I am unable to access any equipment on my network from outside my router. For this question I will concentrate on my Q-See QC40198-814-5 DVR. I have assigned it a static IP to the DVR. I have no problem accessing the DVR within the LAN, and can surf the internet and check email without a problem. I have a PPPOE DSL connection through Centurylink with a dynamic IP. I’ve called their Advanced tech support two times to ask if they block any ports and the answer was no both times.
I am currently using the following modem/router combo: Actiontec GT724WGR Firmware 188.8.131.52.14.
I have followed the guides at PORTFORWARD.COM for the D-Links but none was available for the Actiontec. I always forward ports 85, 37777 & 37778 as the Q-See manual suggests. Those ports are assigned in the DVR.
When I use FPPortChecker to check the ports, every port I have forwarded shows as open. But, every other random port is also showing as open. This is the same for all three modem/router combos.
When I use http://www.dyndns.com/support/tools/openport.html , only port 554 (for a Trendnet Camera) shows as Open. Every other port shows as REFUSED. Strangely, this is the same for all three modem/router combos.
My DynDNS hostname is creager.homeip.net.
See my comments and questions in bold below
The WAN IP shown in your router's management page (not any pages on the Internet): • I have always set the router static IP to 192.168.0.1 and Subnet mask to 255.255.255.0. However the Actiontec management page shows the Gateway IP Address as 184.108.40.206 and Subnet mask as 255.255.255.255 The IP address, netmask and default gateway of your camera: Not sure about this; do you want info for the camera or the router. I have followed “the guide” below, and have added comments and questions where I did not understand.
Terminology Device: This may be a computer, a DVR, a web-cam, anything on your network that you can access from your network, but want to be able to access from outside it. LAN: Your network WAN: Your connection to your ISP's network
Before You Begin Check the WAN IP address of your router - if it looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC1918 IP address (often referred to as private addresses). You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Until that is done you won't be able to get anything else working. only way to be certain of the WAN address is to look at your router, or if you have one your ADSL modem. You can use one of the many web pages that will tell you what your WAN IP address appears to be. Be warned however that if you are behind a proxy server, or you have one of the RFC1918 IP addresses referred to above, they will report the wrong IP address and you will waste time trying to get this working.
Summary There are 5 general steps: 1. Configure a device on your network (that is always on) to update your DynDNS hostname with your IP address. DynDNS publish a list of approved clients that you should consult. 2. Configure the device you want to forward traffic to with either a static IP address, or a static DHCP lease. This ensures that the time spent configuring the router (in a moment) isn't wasted if/when the IP on your device changes. 3. Test the device from your LAN. 4. Configure your router to forward traffic to your device. How you do this depends on your router, and what you want to access. Fortunately there is a web site that publishes guides. 5. Test your setup from outside your LAN.
ADSL or multiple routers If you have a separate ADSL modem and router, or you have multiple routers, what follows isn't enough. You'll also need to forward the same ports from the external network device (ADSL modem or router) to the internal router before forwarding those ports from the internal router to the device you're trying to access. I am using the Actiontec GT724WGR modem/router combo with Firmware 220.127.116.11.14.
Step One - Configure Updating
First of all, you have to make one basic decision - are you going to do your updating from your router, or from a PC? Running it from a PC (Windows, Linux or other) can mean that you get better logging and more control, but may result in more network traffic and greater delays in updating changed IP addresses (10 minutes rather than 1 minute). Using a non-approved router may mean that it is harder to get it working, or that you get blocked for updating your IP too often. I assume this refers to the DYNDNS Updater program. I have installed and updated it with my hostname.
If you are running your updater on Linux/*BSD or any other non-Windows platform it is generally best to install from a package (whether that be an RPM, a DEB or from ports/portage). That way you should get the required startup scripts and a sample configuration file.
Step 2 - Configuring the Device
You need to ensure that the device you forward traffic to has a static (aka fixed) IP address. If you don't do this then at some point the IP could change, and you'll be wondering why it's suddenly broken.
There are 2 ways of doing this.
1. On the device itself - how you do this depends on the device or underlying operating system. I have disabled DHCP on the DVR and set the IP to 192.168.0.13. I have also disabled the DHCP server on the other devices on my LAN and assigned static IPs to all between 192.168.0.4 and 192.168.0.20
2. On the DHCP server (usually on the router) - many offer the option of assigning a fixed IP address to any given device (usually by MAC address). I have enabled the DHCP server on the Actiontec GT724WGR and set the Beginning IP address to 192.168.0.100 and the Ending OP Address to 192.168.0.200. The SUBNET Mask is set to 255.255.255.0
If you go with option (1) make sure that you use an IP address outside of the range your DHCP server is allocating from. If you don't do this you'll end up with a duplicate IP on your network, and things won't work. In the rest of this document I'll use 192.168.0.1 to refer to this IP address.
Step 3 - Initial Testing
At this point you should be able to connect to the device, using the chosen IP address, from another computer on the LAN (it is important not to test from the device running the service). Until you get this to work there's no point in going further. I am able to access the DVR from my computer (192.168.0.2)
Step 4 - Before Configuring the Router
Your first step here is identifying what port(s) you need to forward.
If you access the device with a web browser and a URL that looks like http ://192.168.0.1/ then you'll want to forward port 80/TCP. If it looks like http ://192.168.0.1:3128/ then you'll want to forward the number after the colon (:) - in this case port 3128/TCP. The DVR setup has a field for “HTTP Port”. The default is 80 but I have set it to TCP,UDP 85 so it will not conflict with any other devices. It also has a field for TCP Port that is set to the default 377777, and a field for UDP Port that is set to the default 37778. I access the DVR from within my LAN using this shortcut: http://192.168.0.13:85
It doesn't work! Before you post, take a few minutes to go through the steps above again, checking that you've got it all right. It could be that you've made a typing error in the IP or port, selected UDP when you should have selected TCP, or just forgot to hit save on the router's configuration page. Next, check that the IP address your hostname resolves to is the same as the WAN IP address of your router. If it doesn't, wait 10 minutes and check again. If it still doesn't then check that your update client is working and has updated your hostname with the current WAN IP. If it has you may need to change your DNS servers (DynDNS, OpenDNS and Google all run free DNS servers) or flush your DNS cache. This is a problem. At the moment, the DYNDNS updater is showing 18.104.22.168 as the Current IP Address. However, the Actiontec GT724WGR modem/router combo is showing the WAN IP Address as 22.214.171.124 and the Gateway IP Address as 126.96.36.199. Why would this be different from the 192.168.0.1 I have set as the MODEM IP Address in the set-up as recommended? Of course these IP addresses will have changed by the time this is posted and read. If your router has a WAN IP address that looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC1918 IP address. You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Another thing to consider is that some ISPs block incoming traffic on common server ports (or just anything below port 1024). If you're trying to access a web based service (that is, with a web browser), then try forwarding a different port (say 10080) to your device. If that works then your ISP is blocking traffic - WebHop may be one option here. For mail servers the MailHop Relay service can help. I tried port 8585 (instead of 85) by updating the DVR port and adding that to the router port forwarding on the DVR IP but that did not help the situation. Any ideas?
asked Feb 02 '11 at 01:11 AM in Default
That ISP's support was totally incompetent. If you can't get escalated it there to get a definitive answer, you better changed to a different ISP. ISPs operating at this knowledge and support level are rather dangerous for any customer...
This is only a solution in case you really can reach your network by using the IP address reported at the status page of your router. Can you?
answered Feb 06 '11 at 04:53 PM
Well, I called Centurylink regarding this issue. I explained that using the WAN IP Address reported by my router would allow me access my network from outside my LAN, but the IP reported by www.canyouseeme.org , http://www.dyndns.com/support/tools/openport.html, http://checkip.dyndns.com/ and so forth, reported a different IP Address that did not allow outside access. I asked if I was behind a proxy or was subject to any kind of NAT function.
The tech at Basic Support seemed clueless and quick to hand me off to Advanced "Rescue IT" Support. That one took cluelessness to an advanced level. He didn't "think" I was behind a proxy but "had no way to be certain", and was familiar with the term NAT but was not sure how that would affect me.
I answered the question, "Can you surf the internet?" as yes. They jumped on that and insisted my service was OK since I could surf the Internet. I was repeatedly encouraged to sign up for a Static IP.
Short of a Static IP, how would I get the WAN IP reported by my router sent to www.dyndns.com?
While researching I found a post about an earlier version of DYNDNS Updater that "could report the router IP to www.dyndns.com". Is that a possibility?
I've already provided the reason why your WAN IP is likely different to what site see:
It looks fairly certain that your ISP is running a transparent proxy, even on non-standard ports, or is NATing your traffic. At this point you must talk to your ISP to find out what they are doing, as without knowing what is causing this we can't help you any further.
I've added some emphasis to highlight what you have to do next.
answered Feb 05 '11 at 09:31 AM
Cry Havok ♦
I was able to get through to Actiontec tech support yesterday. After resetting the modem/router to the factory defaults, setting it up and re-accomplishing the port forwarding, the results were open when I checked the ports using the IP from the modem/router on http://www.yougetsignal.com/tools/open-ports/
www.canyouseeme.org displays a totally different IP from the modem/router-188.8.131.52
nslookup [yourhostname] resolver1.dyndnsinternetguide.com displays the same IP as the modem/router
Dyndns Updater displays the same IP as www.canyouseeme.org-184.108.40.206. I disabled the Dyndns Updater and activated the DDNS on the DVR. My DYNDNS.COM account then shows the same IP as www.canyouseeme.org and displays the message "Your current location's IP address is 220.127.116.11"
I don't understand how the modem/router WAN IP Address would be different from what is being reported by the Dyndns Updater or the DVR.
answered Feb 05 '11 at 12:38 AM
What do other What's my IP type pages show?
Right now I see the following results
• Actiontec modem/router combo Broadband Connection Status shows “WAN IP Address: 18.104.22.168”
• DYNDNS Updater shows 22.214.171.124
• www.canyouseeme.org reports 126.96.36.199
• http://www.yougetsignal.com/tools/open-ports/ reports 188.8.131.52
• http://openportchecker.com/ reports ports 85, 8585, 554, 37777 & 37778 are all closed
• http://ports.my-addr.com/check-all-open-ports-online.php reports the following results
The results seem to be all over the place. I don’t know which source is the most reliable.
Do they also show 184.108.40.206?
That would suggest your ISP is running some form of transparent web proxy if so.
None reported 220.127.116.11 (Actiontec modem/router combo Broadband Connection WAN IP Address: 18.104.22.168)
answered Feb 04 '11 at 12:00 AM