help me figure out why i can't forward ports

INeedNoSalt

hello people, i need help with port forwarding on my stupid home network.

this is how my dad has set up our home network:

the cable modem feeds into the first router, which is an ethernet broadband router

the ethernet broadband router runs a cord from the basement (where the first router is) up to the first floor, where it plugs into the second router, which is a wireless router. it also runs a cord up to the living room for the xbox.

i am using a laptop with a wireless thing as a bridge to my PC, but that's not relevant right now because I disabled that and am just trying to get the port to be open to my laptop at the moment.


I am trying to forward a port to my PC.

Here is what I have going on presently:


The first router, which is 192.168.1.1 and services 192.168.1.100 and onward, is set to forward The Port to 192.168.1.101, which is the internal IP that corresponds to the second router.

The second router, which considers its own WAN IP to be 192.168.1.101 and its internal IP to be 192.168.0.1, services 192.168.0.100+ on its own internal IP list thing. The second router is set to forward The Port to 192.168.0.131, which is my computer.

So, the way I'm understanding this, it should go like this:

message comes to Router 1's External IP (24.145.etc.etc)
Router 1 sends it to Router 2's External IP (192.168.1.101), which is part of Router 1's LAN
Router 2 sends it to My PC (192.168.0.131), which is part of Router 2's LAN.

But, uh, it doesn't work.

I have a firewall on my laptop, but it's been told to let this specific port through, as well.

Sorry if I've fucked up any terminology, I have no formal training in this area

I was working from this: http://portforward.com/help/doublerouterportforwarding.htm

DrFrylock

I'm not sure why that's not working. You can simplify your network somewhat by replacing Router #2 with a switch, or turning it into a switch/bridge by turning off NAT and DHCP. That way, Router #1 will serve all your internal IP addresses and there will only be one forwarding 'hop.'

That may help with the forwarding.

INeedNoSalt

How would that be accomplished?

Or work, even? (I guess this part is curiosity)

Like I said, I don't have a lot of experience with this stuff

DrFrylock

Right now you have two internal networks, one NATed behind router 1, and one NATed behind router 2. This is unnecessary. If you turn off NAT on Router 2, then all your DHCP requests will be passed through Router 2 up to Router 1, and Router 1 will hand out the IP addresses. All your machines will then be in the same subnet, and you won't have to worry about double-forwarding things. Unless you have 250+ machines on your internal network, this should be fine.

You do that by going to the administrative page of Router 2 and turning off NAT and DHCP. Point a web browser at Router 2's IP address (when connected to Router 2) and logging in. Then find the menu options to disable those things. There are different mechanisms for different routers but it's in there somewhere.

INeedNoSalt

Okay, I'll take a look at that.

Here's some new news: I took my laptop to the basement and plugged it directly into Router 1 (so that I could bypass router 2), and see if I could help figure out where the port forwarding is failing.

With Router 1 now forwarding The Port In Question (44301, for what it's worth, the port PunkBuster uses for APB) to my laptop, websites like http://canyouseeme.org/ and http://www.yougetsignal.com/tools/open-ports/ are still showing it as being closed/blocked.

DrFrylock

1) Could be your ISP is blocking it at their router, in which case you're screwed.
2) Check to make sure the port is open in the router's firewall as well as forwarded, if those are two separate options.
3) If you are running a software firewall on your laptop (including the default windows firewall) then your laptop is blocking it.

INeedNoSalt

I can't find any information about a firewall when screwing around with router settings; I've told windows firewall to open that particular port (and even tried with the firewall disabled entirely).

If the ISP is blocking it, well man, that's some bullshit.

Edit: I can't find anything about Earthlink being stingy about ports. Groargh.

uean

Read the OP, said to myself "it's a NAT issue", saw someone said NAT already, leaving thread.

