How to check port forwarding is working

0
229
Port Scan Test

Problem / Outcome Summary

This guide applies to:

  • Any router or firewall you may have such as:
    • DLink, Asus, TP Link, Linksys, Synology, Apple, Belkin, Buffalo, Cisco, Netgear, TRENDNet, Zyxel (to name a few).

Why might I want to do this?

  • Typically, if you want to test port mapping, it’s because you’re trying to allow something on the internet, access to something on your internal network, beit at home or at work.  Sometimes things aren’t working properly and you just want to test if the port mapping is working.  Read on for more info.

Foreword

What do I get by using this testing method?

This testing method uses known internet based port detection methods that originate OUTSIDE your home or work network.  This is exactly what you need for most scenarios as typically it’s outside your network that you’re attempting to let in.

What kinds of port forwarding tests are there?

There are two main types of tests we can utilise here.  The first is like it sounds, it tests the ‘open’ or ‘closed’ state of a given network port and additionally if there is a response on the end of it.  The second is more of a catch all, which checks for any common port open on your IP address.  This is more typically used to check your security, but can also be used as a test here.

Security

Of course as with all things on the internet, security should be a concern.  Also depending on how concerned you are with that there are multiple levels of security you could worry about.

Of particular note with port forwarding is UPnP (Universal Plug ‘n’ Play).  This is provisioned to make things easy for people by automatically setting up the port forwarding rules in your router.  Of course the big danger with this is that there is no approval process and any software you download (or anyone else downloads) could potentially open up your internet connection in any way it decides.  Therefore, if you know what you’re doing, I personally recommend disabling UPnP on your router to prevent unauthorised access due to a virus or similar and setting up manually.  This way you can be sure of what ports you’ve opened and manage them accordingly.

In addition, please make sure you have a decent firewall.  This might be in your computers software if you have a modem connected directly to your computer, but these are the lowest grade of firewall.  Better is a separate piece of hardware that you connect with over Ethernet or Wifi, typically called a router, or may actually be a proper firewall also.

One of the advantage these dedicated hardware devices is that they protect your whole network rather than just a single computer.

Home routers have come a long way and are a lot better, but do not match the features and capabilities of a true firewall.  See our post on setting up IPFire for creating your own network based Firewall from scratch here.

Pre-Requisites

Software Dependencies

  • A recent web browser such as Firefox, Safari or Chrome

Hardware Dependencies

  • A computer or Router / Modem with firewall software installed and activated

Tools Required

  • None

Other Dependencies

  • An internet connection

High Level Summary Steps

The below lists the high level summary of steps we’re about to take to set up….

  • Open your desired port
  • Test the port forwarding from the Internet

Implementation

Open your desired port

This article doesn’t go in to how to enable port forwarding.  It is assumed you have already attempted to do this.

Test the port forwarding from the Internet

Test a single port – Web Method

First ensure you know your internet IP address.  Note this is not the same as your computers IP address.  We have detected your internet IP address to be: 198.148.15.20

If you think our detection of your IP address is wrong, try going here for a second opinion.

To test a single port, choose from one of the below sites.  Ensure you know the port number that you have opened and enter it into the relevant port number field.  Enter in your IP address if necessary.

Test a single port – Telnet method

Another method which is often not known about is using telnet.  To do this however, you need to run it outside of your network.  Also, be careful that where ever you run it, that network’s firewall hasn’t blocked the port you are trying to test.  If you have a laptop, an easy way to do this is to connect it to your phone’s WiFi hotspot.  Just be sure to disable any other network connections.

The simple telnet test notation is like this

telnet <IP ADDRESS> Port

So typically in windows or Linux you could type telnet 201.55.102.1 80

If the connection is refused, that typically means the port is blocked.  If the connection says ‘Trying’ for some time, that typically means the port is open, but nothing is connected behind it.  And finally, if you get ‘Connected to’ etc.  Then the port is open and the service is working behind it.  Press CTRL-C and or Enter a few times to get out.

Scan for any open ports

To scan for any open ports (typically restricted to ports within a common range), simply do the same as above, except go to these sites instead.  Remember your IP Address: 198.148.15.20

Other

In addition to online tools, you can also download specialised software and scan your network from an alternate location.  This can be done with a tool such as OpenVAS which also does full security checking.  However, for purposes of checking open ports, the above will be much simpler to serve the purpose.

Final Word

So that’s it, pretty simple in the end.  However it’s the simple questions that are asked the most, so I decided to write a quick howto on it.

If you have any questions or queries, please do not hesitate to hit me up in the comments below.

Marshalleq.