PDA

Bekijk de volledige versie : Cant use remote on port 3389



guch79
16-03-2005, 09:45
I want to use remote on port 3389 on a xp machine.

In my log it says:
Mar 16 09:43:38 filter: TCP connection accepted to 192.168.1.2:3389 from 194.239.xx.x:3039

And in my Port forwarding log it says:
Destination Proto. Port Range Redirect to
62.61.xxx.xx UDP 3389 192.168.1.2
62.61.xxx.xx TCP 3389 192.168.1.2

I have openede port 3389 in my norman software firewall, and i cant find eny hits on that log.
And i have all the settings right in remote manegement on the machine.

But when i try to connect i get a connection time out.

I use firmware 1.9.2.7 the latest from the asus server.

Can enybody please tell me what is wrong here, i had a d-link di-624+ before and it workede there.

-Guch79

barsju
16-03-2005, 11:25
It might help if you post your iptables here.

Post the results from these lines:

iptables -L FORWARD
and

iptables -t nat -L

S.

guch79
16-03-2005, 11:35
And where do i find that ??

barsju
16-03-2005, 11:41
You could either telnet to your router and run those commands in the command window, or if that sounds to cryptic you can use your browser and go to the Hidden admin page (http://wl500g.info/showthread.php?t=1200&highlight=hidden+admin)
(Main_AdmStatus_Content.asp).

Run the commands and post results.

S.

guch79
16-03-2005, 11:54
Found the page... but i only see a refresh button.
Im at work now and looking at the page on: http://62.61.xxx.xx/Main_AdmStatus_Content.asp#

Do i have to be on 192.168.1.1???

There should be a run/start button??? or how do i run the command.

sorry for all the stupid questions.

hugo
16-03-2005, 11:59
type the requested command in the first line of this page, and click refresh (NOT ENTER)

You should get the result.

guch79
16-03-2005, 12:03
It just turns up blank..

I dont get eny info from it... really wired.

barsju
16-03-2005, 12:23
Ok. Then try telnet!

Start->Run...
Type "telnet 192.168.1.1" and click run

Username: admin
Password: same as for web access

Run the commands.

S.

guch79
16-03-2005, 12:31
Can i do that remote?? Im at work right now.

Maybe i should do i later when i come home.

barsju
16-03-2005, 12:36
Well you shouldn't do that from work no, and you hopefully won't be able to.

S.

PS: I noticed "192.168.1.2:3389 from 194.239.xx.x:3039"
Are you forwarding from 3389 to 3039 or is it a typo?

PPS: If you want to do that from work, you should search the forum on how to set up SSH.

guch79
16-03-2005, 12:47
I have noticede that to.

I remote from work and home, and each time i remote, i comes from a diffrent port, but ends at internal port 3389.
so it should be fine.

IŽll try telnet or the hidden admin page later today.

Hope i can get ur help later.

Thanx so far

hugo
16-03-2005, 14:14
Hope i can get ur help later.

Thanx so far

No, we just listen to your first 3 messages, then we shut down the service :p

guch79
16-03-2005, 15:44
When i type: telnet 192.168.1.1 it opens a dos prompt and says connecting to 192.168.1.1......
And then closes...

When i type the code in the hidden admin page, and press refresh, it still comes back blank.

eny idea what to do??

hugo
16-03-2005, 16:58
what do you type in the web browser to get to admin page? the part after the "http://" and the following "/" should be used to access using telnet:
ie type: telnet "whatever is inbetween the /"

guch79
16-03-2005, 17:42
To get to the admin page i type: http://192.168.1.1/Main_AdmStatus_Content.asp#

When i try to accese telnet i press run. type "telnet 192.168.1.1" and then press go.

Do i need to use a modded firmware like the one from OLEG, to telnet the router??
Or am i just not getting it??

hugo
16-03-2005, 17:47
yes, sorry, you need a custom firmware. Please post a screenshot of your NAT - virtual server page on the web admin

guch79
16-03-2005, 18:01
Hmm u mean this?? " see attachement"

Can i go from fw 1.9.2.7 to 1.9.2.7-3 without a router reset??

guch79
16-03-2005, 19:09
Ok i got the hidden admin page to work, here is what i got:

iptables -L FORWARD:

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:3389
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:3389
ACCEPT udp -- anywhere anywhere udp dpt:6112

iptables -t nat -L:

