LANCOM Support Knowledgebase Document No. 1803.2714.3647.RHOO - V2.70

Troubleshooting guide: Port forwarding not working



Description:

This troubleshooting guide demonstrates the available options when port forwarding does not work as configured.



Scenario:
  • The database server at the headquarters should be accessible via the public IP address or the public DNS name of the headquarters and the port 46509.
  • For this purpose, a port forwarding was set up in the LANCOM router at the headquarters to the local IP address of the database server (192.168.66.109) and the port 46509. Instructions for setting up a port forwarding are available in the following knowledge-base document Database 'SP Knowledgebase', View '03. Edit Documents\by Responsible, Status', Document 'Port forwarding: Setting up a web- and ftp-server behind the masked connection of a LANCOM router'.
  • However, after being set up, the database server cannot be reached at the public IP address (81.81.81.81:46509) or at the public DNS name (e.g. headquarters.test.com:46509).





Procedure:

1) Perform an IP router trace on the LANCOM router at the headquarters:

1.1) Using the LANtracer (in LANconfig) or from the command line, perform an IP router trace that filters for the local IP address (here: 192.168.66.109) and the port (here: 46509):
  • Enter the command tr # ip-router @ <IP-address> +"port: <port>" (e.g. tr # ip-router @ 192.168.66.109 +"port: 46509"

1.2) Using the Internet, access the public IP address (81.81.81.81:46509) or the public DNS name (e.g. headquarters.test.com:46509).

If the port forwarding does not take effect, the trace remains empty (see figure).



In this case, check:
    • the configuration of the WAN connection
    • the configuration of the port forwarding
    • if a DynDNS address is being used, check that it is linked with the current public IP address of the LANCOM router

1.3) Another error may be that although port forwarding takes effect and the router transports packets from the WAN into the LAN, the receiver (e.g. the server) does not respond.

    One reason could be that port forwarding was set with the wrong local IP address, or there is an error in the internal structure of your LAN.

    In this case, perform an IP router trace with the command tr # ip-router @ "port: <port>" (e.g. tr # ip-router @ "port: 46509"), which would give the following result (see figure).

    All we see are SYN packets (as shown by the flag: S), which are being transported from the WAN (remote station NETAACHEN) to the LAN (INTRANET) but are not being answered with a SYN/ACK packet from the receiver.

1.4) If port forwarding is fully functional, the IP router trace shows the TCP handshake taking place, among other things:
  • The requesting client sends a SYN packet (as shown by the flag: S) with a sequence number to the destination port (here: 46509).
  • If the port is open, the server acknowledges receipt of the first SYN packet and approves the connection by responding with a SYN/ACK packet (as shown by the flag: SA).
  • Finally, the client confirms that it received the SYN/ACK packet by returning an ACK packet of its own (as shown by the flag: A) with the sequence number.


Catchwords: port; forwarding; error; search; debugging; forwarding; wan; internet
Please review this document! This document was helpful This document was not helpful