• November 02, 2024, 04:18:54 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2

Author Topic: DIR-655 Port Forwarding Woes  (Read 20722 times)

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
DIR-655 Port Forwarding Woes
« on: November 14, 2012, 10:32:25 PM »

I have been struggling with this all day, and finally find some "answers" that explain the problem but give no acceptable solutions... so let me explain and see if anything new will come up.

Problem
Basically I am trying to setup an FTP / FTPS server. I have it working pure locally (LAN -> LAN) OR outside in (WAN -> LAN) but cannot get it to work LAN -> WAN -> LAN. I have a dynamic DNS address (which a subdomain of mine points to, say files.example.com). I want to be able to use this as the FTP server's address regardless if I am inside or outside the local network. Right now using "files.example.com" only works from outside the local network. "files.example.com" always resolves to the WAN IP address of the router and then port forwarding will only work then if the request is coming from the WAN but not from the LAN.

"Solutions"
The solutions that have been posted elsewhere are all unacceptable. I am listing them below, starting with the worst one and working up.
  • Modify the FTP client's settings or the system's hosts file every time you enter or leave the local network (this is incredibly OBNOXIOUS)
  • Convert the FTP port forwarding rules to virtual server rules (works well for the main ports, but in passive mode the FTP server needs 50+ random ports to be usable which cannot be done with virtual server)

What May Work
Well, if the router just applied the port forwarding rules like it applied virtual server rules or the virtual server rules allowed ranges that would be a solution, but that isn't going to happen anytime soon.

Can I tell the router to map "files.example.com" to a specific IP (like I would with the hosts file on computer)? This way when the computers are trying to resolve my domain name they could be given the local address and all would be fine. It should not map the rest of the subdomains (*.example.com) since these could all be hosted elsewhere.

Specs
Router: DIR-655
Hardware Version: B1
Firmware Version: 2.10NA (also true with 2.07NA, and reported on 2.04NA)

References
http://forums.dlink.com/index.php?topic=50408.0
http://forums.dlink.com/index.php?topic=50150.0
http://forums.dlink.com/index.php?topic=38542.0


Thanks for any input anyone may have!
« Last Edit: November 15, 2012, 12:25:59 PM by coderforlife »
Logged

nicknml

  • Level 3 Member
  • ***
  • Posts: 104
Re: DIR-655 Port Forwarding Woes
« Reply #1 on: November 15, 2012, 05:02:24 AM »

Wouldn't it just be easier to use an http server which only needs one port and use port forwarding via virtual servers page?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #2 on: November 15, 2012, 07:00:01 AM »

What region are you located?

What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?
What ISP Modem make and model do you have?

If this modem has a built in router, it's best to bridge the modem. Having 2 routers on the same line can cause connection problems.
Double NAT
To tell if the modem is bridged or not, look at the routers web page, Status/Device Info/Wan Section, if there is a 192.168.0.# address in the WAN IP address field, then the modem is not bridged.
If the modem can't be bridged then see if the modem has a DMZ option and input the IP address the router gets from the modem and put that into the modems DMZ.

Some things to try: - Log into the routers web page at 192.168.0.1.
Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual.
Turn on DNS Relay under Setup/Networking.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules.
WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
Re: DIR-655 Port Forwarding Woes
« Reply #3 on: November 15, 2012, 11:44:25 AM »

@nicknml - Only if it were that easy. First this isn't an HTTP server, its FTP. And you can do FTP via 2 ports, however it just defers the router setup issue to the client instead of the server, resulting in the same issue for the client. See http://wiki.filezilla-project.org/Network_Configuration#Setting_up_and_testing_FileZilla_Server.


@FurryNutz - This really had nothing to do with ISP and highly unlikely the modem. This is a common problem, as reported in at least 3 other posts in this forum. There are probably many more posts, those are the ones I found quickly.

I have AT&T U-verse. The modem has a built-in router which is barely being used at all. It is a HomePortal 3801HGV. It is set up to DMZ to the DIR-655 router, however it is a bit more than just a DMZ since the router gets the external IP address of the modem (so more like a bridge, they call is DMZplus). The WAN IP of the DIR-655 router is 99.10.x.x which is the IP reported to all Internet traffic (for example, when asking Google what my IP is).

This problem exists either when QoS is on or off. DNS relay is checked and grayed out (unable to uncheck). Most computers have reserved IP addresses and there are no conflicts or problems with computers / devices getting their IPs. UPnP is enabled. Modem does not support 1000Mb. Router and modem are set to auto-detect speeds between each other.

Will try:
  • Turning off Advanced DNS Services
  • Changing firewall settings to endpoint independent
  • Disabling uPnP (since this is a port forwarding issue)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #4 on: November 15, 2012, 11:52:28 AM »

Anything is possible with ATT Uverse or any Mfr modems with built in routers. I don't see this issue since I don't have this particular modem. Usually when using ISP modems with build in routers, it does and will cause certain connection issues if not configured correctly. There has been some people saying that the DMZ on the Uverse modems doesn't fully allow ALL traffic to pass.

If you think you can reproduce this problem on a constant basis and can provide details on how to reproduce it, then we might be able to get this up to D-Link for review. This will need to be reproduce by others here if possible.


Have you tried disabling uPnP? I though someone once said that this needs to be disabled if any PF is being configured.