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 62.61.xxx.xx.generic-hostname.arrownet.dktcp dpt:3389 to:192.168.1.2:3389
DNAT udp -- anywhere 62.61.xxx.xx.generic-hostname.arrownet.dkudp dpt:3389 to:192.168.1.2:3389
NETMAP udp -- anywhere 62.61.xxx.xx.generic-hostname.arrownet.dkudp spt:6112 192.168.1.0/24
autofw tcp -- anywhere anywhere tcp dpt:3389 autofw tcp dpt:3389 to:3389
autofw udp -- anywhere anywhere udp dpt:3389 autofw udp dpt:3389 to:3389

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
NETMAP udp -- 192.168.1.0/24 anywhere udp dpt:6112 62.61.xxx.xx/32
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- 192.168.1.0/24 192.168.1.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

hugo
16-03-2005, 19:12
remove all port trigger setting from web admin. This is not needed and probably blocking the rest.

If it doesn't work, it might be a MSS problem. I'll post a command if after removal of port trigger it still doesn't work

guch79
16-03-2005, 19:15
So only use virtual server??

hugo
16-03-2005, 19:15
be sure to first try to remove port trigger.

If and ONLY if it doesn't work (and you are sure the remote control is activated, and no firewall is blocking on your PC) you can try the following command from the admin page:


iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400

It will be removed after a reboot, but should help you to diagnose if the problem lie there.

guch79
16-03-2005, 19:23
IŽll give a go tommorw from work... IŽll let u now it works.

Thanx

guch79
16-03-2005, 19:29
Just a last thing, this is from my log.
It looks strange, is there enything to worrie about??

