Router configuration

From VuzeWiki

Additional information

• NAT problem
• http://www.portforward.com/ (http://www.portforward.com/routers.htm)

Contents 1 Lynksys BEFDSR41W ADSL Gateway Modem/Router 2 D-Link 302G ADSL Modem 3 3-Com Office Connect Wireless 11g Cable/DSL Gateway 4 Ebuyer value 4 port router/ADSL modem based on Alcatel version 3881 Version 2.7d. SOLD IN UK 5 Blitzz BWA611 NetWave Base G4 6 Juniper Networks Netscreen 5GT 7 Cisco IOS 8 Siemens ADSL C-010-I 9 Microsoft's ISA Server 2004

[edit] Lynksys BEFDSR41W ADSL Gateway Modem/Router

This router has a web based configuration utility which you access by using your web browser. So...

1. Open your web browser
2. Enter the address http://192.168.1.1/ into your web browser's address field at the top. THIS IS THE IP ADDRESS OF YOUR ROUTER. An Enter Network Password window (or similar) will appear.
3. Enter the Username and Password: On this router, the default username AND password are both admin, all in lowercase letters. The Router's configuration screen will appear. There will be tabs all across the top of the screen. At the far right will be a tab labelled "Advanced".
4. Click on the Advanced tab: More tabs will appear. First on the left is marked "Filters". Second from the left is a tab marked "Forwarding".
5. Click on the Filters tab: Look at the bottom left side of the screen. Where it says "Block WAN Request" make sure that the "Disable" circle is clicked. If it is already, move on to the next step. If it is not, click it, then click Apply at the bottom of the screen. Then click Continue.
6. Click on the Forwarding tab: A screen will come up labelled Port Range Forwarding. This Is Where Your NAT Problems Will Be Solved.
7. Enter BitTorrent or similar into the Customised Application field: It will not accept all of the letters in BitTorrent, but This Does Not Matter. It is only a name for your reference so that you know what this rule is for.
8. Enter 6881 "To" 6999 in the Ext. Port fields: Please also see PortIsBlacklisted for more important information before continuing. Now, do you have the IP address of your computer? This is where you will need it.
9. Enter the digits after the last "." of your computer's IP address: Make sure that the Protocol TCP is ticked, and that the Enable box is ticked, if present:
10. Click Apply.

THAT'S IT, YOU'RE DONE!

Tip: If you ever need to enter a single port for a service sometime in the future, you may do that here in the same way, but instead of inputting a port range, you may input the single port number in both port fields. And remember to repeat the instruction in your firewall as well.

[edit] D-Link 302G ADSL Modem

1. Simply go into the modem configuration page found at http://10.1.1.1
2. Click on the WAN folder on the left hand side and then find the NAT page
3. Click on the ADD button to add a new rule
4. Leave the rule flavour as is
5. Put the next chronological number in the Rule ID (number 2 if this is the first rule you have added)
6. Leave IF Name and Protocol as is
7. In the "local address from" type the address 10.1.1.3'
8. In the "local address to" type in the address 10.1.1.34 (This is because the modem auto assigns computers on the network a number within this range and its best to cover all bases I have found ;) )
9. In the "global address from" put your local ip address
10. If you have a static IP address you put the same number in both the global address entries
11. If, like me, you have a changing IP then work out what your ISP assigns you. You can do this using the "Auto-discover external IP address..." wizard, which can be found in View>Configuration>Tracker.
12. Your ISP will usually assign you a address within a certain range, and then you can put the lowest in the "from" box and the highest in the "to" box
13. Once you have done that in the from box Put the port number you wish to start with (6881) and in the to entry the ending number (6999) Please also see PortIsBlacklisted for more important information about this now.
14. Leave local port, click the SUBMIT button

This is all you have to do

Note: Be careful though if you unplug you modem or reset it you will have to re enter the rule.

