Re: Multiple Forwarded ports not showing as open.

mac989999 · ‎09-27-2012

Hello, I'm in need of assistance .

I have a client with a cisco 1841 router with a static public ip. He has 3 dvr's he wanted to acces from the internet and we opened the ports for the dvr's ip's. The issue were having is that only the first ip that we opened shows the port opened and works ok, the other 2 ip with their ports show closed.

Heres the code:

ip nat inside source list 190 interface FastEthernet0/0.1214 overload

ip nat inside source static tcp 10.161.2.141 5445 Public IP 5445 extendable

ip nat inside source static udp 10.161.2.141 5445 Public IP 5445 extendable

ip nat inside source static tcp 10.161.2.141 5446 Public IP 5446 extendable

ip nat inside source static udp 10.161.2.141 5446 Public IP 5446 extendable

ip nat inside source static udp 10.161.2.142 37775 Public IP 37775 extendable

ip nat inside source static tcp 10.161.2.142 37776 Public IP 37776 extendable

ip nat inside source static tcp 10.161.2.140 37777 Public IP 37777 extendable

ip nat inside source static udp 10.161.2.140 37778 Public IP 37778 extendable

ip nat inside source static 10.161.2.1 66.50.152.237

!

tcp 10.161.2.140 37777 Public IP 37777 works ok all others dont, can anyone point me in the right direction here, this simple thing has made a long day for me, and the ISP support is not getting back to us, slow....

I apreciate any help!

-Joseph

Ps. Attached a copy of our config txt some info has bee edited for privacy concers but the commans are there.

Harish Balakrishnan · ‎09-27-2012

Hello ,

Are you able telnet the pots from you router ?

lets say from the router

telnet 10.161.2.141 5445 is this opening the socket ?

regards

Harish.

mac989999 · ‎09-28-2012

The device is a DVR, this is what I get:

mmsc-humacao#telnet 10.161.2.142 37775

Trying 10.161.2.142, 37775 ... Open

cadet alain · ‎09-28-2012

Hi,

Can you post sanitized config from the router.

Regards.

Alain

Don't forget to rate helpful posts.

mac989999 · ‎09-28-2012

It should be on my original post at the begining of the thread, does it show?

Harish Balakrishnan · ‎09-28-2012

Hello Jose,

hmm.. That means those ports are actually not opened on the server itself. So it is not an issue of the router or port forwarding. The router is doing the job which is suppose to do. You may need to check with the server whether the service is really running from lan and you are able to telnet to that IP with port number..

please let me know if you have any further queries

Regards

Harish.

Please rate all helpful posts!

mac989999 · ‎09-28-2012

correction, I made error, that IP that I showed, the DVR was turned OFF power wise, this one Is on,

mmsc-humacao#telnet 10.161.2.142 37775

Trying 10.161.2.142, 37775 ... Open

But it shows open on router but not outside on the internet.

cadet alain · ‎09-28-2012

Hi,

telnet uses TCP and in your static NAT you are using UDP:

ip nat inside source static udp 10.161.2.142 37775 Public IP 37775 extendable

Regards.

Alain

Don't forget to rate helpful posts.

mac989999 · ‎09-28-2012

Tried with the TCP port:

mmsc-humacao#telnet 10.161.2.142 37776

Trying 10.161.2.142, 37776 ...

% Connection refused by remote host

any suggestions?

Harish Balakrishnan · ‎09-28-2012

Hello Jose,

this shows that the server is either not listening to the port or it is refusing your connection

regards

Harish.

mac989999 · ‎09-29-2012

As I metioned at the begining this is for a DVR-Digital Video Recorder, aka security cameras.

Theres no firewalls setup, no servers, just internet-static ip,the 1841 router, a poe switch for powering accespoints and thas all, its a basic setup, One works ok, I can see the other one internally, but if one goes to a port checking tool on the net, the other 2 dvr pors show as closed, on my first post you can observe that the code was copied identical as for the one thats working, misus the ip and port info.

Any suggestions?

johnlloyd_13 · ‎09-28-2012

Hi,

Could you check the server's TCP/IP settings if correct? Is it able to ping the 1841?

Is there any firewall in between?

Sent from Cisco Technical Support iPad App

mac989999 · ‎09-29-2012

Yes I can Ping the 1841, internally and remotely from the internet using telnet.

No firewall, servers, and the isp doesnt block ports on theri end all we have is a static ip, all I can tell the issues lies within the router config, something is missing, what I dont know.

cadet alain · ‎09-29-2012

Hi,

mmsc-humacao#telnet 10.161.2.142 37775

Trying 10.161.2.142, 37775 ... Open

This means your host is listening on TCP port 37775 so change your NAT statement for this port to use TCP instead of UDP and try again from outside. Is it still failing ?

Regards.

Alain

Don't forget to rate helpful posts.

mac989999 · ‎09-29-2012

Just to check switched as you suggest, same issue, only 10.161.2.140 tcp 377777 shows open from the internet , code was copied exact for the other 2 dvrs but they dont show as open.

Thers no servers, firewals, etc... just static ip, the 1841, a switch with poe and 4 A/P.

The device is a DVR, Digital Video Recorder, this particular model uses 2 separate ports a TCP and UDP, 37775UDP and 37776TCP for external video viewing I need the TCP 37776 to work, neither one works, when one verifies ports on a port checking tool it shows that they are closed.

Suggestions...