Jan 1 01:00:03 syslogd started: BusyBox v1.00 (2005.03.03-17:55+0000)
Jan 1 01:00:03 dnsmasq[52]: started, version 2.17 cachesize 150
Jan 1 01:00:03 dnsmasq[52]: DHCP, IP range 192.168.1.2 -- 192.168.1.254, lease time 24h
Jan 1 01:00:03 dnsmasq[52]: DHCP, /tmp/dnsmasq.log will be written every 28800s
Jan 1 01:00:03 dnsmasq[52]: read /etc/hosts - 4 addresses
Jan 1 01:00:03 dnsmasq[52]: read /etc/ethers - 1 addresses
Jan 1 01:00:03 dnsmasq[52]: reading /tmp/resolv.conf
Jan 1 01:00:03 kernel: Loading BCM4710 MMU routines.
Jan 1 01:00:03 kernel: Primary instruction cache 8kb, linesize 16 bytes (2 ways)
Jan 1 01:00:03 kernel: Primary data cache 4kb, linesize 16 bytes (2 ways)
Jan 1 01:00:03 kernel: Linux version 2.4.20 (root@omnibook) (gcc version 3.2.3 with Broadcom modifications) #62 Mon Mar 14 21:39:22 MSK 2005
Jan 1 01:00:03 kernel: Setting the PFC value as 0x15
Jan 1 01:00:03 kernel: Determined physical RAM map:
Jan 1 01:00:03 kernel: memory: 01000000 @ 00000000 (usable)
Jan 1 01:00:03 kernel: On node 0 totalpages: 4096
Jan 1 01:00:03 kernel: zone(0): 4096 pages.
Jan 1 01:00:03 kernel: zone(1): 0 pages.
Jan 1 01:00:03 kernel: zone(2): 0 pages.
Jan 1 01:00:03 kernel: Kernel command line: root=/dev/mtdblock2 noinitrd init=/linuxrc console=ttyS0,115200
Jan 1 01:00:03 kernel: CPU: BCM4710 rev 0 at 125 MHz
Jan 1 01:00:03 kernel: !unable to setup serial console!
Jan 1 01:00:03 kernel: Calibrating delay loop... 82.94 BogoMIPS
Jan 1 01:00:03 kernel: Memory: 13920k/16384k available (1755k kernel code, 2464k reserved, 220k data, 68k init, 0k highmem)
Jan 1 01:00:03 kernel: Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Jan 1 01:00:03 kernel: Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Jan 1 01:00:03 kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Jan 1 01:00:03 kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 01:00:03 kernel: Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan 1 01:00:03 kernel: Checking for 'wait' instruction... unavailable.
Jan 1 01:00:03 kernel: POSIX conformance testing by UNIFIX
Jan 1 01:00:03 kernel: PCI: Fixing up bus 0
Jan 1 01:00:03 kernel: PCI: Fixing up bridge
Jan 1 01:00:03 kernel: PCI: Fixing up bus 1
Jan 1 01:00:03 kernel: Linux NET4.0 for Linux 2.4
Jan 1 01:00:03 kernel: Based upon Swansea University Computer Society NET3.039
Jan 1 01:00:03 kernel: Initializing RT netlink socket
Jan 1 01:00:03 kernel: Starting kswapd
Jan 1 01:00:03 kernel: Journalled Block Device driver loaded
Jan 1 01:00:03 kernel: devfs: v1.12c (20020818) Richard Gooch (rgooch@atnf.csiro.au)
Jan 1 01:00:03 kernel: devfs: boot_options: 0x1
Jan 1 01:00:03 kernel: NTFS driver v1.1.22 [Flags: R/O]
Jan 1 01:00:03 kernel: pty: 256 Unix98 ptys configured
Jan 1 01:00:03 kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Jan 1 01:00:03 kernel: loop: loaded (max 8 devices)
Jan 1 01:00:03 kernel: PPP generic driver version 2.4.2
Jan 1 01:00:03 kernel: PPP Deflate Compression module registered
Jan 1 01:00:03 kernel: PPP BSD Compression module registered
Jan 1 01:00:03 kernel: MPPE/MPPC encryption/compression module registered
Jan 1 01:00:03 kernel: Amd/Fujitsu Extended Query Table v1.1 at 0x0040
Jan 1 01:00:03 kernel: Physically mapped flash: Swapping erase regions for broken CFI table.
Jan 1 01:00:03 kernel: number of CFI chips: 1
Jan 1 01:00:03 kernel: Flash device: 0x400000 at 0x1fc00000
Jan 1 01:00:03 kernel: Physically mapped flash: squashfs filesystem found at block 936
Jan 1 01:00:03 kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan 1 01:00:03 kernel: 0x00000000-0x00040000 : "pmon"
Jan 1 01:00:03 kernel: 0x00040000-0x003e0000 : "linux"
Jan 1 01:00:03 kernel: 0x000ea190-0x003e0000 : "rootfs"
Jan 1 01:00:03 kernel: 0x003f0000-0x00400000 : "nvram"
Jan 1 01:00:03 kernel: 0x003e0000-0x003f0000 : "config"
Jan 1 01:00:03 kernel: sflash: chipcommon not found
Jan 1 01:00:03 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan 1 01:00:03 kernel: IP Protocols: ICMP, UDP, TCP
Jan 1 01:00:03 kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan 1 01:00:03 kernel: TCP: Hash tables configured (established 1024 bind 2048)
Jan 1 01:00:03 kernel: ip_conntrack version 2.1 (128 buckets, 1024 max) - 344 bytes per conntrack
Jan 1 01:00:03 kernel: ip_conntrack_pptp version 1.9 loaded
Jan 1 01:00:03 kernel: ip_nat_pptp version 1.5 loaded
Jan 1 01:00:03 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan 1 01:00:03 kernel: ipt_time loading
Jan 1 01:00:03 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan 1 01:00:03 kernel: IPv6 v0.8 for NET4.0
Jan 1 01:00:03 kernel: IPv6 over IPv4 tunneling driver
