Interesting port-forwarding problem...
Results 1 to 9 of 9

Thread: Interesting port-forwarding problem...

Hybrid View

  1. #1
    Member
    Join Date
    Apr 2004
    Posts
    69

    Interesting port-forwarding problem...

    Oook, so, I'm on a dialup connection at home. I am wanting to serve 2 HTTPs and 1 SSH to the outside. On my internal LAN, I have one box serving one HTTP and one SSH. The basic network topology looks somewhat like this:

    modem->gateway->router->web/SSH server.

    The gateway is running WinXP pro SP2. The router is a D-Link di-624.

    I need the gateway because it has the dialup modem. It only has the XP firewall, and I'm also using ICS on it. It also has VNC server on it, accessible from outside, which is what I'm using to configure the ICS port-forwarding settings. The router port-forwards relevant packets to the web/ssh server. The router itself is configured to be logged in from a remote location, on port 8080.

    Now, here's the fun part. Any connection from a remote location, using the ICS port-forwarded ports, is not reliable at all. Sometimes it will connect quite fast, other times it won't connect at all. The VNC server on the gateway, which is only using a port opened in the firewall, connects just fine.

    I used VNC to tell my gateway to go to grc.com where it could scan my IP so I could see which ports were opened. It seems that every port that I forward in the ICS port-forward settings gets stealthed instead of opened. I also have the same ports allowed thru the firewall.

    I have scanned multiple times, with the firewall off, and with it on. I have changed the ports in the ICS port-forward settings. Every port that I set to forward gets stealthed, even with the firewall off. The ports that I had set before that were stealthed are now "closed".

    So, either the gateway's OS is going screwy, or my ISP is actively blocking every port that I have open.

    Any ideas.

  2. #2
    Member
    Join Date
    Apr 2004
    Posts
    69
    Hmm, it seems that at random times, the ports I specify randomly switch between open and stealth...all ports at the same time...

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    In God We Trust....Everything else we backup.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Are you using 2 NICs in the XP Pro ??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    never mind that question.... your using a modem..

    I am kinda brain dead today.

    Too much MS Access 97

    its hurting my brain!

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Member
    Join Date
    Apr 2004
    Posts
    69
    Yep, just the modem and one NIC.

    Whenever I go to do updates on the gateway, Windows Update tells me I need to be admin...but, I'm logged in as an admin account!
    Last edited by NukEvil; February 11th, 2009 at 07:40 PM.

  7. #7
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Is it possible that the XP workstation is going to standby and the modem and or NIC card is getting powered off?
    In God We Trust....Everything else we backup.

  8. #8
    Member
    Join Date
    Apr 2004
    Posts
    69
    It's set up to never go to standby...besides, I've been connected to it via VNC all day.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Are you only using the XP box as a gateway because it has a modem? If so, and you don't need all the other workstation junk that should not be running on your gateway, try ipcop.

    http://www.ipcop.org/
    http://www.ipcop.org/1.4.0/en/instal...iguration.html

    It's pretty easy to configure and it can even help speed up your dial up connection through use of a caching proxy. Just make sure to read the install manual. I've never done an install using the modem as the external interface, only Ethernet. This sucker will run on some very minimal hardware too... you know that sack of spare parts you have in the bottom of your closet or the old PC that someone left out on the curb for the garbage truck.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 09:37 PM
  2. breaking tru firewall
    By red_budha in forum Miscellaneous Security Discussions
    Replies: 3
    Last Post: April 1st, 2006, 08:16 PM
  3. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 02:09 AM
  4. How well protected are you?
    By valhallen in forum Web Security
    Replies: 39
    Last Post: January 2nd, 2004, 03:27 AM
  5. Fpipe and port redirection
    By NetwrkBurn in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: May 26th, 2002, 07:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •