[SOLVED] Port remains "filtered" after port forwarding

[Aniu88]

Hello, I don't typically make my own posts, generally gleaning what I need from other topics, etc. So if there's something I've improperly formatted or posted in the wrong place, please let me know & I'll try to fix it.

So, I've been trying to start up a Minecraft server for my friends & me that I intended to host on my personal PC. This isn't new to me as I've done 3-4 servers for us in the past. I have, however, changed to a different ISP so I'm not as familiar with their router/gateway, etc (Still vaguely unsure about the difference between router and gateway but I "believe" I have a gateway type).

So I went to do the port forwarding which I found the proper section in the router and forwarded the 25565 port etc. My one friend I was having test the connection was unable to log in, the server was just searching on his end and eventually timed out. When I checked the port through ipfingerprints.com using their port checker, I noticed it came back as "filtered". (I DID have the server running etc at this time by the way). I looked into this and from what I gather, it typically means the port IS open but is blocked by a firewall, etc. I've never encountered this before so I watched some tutorials. I then made exceptions in the Windows firewall for the port, Minecraft, java, & even the server.jar file (although that last one I have my doubts if it really did anything) for both TCP and UDP connections, as well as exception rules for both Inbound and Outbound. Still filtered. I went in and turned off the firewall on the router entirely. Still filtered. So I left that off & turned off the Windows firewall entirely...still filtered. Aaaaaand that's when I ended up here lol. Cause if it's still filtered with BOTH firewalls off, then I have no clue what the problem is at this point. I should also note, before testing the firewalls I did reach out to the ISP and apparently they said the port forwarding looked correct on their end. For reference, I currently have a Zyxel router, model number: EMG6726-B10A,

I would appreciate any help that anyone can offer on how to fix this issue. I am very comfortable with computers etc but I only have a mediocre understanding of routers/networking etc. Enough to do a lot on my own but not know how to fix issues if things don't work lol. So if more information is needed or things need to be tested etc, I'm not opposed but would probably need direction on how to do so properly.

Thanks in advance.

 

[bill001g]

They are not real technical in saying what filtered means. Maybe try one of the many other port scanner sites and see what they say.

In any case if the data really is getting past the router you should be able to see what the pc is actually doing. You can load wireshark onto the pc and capture the data. Be careful to only run as little else as possible at the same time or you will get too much data to look through. All you are basically looking for is do you see the traffic actually coming into the machine on that port. Then does your machine send any form of response. Wireshark will capture date before it gets to any firewall or other filter software on your pc so you will know if you are actually getting the data.

If the ISP says your rules are correct then I would beleive them. The much simpler method is to use DMZ since all you put in is the ip of your internal machine. It is not a secure long term option but is good to test when you are unsure if the port forwarding rules work.

The most common reason people come here and ask about port forwarding is because they do not have a public ip. Make sure the IP you see on your wan port in your router is the same IP as you see on sites like whatsmyip.

 

[Aniu88]

Hey, thank you for responding so quickly. I apologize for my delayed reply, busy time of year and all.

So, I logged into the router and it DOES show the same public ip that whatsmyip gives under the WAN section so, I'd "assume" it's working right? I haven't messed with the WAN stuff at all so I'm guessing it's still set the way the ISP did it, not sure if that helps or not.

I haven't tried the DMZ mode yet but I did install Wireshark. I tinkered with it a bit but ultimately didn't really know what I was supposed to be doing to test the port properly. So I can't say I got any conclusive result from that yet. I will probably try to look up a few tutorials on Wireshark to get a better idea of how to use the software & then see what I can glean from the results.

If there are any other suggestions in the meantime I'll try to test them, otherwise I will reply with the results from wireshark after I figure out how to use it properly. And thanks again for your help thus far & taking the time, much appreciated.

 

[bill001g]

You should see traffic going to that port number. You can build a filter to filer the data by port but hopefully you can just manually search it. The first packet is always a simple SYN packet going to that port

 

[Aniu88]

Ok, so I figured out how to run the capture for wireshark. I had the Minecraft server booted up and the webistes for port checking (ipfingerprint & canyouseeme) open already to try & reduced network traffic. I waited a few moments after starting the capture then tried multiple port checks with the two websites. I let it go a little while longer, then stop the capture & used the filter "tcp.port == 25565 || udp.port == 25565" and applied the filter. Doing so yielded no entries. The capture window was totally blank with that filter applied.

I'm guessing that means the connection is never even being given TO the firewall etc? or did I use the wrong filter or something?

 

[bill001g]

I forget off the top of my head, I don't think I have loaded wireshark in a couple years. That looks correct.

What that implies is either the traffic is not getting to your router or your router is not forwarding it correctly.

I would set it to DMZ mode and the use a port scanner that scans a lot of ports. That should be very obvious in the capture since it will be a lot of data.

Can you plug the pc directly into the modem that would quickly show you if it is a router config issue blocking the traffic.

 

[Aniu88]

Ok, that seems to have worked. I set my PC as the DMZ server & captured on Wireshark. Then scanned the port with the two sites like before. Both of them came back with TCP open and/or "I can see you" etc. One thing to note, is on ipfingerprint I added the UDP Scan option and that came back as "open | filtered" I believe? Not sure if that holds any relevance or not.

I went ahead and saved the capture log since I'm not sure if I need to do anything with it or look for anything specific to help troubleshoot. But that's at least progress so I'm getting somewhere at least lol.

 

[bill001g]

If it works in DMZ mode it just means you have not figured out how to correctly configure port forwarding. There is not standard way to do this and some routers are very confusing. The DMZ is not really a safe option to use in the long term because if you machine happen to have some port open you did not know about and hackers found it they could cause damage.

 

[Aniu88]

Ok, so I took a closer look at the port forwarding & think I found the problem (although I'm not sure WHY it was a problem but shrugs). So when I set up the port forwarding rules it had an option for "WAN Interface " which was set to auto by default. It auto'ed to ETHWAN and had a grayed out IP address with a notation that it would automatically detect the IP. But I read something a while back about not having the correct "Public IP" in the port forwarding rules. So I took it off auto and entered my public IP and now both port checker sites are showing it as open. I'm going to have a friend connect from outside the network and make sure the game actually connects properly but it would seem to be working! I'll reply back if it turns out this isn't the case, but typically everything works when the port checkers show all clear so, I'm not too concerned.

I appreciate all your help, the wireshark + DMZ tests helped to finally narrow the problem location, so thanks for those ideas and I appreciate you taking the time to help me out.