- Contact Us
I am unable to access any equipment on my network from outside my router. For this question I will concentrate on my Q-See QC40198-814-5 DVR. I have assigned it a static IP to the DVR. I have no problem accessing the DVR within the LAN, and can surf the internet and check email without a problem. I have a PPPOE DSL connection through Centurylink with a dynamic IP. I’ve called their Advanced tech support two times to ask if they block any ports and the answer was no both times.
I am currently using the following modem/router combo: Actiontec GT724WGR Firmware 126.96.36.199.14.
I’ve also tried a D-Link DSL-2640B and a D-Link DSL-2540B without success.
I always have DHCP turned off on whichever router I’m trying. The WAN IP on the Actiontec management page does not match the IP shown on http://checkip.dyndns.com:8245/
I have followed the guides at PORTFORWARD.COM for the D-Links but none was available for the Actiontec. I always forward ports 85, 37777 & 37778 as the Q-See manual suggests. Those ports are assigned in the DVR.
When I use FPPortChecker to check the ports, every port I have forwarded shows as open. But, every other random port is also showing as open. This is the same for all three modem/router combos.
When I use http://www.dyndns.com/support/tools/openport.html , only port 554 (for a Trendnet Camera) shows as Open. Every other port shows as REFUSED. Strangely, this is the same for all three modem/router combos.
My DynDNS hostname is creager.homeip.net.
See my comments and questions in bold below
The WAN IP shown in your router's management page (not any pages on the Internet): • I have always set the router static IP to 192.168.0.1 and Subnet mask to 255.255.255.0. However the Actiontec management page shows the Gateway IP Address as 188.8.131.52 and Subnet mask as 255.255.255.255 The IP address, netmask and default gateway of your camera: Not sure about this; do you want info for the camera or the router. I have followed “the guide” below, and have added comments and questions where I did not understand.
Terminology Device: This may be a computer, a DVR, a web-cam, anything on your network that you can access from your network, but want to be able to access from outside it. LAN: Your network WAN: Your connection to your ISP's network
Before You Begin Check the WAN IP address of your router - if it looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC1918 IP address (often referred to as private addresses). You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Until that is done you won't be able to get anything else working. only way to be certain of the WAN address is to look at your router, or if you have one your ADSL modem. You can use one of the many web pages that will tell you what your WAN IP address appears to be. Be warned however that if you are behind a proxy server, or you have one of the RFC1918 IP addresses referred to above, they will report the wrong IP address and you will waste time trying to get this working.
Summary There are 5 general steps: 1. Configure a device on your network (that is always on) to update your DynDNS hostname with your IP address. DynDNS publish a list of approved clients that you should consult. 2. Configure the device you want to forward traffic to with either a static IP address, or a static DHCP lease. This ensures that the time spent configuring the router (in a moment) isn't wasted if/when the IP on your device changes. 3. Test the device from your LAN. 4. Configure your router to forward traffic to your device. How you do this depends on your router, and what you want to access. Fortunately there is a web site that publishes guides. 5. Test your setup from outside your LAN.
ADSL or multiple routers If you have a separate ADSL modem and router, or you have multiple routers, what follows isn't enough. You'll also need to forward the same ports from the external network device (ADSL modem or router) to the internal router before forwarding those ports from the internal router to the device you're trying to access. I am using the Actiontec GT724WGR modem/router combo with Firmware 184.108.40.206.14.
Step One - Configure Updating First of all, you have to make one basic decision - are you going to do your updating from your router, or from a PC? Running it from a PC (Windows, Linux or other) can mean that you get better logging and more control, but may result in more network traffic and greater delays in updating changed IP addresses (10 minutes rather than 1 minute). Using a non-approved router may mean that it is harder to get it working, or that you get blocked for updating your IP too often. I assume this refers to the DYNDNS Updater program. I have installed and updated it with my hostname. If you are running your updater on Linux/*BSD or any other non-Windows platform it is generally best to install from a package (whether that be an RPM, a DEB or from ports/portage). That way you should get the required startup scripts and a sample configuration file. Step 2 - Configuring the Device You need to ensure that the device you forward traffic to has a static (aka fixed) IP address. If you don't do this then at some point the IP could change, and you'll be wondering why it's suddenly broken. There are 2 ways of doing this. 1. On the device itself - how you do this depends on the device or underlying operating system. I have disabled DHCP on the DVR and set the IP to 192.168.0.13. I have also disabled the DHCP server on the other devices on my LAN and assigned static IPs to all between 192.168.0.4 and 192.168.0.20 2. On the DHCP server (usually on the router) - many offer the option of assigning a fixed IP address to any given device (usually by MAC address). I have enabled the DHCP server on the Actiontec GT724WGR and set the Beginning IP address to 192.168.0.100 and the Ending OP Address to 192.168.0.200. The SUBNET Mask is set to 255.255.255.0 If you go with option (1) make sure that you use an IP address outside of the range your DHCP server is allocating from. If you don't do this you'll end up with a duplicate IP on your network, and things won't work. In the rest of this document I'll use 192.168.0.1 to refer to this IP address. Step 3 - Initial Testing At this point you should be able to connect to the device, using the chosen IP address, from another computer on the LAN (it is important not to test from the device running the service). Until you get this to work there's no point in going further. I am able to access the DVR from my computer (192.168.0.2) Step 4 - Before Configuring the Router Your first step here is identifying what port(s) you need to forward. If you access the device with a web browser and a URL that looks like http ://192.168.0.1/ then you'll want to forward port 80/TCP. If it looks like http ://192.168.0.1:3128/ then you'll want to forward the number after the colon (:) - in this case port 3128/TCP. The DVR setup has a field for “HTTP Port”. The default is 80 but I have set it to TCP,UDP 85 so it will not conflict with any other devices. It also has a field for TCP Port that is set to the default 377777, and a field for UDP Port that is set to the default 37778. I access the DVR from within my LAN using this shortcut: http://192.168.0.13:85