« Last Edit: November 15, 2012, 11:58:10 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
Re: DIR-655 Port Forwarding Woes
« Reply #5 on: November 15, 2012, 12:16:06 PM »

It has been reproduced on these forums, I gave 3 links in my original post to people having the same exact problem. There are probably many more, I found these with a couple minute search. They all have "poor" solutions (the ones I listed).

The problem is that port-forwarding from inside the network does not when using the router's WAN IP. However virtual server does work, using the WAN IP from outside the network works, and using the local computer address works from inside the network. Using a URL that resolves to the WAN IP causes problems inside the network.

I don't think this is an AT&T issue or a modem issue since the virtual server settings always work, just not port-forwarding. It may still be an AT&T/modem issue if the router is doing something funny like monitoring for the WAN IP while outgoing vs incoming depending on if it is a virtual server or port forwarding.

I will test the modem issues by placing a computer on the modem's router and trying to FTP. The modem itself has port-forwarding abilities (calls them pinholes). I may try these too. First to try the other settings you listed before.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #6 on: November 15, 2012, 12:31:48 PM »

Seems like all those links resolved there PF problem using VS. I wonder if this is a preferred method of getting external ports to connect with LAN ports and applications on the LAN side for platforms needed this.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
Re: DIR-655 Port Forwarding Woes
« Reply #7 on: November 15, 2012, 12:33:29 PM »

And I would be happy to use VS instead of PF except I need a 50+ IP range! Besides being tedious in VS, there aren't enough spaces.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #8 on: November 15, 2012, 12:41:11 PM »

I'll check this out this evening. I had FTP server and Filezilla configured last year for a time on my DIr-825. I still have those settings, I'll check them out on a DIR-857 then the 655. It was working well on the 825 when I had it running. Been wanting to get the FTP going again. I didn't have a need for 50+ IPs though.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
Re: DIR-655 Port Forwarding Woes
« Reply #9 on: November 15, 2012, 12:44:06 PM »

Tried turning off Advanced DNS Services, changing firewall settings to endpoint independent, and disabling uPnP to no avail. Resetting them to defaults (on, address/address and port restricted, enabled).

Note: I had this working somehow before. It was only working for FTP without any security. I tried to get it working with SLL/TLS and everything went haywire (first time I ran into the bug in my other post). After restoring the same exact settings, it no longer worked even without SSL/TLS.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #10 on: November 15, 2012, 12:53:10 PM »

Was this with the same ISP and modem?

One thing you could try maybe, downgrade to v2.03 maybe and test.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #11 on: November 15, 2012, 01:06:44 PM »

I just reviewed the DIR-825s config file I have saved. At the time I was using the following configuration:
port_forward_both_01=0/FZ/#.#.#.2/50117/50117/Always/Allow_All
port_forward_both_02=0/FZ2/#.#.#.2/20,21/20,21/Always/Allow_All

.2 was the IP address of my Pc server at the time and it was working with FZ.

NAT I believe is EndPoint Independent. I always use this.
uPnP is disabled however i'm looking at a config file after I turned the 825 into an AP so I disabled uPnP. I think I had it ON before.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-655 Port Forwarding Woes
« Reply #12 on: November 15, 2012, 01:23:12 PM »

I just set up or had already set up these same PF values that are currently on the DIR-857 and FZ is running and I was able to connect to the WAN IP address of the router from work here and I received the log in window and saw the following on FZ Server:


(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> Connected, sending welcome message...
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> 220-FileZilla Server version 0.9.41 beta
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> USER anonymous
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> 331 Password required for anonymous
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> PASS *******
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> 530 Login or password incorrect!
(000001)11/15/2012 14:15:30 PM - (not logged in) (.254)> disconnected.
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> Connected, sending welcome message...
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> 220-FileZilla Server version 0.9.41 beta
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> USER anonymous
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> 331 Password required for anonymous
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> PASS *******
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> 530 Login or password incorrect!
(000002)11/15/2012 14:15:31 PM - (not logged in) (.254)> disconnected.

I'll need to reconfigure the log in as I don't remember at the moment. Seems to be working as far as establishing the connection.

This is using a Cable modem: Motorola SB 6180>DIR-857>24pt Gb switch>Server PC(HP)
« Last Edit: November 15, 2012, 02:19:35 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

nicknml

  • Level 3 Member
  • ***
  • Posts: 104
Re: DIR-655 Port Forwarding Woes
« Reply #13 on: November 15, 2012, 01:57:54 PM »

@nicknml - Only if it were that easy. First this isn't an HTTP server, its FTP. And you can do FTP via 2 ports, however it just defers the router setup issue to the client instead of the server, resulting in the same issue for the client. See http://wiki.filezilla-project.org/Network_Configuration#Setting_up_and_testing_FileZilla_Server.

My point was that you can use an http server in a similar way.  If you want to simply make files available for download for anybody it's pretty trivial to set that up using an http server.  How are you planning to use your ftp server, is it for personal use, sharing files with other people, etc.? 

Logged

coderforlife

  • Level 1 Member
  • *
  • Posts: 15
Re: DIR-655 Port Forwarding Woes
« Reply #14 on: November 15, 2012, 01:59:25 PM »

I'm using it as a backup server. So lots of writing by a couple of people. I also have an HTTP server on that computer, setup in the router a VS and works just fine.
Logged
Pages: [1] 2