Hi,
Being pretty new to the gargoyle firmware, I run into a problem after setting up my Netgear WNDR3700v2 with Gargokle version 1.4.0.
I have to give access to a specific internal IP address on ports 22 and 80.
I've set up port forwarding:
Given an application name, set the protocol to both TCP and UDP, from port 80 to port 80 and linked it to the correct internal address (set in DHCP as static). Same for port 22.
But for some reason the application can not be reached from the outside. Now I'm thinking there may be a conflict with the firewall restrictions I've set up. First I've set up a block all / always rule, with the exception of the local IP address for the application.
After that I've set up a set of whitelist rules for specific clients within my network. The IP for the above mentioned application however is part of an IP block that's allowed connections 'all/always'.
Anyone having a clue where the cause of the trouble may be found? AFAICT with this settings it should just work, but it doens't. The application is perfectly reachable from within my network, but not from without.
TIA for your ideas, clues, whatever you can throw at me.
friendly greetings, Urgje
			
			
									
									Port forwarding fails
Moderator: Moderators
Port forwarding fails
Urgje   (Netgear WNDR3700v2 / Gargoyle 1.4.7)
[my ego shrank while growing up]
						[my ego shrank while growing up]
- DoesItMatter
- Moderator
- Posts: 1373
- Joined: Thu May 21, 2009 3:56 pm
Re: Port forwarding fails
Almost all ISP's block those ports by default.
In their TOS - they don't allow hosting web pages or FTP sites.
It's to cover their butts in case someone was sharing something
they were not supposed to share, etc.
Try non-standard ports
Try port 888 for 80 and port 222 for 22, etc.
			
			
									
									In their TOS - they don't allow hosting web pages or FTP sites.
It's to cover their butts in case someone was sharing something
they were not supposed to share, etc.
Try non-standard ports
Try port 888 for 80 and port 222 for 22, etc.
 Soylent Green Is People!
 Soylent Green Is People! 
2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Re: Port forwarding fails
Thanks for your reply, but it isn't the ISP. It worked perfectly well with a previous router, forwarding the standard http and ssh ports 80 and 22. Even forwarding incoming 8x or 888 to local 80 does not work now.
So the problem is either the router settings, some firmware glitch in version 1.4.0. (the problems experienced with the latest 1.4.1. make me hesitate to upgrade), or something the technician that installed the application has changed. Can't reach him at the moment so I want to make absolutely sure it's not something that I overlooked in new (for me) and yet rather unfamiliar firmware.
			
			
									
									So the problem is either the router settings, some firmware glitch in version 1.4.0. (the problems experienced with the latest 1.4.1. make me hesitate to upgrade), or something the technician that installed the application has changed. Can't reach him at the moment so I want to make absolutely sure it's not something that I overlooked in new (for me) and yet rather unfamiliar firmware.
Urgje   (Netgear WNDR3700v2 / Gargoyle 1.4.7)
[my ego shrank while growing up]
						[my ego shrank while growing up]
Re: Port forwarding fails
I'm having the same problem, but with port 80. I've verifed that the ISP isn't blocking the port and i have no firewall on my modem.
if i remove the port forward from gargoyle, and do an nmap,
port 80 does not show up
when i setup the port forward in gargoyle on port 80 to port 80 of an internal machine, a nmap from the external shows it as filtered.
i'm going to dig through the iptables and see if i see anything funny.
			
			
									
									
						if i remove the port forward from gargoyle, and do an nmap,
port 80 does not show up
when i setup the port forward in gargoyle on port 80 to port 80 of an internal machine, a nmap from the external shows it as filtered.
i'm going to dig through the iptables and see if i see anything funny.
- DoesItMatter
- Moderator
- Posts: 1373
- Joined: Thu May 21, 2009 3:56 pm
Re: Port forwarding fails
Port forwarding is working just fine here.
I am running Gargoyle 1.4.1
I had to first change the default Gargoyle interface to use port 8080
Next, I input the following settings to test 2 apps.
I port forwarded 80 and port 8000
Both work from external and get to the required apps.
DMZ & UPNP are both disabled (un-checked)
			
							I am running Gargoyle 1.4.1
I had to first change the default Gargoyle interface to use port 8080
Next, I input the following settings to test 2 apps.
I port forwarded 80 and port 8000
Both work from external and get to the required apps.
DMZ & UPNP are both disabled (un-checked)
- Attachments
- 
			
		
				- port-forwards.jpg (40.63 KiB) Viewed 7820 times
 
 Soylent Green Is People!
 Soylent Green Is People! 
2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400
Re: Port forwarding fails
This is probably a problem because Gargoyle uses port 80 and port 22 for it's own http and ssh servers.  You probably have to change or disable these ports to get the port forwarding to work like you expect.
			
			
									
									WRT54GL v1.1
Gargoyle 1.4.7
						Gargoyle 1.4.7
Re: Port forwarding fails
Thanks DIM and mix,
Apologies to DoesItMatter for shrinking his nym. 
 
Thanks, both, for your replies. Changing the standard ports 88 and 22 for the Gargoyle interface, was the first thing that I did, so that can't be the cause.
I might try to upgrade to firmware version 1.4.1. I've been a bit hesitant when I read about problems some users were having. Further, I may try to see if disabling DMZ makes a difference. UPNP hardly ever is enabled here. It never has been on Gargoyle.
I'll keep you posted. An annoying, but also intriguing mystery is, that it now works for one external user, but not for two others.
Could you by any chance try to ping my WAN IP ans let me know what you see? Some of the clients appear to get all time-outs, while others don't. Send me a message and I'll give you the IP. I'd rather not openly post it here.
TIA
			
			
									
									Apologies to DoesItMatter for shrinking his nym.
 
 Thanks, both, for your replies. Changing the standard ports 88 and 22 for the Gargoyle interface, was the first thing that I did, so that can't be the cause.
I might try to upgrade to firmware version 1.4.1. I've been a bit hesitant when I read about problems some users were having. Further, I may try to see if disabling DMZ makes a difference. UPNP hardly ever is enabled here. It never has been on Gargoyle.
I'll keep you posted. An annoying, but also intriguing mystery is, that it now works for one external user, but not for two others.
Could you by any chance try to ping my WAN IP ans let me know what you see? Some of the clients appear to get all time-outs, while others don't. Send me a message and I'll give you the IP. I'd rather not openly post it here.
TIA
Urgje   (Netgear WNDR3700v2 / Gargoyle 1.4.7)
[my ego shrank while growing up]
						[my ego shrank while growing up]
Re: Port forwarding fails
Mystery, mystery. Without changing anything, lo and behold; today all clients could get through. Problem appears to have solved itself.
			
			
									
									Urgje   (Netgear WNDR3700v2 / Gargoyle 1.4.7)
[my ego shrank while growing up]
						[my ego shrank while growing up]

