Common Problems & Fixes For Port Forwarding.
By Shane C. of PcWinTech.com
Port forwarding can sometimes be a rather big pain in the butt. Depending on
which router the person has (Some routers are easier than others at setting up
port forwarding rules) it can be easy to setup, but not easy to get working. On
this page I will go over the most common problems I find when helping people get
their port forwarding working and how to fix them. If you would like to know
more about what port forwarding is you can check out my page "Port
Forwarding in a Nutshell"
Rule # 1 on Testing Port Forwarding:
When testing your port forwarding to your computer make sure to use my Port
tester program and not an online port tester.
http://www.pcwintech.com/simple-port-tester
"Most online port testers fail no matter what if nothing accepts their
connection attempt. This port tester program will open the port on the system it
is running on and listen for a connection from this site. So when the port
tester program says the ports are open you can count that they are :-)"
The port tester is only for testing to your computer, not to other devices,
because it has to open the port on the system to listen for a connection. So the
port tester is of no use if testing say your DVR or something else other than
the computer.
The port tester will also show your computers local IP, so this helps to make
sure that you have the right IP in the port forwarding rule.
Problem #1:
More than 1 router.
The most common problem I come across is people who are behind 2 or more
routers and don't realize it. Thankfully, it is easy to identify if you are
behind more than one router and easy to fix :-)
(UPDATE: I have now made a tool to help detect if you are behind multiple
routers.
http://www.pcwintech.com/shanes-toolbox
I have also added this tool to the Simple Port Forwarding program under the
tools menu)
- The first step is to log into your router, then find the status page. The status
page normally shows the WAN or Internet IP address. The address should be the
same as your internet IP that shows up on the
port tester
page.
- If it is not (some ISP's put people behind a proxy to block p2p) it may be a
local IP address, which means it is getting it's IP from another router.
As you can see by this example this routers internet IP is a local address,
this means we are behind another router.
- In this case the gateway is the same as the other router's
IP address.
- Use this address to log into your 2nd router just like you did your with your current
router.
So in this case I logged into this router using
http://192.168.1.1 and to log into the other router I would use
http://192.168.1.254 (The gateway address in
the picture)
- Why would you need to log into the other router? Easy, give this a read "How
To Setup Two or More Routers Together".
So here is a quick step by step.
Step 1. Login into your Router
Step 2. Find the status page that shows the WAN/Internet IP address and
write it down.
Step 3. Log into the first router/modem now.
Step 4. Find the DMZ page
Step 5. Enter the IP you wrote down into the DMZ page and enable DMZ.
Step 6. Save and your done.
Thankfully it is easy to get port forwarding if this is happening. We simply
tell the first router to send all incoming connections to the 2nd router where
the port forwarding rules are. Follow the guide and multiple routers will no
longer be a problem.
Problem #2:
Wrong IP address in the port forwarding rule.
Ok, so lets say you are not behind a 2nd router, or you already fixed it if
you where. Yet your port forward test still fails. Another problem is in the
port forwarding rule itself. Most routers, like Linksys, only let you put in the
last part of the IP address to forward to (making sure the user doesn't put in
an internet IP instead). While other routers let you put the whole IP in (Some users
accidentaly put the internet IP instead of the Local IP in). People can get
confused on what IP address they should put in. Other times people may want to
make a port forwarding rule for their PS3 or Xbox and put the wrong IP in as
well.
To make sure the port forwarding rule is working correctly, the IP address of the
rule should point to the computer, or machine, you want the connection to go to.
Some users have put internet IP's in or just the wrong IP all together (Such as
putting their computers IP in when they want the IP from their Xbox).
So lets say I want to make a port forwarding rule that sends an incoming
connection to my PS3. I log into my PS3, go to the network status and find what
IP it has. This will be the IP I put into the rule. I will not use the IP of my computer
or the IP of the server I want to connect to.
Now some of you may say (my fellow techs out there) "Why on earth would
someone put the wrong IP like that in?" well you need to remember that a lot of
home users are new to port forwarding and IP addresses. They don't
always understand the differences between a LAN ( a local network) and a WAN
(the internet). They simply need to learn, and then they will handle things just
fine. :-) After all we all started at some point, better late then never!
Problem #3:
Firewall settings in the router.
Some of the newer routers are coming out with more firewall options built
into the router. Some of these options do not let any incoming connections in
even if a port forwarding rule is already in place. Thankfully the routers that
have the extra firewall options come with good information on the page about
which setting you should use to allow port forwarding to work.
