An Accepted Solution is available for this post.
Allowing port 53 through Actiontec MI424-WR REV C
ronzie1
Contributor - Level 2
‎04-15-2012 05:05 PM

I am beta testing an application that needs to receive data from an external system that is sending on port 53. I set up a rule in the Port Forwarding section of the Firewall Rules (it already had a setting for the service in the dropdown menu) but the Firewall is still blocking it.

If I look in the security log, it says "Apr 15 19:47:10 2012 Inbound Traffic Blocked - Default policy UDP [REMOTE SYSTEM'S IP ADDRESS]:53->[MY ROUTER'S EXTERNAL IP ADDRESS]:62872 on clink0" as well as additional entries showing it blocked the data from going to other ports locally.

If I put the local pc that is running the application in the DMZ, it works fine. I do not want to do this, however, because I don't want to expose the local pc to anything unnecessarily. Is it possible to get this to work without using the DMZ, or is this some kind of built-in rule that can't be changed?

The Verizon supplied router is an Actiontec MI424-WR REV C with firmware version 4.0.16.1.56.0.10.14.4. The general Firewall setting is "Typical Security(Medium)".

.

0 Likes
Reply
11 Replies
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
Hubrisnxs
Legend
‎04-15-2012 05:22 PM

Is your source port set to ANY? or did you define it?

How to Configure Advanced Port Forwarding on the MI424WR Verizon FiOS Router

The only port you should define in the rules should be the destination port, not the source port

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
ronzie1
Contributor - Level 2
‎04-15-2012 06:33 PM
@Hubrisnxs wrote:

Is your source port set to ANY? or did you define it?

How to Configure Advanced Port Forwarding on the MI424WR Verizon FiOS Router

The only port you should define in the rules should be the destination port, not the source port

I didn't define anything, I used the setting from the drop-down menu, as seen below.

image

The instructions at the link you provide don't seem to apply to my router, as there is no "Add" button on the Port Forwarding page like that shown in the video, as you can see in the picture below.

image

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
Hubrisnxs
Legend
‎04-15-2012 06:36 PM

unfortunately I can't see your pictures just yet.   Verizon sometimes takes a little time to upload images, so I might be able to see them later. 

In general though, when you look at your firewall rules page

Does it kinda look like this?

192.168.1.xx  tcp any -> 53  Active?

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
ronzie1
Contributor - Level 2
‎04-15-2012 07:02 PM
@Hubrisnxs wrote:

unfortunately I can't see your pictures just yet.   Verizon sometimes takes a little time to upload images, so I might be able to see them later. 

In general though, when you look at your firewall rules page

Does it kinda look like this?

192.168.1.xx  tcp any -> 53  Active?

No it looks like "192.168.1.5 DNS TCP 53 -> 53, TCP 1024-65535 -> 53, UDP 53 -> 53, UDP 1024-65535 -> 53 All Broadband Devices Active"

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
Hubrisnxs
Legend
‎04-16-2012 11:04 AM
@ronzie wrote:
@Hubrisnxs wrote:

unfortunately I can't see your pictures just yet.   Verizon sometimes takes a little time to upload images, so I might be able to see them later. 

In general though, when you look at your firewall rules page

Does it kinda look like this?

192.168.1.xx  tcp any -> 53  Active?

No it looks like "192.168.1.5 DNS TCP 53 -> 53, TCP 1024-65535 -> 53, UDP 53 -> 53, UDP 1024-65535 -> 53 All Broadband Devices Active"

That is the problem,  so change it so that it looks like

 "192.168.1.5 DNS TCP any -> 53, TCP UDP any -> 53, 

The actiontec does their port forwarding a little different, so the way you have it, I wouldn't expect it to work.   When you do the source port you had them defined, you want to try again and leave source port set to ANY

The documentation from actiontec points out "

The "Source Ports:" default setting of "ANY" should not be changed 
(The source port setting of ANY is absolutely required for all port forwarding)"

Here are the actiontec walk throughs (text) for the REV C router


0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
ronzie1
Contributor - Level 2
‎04-16-2012 07:05 PM
@Hubrisnxs wrote:
@ronzie wrote:
@Hubrisnxs wrote:

unfortunately I can't see your pictures just yet.   Verizon sometimes takes a little time to upload images, so I might be able to see them later. 

