Cannot set up port forwarding on a speedport W723V - Germany

How to do this

Pages: 1 2

dmed
Hi All,
I bought into the new 50MB/s DSL router package from t-com, and so far I've not been able to setup port forwarding...
Since its all in german I'm having a hard time figuring things out. I've used google translate but in spite of doing what
I think is right, I'm not being able to forward port 443 which I need to allow through from outside to reach my ssh server
thats configured to listen on. With my previous speedport router I managed to set up the port forwarding and along with dynamic
dns I could ssh -p 443 my.server.org or telnet my.server.org 443 and it would open and connect.

Now with this new speedport router, though I do get the speed it claims, the port forwarding is just not working!

If anyone has managed to set up port forwarding on this specific router (speedport W 723V) , please can you show/tell me how its
done wrt all the options on whichever page of the router's website please?

Just in case, some short briefs on what I've done so far:-
on my pc I've setup ssh to listen on port 443.
on the router, I've entered info for my pc's ip address and mac address.
on the router, I've activated port weiterleitung for port 443 for my entered pc's option...
saved, and tried out, but get connection refused..
What could be wrong? I've posted an attachment of the port forwarding rule after it was saved.

Thanks...
willsob
From the screenshot it looks like you've done the correct thing.

Did you click "Speichern" once you had entered in the port details?

I have the W701V and port forwarding works ok without a reboot, but perhaps you could try rebooting the modem after you've entered the details.
Tried a static IP on your PC?

Also, port 443 is a common HTTPS port. Have you tried opening another uncommon port much higher up the range and seeing if that works?
You can use this site to check.
dmed
Hi Willsbob, Thank you for replying.
Yes, I've clicked on save...
I 've also rebooted et al,
I do have a static ip set up for my pc to where I am trying to forward to..
And as per your suggestion I've set up ssh to listen on another higher port.
I used to have a speedport older model, all worked well. I know how to do port forwarding et al
Its just that in this router its not working...
I have put off my firewall on my local pc.

There are a few things I don't understand..
The "firewall" option is "ein", but the word firewall is greyed out and I can't configure it or see whats inside..
The english translation for the router's hint sections says something like "for security reason the firewall cannot be
put off". But I don't want to put it off , on the contrary I want to checkup on and ensure port forwarding is ok.

Do you know if I use another router whether I would get the same speed? This ones giving me a 50mbps on speed tests.
But the port forwarding doesn't work.

canyouseeme.org does see the port though, which is surprising...because I cannot ssh to the server nor telnet to the port
to test connectivity from outside.
eean
and what if you nmap your computer, inside (on another computer) and outside your network?
dmed
I've tried that, the results were a bit strange. I've forgotten what they were, but will post the results soon as I run nmap
again.
I'm also thinking of checking if the port forwarding works if forwarded to a windows computer. You never know what might be in the firmware of these latest gizmos. Though I hope that it doesn't or else I'll be really pissed. Reason I think this is because when I asked for technical support the guy on the phone said they didn't support linux which is what I use.
I'll post the nmap results soon.
HellesAngel
Talking of firmware - have you tried updating the W723V's firmware? I believe there's a pointy-clicky option to do it easily from the menu.
dmed
No I haven't done that yet. The entire interface is in german and unfortunately I don't understand it. I did click on it and it took me to some web site, but my login there failed. I believe ( from browsing the internet ) that there's a file to download
from the web site which is then uploaded into the router.
I'll try it again soon as I get back home.
Thx.
dmed
OK,
an nmap from localhost to localhost shows:-

Starting Nmap 4.62 ( http://nmap.org ) at 2011-06-15 19:41 CEST
Interesting ports on localhost (127.0.0.1):
Not shown: 1713 closed ports
PORT STATE SERVICE
21/tcp open ftp
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.132 seconds

and an nmap from localhost to my external ip shows:-
Starting Nmap 4.62 ( http://nmap.org ) at 2011-06-15 19:40 CEST
Interesting ports on p4FF0DAA1.dip.t-dialin.net (79.240.218.161):
Not shown: 1711 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
53/tcp open domain
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 1.519 seconds

The 79.240...address I got from whatismyipaddress.com and it also is the same ip
as my dynamic dns ip.

