Port Forward Problem

Discussion in 'Tomato Firmware' started by equiquay, Nov 23, 2009.

  1. equiquay

    equiquay Addicted to LI Member

    Hi Everyone,

    I'm having an odd problem here. I have a Buffalo WHR-G125 running Tomato 1.25, but it doesn't seem to be forwarding ports properly.

    Here's my port forwarding page:


    As you can see, I have three port forwards set up. However, the second port forward isn't working correctly. I used my Mac to scan the specified port from inside the LAN and verify that the port is open:


    Then, I used ShieldsUp! to scan from the WAN side:


    It's not open. Any ideas? Notice that Tomato did forward port 443 correctly.

  2. rhester72

    rhester72 Network Guru Member

    Firewall issue on the target machine?

  3. equiquay

    equiquay Addicted to LI Member

    Thanks for the response, Rodney.

    Since I was able to detect an open port on the target machine from a different computer on the LAN, I don't think so.

    Just to make sure, I verified that ufw is disabled on the target machine (Ubuntu Server 9.10).

  4. TexasFlood

    TexasFlood Network Guru Member

    Did you check whether anything was showing up under UPnP that might conflict? I forget which takes priority, manual or UPnP, I think it's the manual settings. Just trying to think what could be causing it
  5. Engineer

    Engineer Network Guru Member

    I know that it should default to the same internal port but have you tried placing the same port number into the internal port box to make sure?

    Long shot but couldn't hurt.

    Edit: Now that I've looked at my setup page, I don't think it's necessary and I withdraw this idea. Sorry...trying to find something to help.

    If I forward that port to my SSH port on my router (, it shows up as OPEN on Shieldsup. Doesn't show on any other PC but those ports may be closed on the other PC's.
  6. mstombs

    mstombs Network Guru Member

    The shields up test doesn't say the port is closed, it probably just doesn't know to test it. Test using a real app that knows how to use the open port!
  7. equiquay

    equiquay Addicted to LI Member

    @TexasFlood: Since I don't use UPnP, I disabled it in Tomato. After a reboot of the router and the target machine, my problem persists.

    @Engineer: You gave me an idea. I just tried forwarding external port 63974 to port 22 on the target machine, just like I'm forwarding 443 to 22, and checked ShieldsUp again. This time, it showed an open port.

    So I guess I was making the mistake of thinking that because the target machine shows an open port to another computer on the LAN, it will do the same for a computer outside the LAN. And this doesn't seem to be the case. Weirdness.

    @mstombs: ShieldsUp will show Open if the port is open, Closed if the port is closed, and Stealth if the router doesn't respond to the request at all (usually because of a firewall).

    Anyone have a suggestion on where to go from here?

  8. TexasFlood

    TexasFlood Network Guru Member

    equiquay, per mstombs' suggestion, have you tried rtorrent to see if it works?
  9. equiquay

    equiquay Addicted to LI Member

    rtorrent works fine. However, it is not connectable -- I can initiate sessions with other bittorrent users, but other users cannot initiate sessions with me. I was trying to fix this problem when I noticed that Tomato's port forward didn't seem to be working. I'm really not sure what to think now.

  10. TexasFlood

    TexasFlood Network Guru Member

    Yes, a bit of a mystery at this point. Above, I also meant to ask, but forgot, if there were any triggered ports defined. Probably not it either, but like I said before, just trying to think of something, anything.
  11. equiquay

    equiquay Addicted to LI Member

    Nope, no triggered ports are defined in Tomato.

    Thanks for the suggestions, though. :)

  12. TexasFlood

    TexasFlood Network Guru Member

    Darn, I almost forgot my obligatory PITA question, when you first loaded Tomato from whatever firmware you loaded it from, did you
    Administration -> Configuration -> Restore Default Configuration -> Erase all data in NVRAM memory (thorough)

    I know opinions on this vary, but I've seen a number of very strange things happen when not doing so...
  13. equiquay

    equiquay Addicted to LI Member

    Hmm... it's been a few months. I think so, but I'm not certain.

    I'll re-flash Tomato on a spare WHR-G125 that I'm not using, add the port forwarding settings, swap routers, and report back.

  14. equiquay

    equiquay Addicted to LI Member

    Well, I put Tomato on my spare router, made sure to "Erase all data in NVRAM memory (thorough)," and added my port forward settings. No dice.

    I then put the target machine in a DMZ, and still got nothing.

    I think I've come to the conclusion that this isn't Tomato's fault. For some reason, I think the target computer is refusing to respond to port 63974 when the source IP is outside of the LAN. I'll try to find someone on the Ubuntu forums who can guide me as I play around with iptables.

    Thanks to everyone who contributed. :)

  15. TexasFlood

    TexasFlood Network Guru Member

    Right, I think that was where rhester72 was going earlier with the firewall on the target machine reply. A software firewall could consider LAN addresses to be trusted but not Internet addresses. Good luck.
  16. Toastman

    Toastman Super Moderator Staff Member Member

    Just in case anyone with a Windows machine is reading this with similar problems, turn off firewall, if problem still persists, turn off UAC. UAC can also prevent programs in the startup directory from running (DDNS update for example).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice