dd-wrt Not Forwarding Ports

I have a Buffalo router flashed with DD-WRT 2.4b. It's not forwarding
port ranges at all. There's no static IP set up for my laptop because
a) I couldn't get that to work, either, and b) I've never gotten
anything besides the same IP, so I don't worry about it.

The current setup is to open ports 49550 to 49600 on both UDP/TCP on
my computer's IP. The client app is set to check 49555, and yet it
fails to break through.

https://www.grc.com/x/portprobe=49555 reports the port is in
'stealth,' but not 'open.' Then again, every random number I check
returns 'stealth,' so that designation doesn't mean much.

I'm stumped at this point. Any helpful tips?

Thanks!

<william.oram@gmail.com> wrote in message
news:1192930731.665837.59260@v29g2000prd.googlegro ups.com...
>I have a Buffalo router flashed with DD-WRT 2.4b. It's not forwarding
> port ranges at all. There's no static IP set up for my laptop because
> a) I couldn't get that to work, either, and b) I've never gotten
> anything besides the same IP, so I don't worry about it.
>
> The current setup is to open ports 49550 to 49600 on both UDP/TCP on
> my computer's IP. The client app is set to check 49555, and yet it
> fails to break through.
>
> https://www.grc.com/x/portprobe=49555 reports the port is in
> 'stealth,' but not 'open.' Then again, every random number I check
> returns 'stealth,' so that designation doesn't mean much.
>
> I'm stumped at this point. Any helpful tips?
>

You sure you don't have a personal firewall/packet filter running on the
computer where you would have to the same thing is open those ports?

BTW, there is no such thing as a stealthed port in the case of the router.
The port is either opened or it's closed As a matter of fact, there is no
such thing as a stealthed port period. It's either open/close.

On Oct 22, 4:39 am, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> <william.o...@gmail.com> wrote in message
>
> news:1192930731.665837.59260@v29g2000prd.googlegro ups.com...
>
> >I have a Buffalo router flashed with DD-WRT 2.4b. It's not forwarding
> > port ranges at all. There's no static IP set up for my laptop because
> > a) I couldn't get that to work, either, and b) I've never gotten
> > anything besides the same IP, so I don't worry about it.
>
> > The current setup is to open ports 49550 to 49600 on both UDP/TCP on
> > my computer's IP. The client app is set to check 49555, and yet it
> > fails to break through.
>
> >https://www.grc.com/x/portprobe=49555reports the port is in
> > 'stealth,' but not 'open.' Then again, every random number I check
> > returns 'stealth,' so that designation doesn't mean much.
>
> > I'm stumped at this point. Any helpful tips?
>
> You sure you don't have a personal firewall/packet filter running on the
> computer where you would have to the same thing is open those ports?
>
> BTW, there is no such thing as a stealthed port in the case of the router.
> The port is either opened or it's closed As a matter of fact, there is no
> such thing as a stealthed port period. It's either open/close.

Positive. No personal firewalls. No packet filters set up, either.

I believe you about stealthed ports...I hadn't heard of them until
this router mess and the word came up a few times.

> BTW, there is no such thing as a stealthed port in the case of the router.
> The port is either opened or it's closed As a matter of fact, there is no
> such thing as a stealthed port period. It's either open/close.

Not correct. A port that responds is open. A port that refuses a
connection is closed. A port that simply blackholes any requests is often
considered 'stealth'. Indicating a port is closed is considered "less
secure" than simply dropping the traffic entirely. Thus having 'stealth'
ports is a bit more secure (in a fashion).

-Bill Kearney

"Bill Kearney" <wkearney99@hotmail.com> wrote in message
news:U4SdnTELGvJapYDanZ2dnUVZ_oimnZ2d@speakeasy.ne t...
>
>> BTW, there is no such thing as a stealthed port in the case of the
>> router.
>> The port is either opened or it's closed As a matter of fact, there is no
>> such thing as a stealthed port period. It's either open/close.
>
> Not correct. A port that responds is open. A port that refuses a
> connection is closed. A port that simply blackholes any requests is often
> considered 'stealth'. Indicating a port is closed is considered "less
> secure" than simply dropping the traffic entirely. Thus having 'stealth'
> ports is a bit more secure (in a fashion).
>
> -Bill Kearney
>


<copied>
Fiction: "Stealth" ports greatly improve security.
Fact: Just because a port is visible (open and "listening") does not mean
that there is any real security problem. What matters is what can and cannot
be done through the port.
<copied>

The port is either open or closed, with the proper response coming back. If
the proper response is not coming back, then one knows that's a possible
machine with a personal FW running that can be possibly exploited.

