Question Broken Port Forward

[koberulz]

Had a port forwarded. Bought a new network card. Port is no longer open.

Obviously the new network card didn't have the static IP set up, so my machine has a new IP. Fair enough. Changed the IP address associated with the port forward rule in the router, and set up a DHCP reservation so the IP would stick. Have confirmed my PC shows up at the router with the same IP that's associated with the port forwarding rule.

Port's still closed. I'm at a loss here. All my firewall rules are still in place, it's still referring to the same port, but it's not working anymore.

 

[bill001g]

Are you sure the application is actually up and listening on the port. Are there any windows firewall rules that might be different since it is a new network as far as microsoft thinks.

 

[koberulz]

Are you sure the application is actually up and listening on the port.

Yes.

Are there any windows firewall rules that might be different since it is a new network as far as microsoft thinks.

There shouldn't be, because all the network settings should be the same as far as they relate to that (ie, public vs private network, software in use, port in use, etc).

 

[koberulz]

Starting over.

Make and model information for modem, router, and new network card.

Who has full admin rights to the router?

First, run "ipconfig /all" (without quotes) via the Command Prompt. Copy and paste the full results into your next post.

Second, provide more information about the port-forwarding that is being attempted. Details?

Third, take some screenshots of the router's port forwarding pages. Post the screenshots here via imgur (www.imgur.com).

TP-Link TX201, TP-Link AC1750.

I'm not sure what you mean about admin rights. Anyone with the admin password, I guess, which in practice is just me.

Forwarding the Transmission BT client. I'm not sure if it's safe to mention, or include in screenshots, which port I'm using? Was working fine on the old card, now says the port is closed and I can't connect to any peers.

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : mypc
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Unknown adapter NordLynx:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : NordLynx Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::723e:7ca:789d:a5aa%42(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.5.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe 2.5GbE Family Controller
   Physical Address. . . . . . . . . : A8-6E-84-7B-BF-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5b19:c9e9:e34f:500a%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.191(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, December 20, 2024 19:12:45
   Lease Expires . . . . . . . . . . : Thursday, February 05, 2161 9:17:41
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 598240900
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-94-60-98-1C-1B-0D-18-B1-CA
   DNS Servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-NordVPN Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-4B-EE-0E-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Unknown adapter OpenVPN Data Channel Offload for NordVPN:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : OpenVPN Data Channel Offload
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

 

[bill001g]

Try to use the DMZ option in the router to start. I doubt it will make any difference since you had port forwarding working before.

Load wireshark and then scan a large range of ports. They will all come back closed but the goal is to see if you see all the scan traffic in wireshark. You can use wireshark and just the port forwarding but there is so much junk traffic in wireshark without filters it is hard to see.

If you see the traffic then it has to the pc or the software. I would be suspect the vpn software is to blame. It might still have something related to the old interface. After having to reinstall windows to fix vpn software issues I never install vpn on the pc anymore I always use a router based vpn. Wire shark captures the packets before the firewall or vpn can get them.

If you do not see the traffic then I would be suspect of the router or maybe something strange like your public IP just happen to get changed at the same time.

 

[koberulz]

Try to use the DMZ option in the router to start.

DMZ option?

Load wireshark and then scan a large range of ports.

I've installed and opened Wireshark, but I have no idea what I'm looking at or what you want me to do.

 

[cruisetung]

I did not fully read your previous posts.

Please post all screenshots where you configured router port forwarding, internal ip/port, nas/windows firewall configs if any and application (docker maybe?) ports and application name, just don't reveal your public ip. any other internal config/info will not put you in any risk at all. This way other members can figure out more easily exactly what could go wrong.

 

[Ralston18]

Router password: Did you change the router password from the default? [Not asking for the password - just ensuring that the default was changed.]

Router lease time in "ipconfig" is not at all a time span that I would expect to see. 137 years - did you change the lease time?

 

[koberulz]

Router password: Did you change the router password from the default? [Not asking for the password - just ensuring that the default was changed.]

I did, though I'm not sure I understand the line of enquiry - you appear to be suggesting someone else may be logging onto the router (how?) and changing my settings (why?).

Router lease time in "ipconfig" is not at all a time span that I would expect to see. 137 years - did you change the lease time?

I don't even know what that means. Could it be related to the DHCP reservation?

 

[Ralston18]

Logging in

Routers have a default login name and password. That is publicly available information and if you do not change the defaults then anyone can log into the router for whatever purposes they chose. Your network is open. They could, for example, connect wirelessly to use your router for crimminal purposes. Or just steal your internet access.

Some routers were/are very easy: login could be "admin" and the password could be "password". No security until the router admin person configures a new login name and secure password.

FYI.

https://www.cleancss.com/router-default/TP-Link/AC1750

However, that process has changed some to where the default login and password can be printed on the router. Someone would need "hands on" access to the router to get the default login and password and physically reset the router. Kids can do that.

Lease time:

FYI:

https://www.rapidseedbox.com/blog/dhcp-lease-time

You can easily find similar links and explanations.

= = = =

Noted "Forwarding the Transmission BT client" - as in BitTorrent ?

Ports 6881-6889 ?

More information needed. Screenshots, etc. as has been posted.

 

[bill001g]

DMZ option?


I've installed and opened Wireshark, but I have no idea what I'm looking at or what you want me to do.

Wireshark is a massively confusing if you have never looked at how traffic is actually passed between machines. There is constant trash traffic from things like your browser.

The whole goal is to see if your machine is getting the scan packet from the site on the internet. Problem is when you don't really know how to use wireshark you would have to get lucky and see the scan packet. Since you don't even know what they look like you likely will miss it.

That is why I said to have the web site scan a large number of ports so you get a lot of traffic and it will stand out.

The problem is you only have 1 port forwarded so the router will drop the rest of the traffic. Rather than put in 100 rules or whatever you use the DMZ option which forwards all the ports to your pc. Of course this is for testing only you will go back to normal port forwarding once you figure things out. Not sure why most routers call this option DMZ since that really is a different firewall thing but routers commonly call the feature that forwards all ports to single internal IP DMZ.

 

[koberulz]

Logging in

Routers have a default login name and password. That is publicly available information and if you do not change the defaults then anyone can log into the router for whatever purposes they chose. Your network is open. They could, for example, connect wirelessly to use your router for crimminal purposes. Or just steal your internet access.

They'd need to be on the network though, no? And thus need our WiFi password to begin with. Neither that nor the router's password is the default.

Lease time:

FYI:

https://www.rapidseedbox.com/blog/dhcp-lease-time

You can easily find similar links and explanations.

Sounds like yes, that's to do with the DHCP reservation, to make sure my PC doesn't get a new IP and thus invalidate the port-forwarding rule.

 

[koberulz]

The whole goal is to see if your machine is getting the scan packet from the site on the internet...That is why I said to have the web site scan a large number of ports

What site? Scan ports how?

 

[koberulz]

Why did nobody tell me to turn it off and turn it back on?

Rebooted the computer and it works. Had previously rebooted the router to no avail.

 

[Ralston18]

Interesting.....

The end result being that "Forwarding the Transmission BT client" is now functional - correct?

What was the final port forwarding configuration that was put into place and is now working as a result of the computer being turned off and then on again?

 

[koberulz]

I never changed anything, beyond changing the IP address of the router rule to match the new IP assigned to the new networking card. Guess it took a reboot to make that stick? No clue. I figured the router would be the thing needing a restart if anything, so that was one of the first things I tried.