Port forwarding

I use the Overnet P2P application. It wants TCP 4662 and UDP 3172 open to increase the traffic as it allows other users unsolicited access to my files. Overnet will be in "firewalled" state if the PC is unreachable from outside. I can't get it to work, it states "firewalled" no matter what I do. Pls. can you help?

I have the following setup

Cisco 677 adsl "modem" connected to a gateway PC running XP Pro on my network with two NICs. The network consists of two PC's running Win98SE and one running XP (with two NICs). This one functions as a bridge to my laptop also running XP. (The reason for this setup is that I have a coax network between the PC's, and a "normal" (the one with the little flat phone plug whatever that is called) between the "modem" and the gateway and between the PC with the bridge and the laptop.

I want Overnet to run on the Laptop as that is the one I use the least.

I have a static IP address with my ISP.
The modem is 10.0.0.1
The gateway 10.0.0.3 against the modem and 192.168.0.1 against the network.
The laptop has 192.168.0.105 (yes I use DHCP, but leave computers on all the time so they keep the same IP number).

The gateway runs ICS with the firewall enabled. I addition I use Zonealarm on all the PC's.

I have tried to setup zone alarm to allow the required TCP and UDP traffic on both the laptop, the bridge and the gateway, but have for testing purposes stopped zonealarm on all PC but still no luck.

I have gone under advanced in the ICS settings on the gateway and forwarded the TCP and UDP ports to 192.168.0.105.

I have forwarded the ports on the modem as well. I guess it is the gateway with ICS which does the NAT so the modem doesn't know anything but the gateway so I have forwarded the ports to 10.0.03. But for the sake of good order I have also tried to 192.168.0.105.

Still no luck. I am restarting Overnet after each new setup attempt.

What am I doing wrong?

Per Bressendorff
Copenhagen, Denmark

 

To make sure I'm not confused about your setup, I read that your ISP has assigned 10.0.0.1 to you as a static IP address for your modem. Do I have that part right?

Also, more information just to clarify things. And for the purposes of discussion
PC1 - XP running ICS
PC2 - laptop

Please do the following and post your results with clear identification of which info is for PC1 and which is for PC2.

On both the PCs, run these commands and post the entire contents of the text files that will be generated. Don't mask any of the information.

start~run~cmd
ipconfig /all > c:\ipconfig.txt

A note that if you are running Zone Alarm on all your PCs, the ICS firewall is not needed, does not add any security for you, and can complicate your life. So disable it and if you have the XP firewall running anywhere, disable it as well.

 

Port forwarding continued ...

Thanks,

First a correction: PC1 is 10.0.0.2 against the modem, not 10.0.0.3 as I incorrectly stated in the first post.

I use telnet to communicate from PC1 to the modem at address 10.0.0.1 as instructed by my ISP. So I guess it is statically assigned by the ISP.

I have disabled the ICS firewall and reactivated ZoneAlarm on all PCs (don't like to be completely exposed).

I didn't know there was a difference between ICS firewall and XP firewall. Where do I find the XP firewall?

Here are the requested IPCONFIGs. I have added one for PC3 being the bridged PC.


*** PC1: ***



Windows IP Configuration



Host Name . . . . . . . . . . . . : am

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : CNet PRO200 PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-80-AD-06-68-71

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 212.242.40.3

212.242.40.51

Lease Obtained. . . . . . . . . . : 31 August 2003 19:00:01

Lease Expires . . . . . . . . . . : 31 August 2003 19:18:01



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8029(AS) PCI Ethernet Adapter

Physical Address. . . . . . . . . : 00-80-AD-00-E4-CA

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :



*** PC 2: ***



Windows IP Configuration



Host Name . . . . . . . . . . . . : conserve

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : SiS 900 PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 31. august 2003 18:56:11

Lease Expires . . . . . . . . . . : 7. september 2003 18:56:11


*** PC3: ***



Windows IP Configuration



Host Name . . . . . . . . . . . . : per

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Network Bridge (Network Bridge):



Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : MAC Bridge Miniport

Physical Address. . . . . . . . . : 02-80-AD-3A-4E-35

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.127

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 31. august 2003 18:56:00

Lease Expires . . . . . . . . . . : 7. september 2003 18:56:00


*** end of IPCONFIGs ***


Hope this helps,
Rgds
Per

 

Thanks. That does help. But also tells me I need more details about how you are configured.

- Why are you using the LAN Bridge?
- What, exactly, are you having to use telnet for?
- Please describe how the PCs are connected. You mentioned coax so probably some 10-base-2 stuff. And the bridge makes me think maybe a phone line connection from one PC to another.

Given the IP address your ISP has assigned to you, they are doing some interesting things on their end as well. It may turn out the problem is with their setup but can't tell at this point.

As to the XP firewall, that was bad word choice on my part. The proper name is ICS firewall (ICF). Do I understand you now have it turned off on all your PCs? So ZA is running and ICF is not?

 

Hi again,

Lan Bridge because my PC (PC3) is connected to the home network via the Coax 10-base cabeling and the laptop (PC2)sitting next to me has the "new" net connection (the flat phone like plug with 4 wires - I can't remember what that kind of cabelling is called). I have two NIC's, one of each kind in my PC (PC3) and a "bridge" between the two cards.

Telnet is used for communicating with the Cisco 677 modem when I need to give it the commands to forward the ports (actually I now use Hyperterminal and a serial cable - but when I did use telnet I had to use the 10.0.0.1 addres which is why I know that is the address of the modem).

Yes the Coax is some kind of "Token Ring" topology. Just one cable running around the house rather than the star topology of a router/switch solution. Should have upgraded but is waiting until I have the time/money/knowledge to go wireless.

I have turned off ICS firewall on the PC1. On PC2 it is not and has never been activated. On PC3 the option is not available (probably because of the bridge setup?).

ZA (ZA Pro version 4) is now running on all PCs. Under firewall, Internet Zone (which is set to high security), Custom, I have allowed incoming and outgoing traffic on the required ports.

I really appreciate your continued help!

Brgds
Per

 

With the current config, can PC3 access the Internet Via the Cisco 677 (with NAT enabled)?

Can you ping PC3 from the Cisco or another machine on the 10.0.0.x network if you have one (not including PC1)?

The way I understand it is that the Cisco device doesn't know about your 192.168.0.0 subnet so if it gets a packet from the Internet and needs to send it to a 192.168.0.0 address, it has no route to that network. To add a static route on a Cisco 677, check the manual (will probably have to disable bridging mode).

If the route is in place and the dual NIC XP machine is routing properly, you should then be able to ping 192.168.0.105 or .127 from the Cisco or a 10.0.0.0 client. Note that a software firewall can stop the client returning a response to ping.

 

Given the 10.x.x.x IP address your ISP has assigned, I imagine they are using NAT.

It's possible that your stuff is getting trashed by their NAT so it never gets as far as your network. You probably need to call their Tech Support to find out.

Take a look Here for a very brief overview of NAT & Port Forwarding.

 

Hmmmm....

I do know my static IP address 212.242.xxx.xxx (don't want to show the full one here). I would have thought that this IP address reaches the router/modem which does the NAT translation to 10.0.0.1 for itself on the local network site.

Also I use Adobe GoLive for maintaining my web site. In order to do that I have had to allow access through some TCP port (can't remember the numer here) and once I had done that GoLive worked fine. That leads me to believe that TCP ports are being allowed thru in other circumstances.

However, I will follow your advice and check with my ISP what they are doing and if they know what the router/modem they have supplied is set up to do.

Thanks
Per

 

Ahhh - that puts a slightly different light on things.

The ipconfig listings you showed had a pair of private address sets. 192.168.x.x and 10.x.x.x. Since both of these are never assigned on the internet, there has to be some fancy footwork to get you to an internet connection via some non-private IP address.

You speak of having a static address of 212.242.xxx.xxx but what device has that address?

If you'd mentioned having a router, I'd assume the address belonged to the "public" side of the router. As it is, it pretty much has to be a modem that does NAT.

If that's the case, then that's pretty much where the problem has to be so no need to bother your ISP - yet.

Is your web site available on the internet?