Ask
Reply
Solution
05-01-2024 03:31 PM
I'm trying to get port mapping working on the THG3000 router, without success. Very basic setup, I want to forward a port in the 89XX range from the internet IP of the router to a device on the internal network, same port. Router accepts the configuration just fine, including pressing the "apply" button after adding the port, but trying to connect to it from the internet I get a connection timeout. If I delete the manual port mapping, but enable uPnP on the router and the device in question I also see the port mapping displayed on the port mapping page on the router, but still get the exact same timeout error. Connecting to the device and port from a laptop on my home network works absolutely fine. The firewall on the targetted device isn't enabled, but there is some protection in the software I'm targeting, but pretty sure that's set to allow the connections. Just in case I tried to connect to a different port of the same device, running different software that I'm certain has no protections enabled for source of incoming connections, with the same result.
I've tried pointing the mapping to a different device on my home network, with again the same result.
The machine on the internet I'm connecting from has no firewall on outbound connections and should be able to get to anywhere.
I've spoken to Vodafone support twice now. First time the support agent suggested to me that she was going to do something to the router to enable inbound connections, but that made no difference, then said that she was doing something on the Vodafone network side to allow this, but that would take up to 24 hours. 2 days later still no difference so I contacted support again. This one tried to convince me that Vodafone does not support port mapping, despite their documentation clearly covering this, and then suggested that I should use guest WiFi (no, I've no idea why either, I don't think he understood what port mapping is). He also seemed to suggest that I should get a 3rd party router if I wanted to use port mapping, but given his confusion level in general during the discussion I'm reluctant to spend time and money getting another router if the problem could be in the Vodafone network rather than the router, plus I don't see why the THG3000 can't do this itself.
I'm on the CityFibre network with Vodafone, not sure if that's relevant or not.
Does anyone have port mapping working successfully with the THG3000? If so can you let me know your firmware version, in case this is a bug in the version I have, 19.4.0551-3261126?
Thanks
05-01-2024 05:06 PM
I seem to have quite a bit of noise in the logs, but couldn't see anything mentioning the port number in question nor the IP address of the server on the internet that is trying to make the inbound connection. I can see some firewall logs for blocking inbound connections from the internet, which would imply the connections aren't getting as far as the router, and are being blocked on the Vodafone network. Not allowing inbound connections/port mapping seems to me to be blocking a pretty fundamental internet service, so I'm hoping I just need to find the right support agent to sort this, but knowing it is/isn't working for others would help, especially if others have had this issue in the past and got it fixed.
05-01-2024 08:00 PM
@steven-e If the blocking, indicated by the word "DROP", is showing in the router log then it is the router that's dropping the packets. The default rule is to DROP anything inbound that it cannot connect to a process running on a LAN device that requested the connection.
I'm not using the VF router, but firewalls normally discriminate between LAN and WAN traffic so it may be worth checking how the port redirection is defined.
08-01-2024 09:45 AM
I do see DROP log entries, but nothing mentioning the source IP address or destination port number in question, which is what is leading me to thinking the issue is on the Vodafone network, rather than something I'm doing with the router. Since I've tried both manual and uPnP configuration of the router, with the same result, and having verified with different software opening a different port on the target device on my network, and a completely different device, neither of which are running firewalls, I'm pretty confident the problem isn't on my side.
08-01-2024 10:45 AM - edited 08-01-2024 10:46 AM
With the rollout of IPv6 I think it's safe to assume, in a lot of cases, that vodafone are also starting to implement CG-NAT. What is your public IP (omitting the last octet)?
If you do have a public IP it may be worth totally disabling IPv6 as another test.
08-01-2024 10:50 AM
84.68.210.X, so it's not using the IANA assigned range for CG-NAT (100.64.0.0/10) if that is what's going on here.
08-01-2024 11:31 AM
@steven-e Did you try using a different port number at both ends, assuming that the software you are using has that capability?
08-01-2024 12:05 PM
Yes, I tried a few ports, 4444, 8920 and 9820, all appear blocked.
08-01-2024 01:03 PM
From https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
4444 Unofficial use by 4
8920 Unofficial use by 1
9820 Unused
Try a 5 digit port number in case VF have a floor on their firewall.