Ports are blocked on Westell 9100-EM
martyd2
Enthusiast - Level 2

Here's the setup:

I had the D-Link router and the Motorola MIN. Port forwarding worked fine, I use port 21 for FTP, port 80 for web and 3283 and 5900 for remote access, 1723 for PPTP.

The D-Link is having intermittent problems with connecting so Verizon has sent me the Westell.

It appears that all ports but 21 and 80 are blocked, as none of the other services work any longer.

Has anyone worked around this issue?

If I hook up the D-Link it works, but the connection drops, The Westell handles the FTP, but I can no longer use the VPN or remote access.

I used Canyouseeme.org to test the ports, and the required ports aren't open on the Westell. I can only figure it to be a firewall issue.

Any ideas? If not, I will return the Westell to Verizon and buy my own router, but based on what I pay them, they should provide it.

Re: Ports are blocked on Westell 9100-EM
Hubrisnxs
Legend

You should assign your dlink a static lan address (192.168.1.75 for example) then put the dlink in the dmz of the westell. A router in the dmz will not have any ports blocked and then you can go back to your normal port forwarding rules in your router.

If you have to portforward in the westell, its pretty easy to do, but I would just use http://www.simpleportforwarding.com/ and let the utility do it for you.

Re: Ports are blocked on Westell 9100-EM
martyd2
Enthusiast - Level 2

I have a static IP attached to the router and to the host computer.

The Westell router ports seem to be blocked. If I put the computer in the DMZ, it negates the whole VPN idea

Re: Ports are blocked on Westell 9100-EM
Hubrisnxs
Legend

its not advised to port forward through each individual gateway imo.   when you put your router in the dmz, you are allowing your router to control the VPN instead of the westell.   you can set up the westell to do port forwarding if you don't like doing it that way, but it doesn't negate the vpn as long as you are doing it through your dlink.  the website above will help you portforward your westell if you want to go that path.  

You can also go to www.portforward.com and search under routers, westell 9100 EM and it will give port forward instructions as well.   what you want to do is not uncommon, and there is nothing wrong with the router, you just have to program it for what you want it to do.   A lot of users use the westell and actiontec succesfully for VPN's.   Give it a shot, and if you get stuck, let us know where and how and maybe a screen of some of the port forward rules (sans the ip address, we don't wnat your public address for safety and security reasons)

Re: Ports are blocked on Westell 9100-EM
martyd2
Enthusiast - Level 2

I guess I'm not being very clear.

The Westell 9100EM IS the router.

It is hooked up to my desktop computer that I use as my home server.

My Home computer (desktop AND the router) both have static IP's

I use No-IP as a Dynamic Domain provider.

When I use mu old D-Link I can port forward to ports 1723, 21, 22, 3283, 5900, 80 and 25.

I really only need 1723 (PPTP), 21 (FTP and 5900 and 3283 (Apple Remote Desktop/VNC)

When I use www.canuseeme.org all of the ports are open

When I use the Westell, only 80, 21, 25 and about 3 others are open.

In the security log of the Westell is describes an NAT error, not able to retrieve or conflicting IP's, which is unusuall as I am not

using NAT/NAPT

Unfortunately, the link www.portforward.com does not list the 9100EM, I looked there last week

I guess I am frustrated because I have setup D-Link, Linksys, Cisco etc routers and never had this problem

Re: Ports are blocked on Westell 9100-EM
Hubrisnxs
Legend

Sorry, I thought you wanted to use the d-link along with the westell. So that set up would have looked like

ONT -> Westell - > dlink -> then your PC's.

 That's pretty popular around these parts, and its probably what I would want to do and recommend.  The wireless on the westell isn't all that hot, and then the port forwarding can be a bear sometimes.  So if you go that way, then the recommendation to put your d-link router in the mix and put it in the DMZ would be a good solution.  All ports would be open to the dlink, and then you already have the port forwards built in, and they work, so it would be like a 3-5 minute job at most. 

if you want to stick with the westell only and port forward through it, then you'll still want to keep those pc's with static lan addresses like you do today, and then go into the port forwarding.    I like the tool that I gave a link for earlier, it makes everything very simple, but if you want to do it manually, then the only real mistake that I see most people make is when they set up the port forwarding rule.  I see a lot of people trying to define the source port, and that is a no-no on the westell. 

