another port forwarding question....

[patrick sullivan]

Hard to believe this is still an issue these days. Sorry, but I have an Asus RT-AC68U router that I am trying to open a port on. This router has one PC attached to it. This PC has two NIC's (one that connects to the router and one that connects to my other network). All is well, but I just want this one port opened. The router currently runs Merlin custom firmware and is exclusively set to run through a VPN. Again, everything works perfect. Not sure if all that is relevant to this post. Here is the network info:


Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\server>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : server-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter main network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 0C-C4-7A-75-58-E8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1929:4e05:cbf0:977c%7(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.149(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 235717754
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-2B-1B-B5-0C-C4-7A-75-58-E8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter ASUS:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 0C-C4-7A-75-58-E9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f164:cd22:e604:a729%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 302826618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-2B-1B-B5-0C-C4-7A-75-58-E8
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{01260B3D-93A2-4B2F-A009-6E384F20A02E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F5AF39FD-38C1-4440-B7A9-F75E47D60807}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\server>



canyouseeme.org shows port closed.....

 

[patrick sullivan]

Tracing route to yahoo.com [206.190.36.45]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms RT-AC68U-FC20 [192.168.2.1]
2 * * 98 ms 10.85.10.1
3 146 ms 123 ms 107 ms 172.98.67.1
4 226 ms 199 ms 149 ms yahoo-xe1.torontointernetxchange.net [206.108.35.41]
5 207 ms 166 ms * ae-10.pat1.che.yahoo.com [216.115.97.197]
6 235 ms 203 ms 222 ms ae-8.pat2.dnx.yahoo.com [216.115.96.121]
7 269 ms 232 ms 227 ms ae-6.pat2.gqb.yahoo.com [216.115.96.62]
8 229 ms 242 ms 259 ms et-18-1-0.msr2.gq1.yahoo.com [66.196.67.115]
9 268 ms 192 ms 232 ms et-1-0-0.clr1-a-gdc.gq1.yahoo.com [67.195.37.93]
10 271 ms 224 ms 220 ms et-18-1.fab7-1-gdc.gq1.yahoo.com [67.195.1.245]
11 197 ms 184 ms 231 ms po-15.bas2-7-prd.gq1.yahoo.com [206.190.32.41]
12 169 ms 172 ms 252 ms ir1.fp.vip.gq1.yahoo.com [206.190.36.45]

Trace complete.

 

[patrick sullivan]

port remains closed....

 

[ColinTaylor]

1. Port forwarding on the router doesn't apply if the router is "exclusively set to run through a VPN".
2. Your port forwarding rules make no sense. The source and destination IP addresses are the same.

 

[patrick sullivan]

So, how do I open ports on a router set exclusively through a VPN?

If I only have one PC on this network and it is running on 192.168.2.55, and a default gateway of 192.168.2.1, what should the router settings be set to?

 

[ColinTaylor]

So, how do I open ports on a router set exclusively through a VPN?

You don't. Any port forwarding would have to be done by your VPN provider/client as they are the ones providing your internet facing connection.

I don't use a VPN service so I don't know whether this is possible or not.

 

[Trikein]

Ok, a couple things to clear up. First, you don't typically forward a port as high as 36650. Ports are broken up into 3 groups; well known(1-1023), registered(1024~49150), and Private(49151-65535 and everything not registered). Port 36650 is not registered so would typically only be used by a UPnP client. If so, you need to disable the UPnP client and set the server to use a defined port, and then forward that port.

The other thing is that when using a VPN, you aren't using your network, but the VPN's network, that's the point. If you are forwarding all the traffic through the VPN, then you need a VPN that allows selective port forwarding and/or you pay for the upgrade. I think it would help to understand what the purpose of this set up is. Is this some kind of Tor access point?

 

[patrick sullivan]

Thanks guys, it makes perfect sense now that I think about it. I use PIA. I'll look into it. The service running is simply a torrent client(utorrent). Funny, I tried to offer up some space for TOR a couple years ago, but it failed due to ports being closed. Not a focus for me now...

 

[Trikein]

I use PIA. I'll look into it.

So is this for torrents then? If so, see these PIA instructions. Just keep in mind this doesn't let you set a custom port to forward, but enable a static port that is different for each gateway. You then have to enable your PC client to listen on that port. That is why UPnP needs to be disabled. See here for general PIA configuration tips. Also keep in mind that by using that static port, and not the ports needed for AES, you are lowering your encryption.

 

[patrick sullivan]

Got it. That makes sense. Thank you for all the info, especially the links.

Cheers!