (and not NAT). If you need help finding why that is, you are to asking for help doing so.

************* Pre-check item four  ***************

When forwarding manually remember to forward to your local IP Address, that is unless you are trying to forward some other computer (example to Xbox)

So if you get output...

IP Address 192.168.1.6
Subnet Mask 255.255.255.0
Default Gateway 192.168.1.1
At least one DNS 192.168.1.1

-> you would forward to 192.168.1.6

*** Rest of directions **

#1 if asked for a remote/source IP Address it goes like this.

a) Let us say that the fictional IP Address of 999.888.777.666 existed ( I can assure it does not as IPv4 is only 0.0.0.0 to 255.255.255.255 and IPv6 is all hex with colons between ), it was mine, I did not share my connection with others (parents/son/daughter), and you wanted to only allow me to connect through your NAT router to your computer - then it case you would type in 999.888.777.666

b) If you do not want to only allow only a certain IP Address (OR IP Address Range) to connect to you, it has to be either blank (not filled in) OR if you can not leave it blank then it has to be 0.0.0.0

#2 From DSLR (dslreports.com) -> Forums -> Broadband and Networking -> Networking -> How to know if ports are reaching my computer from outside the post by DSLR user mackey (user # 1479488) on 2015-Sep-24 at 8:05 pm - if you wanted to test port 5154, besides using an inbound client side port checker:

Quote
Run tcpdump (`tcpdump -p -n -i <interface> port 5154` would be a good command to start with). If you see incoming TCP SYN packets (not SYN/ACK), or incoming UDP packets from an IP which did not have an outgoing packet first, then the port is open.

b) For tcpdump on Windows I found this info https://uwnthesis.wordpress.com/2014/05/26/windump-how-to-use-windump-tcpdump-on-windows-7-the-visual-guide/

#3 For a TCP and a UDP port checker you can use https://www.ipfingerprints.com/portscan.php

#4 Using a packet sniffer (like tcpdump = command line / like wireshark = GUI) you should see the traffic from an outside IP address reaching your computer, like I did (when you are forwarding the ports to your computer).

Code: [Select]
    user-name@pc-name:~$ tcpdump -p -n -i eth0 port 5154
    tcpdump: eth0: You don't have permission to capture on that device
    (socket: Operation not permitted)
    user-name@pc-name:~$ sudo tcpdump -p -n -i eth0 port 5154
    [sudo] password for user-name:
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    08:40:24.169428 IP 192.168.2.138.50157 > 192.168.2.255.5154: UDP, length 6
    08:42:15.839461 IP 4.79.142.206.37174 > 192.168.2.138.5154: Flags [S], seq 1464127243, win 8192, options [mss 1460], length 0
    08:49:05.773987 IP 90.145.69.116.51145 > 192.168.2.138.5154: UDP, length 0
    08:49:06.938818 IP 90.145.69.116.36530 > 192.168.2.138.5154: UDP, length 0
    08:57:57.580814 IP 198.199.98.246.42092 > 192.168.2.138.5154: Flags [S], seq 3027635480, win 14600, options [mss 1460,sackOK,TS val 4240686068 ecr 0,nop,wscale 8], length 0
    08:57:57.712334 IP 198.199.98.246.42093 > 192.168.2.138.5154: Flags [S], seq 1267700791, win 14600, options [mss 1460,sackOK,TS val 4240686102 ecr 0,nop,wscale 8], length 0
    08:57:57.840328 IP 198.199.98.246.42095 > 192.168.2.138.5154: Flags [S], seq 1515263633, win 14600, options [mss 1460,sackOK,TS val 4240686134 ecr 0,nop,wscale 8], length 0
    ^C
    7 packets captured
    7 packets received by filter
    0 packets dropped by kernel
    user-name@pc-name:~$


tcpdump -p -n -i eth0 port 5353 or port 8080

**

#5 Some notes about my testing..

a) 192.168.2.138.50157 is from this same computer.

b) As noted at grc.com -> Services -> Shield's Up they own 4.79.142.192 -thru- 4.79.142.207.

c) I believe 198.199.98.246 is from http://www.yougetsignal.com/tools/open-ports/ as it only checks TCP ports.

d) As you can see, I checked port 5154.

#6 The only UDP ports that grc.com checks, that I know of, are:

a) DNS (53) grc.com -> Freeware -> Utilities -> DNS Benchmark -> DNS Spoofability Test Introduction (or grc.com -> Services -> DNS Spoofability Test)

b) Universal Plug n'Play (UPnP) = 1900

https://www.grc.com/port_5000.htm

From grc.com -> Services -> Shield's Up: Click on Proceed and then GRC's Instant UPnP Exposure Test.

#7 Here are some notes about listening:

Quote

a) If you are on Windows I point you to http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/

b) If you are not on Windows (Mac, Unix/Linux), go look lookup listen on port and then your OS name using Google (or your other favorite search engine).

c) If nothing is listening any TCP ports that you check with a web based port checker, then TCP ports does not show up as open.

d) Be advised that you can not have two servers listening on the same the port on the same computer. So for example before you use an inbond-client side port checker you must make sure that uTorrent is not running - which explains on http://portforward.com/softwareguides/utorrent/utorrent.htm that they say

Quote
If uTorrent is currently open, you will need to completely close it at this time. Make sure that the green uTorrent icon is not still hiding in your notification area (next to your clock). If it is, right click on it and choose "Exit". Before moving forward to things like selecting torrents, seeders, and leachers, we need to verify that your port is open. We recommend downloading our free Open Port Check Tool to test if incoming connections are being allowed through your router on your uTorrent Listening Port

e) And generally if the program/app is running that you are trying to forward for, then the server is listening.

#8 Here are some catches about ping:

a) If the server that you forwarded requires that you reply to ping, well then you must enable responding to ping in the NAT router.

b) If the server that you forwarded does not require that you reply to ping, well that depends on another factor..

As to what that other factor is, I point to and quote the post by nwrickert (DSLR user #1070900) in DSLR (dslreports.com) Forums >Broadband Tech > Security > Security > DMZ and portforwarding are equally dangerous? on 2010-08-21 at 13:53:23.
Quote
Quote
While he tells people that responding to ping is dangerous, he replys to ping.

That's a pretty minor point. The reason some people prefer to not respond to ping, is to avoid demonstrating their presence on the net. Gibson has a public site whose presence on the net is well known, so that reason for not responding to ping simply does not apply.

While Steve Gibson does sometimes say some useful things, he mostly seems to be making mountains out of molehills

Note: Sorry for my misspelling, I meant replies.

c) There are certain troubleshooting tools that require that you reply to ping.

For example if you wanted to use the followings tool(s) at DSLR (dslreports.com) -> Tools: Smokeping, Line quality - Ping Test, and for 24x7 Line Monitoring...

d) If the ports are open (this means not just in the NAT router) but the program/app does not work: I have an odd feeling that with this server, you must reply to ping.

#9

You must provide to users from the outside either your non bogan IP Address or DDNS.

What DNS is, here is the simple as possible version as how it works.

Quote
I know of a given domain name. What is their IP Address for that domain?

The first D in DDNS means/allows you to have a domain name the follows your non static non bogan IP Address. Which is a lot easier to provide and normally most people use DNS over the IP Address for the content servers that they want to connect to.. ;)
7
(Program) Simple Port Tester / port forwading not working HG8121H
« Last post by jlaroia on January 10, 2019, 05:43:00 AM »
hi.. Shane!!
greetings of the day

i am not able to get port forwarding in my router Huawei HG8121H. i had port warded my port 8000 for  viewing cameras on my android mobile ( through HIKVISION iVMS 4500) and port 80 for http view. Both are not working.
i am using DDNS of no-ip. one thing i noticed my WAN ip and external ip are different, when i check.  for routers i am behind 3 routers. one at my end and other two are at ISP end. routers/Proxy servbers are having 80 and 8000 port OPEN as told by my ISP.   

earlier with these setting i am able to view my camersa online from any where, but now its not working.

i am hereby attaching the screen shots for your reference,. Kindly go thru these and suggest the solution.

Regards
 JOgesh
8
General Networking / Rent The Runway
« Last post by AlonzoSkea on January 09, 2019, 09:37:29 AM »
What I found relatively refreshing was that the employees at the outlet shops haven't an ounce of the haughty perspective that one can find at the retail luxury shops.

Feel free to surf to my webpage ... demonicads.com
9
Program & Tools Requests / port forward program
« Last post by alan081954 on January 08, 2019, 11:27:13 AM »
I have downloaded and installed the program. I am totally lost so far. Before I make a purchase..... what I am trying to do is set my security cameras to "static" ip address i think. so they always have the same ip address. I have 4 cameras and a motorola nvg510 router from AT&T  Is this program what I am needing and will I be able to get help on setting my cameras to  on the forum? Thanks, I wanted to ask before I buy it.
10
Port Forwarding / Re: Port Forwarding Dilemma - ISP Change
« Last post by trpted on January 03, 2019, 06:19:48 AM »
I think I know what is going on. I put this into different issues, so that it is easier to address.

** Issue one **

Here are some notes about listening:

Quote

a) If you are on Windows I point you to http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/

b) If you are not on Windows (Mac, Unix/Linux), go look lookup listen on port and then your OS name using Google (or your other favorite search engine).

c) If nothing is listening any TCP ports that you check with a web based port checker, then TCP ports does not show up as open.

d) Be advised that you can not have two servers listening on the same the port on the same computer. So for example before you use an inbond-client side port checker you must make sure that uTorrent is not running - which explains on http://portforward.com/softwareguides/utorrent/utorrent.htm that they say

Quote
If uTorrent is currently open, you will need to completely close it at this time. Make sure that the green uTorrent icon is not still hiding in your notification area (next to your clock). If it is, right click on it and choose "Exit". Before moving forward to things like selecting torrents, seeders, and leachers, we need to verify that your port is open. We recommend downloading our free Open Port Check Tool to test if incoming connections are being allowed through your router on your uTorrent Listening Port

e) And generally if the program/app is running that you are trying to forward for, then the server is listening.

** Issue two **

For example with my router..

#1 With loopback set to ALL, if I enter my IP Address or Domain name that points to the Public / Route+able / True WAN IP Address - when I am behind this router, it is as remote control of the router is turned on.

#2 With loopback set to OFF/Disabled, if I enter my IP Address or Domain name that points to the Public / Route+able / True WAN IP Address - when I am behind this router, I can not connect to anything.

#3 With loopback set to Forward Only, if I enter my IP Address or Domain name that points to the Public / Route+able / True WAN IP Address - when I am behind this router, and if I am running a web server - I can connect to my web server.

It has a UI that looks something like what you see at http://victek.is-a-geek.com/virtual/tomatok26/advanced-firewall.html

#4 I have to say that not all routers support:

a) loopback

b) loopbask the same way. There are others with it is only allowed (ALL) or Filtered (OFF).

For example of All of Off, the Linksys E4200 hardware version one with Linksys official firmware (that has a UI that looks like what you see at http://ui.linksys.com/E4200/2.0.25/firewall.html )PSST/Hint also could called Internet NAT Redirection instead of Loopback.

#5 Besides a client side port checker, there is a client side Loopback/Internet NAT Redirection/Reverse NAT tester.

It is addressed at http://www.pcwintech.com/test-for-reverse-nat

** Issue three **

Your LAN IP Address of your routers should always be RFC 1918 complaint. This means that they should be in one of these three ranges:

a) 10.0.0.0 to 10.255.255.255

b) 172.16.0.0 to 172.31.255.255

c) 192.168.0.0 to 192.168.255.255

** Issue three part b **

Since there is more than one NAT router, you could have one at 192.168.0.1/24 and the other at 192.168.1.1/24
Pages: [1] 2 3 ... 10