Normally you can just turn off the firewall or just put it at its minimum
setting. Your computer will still be protected. A router is a hardware based
firewall already, the firewall options in the router are simply more options to
better control things if needed. (Of course many routers are different, some are
very advanced and others are rather simple)
Here is an example from a router from Verizon and its firewall options.
As you can see if it is set any higher than minimum security that all the
inbound policies (the port forwarding rules) will be rejected and port
forwarding wont work.
So now you know to check and see if your router has any firewall options that
might be blocking the port forwarding rules.
Here is an example from a Zyxel Router and its firewall options.
As for this example you will see the WAN (Internet) to LAN (Your Computer) is
set to block. This will keep port forwarding from working.
Set it to Forward and hit apply.
Here is an example from a rather Common Router and its firewall options.
As for this example the SPI options blocks all the port forwarding. So this
needs to be disabled.
Routers differ in their firewall rules and settings. Make sure to check for
any firewall settings in your router to see if anything is set to block incoming
connections.
Problem #4:
Firewalls in Windows, Linux & Mac
I have also found that some home users don't realize they have a firewall
installed in the first place. A lot of the antivirus packages out there come
with built in firewalls as part of the antivirus. So users think they have
antivirus but don't realize it is also a firewall. So when a warning pops up
about a program trying to connect to the net they seem to like to hit block by
default, thus breaking things more than helping.
I have also helped users who uninstalled their firewall software but it
didn't remove properly. So the firewall drivers where left behind and blocked
all incoming connections. So the user had to dig in and get them removed before
port forwarding would even work.
For a user who doesn't understand how or what a firewall is used for, they
should not have one installed if they are behind a router anyways.
Remember a router is a hardware based firewall, it blocks incoming connections
except those allowed through by the port forwarding rules. In cases like this
the only real reason to have a software based firewall installed is to block
programs from connecting to the net. Now this is great for us techs who
understand and know what will happen if we block a program. But to many times I
have had to go to a customers home and fix their system because the firewall had
blocked Windows, their email or something important from even getting on the
net. The user was told to click block on everything (who ever told them that
should be slapped lol) so since they didn't know what the file or program
was for what they ended up pretty much killing their own internet connection. So you
can see my frustration with software firewalls for people who don't know how to
use them.
With all that being said double check that the firewall you have installed
isn't blocking the program or port you need open. The built in Windows firewall
can be a pain as well, but normally does not cause the problems that many user installed
software firewalls cause. But never the less, make sure the windows
firewall allows either the port or program through as well.
Problem #5:
Corrupted/Broken Windows Firewall
If the windows firewall is corrupted or broken this will keep port forwarding
from working as well. I helped a user who was not behind any routers, was
connected directly to the modem. No firewall software of any kind installed,
heck he didn't even have a antivirus (He had one by the time I was done helping
him hehe).
While looking into his system trying to find out what was blocking the
connections I noticed the Windows firewall service was off. When I went to turn
it back on it failed. Digging more into it the WMI was corrupted which kept the
Windows firewall from working properly. Once I fixed the WMI problem for him the
firewall then started working right. After that his ports all worked fine. The
Windows firewall is tied into the system more than some people realize, and even
if disabled it can still cause problems. So making sure the Windows firewall is
working right makes a very big difference.
This is a page I found showing how to repair WMI
http://windowsxp.mvps.org/repairwmi.htm
(UPDATE: I have now made a tool to repair WMI & The Windows Firewall.
http://www.pcwintech.com/shanes-toolbox)
Problem #6:
Wrong Connection Type Setting
There are a lot of modem/routers such as DSL and Voice that allow you to have
multiple WAN/Internet connections in the router.
Here is an example.
So now on the port forwarding page of these types of routers you can set
which WAN connection the rule is for.
So you have to figure out which you need and that's simple :-)
Simply go to
the port check page here
http://www.pcwintech.com/port_test.php
This page will show you what your internet IP is, so now you check which WAN
connection in your router has the IP from the port test page and then you make
sure the port forwarding rules are using that WAN connection.
Problem #7:
Wrong or Multiple Computer Name's
There are a lot of modem/routers that have you choose your computer's name for
the port forwarding rule instead of putting an IP address. The problem with this
is some times they will have your computer name listed multiple times, and each
computer name points to a different IP. So if you choose the wrong one the port
forwarding rules won't work.