EMail (SMTP) uses 25/TCP for mail server to mail server communication. Other ports are used for other purposes: 587/TCP is a port for client to server (SMTP), 110/TCP for POP3, 143/TCP for IMAP. Other ports are also used for SSL versions of those services, though most modern software can use TLS instead. Other ports can usually be found easily by visiting Google, or consulting the appropriate guide (more in a moment). Now, before you configure your port forwarding there may be a problem. Some routers will not actually forward traffic on the same port as their administrative interface uses, even though they'll happily let you set that up. If this applies to your router it'll be easy to spot - instead of getting the device you expected to see you'll get your router's admin page (or a login prompt for the router). Does this apply to trying to access the device from within the LAN? I have no problem accessing from within my LAN so I assume this is not my problem with access from outside. At this point you have 3 choices: 1. If supported, move the admin page to a different port 2. Forward a different port (and optionally use WebHop so that people don't have to add the port to the URL) 3. Try a firmware upgrade, or alternative firmware (DD-WRT, OpenWRT etc) where supported Step 5 - Configuring the Router to Forward Traffic Now it's time to configure the port forwarding. The manual that came with the router will detail how to do this, but if you've lost it (or don't want to look for it) there's a handy website with guides, and they even provide a program called PFConfig to do it for you. Port Forwarding for the Actiontec GT724WGR is not covered on the www.portforward.com website, but it seems to be straight forward. I am able to forward ports 85, 37777 & 37778 to the DVR IP 192.168.0.13 as described above. All you have to do is pick your router, pick the program you want to forward traffic to (or the protocol) and follow the instructions - complete with pictures. No problems getting the port forwarding set up…that I know of. Step 6 - Testing You now need to test from outside your LAN with the DynDNS hostname. The reason for testing from outside your LAN is that not all routers support loopback connections. There are several ways to test this: 1. Via a suitable online page. For web servers (or anything which uses a browser interface) there are various (limited functionality) online browsers (such as TCP Query from CentralOps). I don’t understand any of that. When I access the DVR form within my lAN it opens an application called “WEB SERVICE v2.0” on Internet Explorer where I input my user name and password. 2. From an external PC, online proxy or a VPN to a remote location. For email servers you can use the MX Toolbox service, which allows you to run some basic checks. This will give you a proper test, allowing you to see what others would see. If you are using a computer ensure that you do your testing from another home user connection. Many public connections and work networks block ports and will give you an invalid result. I don’t have easy access to a computer outside my LAN The DynDNS Open Port Tool allows you to check if portforwarding on your router is correctly configured, and your application is listening on the related port(s). I made sure the DYNDNS Updater program refreshed the IP, then opened this website and checked ports 85, 3777 & 37778. All showed the message ”An attempted connection to 220.127.116.11:37778 was refused. This typically indicates that there are no services available on that port, but that it is NOT being blocked by a firewall or your ISP.”
It doesn't work! Before you post, take a few minutes to go through the steps above again, checking that you've got it all right. It could be that you've made a typing error in the IP or port, selected UDP when you should have selected TCP, or just forgot to hit save on the router's configuration page. Next, check that the IP address your hostname resolves to is the same as the WAN IP address of your router. If it doesn't, wait 10 minutes and check again. If it still doesn't then check that your update client is working and has updated your hostname with the current WAN IP. If it has you may need to change your DNS servers (DynDNS, OpenDNS and Google all run free DNS servers) or flush your DNS cache. This is a problem. At the moment, the DYNDNS updater is showing 18.104.22.168 as the Current IP Address. However, the Actiontec GT724WGR modem/router combo is showing the WAN IP Address as 22.214.171.124 and the Gateway IP Address as 126.96.36.199. Why would this be different from the 192.168.0.1 I have set as the MODEM IP Address in the set-up as recommended? Of course these IP addresses will have changed by the time this is posted and read. If your router has a WAN IP address that looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC1918 IP address. You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Another thing to consider is that some ISPs block incoming traffic on common server ports (or just anything below port 1024). If you're trying to access a web based service (that is, with a web browser), then try forwarding a different port (say 10080) to your device. If that works then your ISP is blocking traffic - WebHop may be one option here. For mail servers the MailHop Relay service can help. I tried port 8585 (instead of 85) by updating the DVR port and adding that to the router port forwarding on the DVR IP but that did not help the situation. Any ideas?
