Port still blocked

[bitclout]

I know this topic has been addressed a few times.

I have the yellow light saying that my listen port is blocked. I followed all these steps and double checked everything to open it, and still have the yellow light:

http://www.p2pforums.com/viewtopic.php?p=99434

http://www.portforward.com/english/routers/port_forwarding/Dlink/DI-704P-revC/BitComet.htm

I performed this test and it says the status of the port I forwarded is "Stealth". It also says my computer ip is 174.89.221.149, which is not the static ip I fixed. It's the ip address showing besides the yellow light with the port number I assigned to Bitcomet. I think it's my isp's. I also performed the PFPortChecker test and it says my port is not open or not reachable.

I opened my firewall (Windows XP sp3) to both the program and the port. Still blocked.

I have BitComet 1.16, Windows XP sp3, a Siemens Speedstream 4200 DSL modem and a D-Link DI-704P router. The router firewall is disabled, but I can't reach the modem as none of its supposed ip address is working (any idea about that?).

Any help would be greatly appreciated. Please note that I'm a total newbie to all this stuff and I learned everything from scratch while trying to work my way through that.

Thanks

[greywizard]

The thing is you have in fact 2 routers. That's pretty mind-boggling for a newbie in the networking world.

Unless the modem/router device is in full bridge mode, both of them will perform NAT, therefore you may follow all the portforwarding guides you wish on your D-Link, you won't get a green light.

You need to find out in what mode is your modem operating. For that you'll need to connect your computer directly to the modem with a patch cord cable, set your PC's IP address on Auto and connect to the IP of the modem, in any browser. Once you have accessed the web interface of the modem check its operating mode on the Setup-->Mode page.

Or alternatively, open your D-Link router's web interface and look for the address of the WAN interface (I assume you connected your modem to your router's WAN port, did you?). If it's a private IP address (different from your public IP) then your modem is not in bridge mode.

(Who is your ISP?)

The IP BitComet shows is your public IP, assigned to you by your ISP whenever your modem connects to the Internet. It has nothing to do with the addresses you or your router set for your local machines.

So, as far as this goes, there are several ways you could choose to proceed about this, before starting to do any port forwarding. Once you have learned in which mode is your modem device operating, you could try either of these:

• try to forward BitComet's port on both routers (modem in router mode);
  
• try to have your modem in bridge mode (if it's not already) so that it gives your router's WAN interface a public IP and then you forward your port only on your D-Link router;
  
• try to use only the modem/router device, eliminating the other router and forwarding your port on the modem/router (modem is in router mode);
  
• try to connect the cable coming from the modem to a LAN port of the D-Link router thus using it as a switch and doing port-forwarding only on the modem (modem is in router mode).
  

[bitclout]

Thanks for the reply.

I looked at the WAN settings of the D-link router. It's set at Dynamic ip and it gives me no ip address. The modem interface has no setting for bridge mode. In fact, it doesn't look at all like it's supposed to according to the user guide. This is all I have:

This is the status page. The setup page looks like something automated from the isp: I enter the username and password and it does everything. Nothing on the mode page is about bridge mode or port forwarding.

I need the router because I have 2 computers.

What can I do now?

Thanks again.

[kluelos]

I'm having some difficulty with the Siemens. As far as I've got it, the answer is no, yes, and maybe.

At first blush, it's not a router. At the second, it is. It's a modem with router-like features but not router capabilities. Only one device can be connected to it. It does, however, seem to have a primitive DHCP server built in to it, and firmware to tell it when to use that or not.

The device is never sold at retail. It's sold only to major telcomms, many (most? all?) of whom do custom firmware for it. Manuals are not available from Siemens because of this, and it's up to the telcos whether to make one available to the public. This clouds an already murky picture.

I believe it apparently can do network address translation, but only for the single device it's connected to. A user manual would be pretty useless if it didn't account for the OEM's firmware.

For right now, though, treat it as just a modem. That is how it is supposed to function in normal use.

-------

Let's look at the rest of your problem.

When you hook your computer's LAN port up, it (by default) asks whatever it's hooked to for an IP address, using the DHCP protocol.

If you hook it to a plain modem, the modem passes that request onwards. It reaches your ISP, who leases you one of their internet addresses. That becomes "your" IP address. Assume with me for a moment that the address you get from the ISP is 254.3.2.1

If you hook the computer to the router on your desk, then it asks the router, and the router assigns the computer an address on the local area network created by and maintained by the router. This LAN IP is only "valid" on this LAN -- that is, between the computer and the router, or between the computer and other computers hooked to the same router.

This is NOT "your IP address" as far as the rest of the world is concerned. The rest of the world can't see it, only other computers on the "back" or LAN end of that router can see it. The address you'll get is in one of two blocks that are reserved for private subnets and are not valid for use out on the Internet. Nobody can have those addresses out there.

So, if I ask the IPCONFIG utility to tell me my IP address, it's this local LAN-only address that I'll get. That'll be 10.xxx.xxx.xxx, one of the reserved blocks, or else 192.168.xxx.xxx, the other reserved block. So let's say that IPCONFIG says your IP address is 10.1.1.1

Meantime, back at the router. The router sits in place of the computer, and connects to the modem. The router asks the ISP for an IP address, which is promptly leased to it. All this happens on the OTHER side of the router, the "front" side, the Wide Area Network side -- the internet side. Now the router has the IP address that you would have had, if you connected directly to the modem. The router's WAN side has its own valid internet address of 254.3.2.1

You use your web browser to visit the web site, "whatsmyip.org", Your request from your PC at 10.1.1.1 on the LAN goes to the router, which substitutes its address for your own before passing it on to the internet. That request has the return address of 254.3.2.1 so that replies will go to the router. That's also the address that Whatsmyip.org returns as "your" ip address".

The router, um, routes, the reply back to where ever the request came from, namely to your computer at 10.1.1.1, and not to your sister's computer at 10.1.1.0 -- it's the router's business to keep the requests and replies straight.

Your traffic and hers both go through the router. whatsmyip would claim that you both have the same IP, while IPCONFIG would tell you that your IP's are different from that and different from each other.

The rest of the world "sees" only your router, and has no idea what's connected to it. Maybe it's just a single PC, maybe it's a mainframe, six minis and thirty-six terminals in a corporate office. All of their internet traffic passes through this one router, and the router is all that the internet sees.

So what is the computer's IP address? That depends on where you are when you ask. If you're on this LAN on this side of the router, it's one thing. If you're out on the internet, on the WAN side, it's another.

When we speak of a static IP in the context of P2P, we mean your LAN IP, between your computer and the router. we do NOT mean your WAN IP, between the router and the internet. The latter is controlled by your ISP. The latter is irrelevant.

Your router's firewall will, for security purposes, only open a port to a particular IP (because it's dangerous to do otherwise -- don't want a port open for a machine that isn't expecting it, this is how hackers gain entry).

It's got the port open only to that address. It follows that your computer had better be AT that address for all of this to work. So you tell your computer to use that address.

The computer connects to the router and instead of asking for an address assignment, just tells the router, "this is my address, chump!" That could, of course, cause problems. It's up to you, shiny new network admin, to prevent that. It's all on you now.

[bitclout]

Thanks guys. It's beginning to make sense to me.

So, all I have to do is redo the port forwarding with the data in the picture above. Right?

[kluelos]

Yes, you do.

Or, you could turn the router's firewall completely off and just rely on software firewalls. I wouldn't do that, firmware firewalls can't fail to start, can't be affected by other software, don't require memory and cpu cycles.

But one way or another you need to open your chosen listen port on every firewall that you have.