And if you were to step into a FW NG, they would start telling you about the
stealth port myth. I am not a FW expert per say and cannot give the exact
reasons as to why a port is not stealthed and it means nothing in terms of
FW
terminology, but I know there is no such thing as a stealthed port. I
think the stealth thing only exist because Gibson made it up.

Where were stealthed ports before Gibson showed up? FW(s) were around well
before Gibson and personal FW(s) showed on the scene.

You can bet some $10,000 network FW solution is not doing some kind of port
stealthing.

I hang in FW NG(s) and know that they would disagree with you.

On Oct 22, 7:53 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
> "Bill Kearney" <wkearne...@hotmail.com> wrote in message
>
> news:U4SdnTELGvJapYDanZ2dnUVZ_oimnZ2d@speakeasy.ne t...
>
>
>
> >> BTW, there is no such thing as a stealthed port in the case of the
> >> router.
> >> The port is either opened or it's closed As a matter of fact, there is no
> >> such thing as a stealthed port period. It's either open/close.
>
> > Not correct. A port that responds is open. A port that refuses a
> > connection is closed. A port that simply blackholes any requests is often
> > considered 'stealth'. Indicating a port is closed is considered "less
> > secure" than simply dropping the traffic entirely. Thus having 'stealth'
> > ports is a bit more secure (in a fashion).
>
> > -Bill Kearney
>
> <copied>
> Fiction: "Stealth" ports greatly improve security.
> Fact: Just because a port is visible (open and "listening") does not mean
> that there is any real security problem. What matters is what can and cannot
> be done through the port.
> <copied>
>
> The port is either open or closed, with the proper response coming back. If
> the proper response is not coming back, then one knows that's a possible
> machine with a personal FW running that can be possibly exploited.
>
> And if you were to step into a FW NG, they would start telling you about the
> stealth port myth. I am not a FW expert per say and cannot give the exact
> reasons as to why a port is not stealthed and it means nothing in terms of
> FW
> terminology, but I know there is no such thing as a stealthed port. I
> think the stealth thing only exist because Gibson made it up.
>
> Where were stealthed ports before Gibson showed up? FW(s) were around well
> before Gibson and personal FW(s) showed on the scene.
>
> You can bet some $10,000 network FW solution is not doing some kind of port
> stealthing.

Interesting. What elements present in the typical home wireless setup
could cause data to disappear through almost every port? I'm running
OS X, which has precisely one button that identifies the presence of a
firewall...pretty clear cut there. I'm thinking this is DD-WRT's
problem. Before the Buffalo router, I had a ZyXel router with
commercial driver software. Even though I couldn't set up static IPs
through them (and was too lazy to set one up client-side :P), port
forwarding *did* work if I forwarded ports through whatever IP I had
at the time. Nothing has changed since then except the router, the
desktop box the router's connected to, and the driver software.

<william.oram@gmail.com> wrote in message
news:1193103868.617940.177180@q5g2000prf.googlegro ups.com...
> On Oct 22, 7:53 pm, "Mr. Arnold" <MR. Arn...@Arnold.com> wrote:
>> "Bill Kearney" <wkearne...@hotmail.com> wrote in message
>>
>> news:U4SdnTELGvJapYDanZ2dnUVZ_oimnZ2d@speakeasy.ne t...
>>
>>
>>
>> >> BTW, there is no such thing as a stealthed port in the case of the
>> >> router.
>> >> The port is either opened or it's closed As a matter of fact, there is
>> >> no
>> >> such thing as a stealthed port period. It's either open/close.
>>
>> > Not correct. A port that responds is open. A port that refuses a
>> > connection is closed. A port that simply blackholes any requests is
>> > often
>> > considered 'stealth'. Indicating a port is closed is considered "less
>> > secure" than simply dropping the traffic entirely. Thus having
>> > 'stealth'
>> > ports is a bit more secure (in a fashion).
>>
>> > -Bill Kearney
>>
>> <copied>
>> Fiction: "Stealth" ports greatly improve security.
>> Fact: Just because a port is visible (open and "listening") does not mean
>> that there is any real security problem. What matters is what can and
>> cannot
>> be done through the port.
>> <copied>
>>
>> The port is either open or closed, with the proper response coming back.
>> If
>> the proper response is not coming back, then one knows that's a possible
>> machine with a personal FW running that can be possibly exploited.
>>
>> And if you were to step into a FW NG, they would start telling you about
>> the
>> stealth port myth. I am not a FW expert per say and cannot give the
>> exact
>> reasons as to why a port is not stealthed and it means nothing in terms
>> of
>> FW
>> terminology, but I know there is no such thing as a stealthed port. I
>> think the stealth thing only exist because Gibson made it up.
>>
>> Where were stealthed ports before Gibson showed up? FW(s) were around
>> well
>> before Gibson and personal FW(s) showed on the scene.
>>
>> You can bet some $10,000 network FW solution is not doing some kind of
>> port
>> stealthing.
>
> Interesting. What elements present in the typical home wireless setup
> could cause data to disappear through almost every port? I'm running
> OS X, which has precisely one button that identifies the presence of a
> firewall...pretty clear cut there. I'm thinking this is DD-WRT's
> problem. Before the Buffalo router, I had a ZyXel router with
> commercial driver software. Even though I couldn't set up static IPs
> through them (and was too lazy to set one up client-side :P), port
> forwarding *did* work if I forwarded ports through whatever IP I had
> at the time. Nothing has changed since then except the router, the
> desktop box the router's connected to, and the driver software.

