Securifi Community Forum

Securifi Products => Almond+ => Topic started by: Trip on April 27, 2017, 08:09:24 am

Title: Port forwarding not working
Post by: Trip on April 27, 2017, 08:09:24 am

I've set up port forwarding to allow external x clients to connect to an x server on my PC on TCP port 6000. I can telnet to port 6000 on the loopback interface, and also from another PC behind the Almond+ but incoming external connections that need port forwarding time out connecting.  My windows firewall allows connections on port 6000 and I have tested this with my firewall disabled, same result.

This is the config as shown in the Almond+ web interface:

Name   Protocol   Source   Via   Destination   
X   tcp   From any host in wan   To any router IP at port 6000   Forward to 10.10.10.116,port 6000in lan

10.10.10.116 is the IP allocated by DHCP to my PC.

Any ideas?

Title: Re: Port forwarding not working
Post by: mparadis on April 27, 2017, 08:49:19 am

Haven't any issues with port forwarding myself. But have you checked that the IP is still the same for the PC? if it is set by DHCP it can recycle occasionally and received a different IP. I would recommend setting it to a static IP.

Title: Re: Port forwarding not working
Post by: Trip on April 27, 2017, 09:09:46 am

Yes, it's a static DHCP lease.

Title: Re: Port forwarding not working
Post by: Trip on April 28, 2017, 05:49:11 am

I spoke to support on live chat last night and we still can't get it working. But I'm now in a position where if I add a port forward rule I can no longer make outbound TCP connections (I get ECONNREFUSED). Existing connections persist. I have to reboot the Almond+ to allow new connections again.

This looks like a fairly serious bug. Support say they will get back in touch within 48 hrs. I suspect this router is going back to the shop though.

Title: Re: Port forwarding not working
Post by: Trip on April 28, 2017, 07:00:10 am

I have now got this working using the following method. Add a port forward rule and save. Port forwarding doesn't work. Reboot Almond+. Port forwarding works (and outbound connections are allowed again).

So there's no problem with the target machine or the port forward rule. It's a bug.

Next question: the port forward config allows any external IP to connect. It's actually explicit about that. How do I narrow the ranges that will get forwarded?

Edit: found it. It's iptables! Awesome.

Edit 2: Every time I edit a rule and restart the firewall I loose the ability to make new outbound TCP connections. A reboot fixes it. Very annoying.