(I agree, turn off NAT and DHCP on the second router - the second router is redundant. Get a switch, or if you need wireless, get a wireless AP, but no need for a wireless router. Remember wireless routers join seperate networks together. Using two routers on the same internal network? No need.)

edit - also check the management IP's (192.168.0.1) aren't the same on both routers. If they are, change it

INeedNoSalt

does that account for not being able to forward ports into my laptop if i go directly through the first router (and bypass the second one) by just plugging my laptop into my router

also, still no success if I run windows in safe mode

uean

INeedNoSalt wrote: »

does that account for not being able to forward ports into my laptop if i go directly through the first router (and bypass the second one) by just plugging my laptop into my router

also, still no success if I run windows in safe mode

Disable the windows firewall to start.

Does your router have options for a DMZ? Quick test, add the IP of your laptop to the DMZ and see if things work. If they work, you haven't forwarded your ports correctly in the router. Get the laptop out of the DMZ after this test though (generally this is pretty bad practice but it's ok for troubleshooting)

Assuming your ISP gives you a dynamic IP address? How have your forwarded your ports in the router? What are the settings reading?

edit - don't bother with safe mode, this is out of the scope of that. It's a network issue.
edit2 - DUH. YOu say Router 1 is at 192.168.1.1, router2 is at 192.168.0.1, and your laptop was behind router2? They're on seperate subnets and can't communicate. Turn off NAT and DHCP on router2, set the IP of router2 to 192.168.1.2, set a static IP on your laptop to 192.168.1.3 (S/M 255.255.255.0, DG 192.168.1.1), and change your DHCP scope to 192.168.1.10-192.168.1.100 and you should be all set. Subnet Mask 255.255.255.0 for both, router 2 should have a gateway of 192.168.1.1 (the first router).
edit3 - or whatever. I read it wrong. Still, they need to be on the same subnet. Get both routers on the same subnet (192.168.1.x) and ensure your laptop is on the same. Then disable NAT and DHCP on router 2. Should all work fine and dandy.

INeedNoSalt

the windows firewall has been disabled since i started messing with this.

i've tried setting my lapto to DMZ and it still doesn't let anything through (even when I'm just running directly from the router to my laptop)

i am not totally sure what you're looking for when you ask "what are the settings reading"



does that help

my dad fears technology and efficiency with equal fervor and isn't going to let me disable NAT and dhcp on the second router.

for 'security'.

in two weeks i'll be back at school where i have total unparalleled control over the router -- the one router, all by its lonesome -- and life will be good again.

in two weeks. ._.

uean

Yeah, see my edits in the previous post - the issue is right there. You're forwarding ports outside of your subnet range. See how your router is set to 192.168.1.101, and your desktop is 192.168.0.101? That's not going to work. Quick and dirty fix: Set router 1 to be 192.168.1.1. Turn off NAT and DHCP on router 2. Set router 2 to be 192.168.1.2. Set static IP on laptop to be 192.168.1.3. Router 1, set DHCP scope (range of IPs to hand out) to be 192.168.1.10-192.168.1.100. Now for your port forwarding, set all of that up on router 1, and have them all point back to 192.168.1.3. All computers and routers should have subnet mask 255.255.255.0. All routers and computers should have default gateway 192.168.1.1.

Why?

255.255.255.0 defines the range of IPs of the current network. In laymans terms, the first three sets of numbers (the 255's, or the 192.168.1) are the network ID, meaning everything in this range talks to each other, and the fourth set of numbers (192.168.1.0-256) are the current hosts. You can increase the number of available hosts/IPs by changing the subnet mask to 255.255.0.0, but there is absolutely no need on a home network.

Default gateway? This should be the IP of the machine/device going externally for information, or in even simpler terms the the IP of the machine/device that is joining dissimilar networks together. Egs. Your home network and the internet are seperated by a router, where the internet has raw IPs, and your internal network uses private IPs in the 192.168 range. The default gateway is the IP of the device that connects those networks together. And a sidenote, NAT (network address translation) basically is just a protocol that translates internal private IPs (192.168.x.x) to external IPs through the default gateway... caches a request from 192.168.1.3 for example, sends it out on your ISPs IP for your home (24.25.26.27 for example), then brings it back from the server to 24.25.26.27, hits your router at 192.168.1.1, and translates it with NAT back to 192.168.1.3.


DHCP - Dynamic Host Configuration Protocol - A method of automatically assigning IP addresses to devices on a network without user intervention. Does nothing for security, but makes network administration infinitely easier as you don't need to go to any device and assign a static IP. The DHCP server (in most home network cases, the main router sitting between the internal network and the internet modem) assigns the IPs to all connected machines based on the next free slot, according to the existing leases. You can set yourself a static IP if you want within a network adapter's settings, but you have to make sure it is outside of the DHCP range, or else a duplicate can occur and the network crunches to a halt (DHCP assigns an IP to a machine that you;ve set for your machine statically, and both machines cease functioning).

Hope this makes sense.

edit - tell your dad NAT and DHCP have absolutely nothing to do with security and if he won't let you turn them off the network won't work, and he'll have to shell out $80 bucks for a switch without those capabilities. Because of this edit I've also explained DHCP above

INeedNoSalt

so are you saying that the information is getting lost along the way because it doesn't know how to reach the .0.xxx range covered by the second router? (it's not just my laptop that is covered by those ranges, all of the computers/wireless things in the house that connect through the wireless router are 192.168.0.[1-100].

that's just for my curiosity, though, a need to be informed; i'll try what you're saying here and see how it works.


as i mentioned above, though, would this still be a problem when i'm just plugged directly into router 1? in that case, the ports forwarded on router 1 directed to 192.168.1.102, which was my laptop when it was plugged into route 1 with an ethernet cable.

uean

INeedNoSalt wrote: »

so are you saying that the information is getting lost along the way because it doesn't know how to reach the .0.xxx range covered by the second router? (it's not just my laptop that is covered by those ranges, all of the computers/wireless things in the house that connect through the wireless router are 192.168.0.[1-100].

that's just for my curiosity, though, a need to be informed; i'll try what you're saying here and see how it works.


as i mentioned above, though, would this still be a problem when i'm just plugged directly into router 1? in that case, the ports forwarded on router 1 directed to 192.168.1.102, which was my laptop when it was plugged into route 1 with an ethernet cable.

Yes. Exactly. It's like trying to yell to someone in Japan and expecting them to hear you. Completely different networks. The router you have may be doing some witchcraftery to give them internet access behind the scenes, but the port forwarding definitely won't work.

Couple things I guess. 1) If you're going to be forwarding ports to an IP, you have to assign a static IP to the device. Otherwise, over time the DHCP server may assign what is your current IP to another machine, and the port forwarding stops working. Follow my steps above - turn off DHCP on router2, assign a static IP to your laptop. How? Windows XP --> control panel, network connections, right click the adapter, properties, Internet Protocol, properties, and set a static IP in there of 192.168.1.3, S/M 255.255.255.0, D/G 192.168.1.1. Win Vista/7 --> Control Panel, network connections, right click adapter, IPv4, properties, same as above. Oh, I forgot - when you set a static IP, you have to also set a DNS server. Just make that router 1 (192.168.1.1) as it gets the DNS servers from the ISP.

2) If you're plugged direct into router 1, and as you say your computer has an IP of 192.168.1.102, the port forwarding isnt going to work as the ports are going to 192.168.1.101. Set the static IP of your laptop correctly, change the port forwarding to go to that static IP, ensure that the DHCP range is not overlapping the static IP you've given your laptop, and it'll work.

I love posting in this thread to help others with similar issues in future, but if you need a hand getting the thing working send me a PM and I can do a remote session with you.

INeedNoSalt

If you're plugged direct into router 1, and as you say your computer has an IP of 192.168.1.102, the port forwarding isnt going to work as the ports are going to 192.168.1.101.

Well, I changed the destination for the ports while my laptop was plugged into that router, is what I mean (so they were routed to 192.168.1.102 until then, and when I came back upstairs and back to wireless, i reset the port forwarding to .1.101)

This has been helpful though ... I'm going to sleep now (because it's 2 AM and tomorrow's my birthday and I don't want to sleep through it), but I'll try to put your advice into practice tomorrow or Monday.

Thanks a ton