How to Troubleshoot Port Forwarding

Introduction

This document provides troubleshooting tips that you can use to determine why a port forwarding rule is not working. For example, you have created a port forwarding rule for an internal Web server (which uses TCP port 80), but you cannot access the server from outside. What steps should be taken to solve the problem?
The troubleshooting tips are grouped into three categories:
l   Check the router configuration
l   Check the connection between the server and router
l   Check the Internet Connection
Basic Troubleshooting

Check the Router Configuration

1.      Check that the port forwarding rule is configured correctly.

2.      Check IP/MAC Binding Settings
1)     If the Allow Undefined LAN PCs check box is unselected (see the following figure), check that the server’s IP address and MAC address are bound already.

 
 
2)     If the server’s IP address and MAC address are bound, check that the IP address and MAC address entered are correct, and the server is using that IP address.
3)     If the server’s IP address and MAC address are bound correctly, check that its Allow Internet Access check box is selected, see the following figure.
 
 
3.      Check Firewall Settings
Check that the server’s IP address and the required port(s) are not blocked by an access control rule.

4.      Check Rate Limit Settings
Check that the server’s upload and download bandwidth are not restricted to very low values by a rate limit rule.

5.      Check Internet Behavior Management Settings
Check that the server is not restricted by an Internet behavior management policy. If it is restricted, please undo the restriction and try again.
Check the Connection between the Server and Router
1.      Check that the server is accessible from local network.
2.      Check that the server’s gateway address is the IP address of the router’s LAN interface.
3.      Check that the required port(s) are not blocked by a firewall or antivirus software running on the server.
 
Check the Internet Connection
 
If you are sure that everything above is correct, you need to check whether the problem is caused by your ISP. To achieve this, do the following:

1.      Check that the required ports are not blocked by your ISP. You can choose a port greater than 1024 as an external port, and try again.

2.      If your ISP assigns a private WAN IP address (such as 192.168.x.x or 10.x.x.x), the port forwarding will not work because private addresses are not routed over the Internet. If this case occurs, please contact your ISP or change your Internet connection.
 
A Troubleshooting Example

The following provides a simple example of troubleshooting port forwarding problems.
In this example, a port forwarding rule is created to allow outside users to access an internal web server, whose IP address is 1.1.1.10, and it listens on TCP port 80.

1.      Check whether the server is accessible from local network.
To check whether the server is accessible from local network, enter the following command at the command prompt on a local computer: telnet 1.1.1.10 80
If the displayed page is similar to the screenshot below, the server isn’t accessible from that local computer. Please check if the server is working properly.

 

 

2.      Check whether the server is accessible from the router.

To check whether the server is accessible from the router, login to the CLI of the router, and then enter the command: telnet 1.1.1.10 80
If the displayed page is similar to the screenshot below, the server isn’t accessible from router. Please check if the server’s gateway address is the IP address of the router’s LAN interface, and if any of the required ports are being blocked by a firewall or antivirus software running on the server.

 

 

3.      Check if any of the required ports are being blocked by your ISP.
If the above two troubleshooting steps don't resolve the problem, it may be your ISP problem. Please try to check if any of the required ports are being blocked by your ISP.
You can enter the following command at the command prompt on a computer: telnet External IP address 80

If the server isn’t accessible from that computer, please use a port greater than 1024 as the external port, and try again. If the server is accessible after changing the port, the port 80 is blocked by your ISP.

<