D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-600L => Topic started by: gsundeep on December 19, 2014, 06:10:45 AM
-
Hi everyone,
i bought a DIR-600L router and trying to do port forwarding .
i am using a static ip provided by my ISP i.e., Excell Media .
(http://i59.tinypic.com/14cd4qo.jpg)
and my port fowaring rules are
(http://i60.tinypic.com/333b9jk.jpg)
i used canyouseeme.org website to check whether the port is opened or not .
it says the connection was refused
i tried the same thing by running netcat on that particular port and tested again on canyouseeme.org website . it gives me the same result.
is there anything other than port forwarding rules to be configured , like firewall ..?
please help me to solve this one
thanks
-
Maybe there is a host based firewall active on your internal server at 192.168.0.101 blocking incoming connection requests to TCP port 9891 at all or at least if client requests do not come from your LAN (192.168.0.0/24)?
-
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)
- What Hardware version is your router? Look at sticker under the router case.
- Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
- What region are you located?
- Are you wired or wireless connected to the router?
- Has a Factory Reset (http://blog.dlink.com/what-is-a-reset-button-when-should-i-use-it) been performed?
- Was a Factory Reset performed before and after any firmware updates then set up from scratch?
>FW Update Process (http://forums.dlink.com/index.php?topic=42457.0)
- Was the router working before any firmware updates?
Internet Service Provider and Modem Configurations
- What ISP Service do you have? Cable or DSL?
- What ISP Modem Mfr. and model # do you have?
Router and Wired Configurations
Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router. Besure to log into the Admin account on the router.
- Enable or Disable Use Unicasting (compatibility for some ISP DHCP Servers) and test under Setup/Internet/Manual. Disable may help with speed performance on higher speed ISP services.
- Turn on DNS Relay (http://forums.dlink.com/index.php?topic=45143.0) under Setup/Networking. Link>Finding Faster DNS Addresses using Name Bench (http://forums.dlink.com/index.php?topic=53222.0) and input new DNS addresses under Setup/Internet/Manual.
- Setup DHCP (http://forums.dlink.com/index.php?topic=58017.0) reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting and maintain consistency for applications that need to connect as well as mapped drives.
- Ensure devices are set to auto obtain an IP address.
- If IPv6 (http://en.wikipedia.org/wiki/Ipv6) is an option on the router, select Local Connection Only under Setup/IPv6.
- Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall. Enable or Disable SPI (http://en.wikipedia.org/wiki/SPI) to test.
- Enable uPnP (http://en.wikipedia.org/wiki/Upnp) and Multi-cast Streaming (http://en.wikipedia.org/wiki/Multicast) under Advanced/Networking. Disable uPnP for testing Port Forwarding (http://forums.dlink.com/index.php?topic=4235.0) rules.
- Set current Time Zone, Date and Time. Use an NTP Server (http://forums.dlink.com/index.php?topic=48695.0) feature. The DST setting is only needed in the NA region. Tools/Time.
-
Thank for the reply @PacketTracer
i think host firewall doesnt blocking it , i am trying to open the netcat connection using this port
(http://i59.tinypic.com/4k9or8.jpg)
firewall doesnt prompting me an error
-
Thanks for your reply @FurryNutz
My product is DIR-600L
Hardware version B1
firmware version is 2.04
i am from Andhra pradesh , vijayawada.
i am connected with router using wired connection
should i have to disable uPnP "Disable uPnP for testing Port Forwarding rules" this one is metion in your rules
-
Yes, please disable uPnP if you have PF configured.
What is the Mfr and model if your ISP modem?
-
i think host firewall doesnt blocking it , i am trying to open the netcat connection using this port
Successful listening on a port does not mean, that the listening port isn't blocked by a firewall. Usually you have to add an incoming rule to your Windows firewall for the desired TCP port. And be careful to select the appropriate scope (any address, not just "local subnet")
PT
-
@FurryNutz i dont know any information about Mfr and model of my isp . is that information causes troubles for the port forwarding ..?
-
i disabled uPnP , but the same error appears
Error: I could not see your service on 175.101.67.138 on port (9891)
Reason: Connection refused
175.101.67.138 is my public ip
-
i think host firewall doesnt blocking it , i am trying to open the netcat connection using this port
Successful listening on a port does not mean, that the listening port isn't blocked by a firewall. Usually you have to add an incoming rule to your Windows firewall for the desired TCP port. And be careful to select the appropriate scope (any address, not just "local subnet")
PT
i had added the new rule Netcat for the above port
(http://i62.tinypic.com/2dslq1s.jpg)
but it is showing the same error when i tried using canyouseeme.org
Error: I could not see your service on 175.101.67.138 on port (9891)
Reason: Connection refused
-
1) Does it work from a client inside your LAN directly connecting to 192.168.0.101:9891?
2) Does your Netcat rule in Windows firewall have a scope allowing any source address (and not just "local subnet")?
-
1) Does it work from a client inside your LAN directly connecting to 192.168.0.101:9891?
2) Does your Netcat rule in Windows firewall have a scope allowing any source address (and not just "local subnet")?
with in the lan .. i think its working
(http://i61.tinypic.com/35iup6r.jpg)
my netcat rule . defined that it can connect all the public , private , domains
-
One thing you have to do, you have to be actively using the port before you check the status using a port checker from the WAN side. It maybe closed since it's not being used at the time your checking it.
-
One think you have to do, you have to be actively using the port before you check the status using a port checker from the WAN side. It maybe closed since it's not being used at the time your checking it.
i am trying to connect from a remote sever to my system , for that purpose i am checking whether the port is opened or not ..
still it throws me an error "Connection refused" when i am trying to connect from a remote server
-
my netcat rule . defined that it can connect all the public , private , domains
What I mean when saying "scope" is if the "Remote Address" for rule "Netcat" and for both the other "nc.exe" rules is "Any address" or just "local subnet". It should be "Any address" if it shall be reachable from the Internet.
-
u]PC 3rd Party Security Software Configurations[/u]
- Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
-
Btw. How do you test if it works from the Internet?
[1] From a client really sitting in the Internet?
[2] Or from a client inside your LAN that connects to your external IP 175.101.67.138:9891?
[2] might not work, if your DIR-600L doesn't support "Hairpinning".
-
my netcat rule . defined that it can connect all the public , private , domains
What I mean when saying "scope" is if the "Remote Address" for rule "Netcat" and for both the other "nc.exe" rules is "Any address" or just "local subnet". It should be "Any address" if it shall be reachable from the Internet.
i scope is "Allow connections from any computer" .. for the nc.exe
-
Btw. How do you test if it works from the Internet?
[1] From a client really sitting in the Internet?
[2] Or from a client inside your LAN that connects to your external IP 175.101.67.138:9891?
[2] might not work, if your DIR-600L doesn't support "Hairpinning".
i want to test it from a client from the internet .. connect from the web sever to my host
-
u]PC 3rd Party Security Software Configurations[/u]
- Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
i dont have any 3rd party firewals .. i have only default microsoft firewall
-
Just to be sure it is not the Windows firewall causing the problems, you could switch it temporarily off and test if the nc connection works in this case.
-
Just to be sure it is not the Windows firewall causing the problems, you could switch it temporarily off and test if the nc connection works in this case.
still gets the same error "Connection refused"
do i have to make any changes in router ..? other than portforwarding rules
-
Instead of PORT FORWARDING you could try "VIRTUAL SERVER"
-
Instead of PORT FORWARDING you could try "VIRTUAL SERVER"
For DIR-600L .. i dont think it has a virtual server , http://192.168.0.1/Advanced/Virtual_Server.asp?t=1419012457132 is the url for the port forwarding rules
-
Sorry, you are right - VIRTUAL SERVER is not available for DIR-600L.
But, since you do not really have a port range but a single port only, maybe you have to express this by writing
9891 ~ ____
instead of
9891 ~ 9891
Just a last stupid idea ...
-
Sorry, you are right - VIRTUAL SERVER is not available for DIR-600L.
But, since you do not really have a port range but a single port only, maybe you have to express this by writing
9891 ~ ____
instead of
9891 ~ 9891
Just a last stupid idea ...
it automatically fills the other part with the same port enter in the first textbox
-
Look at ADVANCED | Firewall & DMZ !
It provides the opportunity to configure firewall rules. I guess you have to specify one for inbound TCP port 9891 (Source WAN 0.0.0.0 - 255.255.255.255, Dest LAN 192.168.0.101 port 9891, proto TCP --- or perhaps "Dest LAN 175.101.67.138 port 9891, proto TCP" if the rule is effective before NAT is done)
-
Look at ADVANCED | Firewall & DMZ !
