LANCOM Support Knowledgebase
Document No. 1803.2714.3647.RHOO - V2.70
Troubleshooting guide: Port forwarding not working
This troubleshooting guide demonstrates the available options when
port forwarding does not work as configured.
The database server at the headquarters should be accessible via
the public IP address or the public DNS name of the headquarters
For this purpose, a port forwarding was set up in the LANCOM router at the headquarters to the local IP address of the database server (192.168.66.109) and the port 46509. Instructions for setting up a port forwarding are available in the following knowledge-base document
However, after being set up, the database server cannot be reached at the public IP address (22.214.171.124:46509) or at the public DNS name (e.g. headquarters.test.com:46509).
1) Perform an IP router trace on the LANCOM router at the headquarters:
1.1) Using the LANtracer (in LANconfig) or from the command line, perform an IP router trace that filters for the local IP address (here: 192.168.66.109) and the port (here: 46509):
Enter the command
tr # ip-router @ <IP-address> +"port: <port>"
tr # ip-router @ 192.168.66.109 +"port: 46509"
1.2) Using the Internet, access the public IP address (126.96.36.199:46509) or the public DNS name (e.g. headquarters.test.com:46509).
port forwarding does not take effect, the trace remains empty
In this case, check:
the configuration of the WAN connection
the configuration of the port forwarding
if a DynDNS address is being used, check that it is linked with the current public IP address of the LANCOM router
may be that
although port forwarding takes effect and the router transports packets from the WAN into the LAN
receiver (e.g. the server) does not respond
One reason could be that
port forwarding was set with the wrong local IP address
there is an error in the internal structure of your LAN
In this case, perform an
IP router trace
with the command
tr # ip-router @ "port: <port>"
tr # ip-router @ "port: 46509"
), which would give the following result (see figure).
All we see are SYN packets
(as shown by the flag: S)
, which are being transported from the WAN (remote station NETAACHEN) to the LAN (INTRANET) but are not being answered with a SYN/ACK packet from the receiver.
port forwarding is fully functional
, the IP router trace
shows the TCP handshake taking place
, among other things:
SYN packet (as shown by the flag: S)
destination port (here: 46509)
If the port is open, the server acknowledges receipt of the first SYN packet and approves the connection by responding with a SYN/ACK packet
(as shown by the flag: SA).
confirms that it
received the SYN/ACK packet
returning an ACK packet of its own
(as shown by the flag: A)
with the sequence number.
Catchwords: port; forwarding; error; search; debugging; forwarding; wan; internet
Please review this document!
This document was helpful
This document was