I have a Buffalo router flashed with DD-WRT 2.4b. It's not forwarding port ranges at all. There's no static IP set up for my laptop because a) I couldn't get that to work, either, and b) I've never gotten anything besides the same IP, so I don't worry about it.
The current setup is to open ports 49550 to 49600 on both UDP/TCP on my computer's IP. The client app is set to check 49555, and yet it fails to break through.
formatting link
reports the port is in 'stealth,' but not 'open.' Then again, every random number I check returns 'stealth,' so that designation doesn't mean much.
You sure you don't have a personal firewall/packet filter running on the computer where you would have to the same thing is open those ports?
BTW, there is no such thing as a stealthed port in the case of the router. The port is either opened or it's closed As a matter of fact, there is no such thing as a stealthed port period. It's either open/close.
Not correct. A port that responds is open. A port that refuses a connection is closed. A port that simply blackholes any requests is often considered 'stealth'. Indicating a port is closed is considered "less secure" than simply dropping the traffic entirely. Thus having 'stealth' ports is a bit more secure (in a fashion).
Fiction: "Stealth" ports greatly improve security. Fact: Just because a port is visible (open and "listening") does not mean that there is any real security problem. What matters is what can and cannot be done through the port.
The port is either open or closed, with the proper response coming back. If the proper response is not coming back, then one knows that's a possible machine with a personal FW running that can be possibly exploited.
And if you were to step into a FW NG, they would start telling you about the stealth port myth. I am not a FW expert per say and cannot give the exact reasons as to why a port is not stealthed and it means nothing in terms of FW terminology, but I know there is no such thing as a stealthed port. I think the stealth thing only exist because Gibson made it up.
Where were stealthed ports before Gibson showed up? FW(s) were around well before Gibson and personal FW(s) showed on the scene.
You can bet some $10,000 network FW solution is not doing some kind of port stealthing.
I hang in FW NG(s) and know that they would disagree with you.
Interesting. What elements present in the typical home wireless setup could cause data to disappear through almost every port? I'm running OS X, which has precisely one button that identifies the presence of a firewall...pretty clear cut there. I'm thinking this is DD-WRT's problem. Before the Buffalo router, I had a ZyXel router with commercial driver software. Even though I couldn't set up static IPs through them (and was too lazy to set one up client-side :P), port forwarding *did* work if I forwarded ports through whatever IP I had at the time. Nothing has changed since then except the router, the desktop box the router's connected to, and the driver software.
The driver for the router is called firmware. Did you do a hard reset of the router and powered down to see if that corrects the problem?
Is the DD-WRT firmware some kind of 3rd party solution? Maybe, you need to check with them. Maybe you need to flash the router with the firmware again, as the firmware may not have flashed properly initially, which can happen with a router right out of the box.
If DD-WRT is a 3rd party solution, then get rid of it and go back to the router's original firmware, if possible.
I remember a few years back in this NG, I was helping a poster that was using a Linksys BEFW11S4 router that wouldn't forward ports. He flashed the router and everything. It wouldn't work. He retuned the router and got a second 11S4, it wouldn't forward ports either, and he returned that one. The third one worked.
Any particular model Buffalo router? Could I trouble you for the exact DD-WRT v24 version?
Static IP on a PC or Mac is rather simple. I'm suprised you couldn't get it to work. However, there's a better way. Use "static-DHCP" or "pre assigned DHCP". See this page:
under "Static Leases". Add the MAC address and LAN IP address of your unspecified model laptop and it will always get the same IP address.
How are you testing that it "fails to break through"? Have you tried setting up a trivial service of some sorts on your laptop, testing it with another computer on the LAN, and then trying to connect? The trick here is to isolate the problem between the "server" and the router forwarding. There's no way to tell from here if the router is misbehaving or if the application is comatose. A software firewall running on the laptop will have the same effect as a comatose server.
Hmmm... I'm going to ignore this as I don't consider GRC to be a reasonable test of connectivity. Start with a 2nd computer on your LAN. Can it connect to your unspecified application on 49550? Can it connect to a trivial server application on the same machine? With no router involved, this should work without difficulty.
Then, try going through the router. This may be a bit tricky if you're testing from inside your LAN. I've had problems testing VPN's this way and usually end up firing up a dialup connection, and using that for a fast connectivity test.
Sure. Telnet to the router with: telnet 192.168.1.1 login: root password: xxxxxxxx and run: iptables --list You should get several pages of firewall info. What you want is probably at the bottom. For example, my firewall has quite a bit of forwarding and port triggering setup. For example:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.