and an nmap from localhost ( 192.168.2.2 ) to my router 192.168.2.1 shows:-
Starting Nmap 4.62 ( http://nmap.org ) at 2011-06-15 19:55 CEST
Interesting ports on speedport (192.168.2.1):
Not shown: 1709 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
53/tcp open domain
80/tcp open http
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
MAC Address: 5C:4C:A9:DA:2F:EF (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.582 seconds

and finally, an nmap to my localhost's ip 192.168.2.2 shows port 443 open
Starting Nmap 4.62 ( http://nmap.org ) at 2011-06-15 19:56 CEST
Interesting ports on 192.168.2.2:
Not shown: 1713 closed ports
PORT STATE SERVICE
21/tcp open ftp
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 0.127 seconds
This will obviously be the same as nmap to localhost.

sshing from localhost or even another pc on my internal LAN to my local pc works
but,
an ssh to my external ip address shows:-
ssh -p 443 79.240.218.161
ssh: connect to host 79.240.218.161 port 443: Connection refused

My firewall is off on the localhost.
what gives? folks..
eean
sshing to your external ip from within your local network is a weird thing to do. it works for me on my network, but I don't think that means anything.
dmed
Well, it is 1 way of testing sshing to my local pc from outside isn't it? Its like a u-turn, so you go out, and then try to come back in through the router's and / or local pc's firewall. Or so I think. Used to work for me to test connectivity with my older router. This new router just sucks! I keep getting connection refused refused.
what's interesting is the nmap to external IP doesn't show port 443 as open but nmap to router shows it open. I would think that an nmap to external IP would run the port scan on the router from outside isn't it?
dmed
ok, I have an update,

I did an nmap from outside (work pc) to my external ip and I could see ports 21,80 and 443 open.

A telnet established the connection but then hung after showing Escape character is ^]
so it didn't give me the ssh version banner thereafter i.e

An ssh -p 443 external_ip
gives time out because of some host exchange identification problem
ssh_exchange_identification: Connection closed by remote host

Any ideas?
dmed
Does anyone here possess a speedport W723V please?
I would ordinarily use google translate to help me with the hints on the router's website but
the hints keep changing as I move the mouse away from the object whose hint I want to translate
and it is not easy for me to figure out how to do this.

If anyone possesses a speedport W 723V and has set up port forwarding ( weiterlietung I believe it is )
please can you let me know and if you could guide me through what I need to do on my router to atleast
have it correctly configured? I'd really appreciate it. Can't get much help from the T-come guys...
Many Thanks
dmed
Does anyone also have the latest firmware perhaps? The one I use is 1.000.074
eean
That is some weird voodoo then.
dmed
From outside to inside:-

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-06-17 10:01 CEST
Interesting ports on p4FF0DAA1.dip.t-dialin.net (79.240.218.161):
Not shown: 1677 filtered ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https

Nmap finished: 1 IP address (1 host up) scanned in 20.885 seconds

Above is the result of nmap from outside world to my pc.
I have port 21 and 443 accepting ftp and ssh on my local pc.
I do not have port 80 enabled. My web server is off.

So is port 80 the router's web server?

Also, ssh -vvv -p 443 79.240.218.161
shows:-
ssh -vvv -p 443 79.240.218.161
OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 79.240.218.161 [79.240.218.161] port 443.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

I cannot understand the FilterFunktion section and the Nat Portregln-whatever section of my router.
The filter function I believe is for wireless clients, and the Port forwarding section allows NAT to these clients.
But How do I forward a port to a wired client? When I do a Hinzufugen I cannot enter the MAC address of my eth0 card
in there as it doesn't accept the full hex address. Its all so strange and weird.
It's possible that my ssh server is not properly configured and I can attempt to fix that, but whats the answer to
the question above?

Any one?

To: eean,
Hi eean, do you have this particular router? If so is the interface in english? I doubt it. Its made for the german market only.
But if the interface is in english then do you have port forwarding configured? There isn't an english manual for this router anywhere. And the firmware I've got, I think is the latest.

To: everyone else,
Can someone please help before I go nuts!

Thank yu.
p.s Isn't there someone from T-Com who has this router here?
Pages: 1 2
TT Logo
You are viewing a low fidelity version of this page. Click to view the full page.