Thomson Example:
2Wire Example:
In the Thomson you have to go to the device list and remove the extra
entries. The 2wire doesn't give that option, rebooting the routers may help
clear the extra entries.
So keep this in mind, I have seen this keep port forwarding from working since
the computer name has a different IP than what your computer actually has.
Let me give an example of what I am talking about.
Lets say I have a Thomson router, I go to add a port forwarding rule and my
computer name shows up 3 times in the device list. Which one do I choose?
Well at that point you need to go to the device list and see what IP each one
has. Check what your local IP is and remove the extra ones that don't match.
If you can't remove them just make sure to choose the one that points to your
correct local IP. Then your port forwarding will be fine at that point. If you
choose the wrong one it will be pointing to a different local ip and so of
course your port forwarding won't work.
Problem #8:
Same Port in Multiple Rules
There are some routers such as Linksys, D-Link and many others that do not do
any checks if a port is already in another port forwarding rule. A port can only
be forwarded to one Computer/IP at a time. So when there are multiples of the
same port number the port forwarding rule will not work.
Here is an example.
As you can see port 2350 is in 2 rules. The 1st one points to a different IP
than that of the 2nd rule. So the router will honor the 1st rule and the 2nd
port forwarding rule to port 2350 fails.
By removing the 1st rule the 2nd one will now work.
Problem #9:
DMZ is Enabled
DMZ is a open all ports rule. And on most routers it over rides the port
forwarding rules. So if you have DMZ enabled and it isn't pointing to the
machine you need the ports open on, then this will create problems. So if your
setting up port forwarding rules, make sure DMZ is disabled.
Misc Tips:
I have found there are also some simple things you can do as well to get
things working. (Here is one example:
http://forums.pcwintech.com/index.php?topic=759.msg2046#msg2046 )
So follow some of these tips and they may help you out.
#1. Some routers need to be rebooted after settings have been applied.
Either by design or by a bug this some times helps. My Netgear here at home
normally doesn't have any trouble, but every now and then when I set up a new
port forwarding rule it wont work till I reboot the router. So all you need to
do is pull the power cord, wait a few sec. Then plug it back in. Make sure to
give it time to come back up before you test again.
#2. Turn ON windows firewall! Believe it or not, I have helped a few
people where the port forwarding wouldn't work with the firewall off in windows.
No other firewall was installed. So when I was scratching my heading trying to
fig out what was going on I decided to turn the firewall back on, add the ports
to the firewall to let them through and it worked! So this is also another thing
you can try. (I still cant explain it myself)
#3. As per #2 if you use only the windows firewall try adding the
ports your forwarding to it, not just the program that is going to use them. The
simple port forwarding program makes this easy with one click on the tools menu.
I have helped a few people where once the ports where added everything worked
fine. If you haven't been able to tell, the windows firewall can be a bit
strange on some systems!
#4. Scan your system for malware & viruses. Yes I know this is a easy
answer but let me explain. There is some malware out there that installs a
network driver that hijacks your connection, and every webpage you go to gets
redirected to an advertisement. This shows that malware, viruses and other
things can easily hijack the network and really screw things up. Download
www.malwarebytes.org and have it scan
your system. And for antivirus I am a fan of both
Avast &
Avira, both free for home users! and according to
http://www.av-comparatives.org/
they do a good job as well.
#5. This is for you Verizon users out there. I was helping a user not
to long ago with a Verizon modem/router. No port forwarding of any kind would
work and every time we added a new rule the router complained the port was
already in another rule (Even though the user had no other rules set up). What
it turned out to be was while I was looking at the page I noticed the Verizon
tech had setup the port forward rule that goes to the tv to use the Any -> Any
port (This rule can't be changed by the user). Which is every port! the tv only
needs one port, so once the user called Verizon they hopped on, fixed the rule
and port forwarding was working again :-)
#6. Keep in mind that sometimes the router it self may be bad and even
the Windows networking can be as well. Now these do happen, but they don't
happen much. But it is always possible! A few users have had routers with bugs
in the firmware where no port forwarding rule would take. Bugs do happen in
routers, that's why they make updates to the firmware :-) And with Windows it is
always possible things can get out of whack and messed up as well.
As I come across more problems I will update this page with the fixes and
what to do. By doing so I hope to help the users who are having trouble and just
need a little help to get going.
Take care!
-Shane
