Port forwarding not working


#1

Hi All,

Configuration:
Peplink Balance 20 with port forwarding setup for port 80 on WAN1 to a private IP address. WAN1 is a public IP address acquired via DHCP from an AT&T Uverse gateway.

An Inbound Firewall Rule is set to allow port 80 traffic to the same private ip address. Logging is enabled.

Problem:
Unable to access port 80 from WAN1.

Question:
How do I view the log to see if the traffic is being allowed or blocked?

TYIA,

eric


#2

You will most likely need to subscribe to a static IP address from AT&T as most likely they block incoming port 80 with DHCP addresses.

You can create an inbound firewall rule to allow port 80 and then enable logging. If any port 80 traffic is hitting your WAN1 it will show up in the event log.


#3

With firewall rule logging enabled you can see if the incoming connection is being allowed or denied under: Status> Event Log. Also make sure the Balance does not have port 80 open on the WAN.


#4

Thanks for the replies.

Tim,
The gateway has 5 static IP addresses, the Balance 20 is receiving the first one via DHCP. The vendor says that the gateway is not blocking any traffic.

Ron,
In Status/Event Log I don’t see any events pertaining to port 80, either Allow or Deny, just WAN 1 connected and disconnected.

Edit: Also, port 80 is not open on the WAN

Thus, it appears that no port 80 traffic is reaching the firewall and that port 80 traffic is not reaching the Peplink.


#5

Hi,

Since this is dynamic public IP, may I know you alway get same public IP? You need DDNS if you are not getting same public IP.

To further confirm whether Http hits to B20. You may perform Network Capture.

  1. Login to B20 > Enter “http://”IP of your device”/cgi-bin/MANGA/support.cgi”.

  2. Navigate to Network Capture > Click Start. Please perform this at off peak hours.

  3. Access Http from internet to server behind B20.

  4. Navigate to Network Capture > Click Stop > Click Download.

  5. You may extract the file and read it by Wireshark.

Hope this help.


#6

TK,

You wrote: Since this is dynamic public IP, may I know you alway get same public IP? You need DDNS if you are not getting same public IP.

ESL> The IP Address is static. Thanks for the Network Capture info I have completed downloading and am reviewing the results.

~eric


#7

Update: I still have not been able to get this working. I went ahead and setup another Balance 20 at my own office.

It does not work there either.

I have a support ticket in with Peplink and a technician looked at the production firewall but could not get it working either. I have sent messages asking for updates but haven’t heard back in a few days.

We setup logging. Here are the results:

Allowed CONN=WAN1 SRC=REMOTE_IP_ADDRESS DST=LOCAL_IP_ADDRESS LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=22733 DF PROTO=TCP SPT=49066 DPT=21 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x7

So we can see that the traffic is being allowed but it never makes it to the LOCAL_IP_ADDRESS (I am monitoring it).

~eric


#8

Hello Eric,

I am going over a couple network captures now and will send you the results via the ticket.


#9

Thanks,

FYI I configured NAT on that private IP, just to see if I could isolate what is going on.

~eric