Need help with a port forwarding/firewall issue

Teggy · Post by **Teggy** » Tue Nov 30, 2004 2:42 pm

I have been having problems with my router since I moved on to RCN a couple of months ago. Basically, port forwarding was not working at all when it had been under Comcast.

Today, I finally got around to connecting my computer directly to my cable modem and I ran a couple of port scans on it. Both scans (Shields Up and Broadband Reports) told me that my computer was completely stealthed. I don't understand how this is possible - I don't run a third party firewall and Windows firewall is definitely off (I am running XP SP2). Is RCN really blocking that many ports? That doesn't seem possible to me, since I haven't heard anyone mention it. Anyone know what my problem might be?

Thanks...

Rip · Post by **Rip** » Tue Nov 30, 2004 3:04 pm

XP service pack 2 includes a firewall that is on by default. You can see this by looking at your network connection. It will have a little padlock next to it.

I would recomment that you still buy an external gateway/firewall.

Teggy · Post by **Teggy** » Tue Nov 30, 2004 3:59 pm

Rip wrote:XP service pack 2 includes a firewall that is on by default. You can see this by looking at your network connection. It will have a little padlock next to it.

I would recomment that you still buy an external gateway/firewall.

Right - I wrote above that I don't use Windows firewall and that I have a router which normally serves as my firewall. What I want to know is why my computer is showing up as fully stealthed even when it is directly connected to the cable modem.

Coskesh · Post by **Coskesh** » Tue Nov 30, 2004 4:25 pm

Depending on where you live (apartment complex/townhome complex?), are you getting a real IP address? Buddy of mine lives in an Apartment complex where they all use a community router and have fake IPs.

That is the only way I could see all your ports being blocked (ie nothing is forwarded to your internal IP).

Teggy · Post by **Teggy** » Tue Nov 30, 2004 5:29 pm

it's a standalone house. The ip definitely seems real. It's not a 192.168.xxx.xxx at least.

ChrisGwinn · Post by **ChrisGwinn** » Tue Nov 30, 2004 6:18 pm

There are private address ranges other than 192.blah.blah.blah.

Rip · Post by **Rip** » Tue Nov 30, 2004 6:48 pm

Teggy wrote:it's a standalone house. The ip definitely seems real. It's not a 192.168.xxx.xxx at least.

I see you posting from different IPs some in totally different networks. I'm assuming from work. Try to IM me when you are hooked up and I'll do a good scan of you.

Teggy · Post by **Teggy** » Tue Nov 30, 2004 7:11 pm

I'm not sure if you are referring to IP addresses only in this thread or also in other threads. I've only been posting from home (I'm out of work

) but made the switch off of the router earlier today.

I'm learning I think I have bigger problems - I tried starting the xp firewall to see if that was an issue and it refuses to start the ICS service. Several tries at fixing that didn't work. I'm thinking if I don't come up with a solution soon I may be doing a re-install of sp1.

Rip · Post by **Rip** » Tue Nov 30, 2004 8:20 pm

I was referring to all your posts. Some previous posts came from a University and from a different ISP. There is definately some port discrimination being done on the path to you. Hard to say if it is just certain ports or not without testing while you are verified to be up.

You can never go wrong with a reinstall. I still point to an external gateway/router being the way to go. I use a Cisco PIX myself but they are somewhat pricey.

Teggy · Post by **Teggy** » Tue Nov 30, 2004 9:37 pm

Well, I decided to uninstall SP2 and that seems to have cleared up the problem. Microsoft

Now, question is do I let it download sp2 again?

Rip · Post by **Rip** » Tue Nov 30, 2004 10:30 pm

It almost sound to me like maybe it was set up using the new Virtual adapter method MS seems to like. Where you have a connection called internet that is firewalled and another that it considers the inside network. I've never once had that networking wizard crap configure the network the way I wanted.

There are a lot of people that fall on opposite sides of the SP2 issue, like all other issues like this. None of the option apeal to me as much as Amiga or OS/2 of days gone by have. I use Linux for all my hosting and Internet services, but Windows pays the bills so who am I to complain

SirReal · Post by **SirReal** » Wed Dec 01, 2004 7:08 am

Please start a command line session and post the output of "ipconfig /all".
Start Menu -> Run -> "cmd.exe" -> "ipconfig /all"

Teggy · Post by **Teggy** » Wed Dec 01, 2004 9:19 am

Thanks, but like I said, once I removed SP2 it started working correctly again.

Teggy · Post by **Teggy** » Sat Dec 04, 2004 12:04 pm

Oh, just to update, after some more searching and posting I was able to solve this problem. Not only did I have to make sure that the firewall was off and the service was not running, I actually had to disable the service completely. I'm not sure why other people haven't had this same problem, since there's plenty of people out there who use routers and WinXP and need to forward ports. Perhaps there is an issue with the Dell bios or something related.

Rip · Post by **Rip** » Sat Dec 04, 2004 3:36 pm

Teggy wrote:Oh, just to update, after some more searching and posting I was able to solve this problem. Not only did I have to make sure that the firewall was off and the service was not running, I actually had to disable the service completely. I'm not sure why other people haven't had this same problem, since there's plenty of people out there who use routers and WinXP and need to forward ports. Perhaps there is an issue with the Dell bios or something related.

Did you mention if it was Home or Pro? Do you have only 1 network adapter? No dial-up adapter or anything?

I sounds like an interesting problem. I love getting my hands on such things. I would doubt very much if it has anything to do with BIOS. Either the XP network configuration or other software would be my guess. You might run belarc or something like that on it and post or link to it.

Teggy · Post by **Teggy** » Sat Dec 04, 2004 4:25 pm

Yes, there is a dialup adapter in addition to the ethernet adapter. It's XP Pro.

I don't know what part of the belarc output you'd be interested in. It's a lot of stuff and some things obviously would not be best posted to a bulletin board (CD keys, etc.)

Rip · Post by **Rip** » Sat Dec 04, 2004 5:04 pm

Teggy wrote:Yes, there is a dialup adapter in addition to the ethernet adapter. It's XP Pro.

I don't know what part of the belarc output you'd be interested in. It's a lot of stuff and some things obviously would not be best posted to a bulletin board (CD keys, etc.)

Yea, I was looking for installed software, hardware, and config info.

As soon as you have more than one network adapter the issue of what services are running on which adapter become an issue. That is why I asked.

I did a little research and I believe there is an issue with the fact that ports are filtered on all interfaces even when the firewall is off on some of them if the service is running. The way ports are handled became a lot different with SP2 such that even ports that have services running are not actuall "OPEN" they are filtered and passed to the app. This has broken some network apps that don't access the network stack a certain way.

Basically what is happening is when you are scanning the scan is not using a proper protocol for an app on that port (most scanners don't intentionally to fingerprint or avoid detection) so it appears closed or in actuallity filtered. Something like nmap would have probably detected the ports using the right settings.

There is a little good info here http://techrepublic.com.com/5100-6264_11-5222856-2.html although I'm not sure if you need to be a tech republic member to see it.

This is a good MS document on working with the stateful inspection firewall in SP2 http://support.microsoft.com/default.aspx?kbid=875357