D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-600L => Topic started by: leamas on February 19, 2013, 08:51:48 AM

Title: DIR-600: port forwarding problem
Post by: leamas on February 19, 2013, 08:51:48 AM

After having a working setup, something strange has happened with my port forwarding. Basically. port 22 (ssh) works OK, other ports does not (that's not to say I've tried them all...)

The symptom when accessing the port from outside is "no route to host". Since both ping and ssh works under the same circumstances, this makes me think the firewall could be involved, although it shouldn't. For now I'm using the IMAP port 143 as a test case.

I have:

• Setup a virtual host which maps port 143/tcp to local host 192.168.2.40:143, scheduled 'always'.
  
• Verified that my IMAP server works on the local interface 192.168.2.40:143
• Tried to create a firewall rule to enable the virtual host, no success. Went back to an empty firewall rules page
• Reset router to factory settings, and rebuilt the configuration.
• Tried to access it from two different hosts on different networks and ISP, no difference.
• Tried to remove the IMAP virtual host completely. Doing so, a connection attempt from outside gives a timeout failure, not "no route to host". So, it seems that I get in touch with the router...
• Used 440 instead of 143 as public port. Doing so I get "no route to host" on 440 and a timeout on port 143. So it's consistent, sort of
• Checked the logs, nothing is logged when a connection seemingly is rejected.
• Found out that there's no firmware update available.

Now I don't know what to do. What can make it work on the ssh port 22 but not on other ports such as  imap (143/tcp) or smtp(25/tcp)? It's just so damned strange... any clue out there?

--alec

Title: Re: DIR-600: port forwarding problem
Post by: FurryNutz on February 19, 2013, 09:00:15 AM

Link>Welcome! (http://forums.dlink.com/index.php?topic=41537.0)
What Hardware version is your router? Look at sticker under router.
Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on routers web page under status.
What region are you located?

What ISP Service do you have? Cable or DSL?
What ISP Modem make and model do you have?

Disable uPnP for testing Port Forwarding rules.

Title: Re: DIR-600: port forwarding problem
Post by: leamas on February 19, 2013, 10:07:32 AM

Hardware revision: B5
This is neither cable nor DSL but a city broadband network i. e., the ISP has a TP-5 ethernet connection. So there's no modem involved. The ISP is Bredbandsbolaget (a Swedish company).  There's nothing in this data suggesting that the ISP blocks port 143 IMHO.

Also, this is basically about Virtual server, although I have tested doing the same thing using Port Forwarding. Same results, though.

Trying with uPnP disabled...no difference :(

Thanks for taking time with this!

--alec


EDIT: Forgot this:  Firmware Version : 2.11 Tue 16 Aug 2011 . I live in Sweden, testing access US and from a neighbour.


EDIT 2: You can see this server at 85.230.51.212 (dynamic address, but should not change for now)

Title: Re: DIR-600: port forwarding problem
Post by: Hard Harry on February 19, 2013, 08:00:44 PM

First I dug around on your ISP's support site. The ports blocked are Yes, port 25, 135-139, 445. (http://www.bredbandsbolaget.se/kundservice/fragorochsvar/faqportlet.html?questionId=tcm:142-46558&categoryId=Via%20bredbandsuttag)

Second, whats a TP-5? At some point there has to be something between the ethernet your plugging into the router and the fiber out on the street. The question is what? A ONT? If you connect the ethernet from the wall directly to the server/PC your trying to open the ports to, does it work?

Third, I did a common port scan  (http://www.mxtoolbox.com/SuperTool.aspx?action=scan%3a85.230.51.212)and got:


    21   ftp   An operation was attempted on something that is not a socket 85.230.51.212:21   0
    22   ssh   Success   156
    23   telnet   Thread was being aborted.   0
    25   smtp   Thread was being aborted.   0
    53   dns   Thread was being aborted.   0
    80   http   Thread was being aborted.   0
    110   pop3   Thread was being aborted.   0
    143   imap   Thread was being aborted.   0
    139   netbios   Thread was being aborted.   0
    389   ldap   Thread was being aborted.   0
    443   https   Thread was being aborted.   0
    587   msa-outlook   Thread was being aborted.   0
    1352   lotus notes   Thread was being aborted.   0
    1433   sql server   Thread was being aborted.   0
    3306   my sql   Thread was being aborted.   0
    3389   remote desktop   Timeout   0
    8080   webcache   Timeout   0

The error "An operation was attempted on something that is not a socket" seemed to stand out. So I figured you probably have a server hooked up with MS Server on that IP, so tried MS Support and got this article. (http://support.microsoft.com/kb/817571)

So my gut is telling me it has something do to with how the server is configured you have on that 192 IP. ISP is allowing it to their end point, end point is routing to DIR-600L, your forwarding rule routes traffic to 192, but server application on computer using 192.168.2.40 isn't configured correctly. Thats why you get a different error when you remove the forwarding, because you are no longer reaching your server, so there for the response you got before the removal of the forwarding rule was FROM your server. Thats why the router doesn't record a error, because it doesn't see it as a error.

Do you have some routing somewhere, probably on the server, that points to different IP the old router gave you? My best guess is that has to be updated and your internal ARP cleared.

I feel Im still missing something. But that's my best guess with the data given.

Title: Re: DIR-600: port forwarding problem
Post by: leamas on February 20, 2013, 03:45:09 AM

Two quick notes: Are you saying that incoming (as seen from me) traffic to port 25 is blocked by the ISP? This is actually a side-track, but an important one for me.

I tend to think you are on the right track about something on the local server 192.168.2.40. However, your suggestion about a MS server is definitely wrong, this is a Linux box :) It's firewall is disabled while testing this, but I'll do some more testing with it to see if I can find any clue...

Many thanks for your help, especially the port scan (why didn't I do that myself? )

Looking forward to confirm the port 25 status, will look into the rest.

--alec

Title: Re: DIR-600: port forwarding problem
Post by: leamas on February 20, 2013, 04:26:08 AM

 "blushes" It  turns out that last update got me a new, shiny firewall. Everything is OK, the router works and port 25 is perfectly accessible from outside (although blocked for outgoing traffic, as expected).

Thanks for help, sorry for taking your time with this silly thing.

--alec

PS: Too late, but for completeness: TP5 is the physical ethernet connection which my ISP leaves in my apartment. So there is indeed straight 100Mbps ethernet straight into the router. DS

Title: Re: DIR-600: port forwarding problem (RESOLVED)
Post by: FurryNutz on February 20, 2013, 12:55:47 PM

Awesome man. Glad new FW got you what you needed and your up and running. Remember to save off the routers configuration to file for safe keeping after you have configured everything.  ;)

Enjoy.

Title: Re: DIR-600: port forwarding problem
Post by: Hard Harry on February 20, 2013, 02:20:25 PM

"However, your suggestion about a MS server is definitely wrong, this is a Linux box  It's firewall is disabled while testing this, "

I think he meant update to his server changed his server firewall, not router. So yeaaa, I was right! That one took some brain juice. Heh. Thanks for the challenge and the good troubleshooting on your part. Higha five.

Title: Re: DIR-600: port forwarding problem
Post by: FurryNutz on February 20, 2013, 02:40:05 PM

 ;D