Jan 1 01:00:03 kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan 1 01:00:03 kernel: 802.1Q VLAN Support v1.7 Ben Greear <greearb@candelatech.com>
Jan 1 01:00:03 kernel: All bugs added by David S. Miller <davem@redhat.com>
Jan 1 01:00:03 kernel: FAT: bogus logical sector size 21760
Jan 1 01:00:03 kernel: FAT: bogus logical sector size 21760
Jan 1 01:00:03 kernel: NTFS: Unable to set blocksize 512.
Jan 1 01:00:03 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 01:00:03 kernel: Mounted devfs on /dev
Jan 1 01:00:03 kernel: Freeing unused kernel memory: 68k freed
Jan 1 01:00:03 kernel: Warning: unable to open an initial console.
Jan 1 01:00:03 kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan 1 01:00:03 kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:03 kernel: eth1: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:03 kernel: PCI: Enabling device 01:02.0 (0004 -> 0006)
Jan 1 01:00:03 kernel: eth2: Broadcom BCM4320 802.11 Wireless Controller 3.90.7.0
Jan 1 01:00:03 kernel: device eth0 entered promiscuous mode
Jan 1 01:00:03 kernel: device eth2 entered promiscuous mode
Jan 1 01:00:03 kernel: br0: port 2(eth2) entering listening state
Jan 1 01:00:03 kernel: br0: port 1(eth0) entering listening state
Jan 1 01:00:03 kernel: br0: port 2(eth2) entering learning state
Jan 1 01:00:03 kernel: br0: port 1(eth0) entering learning state
Jan 1 01:00:03 kernel: br0: port 2(eth2) entering forwarding state
Jan 1 01:00:03 kernel: g
Jan 1 01:00:03 kernel: br0: port 1(eth0) entering forwarding state
Jan 1 01:00:03 kernel: br0: topology change detected, propagating
Jan 1 01:00:04 kernel: usb.c: registered new driver usbdevfs
Jan 1 01:00:04 kernel: usb.c: registered new driver hub
Jan 1 01:00:04 kernel: usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2
Jan 1 01:00:04 kernel: usb-ohci.c: usb-00:04.0, PCI device 14e4:4715
Jan 1 01:00:04 kernel: usb.c: new USB bus registered, assigned bus number 1
Jan 1 01:00:04 kernel: hub.c: USB hub found
Jan 1 01:00:04 kernel: hub.c: 2 ports detected
Jan 1 01:00:05 kernel: lp0: using parport0 (polling).
Jan 1 01:00:05 kernel: usb.c: registered new driver usblp
Jan 1 01:00:05 kernel: printer.c: v0.13: USB Printer Device Class driver
Jan 1 01:00:06 dnsmasq[52]: DHCPDISCOVER(br0) 00:80:c8:2f:47:59
Jan 1 01:00:06 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.2 00:80:c8:2f:47:59
Jan 1 01:00:07 kernel: usb.c: registered new driver audio
Jan 1 01:00:07 kernel: audio.c: v1.0.0:USB Audio Class driver
Jan 1 01:00:07 kernel: Linux video capture interface: v1.00
Jan 1 01:00:08 kernel: SCSI subsystem driver Revision: 1.00
Jan 1 01:00:08 kernel: Initializing USB Mass Storage driver...
Jan 1 01:00:08 kernel: usb.c: registered new driver usb-storage
Jan 1 01:00:08 kernel: USB Mass Storage support registered.
Jan 1 01:00:08 udhcpc[81]: udhcpc (v0.9.9-pre) started
Jan 1 01:00:09 kernel: lp driver: get device ID
Jan 1 01:00:09 kernel: neg fail
Jan 1 01:00:09 dnsmasq[52]: read /etc/hosts - 4 addresses
Jan 1 01:00:09 dnsmasq[52]: read /etc/ethers - 1 addresses
Jan 1 01:00:09 dnsmasq[52]: reading /tmp/resolv.conf
Jan 1 01:00:09 dhcp client: deconfig: lease is lost
Jan 1 01:00:11 udhcpc[81]: Lease of 62.61.xxx.xx obtained, lease time 604800
Jan 1 01:00:12 dnsmasq[52]: read /etc/hosts - 4 addresses
Jan 1 01:00:12 dnsmasq[52]: read /etc/ethers - 1 addresses
Jan 1 01:00:12 dnsmasq[52]: reading /tmp/resolv.conf
Jan 1 01:00:12 dnsmasq[52]: using nameserver 62.61.xxx.x#53
Jan 1 01:00:12 dnsmasq[52]: using nameserver 62.61.xxx.x#53
Jan 1 01:00:12 kernel: lp driver: get device ID
Jan 1 01:00:13 kernel: neg fail
Jan 1 01:00:13 kernel: neg fail
Jan 1 01:00:13 dhcp client: bound IP : 62.61.xxx.xx from 62.61.141.254
Jan 1 01:00:14 dnsmasq[52]: DHCPDISCOVER(br0) 00:80:c8:2f:47:59
Jan 1 01:00:14 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.2 00:80:c8:2f:47:59
Mar 16 20:30:47 ntp client: Synchronizing time with time.nist.gov ...
Mar 16 20:30:48 dnsmasq[52]: DHCPDISCOVER(br0) 00:80:c8:2f:47:59
Mar 16 20:30:48 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.2 00:80:c8:2f:47:59
Mar 16 20:30:48 dnsmasq[52]: DHCPREQUEST(br0) 192.168.1.2 00:80:c8:2f:47:59
Mar 16 20:30:48 dnsmasq[52]: DHCPACK(br0) 192.168.1.2 00:80:c8:2f:47:59 xxxxxxxx

hugo
16-03-2005, 19:50
nothing wrong with your log.

guch79
17-03-2005, 09:06
still isenŽt working... i have triede using the code to.
But i still get at connection time out.

guch79
17-03-2005, 20:02
Yes.... i got i to work.

A big thanx to u guys... i even got my torrent client to green.

U are the greatest :D

hugo
21-03-2005, 17:42
what did you do to make it work?