Forum Discussion

otherworlds's avatar
otherworlds
Joining in
10 months ago

Unable to forward any new ports

I have a bunch of ports manually forwarded on my router (Superhub 3). Most have these have been set up since I got this router around 2 years ago. I can verify that these ports are indeed open by using any of the tools/sites available that can check for this. They are all open, and the applications that use them work correctly.

I need to open a new port on my router for another application. I can set this up and apply it, and in the router it looks as though it is configured - but the port is not open. I have tried many different ports by way of testing, and none of the newly opened ports are actually open despite showing in the SH3 that they are.

I have also tried enabling UPnP to see if this works. Once enabled, I open the application and check the router - the SH3 shows that the correct ports have been automatically opened via UPnP, but the application fails and checks show that the ports are in fact NOT open.

I have tried:

Restarting the router
Restarting the application
Restarting the PC (no reason why this should have any effect as far as I'm aware)

I am not using a VPN.

Does anyone have any experience of this?

  • legacy1's avatar
    legacy1
    Alessandro Volta

    Guess only limited ports can be forwarded by hub I suggest you get your own router with 1Gb ports and use hub in modem mode.

  • That can't be it, there are only 5 ports forwarded and as mentioned I have also tried with UPnP.

  • It was Windows firewall. The application needed to be whitelisted in order to use the port. It was in the whitelist, but for some reason it still had the x86 version from last year whitelisted whereas the x64 version needed to be added manually.

    I guess this means you can't open ports on the router unless there is a whitelisted application configured to use the port.

    • Sabrina_B's avatar
      Sabrina_B
      Forum Team

      Hi otherworlds 👋.

      Thanks for reaching out to us. Apologies for the issues that you are having with your new Hub, I am afraid that this Community Forum is not a sourced guideline for altering the pre-set up hub and is regarded as mis-use as found in section F of the Terms and Conditions of your contract. 

      Sabrina

      • ravenstar68's avatar
        ravenstar68
        Very Insightful Person

        Sabrina_B 

        The community Forum is here so that users can find help from the community that may not be available from Virgin Media support itself.  I've personally helped users with port forwarding in the past, including using it to prevent mDNS responses from users equipment to the internet devices.

        In addition users can come here for Support from Forum Team members such as yourself about issues which are down to VM, although this is not one of them.  The OP has already found the cause of their problem.

        Tim

    • PimmsOClock's avatar
      PimmsOClock
      On our wavelength

      otherworlds wrote:

      I guess this means you can't open ports on the router unless there is a whitelisted application configured to use the port.


      Not exactly, there is a great deal of fairly common confusion about what ‘opening a port’ or ‘forwarding a port’ means.

      Imagine that I want to run a web server on a domestic VM connection, not the most stable or advisable thing, but possible. I first need to setup the web server itself and make sure that it responds to attempted connections on port 80 (or 443, if I’m being really upmarket and also setting up certificates etc!). Then I need to ‘open’ or forward a port on the firewall/router so that incoming traffic from elsewhere on the internet is; firstly allowed in, and secondly ‘forwarded’ to the web server.

      So, for example, I setup a web server on any home network and it has an internal IP address, of, say 192.168.0.100. It’s a web server and is expecting incoming traffic on port 80, so I configure the router to allow incoming port 80 traffic and also forward this to 192.168.0.100. For most domestic firewalls / routers, this is a single operation, on a more complex business or enterprise grade device, it would be two separate operations, one to allow traffic in on port 80 and another to forward it to the internal address of the server.

      In your case, almost certainly the port forwarding was working, but, you had an additional firewall on the device in question which, because it hadn’t been told anything else, was blocking the incoming traffic. The port forwarding was working fine, but the host device wasn’t responding because of its own firewall blocking the traffic.

    • ravenstar68's avatar
      ravenstar68
      Very Insightful Person

      otherworlds wrote:

      It was Windows firewall. The application needed to be whitelisted in order to use the port. It was in the whitelist, but for some reason it still had the x86 version from last year whitelisted whereas the x64 version needed to be added manually.

      I guess this means you can't open ports on the router unless there is a whitelisted application configured to use the port.


      The best way to understand open ports is the following

      1.  There must be an application listening on the port
      2.  There must be an exception in the firewall to allow incoming connections on that port

      For example I run a mail sever (not on my home connection)

      Because the servers need to be able to accept connections from across the net I have the following firewall rules

      debian@mail:~$ sudo ufw status
      Status: active
      
      To                         Action      From
      --                         ------      ----
      993/tcp                    ALLOW       Anywhere                  
      995/tcp                    ALLOW       Anywhere                  
      80/tcp                     ALLOW       Anywhere                  
      25/tcp                     ALLOW       Anywhere                  
      587/tcp                    ALLOW       Anywhere                  
      465/tcp                    ALLOW       Anywhere                  
      443                        ALLOW       Anywhere                  
      22/tcp                     ALLOW       Anywhere                  
      993/tcp (v6)               ALLOW       Anywhere (v6)             
      995/tcp (v6)               ALLOW       Anywhere (v6)             
      80/tcp (v6)                ALLOW       Anywhere (v6)             
      25/tcp (v6)                ALLOW       Anywhere (v6)             
      587/tcp (v6)               ALLOW       Anywhere (v6)             
      465/tcp (v6)               ALLOW       Anywhere (v6)             
      443 (v6)                   ALLOW       Anywhere (v6)             
      22/tcp (v6)                ALLOW       Anywhere (v6)     

      No other connections are allowed through.

      Port forwarding merely redirects an inbound connection on the router on a set to a specific device on your network.