Answer by RotBlitz · Feb 06, 2011 at 04:53 PM
Well, I called Centurylink regarding this issue...
That ISP's support was totally incompetent. If you can't get escalated it there to get a definitive answer, you better changed to a different ISP. ISPs operating at this knowledge and support level are rather dangerous for any customer...
While researching I found a post about an earlier version of DYNDNS Updater that "could report the router IP to www.dyndns.com". Is that a possibility?
This is only a solution in case you really can reach your network by using the IP address reported at the status page of your router. Can you?
Answer by Cry Havok · Feb 02, 2011 at 07:12 AM
Have you tried using your WAN IP and see if that works remotely? That will then tell us that your port forwarding works.
How rapidly does your WAN IP change? Does your hostname page on DynDNS show the same IP as the management page of your modem/router does for the WAN IP? At that time, does
nslookup yourhost.example.org show the right IP?
Answer by creager · Feb 02, 2011 at 10:47 PM
The ADD Comment function did not work
Right now I have the following conditions: DYNDNS Updater shows 188.8.131.52 http://checkip.dyndns.com:8245/ shows “Current IP Address: 184.108.40.206” The Actiontec GT724WGR modem/router combo Broadband Connection Status shows “WAN IP Address: 220.127.116.11”, but it changes every time I click the Disconnect and then the Connect buttons on the Broadband Connection Status screen.
Refreshing the DYNDNS Updater (after the Disconnect/Connect) still shows 18.104.22.168.
Refreshing the http://checkip.dyndns.com:8245/ (after the Disconnect/Connect) still shows 22.214.171.124
Have you tried using your WAN IP and see if that works remotely? That will then tell us that your port forwarding works. Using the WAN IP Address IP shows “Timed Out” when I check ports 85, 8585, 37777 and 37778. Whereas using the IP from the DYNDNS Updater program results in “Refused” each time.
How rapidly does your WAN IP change? I’ve only noticed it different after a Disconnect/Connect.
Does your hostname page on DynDNS show the same IP as the management page of your modem/router does for the WAN IP? No. Currently DYNDNS.com shows 126.96.36.199, The modem/router management page shows 188.8.131.52
At that time, does nslookup yourhost.example.org show the right IP?
**The result is:
There is also an IP reported as “Server: dnsc1-pell.al.centurylink.net” which matches the DNS Address #1 from the Broadband Connection Status screen.**
Could I possibly have an issue with the modem being bridged to the router? Or can it be assumed that they are bridged in a combo modem/router?
Answer by Cry Havok · Feb 03, 2011 at 07:19 AM
Comments are meant for just that, commenting on an answer (or question), not for providing large volumes of information.
What do other What's my IP type pages show? Do they also show
184.108.40.206? That would suggest your ISP is running some form of transparent web proxy if so.
It looks fairly certain that your ISP is running a transparent proxy, even on non-standard ports, or is NATing your traffic. At this point you must talk to your ISP to find out what they are doing, as without knowing what is causing this we can't help you any further.
Answer by creager · Feb 04, 2011 at 12:00 AM
What do other What's my IP type pages show?
Right now I see the following results
• Actiontec modem/router combo Broadband Connection Status shows “WAN IP Address: 220.127.116.11”
• DYNDNS Updater shows 18.104.22.168
• www.canyouseeme.org reports 22.214.171.124
o Ports 85, 8585, 37777 & 37778 all report “Error: I could not see your service on 126.96.36.199 on port (xx) Reason: Connection refused o Port 554 for a Trendnet camera reports “Success: I can see your service on 188.8.131.52 on port (554) Your ISP is not blocking port 554” but this port has always reported as open.
• http://www.yougetsignal.com/tools/open-ports/ reports 184.108.40.206
o When 220.127.116.11 is set as the IP Address the result is Ports 85, 8585, 37777 & 37778 all report ports are closed. Port 554 reports “Port 554 is open.” o When 18.104.22.168 is set as the IP Address the result is All ports (85, 554, 8585, 37777 & 37778) report closed.
• http://openportchecker.com/ reports ports 85, 8585, 554, 37777 & 37778 are all closed
• The FPPortChecker program I installed reported all ports open except port 554 on TCP. Port 554 on TCP reported o “Ping Result: We were unable to ping your router. o Port Check Result: Could not connect to the Portforward.com server. Your port is not open or not reachable”
• http://ports.my-addr.com/check-all-open-ports-online.php reports the following results
o When 22.214.171.124 is set as the IP Address the result is no open ports o When 126.96.36.199 is set as the IP Address the result is All ports (85, 554, 8585, 37777 & 37778) report open.
The results seem to be all over the place. I don’t know which source is the most reliable.
Do they also show 188.8.131.52?
That would suggest your ISP is running some form of transparent web proxy if so.
None reported 184.108.40.206 (Actiontec modem/router combo Broadband Connection WAN IP Address: 220.127.116.11)