Jump to content
Not connected, Your IP: 35.175.201.14
brandonamito

Port forwarding blocked by windows firewall?

Recommended Posts

I set up a remote forwarded port on AirVPN, and I've got a green connection on qBittorrent, when connecting through that port, but for some reason, web based port forward testing websites, and the AirVPN website show the port blocked until I turn off Windows Firewall...  Is there something I need to configure in Windows Firewall to make sure that port is getting through?

Share this post


Link to post

If you are sharing a torrent, in the Peers tab, do you see the occasional I flag (which is "incoming connection")? If yes, the port is indeed open.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

when installing qbittorrent it should ask if you want it to create windows firewall rules.

so, yes, there do need to be windows firewall rules to allow incoming connections to qbittorrent.

Share this post


Link to post

Well that's strange..  I was not getting any "I" flags when I first started up a busy torrent, with Windows Firewall on, so I toggled it off, and when I switched back to qBittorrent, I had a few peers with "I" flags.  So I toggled allow "Public" domain on on both qBittorrent and Firefox, whereas previously they were both only allowed on "Private", which is what my network settings is showing my current connection is set as, then I turned Windows Firewall and restarted qBittorrent.  I immediately had peers with "I" flags, so I ran the port forwarding tests in Firefox, and both showed an open port.  So then, just to make sure that was the issue, I toggled "Public" back off, again, for Firefox, but the tests still showed the port open...  I unchecked Firefox entirely, and then it showed the port closed...  Doesn't make any sense, to me, but I set both of them back to both public and private, and I guess I'll just leave it there.

So, if you are actually supposed to have firewall rules, why do the instructions say: "We recommend to configure your firewall to block connections outside the tunnel to these ports and not to forward these ports on your router. "

https://airvpn.org/faq/port_forwarding/

Maybe I'm just totally confused and misunderstanding how this all works.  A spiffy diagram might be helpful..  Here's my current understanding:

It makes sense, to me, that I don't want a rule to forward the port in my router, because that port is forwarded through the VPN software and comes in through the encrypted tunnel.  Opening the port there might let traffic in from outside of the tunnel.  At the firewall side, I guess I'm a little more confused.  The port has been forwarded through my router by way of the tunnel, so it's sitting at my computer, and the firewall just needs to let it in?  There's no risk of opening up a pathway around the secured tunnel?

Share this post


Link to post
1 hour ago, brandonamito said:

We recommend to configure your firewall to block connections outside the tunnel to these ports and not to forward these ports on your router.


It's usually blocked by default, as in, nothing's opened. This recommendation is thus confusing. But not forwarding the same ports on your router is not.
If you connect to a server and press all traffic through it, this is your new endpoint. So your router firewall doesn't even have a say in what packages to pass on and which not, the AirVPN server has. And it's configured to forward traffic on ports you added to your internal VPN address.
 
1 hour ago, brandonamito said:

The port has been forwarded through my router by way of the tunnel, so it's sitting at my computer, and the firewall just needs to let it in?  There's no risk of opening up a pathway around the secured tunnel?


You mean you did forward the same port on your router? If yes, don't do that. AirVPN server is your "firewall".

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
Posted ... (edited)
25 minutes ago, giganerd said:
You mean you did forward the same port on your router? If yes, don't do that. AirVPN server is your "firewall".


No, I haven't added any rules to my router.  I meant the remote forwarded port on AirVPN passes through my router by way of the encrypted connection, which seems to line up with how you described it.

 

24 minutes ago, go558a83nk said:

yes, public is required to be allowed because the network connection created for openvpn is determined as public by windows.


So, even though my ethernet connection to my router is set to private, the connection through openvpn is set to public somehow?  Maybe that's where I was getting confused.  https://www.howtogeek.com/245982/WHATS-THE-DIFFERENCE-BETWEEN-PRIVATE-AND-PUBLIC-NETWORKS-IN-WINDOWS/

Ohhhh, I think I see it now.  In "View Your Network Properties" it shows an entry for my ethernet adapter, which is set to private, and another entry for TAP-Windows Adapter V9, which is set to public.

Edit:  another odd thing, there's no entry at all for Eddie or OpenVPN or AirVPN in Windows Firewall...  how does that work?  I guess a virtual network device doesn't need permissions like a program does? Edited ... by brandonamito
forgot the part after Edit.

Share this post


Link to post
1 hour ago, brandonamito said:

Edit:  another odd thing, there's no entry at all for Eddie or OpenVPN or AirVPN in Windows Firewall...  how does that work?  I guess a virtual network device doesn't need permissions like a program does?


It's because OpenVPN only adds routes. Open up a PowerShell and type in "route print". That's where OpenVPN does its "magic". :D

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...