dd-wrt Not Forwarding Ports

I have a Buffalo router flashed with DD-WRT 2.4b. It's not forwarding port ranges at all. There's no static IP set up for my laptop because a) I couldn't get that to work, either, and b) I've never gotten anything besides the same IP, so I don't worry about it.

The current setup is to open ports 49550 to 49600 on both UDP/TCP on my computer's IP. The client app is set to check 49555, and yet it fails to break through.

formatting link
reports the port is in 'stealth,' but not 'open.' Then again, every random number I check returns 'stealth,' so that designation doesn't mean much.

I'm stumped at this point. Any helpful tips?

Thanks!

Reply to
william.oram
Loading thread data ...

You sure you don't have a personal firewall/packet filter running on the computer where you would have to the same thing is open those ports?

BTW, there is no such thing as a stealthed port in the case of the router. The port is either opened or it's closed As a matter of fact, there is no such thing as a stealthed port period. It's either open/close.

Reply to
Mr. Arnold

Positive. No personal firewalls. No packet filters set up, either.

I believe you about stealthed ports...I hadn't heard of them until this router mess and the word came up a few times.

Reply to
william.oram

Not correct. A port that responds is open. A port that refuses a connection is closed. A port that simply blackholes any requests is often considered 'stealth'. Indicating a port is closed is considered "less secure" than simply dropping the traffic entirely. Thus having 'stealth' ports is a bit more secure (in a fashion).

-Bill Kearney

Reply to
Bill Kearney

Fiction: "Stealth" ports greatly improve security. Fact: Just because a port is visible (open and "listening") does not mean that there is any real security problem. What matters is what can and cannot be done through the port.

The port is either open or closed, with the proper response coming back. If the proper response is not coming back, then one knows that's a possible machine with a personal FW running that can be possibly exploited.

And if you were to step into a FW NG, they would start telling you about the stealth port myth. I am not a FW expert per say and cannot give the exact reasons as to why a port is not stealthed and it means nothing in terms of FW terminology, but I know there is no such thing as a stealthed port. I think the stealth thing only exist because Gibson made it up.

Where were stealthed ports before Gibson showed up? FW(s) were around well before Gibson and personal FW(s) showed on the scene.

You can bet some $10,000 network FW solution is not doing some kind of port stealthing.

I hang in FW NG(s) and know that they would disagree with you.

Reply to
Mr. Arnold

Interesting. What elements present in the typical home wireless setup could cause data to disappear through almost every port? I'm running OS X, which has precisely one button that identifies the presence of a firewall...pretty clear cut there. I'm thinking this is DD-WRT's problem. Before the Buffalo router, I had a ZyXel router with commercial driver software. Even though I couldn't set up static IPs through them (and was too lazy to set one up client-side :P), port forwarding *did* work if I forwarded ports through whatever IP I had at the time. Nothing has changed since then except the router, the desktop box the router's connected to, and the driver software.

Reply to
william.oram

The driver for the router is called firmware. Did you do a hard reset of the router and powered down to see if that corrects the problem?

Is the DD-WRT firmware some kind of 3rd party solution? Maybe, you need to check with them. Maybe you need to flash the router with the firmware again, as the firmware may not have flashed properly initially, which can happen with a router right out of the box.

If DD-WRT is a 3rd party solution, then get rid of it and go back to the router's original firmware, if possible.

I remember a few years back in this NG, I was helping a poster that was using a Linksys BEFW11S4 router that wouldn't forward ports. He flashed the router and everything. It wouldn't work. He retuned the router and got a second 11S4, it wouldn't forward ports either, and he returned that one. The third one worked.

>
Reply to
Mr. Arnold

snipped-for-privacy@gmail.com hath wroth:

Any particular model Buffalo router? Could I trouble you for the exact DD-WRT v24 version?

Static IP on a PC or Mac is rather simple. I'm suprised you couldn't get it to work. However, there's a better way. Use "static-DHCP" or "pre assigned DHCP". See this page:

under "Static Leases". Add the MAC address and LAN IP address of your unspecified model laptop and it will always get the same IP address.

How are you testing that it "fails to break through"? Have you tried setting up a trivial service of some sorts on your laptop, testing it with another computer on the LAN, and then trying to connect? The trick here is to isolate the problem between the "server" and the router forwarding. There's no way to tell from here if the router is misbehaving or if the application is comatose. A software firewall running on the laptop will have the same effect as a comatose server.

Hmmm... I'm going to ignore this as I don't consider GRC to be a reasonable test of connectivity. Start with a 2nd computer on your LAN. Can it connect to your unspecified application on 49550? Can it connect to a trivial server application on the same machine? With no router involved, this should work without difficulty.

Then, try going through the router. This may be a bit tricky if you're testing from inside your LAN. I've had problems testing VPN's this way and usually end up firing up a dialup connection, and using that for a fast connectivity test.

Sure. Telnet to the router with: telnet 192.168.1.1 login: root password: xxxxxxxx and run: iptables --list You should get several pages of firewall info. What you want is probably at the bottom. For example, my firewall has quite a bit of forwarding and port triggering setup. For example:

Port trigger on outgoing port 5200 to accept incoming 5198-5199: Chain trigger_out (1 references) target prot opt source destination TRIGGER tcp -- anywhere anywhere tcp dpt:5200 TRIGGER type:out match:5200 relate:5198-5199 TRIGGER udp -- anywhere anywhere udp dpt:5200 TRIGGER type:out match:5200 relate:5198-5199

I don't wanna post my port forwarding setup.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.