Port Forwarding on a Netcomm 3G Broadband Router 3G15Wn for Camera Online
This guide will walk you through the steps of port forwarding on
the Netcomm 3G Broadband router 3G15Wn (Firmware L411-402NVM-C01_R10)
1) Open up your favorite browser and go to
the router’s default gateway address.
http://192.168.1.1 (Default Address)
2) Log in to the router.
Default Username: admin
Default password: admin
3) Once
you have logged into your router go to the “Advanced” tab hover over “NAT” then
click “Port Forwarding”.
4) Click
on “Add”
ad the bottom of the page.
5) Be
sure to select the radio button “Custom Service” and choose a name for the
service (small description eg. web, camera, xbox, etc..). “Server IP Address”
is the Internal IP address that you want the port to be open on. Be sure you
have “Protocol” set to “TCP/UDP” and “External Port” is the port you wish to
open, “Internal Port” is the port leading to the machine on your home network.
Apply/Save.
Once you save the settings you should now be able to test
your port at www.portchecktool.com.
Please keep in mind your ISP (Internet Service Provider) can be blocking
certain ports such as port 80, 25 and 21. You can call and ask if
they are. If you are still not able to see the ports check your firewall and
anti-virus software on your computer.
An example configuration, you have a web cam that has the
IP address 192.168.1.100 and it runs on port 80. You want to be able to access
this camera from outside your network on port 8080. You would enter the below
values into port forwarding page.
Custom Service = Small Description
Server IP Address = 192.168.1.100
Protocol = TCP/UDP
External Port = 8080
Internal Port = 80
Then to view the camera you would use your No-IP host of
“somehost.no-ip.com” like this: http://somehost.no-ip.com:8080 to
reach the webcam.
Port Forward Troubleshooting
If you are having problems with a port
forward, try the following.
1. If you did not exactly follow the How can I forward
ports with pfSense? guide, delete anything you have tried, and start from
scratch with those instructions.
2. Port forwards do not work internally
unless you enable reflection. Always test port forwards from outside your
network.
3. If you're still having problems, edit
the firewall rule that passes traffic for the NAT entry, and enable logging.
Save and Apply Changes. Then try to access it again from the outside. Check
your firewall logs to see if the traffic shows as being permitted or denied.
4. Use tcpdump to see what's happening on
the wire. This is the best means of finding the problem, but requires the most
networking expertise. Start with the WAN interface, and use a filter for the
appropriate protocol and port. Attempt to access from outside your network and
see if it shows up. If not, your ISP may be blocking the traffic, or for
Virtual IPs, you may have an incorrect configuration. If you do see the traffic
on the WAN interface, switch to the inside interface and perform a similar
capture. If the traffic is not leaving the inside interface, you have a NAT or
firewall rule configuration problem. If it is leaving the interface, and no
traffic is coming back from the destination machine, its default gateway may be
missing or incorrect, or it may not be listening on that port. For certain
types of traffic you may see return traffic indicating the host is not
listening on that port. For TCP, this would be a TCP RST. For UDP, it may be an
ICMP Unreachable message.
Common
Problems
1. NAT and firewall rules not correctly
added (see How
can I forward ports with pfSense?). Hint: You
probably do NOT want to set a source port.
2. Firewall enabled on client machine.
3. Client machine is not using pfSense as
its default gateway.
4. Client machine not actually listening on
the port being forwarded.
5. ISP or something upstream of pfSense is
blocking the port being forwarded
6. Trying to test from inside your network,
need to test from an outside machine.
7. Incorrect or missing Virtual IP
configuration for additional public IP addresses.
8. The pfSense router is not the border
router. If there is something else between pfSense and your ISP, you must also
replicate port forwards and associated rules there.
9. Forwarding ports to a server behind a
Captive Portal. You must add an IP bypass both to and from the server's IP in
order for a port forward to work behind a Captive Portal.
10. If this is on a WAN that is not your
default gateway, make sure there is a gateway chosen on this WAN interface, or
the firewall rules for the port forward would not reply back via the correct
gateway.
11. If this is on a WAN that is not your
default gateway, ensure the traffic for the port forward is NOT passed in via
Floating Rules or an Interface Group. Only rules present on the WAN's interface
tab under Firewall Rules will have the reply-to keyword to ensure the traffic
responds properly via the expected gateway.
12. If this is on a WAN that is not your
default gateway, make sure the firewall rule(s) allowing the traffic in do not
have the box checked to disable reply-to.
13. If this is on a WAN that is not your
default gateway, make sure the master reply-to disable switch is not checked
under System > Advanced, on the Firewall/NAT tab.
14. WAN rules should NOT have a gateway
set, so make sure that the rules for the port forward do NOT have a gateway
configured on the actual rule.
