Jump to content
Not connected, Your IP: 18.204.42.98
Giddy169

Can't get any ports to forward except 80

Recommended Posts

I am trying to view my security cameras remotely and I am using ATT cellular to send the video feeds. I had ports forwarded with AirVPN with OpenVPN setup on my old router. It has recently died so I setup OpenVpn on my new router. I did TCP instead of UDP on port 443 and if I try to forward any ports other than 80 I never get the green box. I think I use to forward 8000 but that no longer seems to work. Any suggestions?

Share this post


Link to post

In this case you need to forward the local port you set on AirVPN to the port your IP camera is listening on, something like this:

Internet (AirVPN remote port) |------------| (AirVPN local port) new router (AirVPN local port) |-----------| (listening port) IP camera

Your setup is a double NAT, therefore two port forwards are needed. It is important that you do the second forward for the tunnel interface tunX, X being a number, usually 0.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Thanks You are correct it is a double NAT. So the first port forward should be done in my Asus router settings Administrator-commands then I should be able to forward that port in Airvpn?

or do I just go into the router settings for port forwarding sorry it has been years since I had to do this.

Share this post


Link to post

Can't really answer you since we don't know what router, router OS and its version you are using.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

I am using the Asus RT-AC68U Firmware 3.0.0.4.376-3626.
I attempted to just forward the port with my security camera IP and port but have been unsuccessful. In my old router I had this but I am not sure if helps and not sure if I need that in the new one.
iptables -I FORWARD -i tun0 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun0 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP

I also had this command which I think was to block internet access if the VPN was not connected?
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Thanks for the help.

Share this post


Link to post

if you are running the openvpn client on your router then  you do need to use iptables such as the above.

Just make sure to correct the tun device number

Share this post


Link to post

Would the destination IP be the cameras IP or the router running OpenVPN? So far I have been unsuccessful and currently have no ports reachable anymore. I upgraded the asus firmware to Merlin because I didn't see a way to us the asus firmware with iptables. If I run the iptables I don't have to do the forward ports in the router, the ip tables do that?

Share this post


Link to post

destination IP is your camera IP.  if you used just the built in port forwarding of the router that forwards from WAN to LAN.  You need to forward from TUN to LAN.

If port forwarding was working then it wasn't working through the VPN.

Share this post


Link to post

Ok so I still have not got any ports forwarded. This is my setup:
Currently I have my computer hooked through my router with the IP address I will be using for the cameras after I get a port open.  I have setup a jffs scripts that begins on my routers startup to forward ports 8000 and 2000 to my computers ip (eventually cameras ip). When I go to System Log - Port Forwarding in my router under virtual servers it shows:

 
Source Proto Port range Redirect to Local Port Chain
ALL                                                                               TCP                                     8000                                                 Commputer IP                                                 8000                                       Prerouting
For both UDP and TCP for ports 2000 and 8000. Is the Local Port or Port range supposed to the port number that is forwarded from AirVPN?

When connected to the VPN with the Nat-start script below I get Connected (Local: x.x.xxx.xx - Public: unknown)  internet works and AirVPN says I am connected to the server but no forwarded ports.

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE


iptables -I FORWARD -i tun11 -p udp -d destIP --dport 8000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d destIP --dport 8000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8000 -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8000 -j DNAT --to-destination destIP

Share this post


Link to post
@Giddy169

Hello!

Can you please recheck your tun interface name with command ifconfig or ip link show from a telnet or ssh connection to your router? Just in case it's not "tun11". Check also whether "br0" is correct or not.

Moreover, what is that destIP in the script you pasted, in FORWARD and even in the PREROUTING chain of the nat table? "destIP" must be replaced with the actual IP address you want to pre-route and forward packets to.

Kind regards
 

Share this post


Link to post

In ifconfig the first paragraph has br0 and the 7th shows tun11.

The destIP in the script is my Computer (Eventual surveillance cameras) 192.168.1.xx

The setupy is Computer(192.168.1.xx)-Asus router running VPN (WAN 192.168.2.xx)- Netgear Nighthawk mobile Hotspot )-local ip 10.6.xxx.xx-public ip shown on AirVPN 107.167.xxx.xx

Thanks for the help I am not sure how I managed to get them working two other times before my old router on DDWRT finally fried with a CA power outage but I sure can't seem to get it to work now.

 

Share this post


Link to post
@Giddy169

Hello!

Also make sure that the camera software is listening to port 8000 and not binding to the physical network interface, and that you try to access the camera on the correct exit-IP address of the VPN server, and the proper port (the port you have remotely forwarded and that you remapped to your local port 8000).

Furthermore, make sure that no firewall blocks packets to/from the software when the system is connected to the VPN and that you try to access the camera software from a device that's not connected to the same VPN server.

Kind regards
 

Share this post


Link to post

Currently I have the Computer setup with a static IP address that the cameras will be on to test the port forwarding. So I go into AirVPN forwarded ports select the port 8000 that I forwarded and I never get the green light. I assume this means the ports are not forwarding correctly so I have not bothered to hook the cameras to the router, is this a correct assumption? Maybe it is the Asus Merlin Firmware I may try ddwrt

Share this post


Link to post

it has been said over and over in this forum that for port forwarding "green light"  the actual server must be on and listening and replying to incoming connections.  of course you don't get the green light if the device (camera) isn't even ready to reply.

Share this post


Link to post

Ok I will hook it to the cameras, first thing in the morning and see if it works. Thanks for correcting my lack of knowledge I thought that since my IP address for the computer was what I was setting for the cameras it would still be checking if I was checking the forwarded port. That makes sense that it wasn’t listening it wouldn’t work.  If it works tomorrow I will owe you some beers. This has been frustrating me.

Thanks guys that was the piece I was missing plugged in the cameras and everything works. Not sure how I missed that the cameras had to be plugged in listening!

Share this post


Link to post
@Giddy169

Yes, a port is just an abstract construct to represent how a host identifies a running process, so that from 2 specific bytes on IP packets the host knows which process must receive those packets payload. If the process does not exist you can't even talk about "open" or "closed" port, simply the port does not exist. However, it's true that a non-existing port is often called a "stealth port" or even "closed port", but that's a sort of language abuse if you think of the actual definition of "port".

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...