I’ve got a soho surf MK3 and for some reason simply setting port forwarding does not seem to work. I’ve got ports forwarded for TCP 9000 to an internal web server on port 80 with port mapping and it just does not work for some reason. Anyone else having problems with this?
Hi @alexhackney,
If the default inbound firewall rule is set to deny, please ensure you have made the appropriate exception in the inbound firewall rule list. Please provide your feedback as it becomes available.
Thank you.
It’s not. It’s set to default which is allow.
Hi, did you guys figure out what was wrong? I’ve tried all kinds of things and can’t get port forwarding to work.
- It’s not my cable modem, it does not have a firewall.
- Firewall on the soho is set to allow all inbound.
- Port forwarding is set for TCP single port to 443 inbound from WAN and I put in the local address for the computer on the LAN. It is enabled.
- When I portscan my WAN IP from my digitalocean linux box, it says All 1000 scanned ports on xxx-xxx-xxx-xxx.dhcp.chtrptr.net (xxx.xxx.xxx.xxx) are filtered. But the firewall is set to allow any incoming.
- When I do the same portscan with the soho not hooked up and just connect my laptop directly to the modem, I see the open ports on my laptop.
Seems like the soho surf is just blocking all incoming regardless as to weather firewall rules are set or not.
Am I missing something in the settings somewhere to allow the firewall to function properly?
Thanks for any help
Rocky
Most likely - you are on a residential cable connection yes? Most providers block HTTP [incoming] to prevent you running a server on a home line. They may even block 443 incoming stateful connections.
If you have the ports forwarded correctly and you can’t get through, that is the most likely answer. It’s pretty common for providers to do this now, on residential connections. (Generally servers not allowed by ToS to begin with.)
Rocky - Also - that behavior is not surprising with ports showing “Filtered” and then “Open” when the SOHO is not on the border — it’s an intrusion defense mechanism that most routers employ.
C_Pav,
Thanks for the reply. I’m pretty sure my ISP is not blocking incoming ports. When my laptop was wired directly to the modem, I saw the open ports on a port scan. When I connected the SOHO to the modem, they were all filtered even though I had 443 forwarded. Also, when I was using my old janky Tomato firmware linksys, ports 80, 443, and 22 all forwarded with no problems at all. I’ve attached a screenshot if that helps.
Thanks,
Rocky
You aren’t by chance already using 443 for the web admin of the SOHO itself? Also, how are you testing this? You cannot already be on the LAN network trying to go out and then port forward back in, you need to be coming in from a different network.
3 Likes
Hi Tim,
Sorry, this issue took a back seat for a few months.
I am using port 443 for the web admin. But that is connecting from my laptop to the router on the LAN. No problems there.
To test it, I log into my digital ocean headless ubuntu VM and port scan with “nmap -Pn myipaddress” and attempt to “ssh -p 443 username@ipaddress” but can’t connect.
Results from port scan:
Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-16 13:27 PDT
Nmap scan report for (ip)
Host is up.
All 1000 scanned ports on (myip) are filtered
Nmap done: 1 IP address (1 host up) scanned in 201.39 seconds
Other things I’ve tried:
- Switch the local server (a raspberry pi) to listen on port 22 instead of 443. Doesn’t help.
- Open up http port 80 to the pi and set up a test html page. Works fine on the local LAN. Can’t see it at all from the digital ocean VM.
- Turn on IP passthrough in the Wan Connection Settings. Didn’t do anything.
- Enable NAT Mappings to the raspi ip address inbound mappings from the WAN. Nothing.
- Open up incoming firewall rules for port 22 and 80 to my pi’s local 192 IP. Nothing.
- Totally disable anything firewall whatsoever. Nope. Still all ports blocked from an nmap scan.
- Completely remove my Soho Surf from my network and plug my laptop directly into my residential network modem. Yes, that works, I can see open ports on my laptop.
- Disabled InControl. I used it to set up a VLAN but that’s it. Don’t think I even need InControl.
- curl mypublicwanipaddress/test.html from my digital ocean VM returns nothing but it it DOES return the text I have on that html page from within the LAN.
I just can’t figure it out. Is there some obscure setting on the Soho I’m missing? Again, this setup worked fine no problem when I had my low rent Tomato firmware Linksys router forwarding just fine to any machine I wanted on my LAN.
Seems unlikely it’s a malfunction with the router. It works perfectly fine otherwise. And it also seems like this is an extremely common task for Soho routers.
Thanks for any expertise and time donated to my cause.
R
@Rocky-R, Please open a support ticket and allow support team to help on this. Difficult to work on this without investigate from the device.
1 Like
Will do, thank you.
Finally figured it out with tech support. I have another machine on my network that is a dedicated VPN. The machine I was trying to get port forwarding working was set to have that VPN machine as the default gateway instead of the pepwave. That’s where the forwarded traffic was stopping. I set that machine to point to the pepwave instead of the VPN and forwarding started working again.
Thanks everyone.
R
1 Like