It provides the opportunity to configure firewall rules. I guess you have to specify one for inbound TCP port 9891 (Source WAN 0.0.0.0 - 255.255.255.255, Dest LAN 192.168.0.101 port 9891, proto TCP --- or perhaps "Dest LAN 175.101.67.138 port 9891, proto TCP" if the rule is effective before NAT is done)
it says invalid start ip .
-
Try 0.0.0.1
-
Try 0.0.0.1
still says invalid .. tried 1.1.1.1
-
Try 0.0.0.1
still says invalid .. tried 1.1.1.1 but working with *
-
For a first test it would be enough to specify your web server's address w.x.y.z as source range: w.x.y.z - w.x.y.z
-
For a first test it would be enough to specify your web server's address w.x.y.z as source range: w.x.y.z - w.x.y.z
hey .. do you have a team viewer ..i want you to connect my pc and check whether any worng is there . please help me to solve this problem
-
I would recommend that...Hope PT can help you figure it out. ;)
-
Thanx PacketTracer for your help :)
-
Hope the results were good?
-
Hi,
we figured out, that the DIR-600L router sits behind another routing/NAT-ing device that is under exclusive control of the ISP. Hence local devices are not reachable from the Internet, because it is not possible to configure needed port forwardings inside the ISP controlled device. In fact the WAN interface of the DIR-600L only has a private address out of 172.16.0.0/12 and not the public address 175.101.67.138 we assumed it to have in the first place.
This is what I personally messaged to gsundeep, but I think it is neutral enough to post it here again:
your situation is in principle as described here (http://portforward.com/help/doublerouterportforwarding.htm) where you have no access to Router #1 which is under exclusive administration of your ISP only (hence you can't configure port forwardings inside Router #1). This is also called "NAT444 (https://www.youtube.com/watch?v=qZkQAdPACw0)". To overcome this situation a possible solution is to use a VPN (based on IPsec or e.g. OpenSSL) that terminates on a box inside your LAN (your local VPN gateway) and on an outside machine that has a public internet IP address (that VPN tunnel must be initiated outgoing by your LAN box and kept alive via perodically sent keep alive packets).
Traffic that shall reach your LAN from the Internet would be send to the public IP address of that external machine (possibly resolvable via DDNS), and that machine would do a port forwarding (a DNAT, where it translates the public destination address and port to the private address and port of a box inside your LAN) and send the modified packets through the VPN to your LAN, this way traversing the two NATs via the tunnel where NAT happens only to the outer IP addresses of the tunneled packets which is possible due to the NAT sessions that exist in both NAT instances, because the tunnel was initiated in outgoing direction.
When the packets arrive at you local VPN gateway, they are decapsulated and routed to the local destination. In your LAN you would have to tell all devices, that shall be reachable from the Internet, to use the local VPN gateway as their default gateway (which also means, that these devices will access the Internet via the VPN tunnel only).
You have two choices to find either a service provider who operates the external VPN gateway on your behalf (so you will probably have to pay for it) or you are able to operate an external device of that kind of your own and configure it accordingly.
A third choice is to use IPv6 which brings publicly accessible IPv6 addresses to your LAN (access from the outside just blocked by IPv6 firewall functionality inside your DIR-600L router but no more by NAT). So ask your ISP for IPv6 Internet access bundled with your present IPv4 only access. Of course any client sitting in the Internet that whishes (and is allowed to) access your LAN must be IPv6 capable and have an IPv6 Internet access.
What you suffer from in the moment are the negative effects of IPv4 address exhaustion (especially critical in the APNIC region, India belongs to) and the not yet happened IPv6 pervasiveness.
PT
-
Thanks PT, I was wondering about that...i had asked about it.
Might try the 600L router in the DMZ on the main host router as a suggestion and if the ISP modem can't be bridged.
Thanks for posting.
-
Hi Furry,
as far as I understood the scenario there is no modem connecting to the ISP. Instead the DIR-600L seems to be connected to the "main host router" (I would call it a Carrier-grade NAT (CGN)) via some other L2 technique (e.g. Fiber). Putting the DIR-600L to the DMZ of the CGN will probably be impossible (as any other special configuration like port forwardings) because ISPs operating such CGNs will most probably not allow/support subscriber specific device configurations on those CGN devices.
PT
-
Ah ok. Thanks for the info and I understand now. Hope something can be worked out.
One think the OP can do if native remote connection fails, Use Teamviewer. ;)