NAT (Port Forward) Related Issues
What is NAT?
NAT (Network Address Translation) is the translation of the IP address of a host in a packet. Use port forwarding to make computers on a private network, behind the CenturyLink appliance, available to the world.
If the router has only one public IP address, you can make the network devices (computers, printers, etc.) in the private network available by using ports to forward packets to the appropriate private IP address.
- Port forward rule doesn't work.
Ex: Port forward rules have been added to allow remote access to a NAS appliance on the local network. Rules added to the CenturyLink appliance (by Zyxel) are for HTTP/HTTPS (ports TCP:80 and TCP:443) access and FTP (ports TCP:21).
The following are some things you can test to make sure everything is configured properly: - Double check the port forwarding rules on the CenturyLink router.
- Verify that traffic is being redirected to the correct "LAN IP". (Based on our example, this should match the NAS IP)
- Verify the correct protocol is in use.
- "Ports Forwarded" and "Remote Ports" should match.
- The "Remote Defined" field should say "N/A". If there is an IP address defined, this will limit access from that IP only. Setting the "Remote Defined" option to "N/A" will allow you to access from anywhere on the internet.
- Attempt to access the service from a local device. If a device connected to the same network cannot access the service, there is an issue with the server which will need to be fixed. Contact the manufacturer of the server to make sure the appliance is configured correctly, to accept the traffic.
- If services work fine with a device connected on the same network, try using a port scanning service to test if the ports are open. Below are two port scanning services you can use to test if your ports are open. (Note: Please keep in mind that most online port scanning services can only test TCP ports.)
http://www.whatsmyip.org/port-scanner/
http://www.t1shopper.com/tools/port-scan/ - All rules are configured correctly, but, services are not working.
Ex: Continuing from the example on step 1, you can access the services when connected to the local network and port forwarding rules are configured correctly, but, nothing works from the internet side. - Make sure the CenturyLink device is running the latest firmware release. Follow the instructions on how to check and upgrade firmware on CenturyLink devices here.
- Check with your ISP to make sure ports are not being blocked on their end. (Note: Some service providers may block ports from the central office, based on region and/or account type. For example, an ISP may not want a residential account to host websites, to prevent this they will block the commonly used ports to host websites on their end.)
- Disable UPnP feature (if enabled). This is a precaution to make sure a UPnP rule is not interfering with port forwarding. For instructions on disabling/enabling UPnP, please refer to the guide here.
- Reboot the CenturyLink appliance.
- Contact CenturyLink to swap out hardware.
- Unable to add port forwarding rule.
Ex: Data is entered for port forwarding rule and saves without error, but, port forward rule is not listed. - Make sure the CenturyLink device is running the latest firmware release. Follow the instructions on how to check and upgrade firmware on CenturyLink devices here.
- Disable UPnP feature. If UPnP is using the same port number you are attempting to add with a port forward rule, it will not go through. Disable UPnP, then add the port forward rule.
- Reboot the CenturyLink appliance.
- Contact CenturyLink to swap out hardware.
UPnP Related Issues
What is UPnP?
UPnP is a feature that allows network devices (such as computers, printers, routers, etc.) to discover each other on the network and establish communications.
Should I use UPnP?
If security is a concern, it is highly recommended that UPnP be disabled on the gateway (router). If UPnP is enabled on the gateway, internal devices may open services from the internet without your knowledge. (Ex: An appliance such as a network storage device may communicate to the router that it needs ports 80, 443, 21 and possibly others, open via the UPnP feature. This would mean that your network storage device is now open to the internet, anyone can potentially access the storage device.)
Allowing UPnP features to work internally only, will allow your devices to share resources. Since establishing a connection to the internal network is more difficult, unless already inside, using UPnP internally would not be considered such a security risk.
- How to Enable or Disable the UPnP feature.
- To enable/disable the UPnP feature go to menu, Advanced Setup → UPnP.
- Set the UPnP state, Enable/Disable.
- Set the UPnP NAT-T state.
- Select "Apply" to save your changes.
- If disabling UPnP, reboot the modem/router to close all currently opened UPnP sessions.
- UPnP not working with Xbox Live
- Make sure the CenturyLink appliance is running the latest firmware/software version. Instructions on how to update the firmware can be found here.
- Make sure the Xbox is running the latest software patch.
- Check with your ISP to make sure ports are not being blocked on their end.
For a list of ports used by Xbox Live: - On the CenturyLink device, check the UPnP list to verify ports are being opened. Use the directions here to access the UPnP menu and scroll to the bottom of the page to look at the "UPnP NAT-T List".
- Reboot the CenturyLink hardware.
- Contact CenturyLink to swap out hardware.
- UPnP not working with PSN (PlayStation Network)
- Make sure the CenturyLink appliance is running the latest firmware/software version. Instructions on how to update the firmware can be found here.
- Make sure the PlayStation is running the latest software patch.
- Check with your ISP to make sure ports are not being blocked on their end.
For a list of ports used by the PSN: - PS3
- TCP: 80, 443, 1935, 3478-3480
- UDP: 3478-3479, 3658
- PS4
- TCP: 80, 443, 3478, 3479, 3480
- UDP: 3478, 3479
- On the CenturyLink device, check the UPnP list to verify ports are being opened. Use the directions here to access the UPnP menu and scroll to the bottom of the page to look at the "UPnP NAT-T List".
- Reboot the CenturyLink hardware.
- Contact CenturyLink to swap out hardware.
Comments
0 comments
Please sign in to leave a comment.