Hi, I am trying to enable port forwarding on my router. I have tried various configurations, but I cannot access my computer from outside.

I have looked at the page concerning my router Huawei HG8245 on portforwarding.com, however, what I see there and what I actually get are not the same. I have the Chinese version, and the layout is totally different.

Question: could there be a policy on the part of the isp, China Telecom, which would prevent me from using my home computer as a server for a simple webpage? I have an ip address, albeit dynamic, but I that's not a problem, I'm only trying things out.

What do you see if you look at 222.95.31.60 right now? I get the login screen to my router, the same as if I enter 192.168.1.1

Hi, portforward for iptables, net.ipv4.ip_forward = 1 to /etc/sysctl.conf

su to root, or use sudo...
You need to be root to save this file. (sudo)

anotherway, may not be remembered....
Cheers, Glenn

A lot of ISPs block http on port 80 for their residential customers. Making your web server listen on a different port might get around it, but if you can't access the port forwarding rules in your Huawei HG8245 then you're out of luck anyway.

Well, I tell the router to allow all WAN to the address range 192.168.1.1 to 192.168.1.4 (I am usually 192.168.1.4)

Sunday I went to the office and tried to access the computer, but it did not work. Which left me wondering if this is an isp policy.

But how can the isp know an incoming request is for my server until it reaches my router and then asks for 192.168.1.4 so to speak?? As I understand it, an http request will go to port 80.

Also, why do I need port forwarding on my computer?? It is the router that needs to send a request from outside to my port 80, where Apache is listening, so I thought port forwarding needed to be enabled on the router.

Here is a pic of my router page, I have translated the parts I thought important.

Can you make sense of this?

Attached Thumbnails

 

, You're right, you may not need it for that job. My bad.

When someone on the web tries to access your web server, it comes to your WAN IP address on port 80. You need to forward port 80 from your router to a specific IP address on your LAN (192.168.1.x). It can't be forwarded to multiple LAN IP addresses.

You said you are usually 192.168.1.4, which suggests that you are letting the DHCP server in your router assign your web server system a dynamic internal LAN IP address. That is not a good idea if you are going to run servers on your LAN that you want to be accessible from the WAN. You should assign your server system a static IP address so that your port forwarding rule on your router will be constant.


You are right, you don't need to do anything with iptables on your system.

It seems to me, my LAN ip depends on which port I plug into. The router has 4. Since I always seem to have 192.168.1.4 I assume this ip is assigned to the specific socket I connect to. There are never more that 2 computers connected.

I cannot see where to put 'forward to port 80' Can you see that on the thumbnail I uploaded??

It has nothing to do with which connector you attach to on the router. The router has a DHCP server enabled. Any DHCP requests that come in (on any of the four ports) are assigned an IP address by the DHCP server, your computer happened to be assigned 192.168.1.4. Once a computer is assigned a DHCP IP address, it generally holds onto it until it's shut off for some length of time, then it might be assigned a new IP when it requests again.

As Z038 said, if you'll be forwarding specific WAN ports to machines on your network, those machines NEED to have a static IP. Dynamic IPs will break your setup sooner or later. You can either leave the computer configured for DHCP and set up the router to assign specific IPs based on MAC address, or you can configure the computer for a static IP somewhere outside of the router's DHCP range and just let it do its thing.

I'd like to reitterate another thing that Z038 said - port forwarding works by forwarding incoming packets on a certain WAN port to a specific IP address on your local network. You CANNOT set up an IP range for the destination. The fact that your router is letting you set up an IP range for the destination, tells me that page is not for port forwarding, it's for something else. I've never seen a router that let you set up an IP range for the port forwarding destination, that doesn't even make sense. The screenshot you posted looks more like a firewall configuration.

Well, I have my desk in my bedroom. I take my laptop to work, then back again. It always has 192.168.1.4 when I look.

The tab in the screenshot definitely says Port forwarding, and definetly shows LAN side IP address, so I put an address range in there. I tried using the range 192.168.1.4 to 192.168.1.4 a range of one, but still no hope.

I was hoping I would find a box labelled 'port number' but that seems to be absent.

You seem to be saying, the router can't forward to an ip address, but needs to be told a port.

What if I enter something like 192.168.1.4:80 Could that work??

Router forwards to an IP and port. You have to identify the protocol (TCP or UDP or both), the origin port (usually ANY because you don't care what port the connection on the other end was initiated from), the destination port at your WAN IP (for example 80 for http), and the internal LAN IP and port to forward to.

For a web server, the protocol is TCP, the origin port (from the remote side) should be ANY, the destination port (to your WAN IP address) will be 80. If your webserver is listening on port 80, then you tell the router to forward that incoming IP and port number to 192.168.1.4 (your LAN IP address) on the same port 80.

If your ISP is blocking incoming connections to destination port 80 on your WAN IP, then you'll have to use a different one, for example 8080, and people who access your site would specify that port in their browser. If you are www.example.com, then they would use http://www.example.com:8080 to access your webserver. You could tell your webserver to listen on 8080 or just let it listen on port 80, or any other port you like. You tell your router how to translate and forward it. In the first case, you'd tell your router to forward the incoming TCP port 8080 requests to the same port 8080 on 192.168.1.4. In the second case, you'd tell your router to forward those same connections to port 80 on 192.168.1.4.

You could tell users to access your webserver on port 15500 (i.e., www.example.com:15500), and have your webserver listening on port 9010. You would then tell your router to forward incoming TCP connections to destination port 15500 to internal address 192.168.1.4 port 9010.

I'm not familiar with your router, but if you understand how port forwarding works, perhaps you can tell if your router has that capability.

Thanks for that.
I can specify the protocol, tcp, udp, tcp/udp, icmp, or all, but I left that setting on ALL, just for testing. I'll try again with tcp.

I‘m beginning to think the router is disabled for port forwarding, because the check box next to the port forwarding rules is always unchecked. I check it, click use, the page refreshes and it is unchecked again. No wonder it won't work!

Can you recommend a good router for home use, which will have port forwarding capability??

How about the TL-WDR4310??

I'm not the best person to ask for a router recommendation. I've been using the same router model since 2007, a Verizon FIOS Actiontec MI424-WR. It's supplied by Verizon to FiOS customers. A couple years ago the first one I had died and Verizon sent me another one, no charge. It has served me just fine.

Before that, I used a Netgear Rangemax Wireless Router WPN824, before that a D-LINK DI-624 Wireless Router, and before that a Linksys BEFSX41. The Linksys had some odd quirks, but I don't recall what they were now. The other two were fine as far as I recall. But none of those are current models.

Your best bet might be to read the comments and ratings of owners of various current model routers on Newegg or similar. Also, if you think you might ever run DD-WRT (Linux-based open source firmware) on the router, you should check their database to see which routers are best supported.

Also, you might want to confirm that your ISP allows you to supply your own router. Some require you to use a router they provide.

Thanks! Yeah, that sounds crazy enough to be Chinese: 'you can only use the router we supply'!! I'll go to the Zhujianglu, that's the computer street here in Nanjing, see what people have to offer. I thought I'd take my laptop, ask them to plug the router in and set it to port forwarding before I buy!!

1 members found this post helpful.