I’m trying to open a port for some app in my Surf SOHO 3 (firmware 8.0.0).
My Inbound Firewall Rule allows everything (Any).
Port forwarding has TCP, correct port specified, WAN interface IP, Server IP is my PC’s static internal IP (as it appears in ipconfig), service is enabled.
Windows Firewall allows the app’s executable through (also tried shutting it down to test).
App is open and listening on that port (verified via Process Explorer).
Tried changing the port, restarting the router, restarting the app
Tried with and without Intrusion Detection.
Tried various other online port checker tools, all show it as some form of closed/hidden/stealth
Is it a standard port like 80, 443 or 4500? If it is, try using a non standard port like 3088 does that work? Sometimes ports can be in use by services on the SOHO itself so can’t be released for port forwarding till you disable the service (or move it to something else).
To narrow down the problem, create an inbound firewall rule that allows the traffic but logs it to the event log. I do this as an audit trail on the ports that are forwarded on my Peplink devices.
And, I just tested with GRC Shields Up and my forwarded port on firmware 7.1.2 does show as OPEN.
@Michael234 - I created the following Firewall rule: Protocol=TCP, WAN=ANY, Source=ANY, Destination ANY (port X) (where X is the port I forwarded). I enabled Event Logging but after running GRC on the same port, couldn’t see anything in Status → Event Log.
@sitloongs - I captured a PCAP file per those instructions for the GRC test, but filtering in WireShark for tcp.port == X (where X is the port I forwarded) yielded 0 results.
My modem is actually a router/modem combination that I switched to bridge/modem-only mode. Somehow that switch got reset and it got back to being a router, which blocked all the ports before it ever got to my Surf SOHO.
Re-activating bridge (modem) mode resolved the issue.
For the packet capture, actually you can check the packet received at the WAN interface compare to the LAN interface.
If WAN interface is not receiving any packets, that mean the up link device actually causes the issue. You may need to check the up link device.
If WAN interface is received the packets, please check the packets sent from the LAN interface, LAN interface packets capture should show you the NATed packets.
