Port Forwarding on a Netcomm 3G Broadband Router 3G15Wn
This guide will walk you through the steps of port forwarding on the Netcomm 3G Broadband router 3G15Wn (Firmware L411-402NVM-C01_R10)
NetComm's web user interface (UI)
was easy to navigate, although for no reason we could determine loading any of
the wireless configuration pages took an exceedingly long time, leading to
frustration.
Almost every menu option also creates a drop down when you mouse over, which is fine enough, but some of those drop-down menus then expand sideways when you mouse over them, with no indication that there's further options hidden there in the first place. With 16 menu items under the "Advanced" menu, many of which have daughter menus, it's really quite easy to get lost, or have an idea of just how many features there are.
1) Open up your favorite
browser and go to the router’s default gateway address.
http://192.168.1.1 (Default
Address)
2) Log in to the router.
Default
Username: admin
Default
password: admin
3) Once you have logged into
your router go to the “Advanced” tab hover over “NAT” then click “Port
Forwarding”.
4) Click on “Add”
ad the bottom of the page.
5) Be sure to select the
radio button “Custom Service” and choose a name for the service (small
description eg. web, camera, xbox, etc..). “Server IP Address” is the Internal
IP address that you want the port to be open on. Be sure you have “Protocol”
set to “TCP/UDP” and “External Port” is the port you wish to open, “Internal
Port” is the port leading to the machine on your home network. Apply/Save.
Once you save the settings you should now be able to test your port at www.portchecktool.com. Please keep in mind your ISP (Internet Service Provider) can be blocking certain ports such as port 80, 25 and 21. You can call and ask if they are. If you are still not able to see the ports check your firewall and anti-virus software on your computer.
An example configuration, you have a web cam that has the IP address 192.168.1.100 and it runs on port 80. You want to be able to access this camera from outside your network on port 8080. You would enter the below values into port forwarding page.
Custom
Service = Small Description
Server
IP Address = 192.168.1.100
Protocol
= TCP/UDP
External
Port = 8080
Internal
Port = 80
Then
to view the camera you would use your No-IP host of “somehost.no-ip.com” like this: http://somehost.no-ip.com:8080 to
reach the webcam.
Port Forward Troubleshooting
If you are having problems with a port forward, try the
following.
1. If you did
not exactly follow the How can I forward ports with pfSense? guide,
delete anything you have tried, and start from scratch with those instructions.
2. Port forwards
do not work internally unless you enable reflection. Always test port forwards
from outside your network.
3. If you're
still having problems, edit the firewall rule that passes traffic for the NAT
entry, and enable logging. Save and Apply Changes. Then try to access it again
from the outside. Check your firewall logs to see if the traffic shows as being
permitted or denied.
4. Use tcpdump
to see what's happening on the wire. This is the best means of finding the
problem, but requires the most networking expertise. Start with the WAN
interface, and use a filter for the appropriate protocol and port. Attempt to
access from outside your network and see if it shows up. If not, your ISP may
be blocking the traffic, or for Virtual IPs, you may have an incorrect
configuration. If you do see the traffic on the WAN interface, switch to the
inside interface and perform a similar capture. If the traffic is not leaving
the inside interface, you have a NAT or firewall rule configuration problem. If
it is leaving the interface, and no traffic is coming back from the destination
machine, its default gateway may be missing or incorrect, or it may not be
listening on that port. For certain types of traffic you may see return traffic
indicating the host is not listening on that port. For TCP, this would be a TCP
RST. For UDP, it may be an ICMP Unreachable message.
Common
Problems
1. NAT and
firewall rules not correctly added (see How can I forward ports with pfSense?).
Hint: You probably do NOT want to set a source port.
2. Firewall
enabled on client machine.
3. Client
machine is not using pfSense as its default gateway.
4. Client
machine not actually listening on the port being forwarded.
5. ISP or
something upstream of pfSense is blocking the port being forwarded
6. Trying to
test from inside your network, need to test from an outside machine.
7. Incorrect or
missing Virtual IP configuration for additional public IP addresses.
8. The pfSense
router is not the border router. If there is something else between pfSense and
your ISP, you must also replicate port forwards and associated rules there.
9. Forwarding
ports to a server behind a Captive Portal. You must add an IP bypass both to and
from the server's IP in order for a port forward to work behind a Captive
Portal.
10. If this is
on a WAN that is not your default gateway, make sure there is a gateway chosen
on this WAN interface, or the firewall rules for the port forward would not reply
back via the correct gateway.
11. If this is
on a WAN that is not your default gateway, ensure the traffic for the port
forward is NOT passed in via Floating Rules or an Interface Group. Only rules
present on the WAN's interface tab under Firewall Rules will have the reply-to
keyword to ensure the traffic responds properly via the expected gateway.
12. If this is
on a WAN that is not your default gateway, make sure the firewall rule(s)
allowing the traffic in do not have the box checked to disable reply-to.
13. If this is
on a WAN that is not your default gateway, make sure the master reply-to
disable switch is not checked under System > Advanced, on the Firewall/NAT
tab.
14. WAN rules should NOT have a gateway set, so make sure that the rules for the port forward do NOT have a gateway configured on the actual rule.