The driver for the router is called firmware. Did you do a hard reset of the
router and powered down to see if that corrects the problem?

Is the DD-WRT firmware some kind of 3rd party solution? Maybe, you need to
check with them. Maybe you need to flash the router with the firmware again,
as the firmware may not have flashed properly initially, which can happen
with a router right out of the box.

If DD-WRT is a 3rd party solution, then get rid of it and go back to the
router's original firmware, if possible.

I remember a few years back in this NG, I was helping a poster that was
using a Linksys BEFW11S4 router that wouldn't forward ports. He flashed the
router and everything. It wouldn't work. He retuned the router and got a
second 11S4, it wouldn't forward ports either, and he returned that one. The
third one worked.


>

william.oram@gmail.com hath wroth:

>I have a Buffalo router flashed with DD-WRT 2.4b.

Any particular model Buffalo router?
Could I trouble you for the exact DD-WRT v24 version?

>It's not forwarding
>port ranges at all. There's no static IP set up for my laptop because
>a) I couldn't get that to work, either, and b) I've never gotten
>anything besides the same IP, so I don't worry about it.

Static IP on a PC or Mac is rather simple. I'm suprised you couldn't
get it to work. However, there's a better way. Use "static-DHCP" or
"pre assigned DHCP". See this page:
<http://www.informatione.gmxhome.de/DDWRT/Standard/V24BetaVPN/Services.html>
under "Static Leases". Add the MAC address and LAN IP address of your
unspecified model laptop and it will always get the same IP address.
<http://www.dd-wrt.com/wiki/index.php/Static_DHCP>

>The current setup is to open ports 49550 to 49600 on both UDP/TCP on
>my computer's IP. The client app is set to check 49555, and yet it
>fails to break through.

How are you testing that it "fails to break through"? Have you tried
setting up a trivial service of some sorts on your laptop, testing it
with another computer on the LAN, and then trying to connect? The
trick here is to isolate the problem between the "server" and the
router forwarding. There's no way to tell from here if the router is
misbehaving or if the application is comatose. A software firewall
running on the laptop will have the same effect as a comatose server.

>https://www.grc.com/x/portprobe=49555 reports the port is in
>'stealth,' but not 'open.' Then again, every random number I check
>returns 'stealth,' so that designation doesn't mean much.

Hmmm... I'm going to ignore this as I don't consider GRC to be a
reasonable test of connectivity. Start with a 2nd computer on your
LAN. Can it connect to your unspecified application on 49550? Can it
connect to a trivial server application on the same machine? With no
router involved, this should work without difficulty.

Then, try going through the router. This may be a bit tricky if
you're testing from inside your LAN. I've had problems testing VPN's
this way and usually end up firing up a dialup connection, and using
that for a fast connectivity test.

>I'm stumped at this point. Any helpful tips?

Sure. Telnet to the router with:
telnet 192.168.1.1
login: root
password: xxxxxxxx
and run:
iptables --list
You should get several pages of firewall info. What you want is
probably at the bottom. For example, my firewall has quite a bit of
forwarding and port triggering setup. For example:

Port trigger on outgoing port 5200 to accept incoming 5198-5199:
Chain trigger_out (1 references)
target prot opt source destination
TRIGGER tcp -- anywhere anywhere tcp
dpt:5200 TRIGGER type:out match:5200 relate:5198-5199
TRIGGER udp -- anywhere anywhere udp
dpt:5200 TRIGGER type:out match:5200 relate:5198-5199

I don't wanna post my port forwarding setup.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558