So you should have for example 

Source port Any - > 1723

Source port Any - > 21

Source port Any - > 22

Source port Any - > 3283

Source port Any - > 5900

Source port Any - > 80

Source port Any - > 25

is that how you set them up?     or do you want to try the simpleportforwarding tool from that website?   


@martyd wrote:

I guess I'm not being very clear.

The Westell 9100EM IS the router.

It is hooked up to my desktop computer that I use as my home server.

My Home computer (desktop AND the router) both have static IP's

I use No-IP as a Dynamic Domain provider.

When I use mu old D-Link I can port forward to ports 1723, 21, 22, 3283, 5900, 80 and 25.

I really only need 1723 (PPTP), 21 (FTP and 5900 and 3283 (Apple Remote Desktop/VNC)

When I use www.canuseeme.org all of the ports are open

When I use the Westell, only 80, 21, 25 and about 3 others are open.

In the security log of the Westell is describes an NAT error, not able to retrieve or conflicting IP's, which is unusuall as I am not

using NAT/NAPT

Unfortunately, the link www.portforward.com does not list the 9100EM, I looked there last week

I guess I am frustrated because I have setup D-Link, Linksys, Cisco etc routers and never had this problem


Re: Ports are blocked on Westell 9100-EM
Anti-Phish1
Master - Level 1

martyd wrote:

I really only need 1723 (PPTP), 21 (FTP and 5900 and 3283 (Apple Remote Desktop/VNC)

When I use the Westell, only 80, 21, 25 and about 3 others are open. 


As requested by hubrisinxs, can you post a screenshot of your port forwards?


martyd wrote:

In the security log of the Westell is describes an NAT error, not able to retrieve or conflicting IP's, which is unusuall as I am not using NAT/NAPT


What is the exact message that is appearing in the log?

And yes, you are using NAT.  That is what translates your public IP address to your private IP address (192.168.1.x).

Re: Ports are blocked on Westell 9100-EM
viafax999
Community Leader
Community Leader

@martyd wrote:

I guess I'm not being very clear.

The Westell 9100EM IS the router.

It is hooked up to my desktop computer that I use as my home server.

My Home computer (desktop AND the router) both have static IP's

I use No-IP as a Dynamic Domain provider.

When I use mu old D-Link I can port forward to ports 1723, 21, 22, 3283, 5900, 80 and 25.

I really only need 1723 (PPTP), 21 (FTP and 5900 and 3283 (Apple Remote Desktop/VNC)


Attached below is what the port forward rule for vpn (1723) looks like.  The other ports you want will look the same except for the port number and you can ignore the udp setting in my vpn rule..

Just go into port forwarding and select new entry.  enter the ip address of the local host, your desktop presumably, add the protocol as user defined, select new server ports, select tcp, select destination port single 1723, give it a name, you're done.

repeat for other ports you want to open.

Re: Ports are blocked on Westell 9100-EM
martyd2
Enthusiast - Level 2

That is exactly how I have it configured, still no luck. As far as I can tell, the Westell router is blocking all but a few ports (tested via canyouseeme.org) and the D-Link does not block the ports. Interestingly enough, I tried to get Caller ID on my TV to work, first verizon said the D-Link router wouldn't work, as it is not configured for remote access, so I tried the Westell, still no caller ID (BTW It is enabled and supported in my area), and they now say it won't work because westell routers are not configured for remote access (not really sure what this has to do with Caller ID), but from what I can tell, Verizon tech support isn't very sharp on their hardware (they even asked if they supplied the D-Link and the Motorola NIM, which they did).

SO, still no luck on the port forwarding for VPN or remote access, but at least FTP works