TELUS Neighbourhood

kongaloosh · ‎11-27-2022

I'm trying to port-forward for a valheim server. Ports 2456-2458

computer acting as server has a DHCP reservation
server is setup as DMZ
firewall is down
setup up with a dynamic dns

The interesting part:

ssh port-forwarding works at the IP address assigned and the dynamic dns domain (port forwarding for 22 works)
I can connect to the server on the local network by entering the local ip address (the server is up and accessible, if only locally)
when I try to connect to the ip address or ddns domain in-game, I can't connect
when I try to check if the port is open, common tools say that it's not open
UPNP is off

The configuration is the same between ssh and valheim, so I'm scratching my head as to why it's not redirecting appropriately. Any tips?

ITRS · ‎11-27-2022

Is this specific to Ports 2456-2458 not forwarding only?

If no...
What is your ping status externally to the server?
Can you do a traceroute?
Who is your dynamic dns provider?

kongaloosh · ‎11-27-2022

I can ping the server both directly and through the domain.

Traceroute is fine in 9 hops and reasonable time.

noip.com is the dynamic dns provider, but the issue persists when directly connecting via ip, so I don't think it's the issue.

The inability to connect seems to be specific to the ports because I can ssh (22) fine.

xray · ‎11-27-2022

Try a reboot of the router.

https://forum.telus.com/t5/Internet-Home-Phone/Cannot-Access-network-from-outside-unable-to-do-port-...

kongaloosh · ‎11-27-2022

I tried rebooting the router and unfortunately that didn't resolve the issue. One interesting thing: it briefly showed up in-game as an available server. This makes me think that maybe there's something in the router config that's borked. Can't figure out what that might be, as there's nothing outside of the changes I listed :S

xray · ‎11-27-2022

In the post I linked you to the solution was to reset to factory defaults and then reboot. It's possible the config is corrupted giving you the odd behavior.

kongaloosh · ‎11-28-2022

Factory reset and re-configured the hub. Same behavior: SSH on 22 is fine, 2456-2468 are inaccessible. It’s strange to me, because I wouldn’t expect 2456-2458 to be blocked.

xray · ‎11-28-2022

Are you specifying the port forward as a range or 3 separate entries? Perhaps the router only works for single port entries. That might explain why 22 works since it's a single port entry.

TheCanadianShield · ‎12-01-2022

Really interested as to how you completely disabled the firewall on the NH20A.

I’ve only ever been able to minimize it but never remove it and I’ve seen unverified reports that the TELUS connect app plays a role in completely disabling it as well.
I’m hitting the same challenges as you are and that PF works for ~3 minutes after resetting the device makes me point to something not allowing traffic through the device.

kongaloosh · ‎12-01-2022

I actually managed to solve this. In my case, I went through a trial-and-error process adding features in the WAN settings until I got the desired behaviour. In this case, it was all on my end. For people looking at this thread in the future:

I used netcat to open up a listening port on my computer, and then used an online port-checker to see if it could connect to my computer over UDP.

E.g.,

nc -l 2456

When I was relying on the docker container exposing the port, the port-checking tools would list the port as closed. When using netcat, suddenly the port-checkers would report 2456 as open. So, I could tell that the issue was with the docker container, not with my router :S

As for disabling the firewall:

You need to login to your admin panel for the modem: 192.164.1.254. From there, under the network tab you can see the settings for the firewall.

What are the specifics of the PF setup you're working on?

@TheCanadianShield wrote:
Really interested as to how you completely disabled the firewall on the NH20A.
I’ve only ever been able to minimize it but never remove it and I’ve seen unverified reports that the TELUS connect app plays a role in completely disabling it as well.
I’m hitting the same challenges as you are and that PF works for ~3 minutes after resetting the device makes me point to something not allowing traffic through the device.

@TheCanadianShield wrote:
Really interested as to how you completely disabled the firewall on the NH20A.
I’ve only ever been able to minimize it but never remove it and I’ve seen unverified reports that the TELUS connect app plays a role in completely disabling it as well.
I’m hitting the same challenges as you are and that PF works for ~3 minutes after resetting the device makes me point to something not allowing traffic through the device.

* I don't use the telus connect app. Instead I log

TheCanadianShield · ‎12-01-2022

I ask about the firewall because I don't see any option to actually disable it on the NH20A

I know it's something on the NH20A because the SECOND I bypass it (by either moving the SFP back into the T3200 I still have or doing port bridging) everything works without issue.
I'm PF'inbg a bunch of random TCP ports for various apps and again, no issues when using anything other than the NH20A

TheCanadianShield · ‎01-14-2023

So here's where I'm at. My Technicolor NAH (FXA5000) is working.
How? Not entirely sure, but I believe it was an IPv4 firewall issue and not port forwarding that was the culprit. The issue that I was having (and I'll reiterate that this was MY experience) was that the port forward rules were valid and the specific ports themselves WERE open. What I determined was that the IPv4 firewall rule set would never completely set itself to NAT-ONLY. I tried bypassing the NAH, using my T3200M, bridging every single port. Heck, I even borrowed a UDM pro and dropped the GPON SFP into it. All of these worked as expected. The only thing that didn't was running traffic through the NAH in gateway mode where the ports I had forwarded would test as open, however, the traffic wouldn't be visible on the internal network (thank you wireshark). This brought me to concluding there was a firewall/traffic filtering issue at work.

My solution? I was able (through friends and people I used to work with) to get in contact with the team that does consumer device testing and pled my case, complete with documentation, Visio diagrams and my hypothesis. I never received a definitive answer, but I left the NAH live for a couple of days, performed a factory reset on the device, and everything worked as expected. I've never received any follow-up comms explaining what changed, if anything, but it does seem to work now.

TELUS Neighbourhood

Fibre NH20A port forwarding issues: works for some ports, not for others