In general though, when you look at your firewall rules page

Does it kinda look like this?

192.168.1.xx  tcp any -> 53  Active?

No it looks like "192.168.1.5 DNS TCP 53 -> 53, TCP 1024-65535 -> 53, UDP 53 -> 53, UDP 1024-65535 -> 53 All Broadband Devices Active"

That is the problem,  so change it so that it looks like

 "192.168.1.5 DNS TCP any -> 53, TCP UDP any -> 53, 

The actiontec does their port forwarding a little different, so the way you have it, I wouldn't expect it to work.   When you do the source port you had them defined, you want to try again and leave source port set to ANY

The documentation from actiontec points out "

The "Source Ports:" default setting of "ANY" should not be changed 
(The source port setting of ANY is absolutely required for all port forwarding)"

Here are the actiontec walk throughs (text) for the REV C router


Either there's something about setting this up that I'm not understanding, or the router just won't let me do what I'm trying to do. I tried it like you said, but the application in question isn't working, and I'm still seeing the following error message in the security log for the router:

"Inbound Traffic Blocked - Default policy UDP xxx.xx.xxx.xxx:53->yyy.yy.yyy.yy:50950 on clink0"

I guess I'll either have to give up on using the application, or take a chance on putting that pc in the DMZ and hope that the windows firewall will keep it safe.

Thanks for your assistance.

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
Hubrisnxs
Legend
‎04-17-2012 11:45 AM

maybe you should delete all your PF entries, and try letting this tool do it for you.   It's free and pretty awesome, I use it for a lot of clients, there are TONS of routers out there, and this has a HUGE list of approved routers that it will do, including the Verizon FiOS one

http://www.simpleportforwarding.com/

Also don't forget that simply forwarding the ports, sometimes isn't enough.  Sometimes you have multiple routers involved, and most commonly you have windows firewall and or a third party firewall where you have to open the ports in "it" as well.

So keep that in mind.  Also that free software above, comes with support forums, and they have really talented PF technicians that love helping people.

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
ronzie1
Contributor - Level 2
‎04-17-2012 01:36 PM
@Hubrisnxs wrote:

maybe you should delete all your PF entries, and try letting this tool do it for you.   It's free and pretty awesome, I use it for a lot of clients, there are TONS of routers out there, and this has a HUGE list of approved routers that it will do, including the Verizon FiOS one

http://www.simpleportforwarding.com/

Also don't forget that simply forwarding the ports, sometimes isn't enough.  Sometimes you have multiple routers involved, and most commonly you have windows firewall and or a third party firewall where you have to open the ports in "it" as well.

So keep that in mind.  Also that free software above, comes with support forums, and they have really talented PF technicians that love helping people.

It has to be the router, because the application works if I put the pc it's running on in the DMZ.

I tried the port forwarding application, and it seems like it just did automatically what I did manually. The router firewall is still blocking the traffic on port 53.

I tried using the Advanced Filtering, and set a rule to allow port 53.  The application still can't communicate, the security log still shows the port being blocked, but when I went to grc.com and had it test for port 53, it said it was being accepted by my router. Very puzzling and frustrating.

Thanks again for your assistance.

0 Likes
Reply
An Accepted Solution is available for this post.
Re: Allowing port 53 through Actiontec MI424-WR REV C
Hubrisnxs
Legend
‎04-17-2012 07:53 PM
Well i'll leave you with these parting tips, they may help fix your problem. Also check back. Maybe there is something i am missing, and someone else will be able to point it out. http://www.pcwintech.com/common-problems-fixes-port-forwarding. Take a look for some common port forwarding problems and fixes.
0 Likes
Reply