[edit] 3-Com Office Connect Wireless 11g Cable/DSL Gateway

(and very likely other 3-Com Office Connect models)

1. First point your browser over to the router's configuration page which you'll find at http://192.168.1.1
2. Log in using your password. Unless you have changed the password before, it should be "admin".
3. Click on "Lan Settings" and then the "DHCP Clients List" tab on the right side.
4. Here you find your computer's name and check the "Fix" checkbox at the right side. Also take note of the IP your computer has under "IP address". This is to ensure that your PC will obtain the same IP every time you request an IP from the router.
5. Click on Firewall on the left menu.
6. Click on "New" on the right side then fill in the IP you noted down as your computer's IP above, into the "Server Address" field.
7. Then under "Local Service" select the "Custom" option. Enter whatever you prefer as name under "Custom Service Name".
8. Then you enter the ports you want to use under "Specify Custom Service Ports". Please check PortIsBlacklisted for help on which ports that should be used.
9. Finally press the "Add" button to add the port routing into the router's configuration. The change will be put into effect immediately.
10. Now you're all set and you may log out.

-Gorxon

• HAVE FUN!

[edit] Ebuyer value 4 port router/ADSL modem based on Alcatel version 3881 Version 2.7d. SOLD IN UK

• This isn't the current Ebuyer value 4 port router/adsl modem*, but I'm sure this sold a lot when it was around. The name in the top right is "Technical Service Division" and the general asthetic is a lot to be desired though they do use a natty art-deco style typeface, and a knight-rider-esque status display. in case you're wondering why all the useless info.. well these modems are cheap and cheerful, seem to change their brand name every 90 minutes

You need to know your computer's ip address! To find out in windows, choose START>RUN>Cmd then type ipconfig.

1. Type 192.168.8.1 into your web browser
2. choose the Basic tab from the horizontal nav bar under the chicago typeface
3. on the frame on the right scroll down and click Forward
4. choose Port forwarding

You can now see a list of all ports that are currently being forwarded. To add a new port range do this:

1. set the drop down list in the column protocol to TCP
2. in service name type a name like bittorrent, whatever you want as it's only a label
3. in the first box under port number type 6881 in the second type 6889
4. in the last box type the digits after the last . (full stop) of your computer's ip address
5. choose Add
6. choose Finish (below the add button)

You shouldn't have to restart your router. good luck. stolen deci's tip -

Tip: If you ever need to enter a single port for a service sometime in the future, you may do that here in the same way, but instead of inputting a port range, you may input the single port number in both port fields. And remember to repeat the instruction in your firewall as well.

[edit] Blitzz BWA611 NetWave Base G4

Step 1: To setup port forwarding on this router your computer needs to have a static ip address. Take a look at our Static IP Address guide to setup a static ip address.

Step 2: Open a web browser like internet explorer or netscape.

Enter the ip address of your router in the address bar of your browser. By default the ip address should be set to 192.168.1.254.

Step 3: You should see a box prompting you for your username and password. Enter username and password now. By default both the username and password are blank. So just leave them empty if you haven't set them. Click the Ok button.

Step 4: In the menu on the left hand side of your screen, click the Advanced link. This should drop down a submenu. In this new submenu click the Virtual Servers link.

Step 5: Put a dot into the By Name radio button. Let's take a quick look in the Application (Port) drop down box. Do you see the appliction already listed? If you do select it and then click the Add button at the bottom of this grouping.

Step 6: If you seen the application you wanted to setup, then you are done. Otherwise, put a dot into the By Port radio button. Select the port type using the Port Type radio buttons. If you need both of them, create two configurations. One configuration would be for TCP, while the other would be for UDP. Select single or range depending upon the number of ports you want to forward. Enter the ports to forward into the Port Number boxes. The lowest number should go into the box on the left. The highest number should go into the box on the right. If you are only forwarding one port, enter that port number into both of those boxes. If you are unsure of the port range/ranges check the Ports list page or the software manufacture's homepage. Enter the ip address to forward these ports to into the Local Server IP Address boxes. This should be the ip address of the computer that will be running the software you are forwarding ports for. Go ahead and click the Add to save your changes.

And thats it! You're done!

[edit] Juniper Networks Netscreen 5GT

(sorry about the formatting... I am used to TWiki, if anyone can clean that up a little, I welcome the help :)

%T% These steps will try to walk you through using the admin gui (http).. The same steps are possible using the SSH interface, but if you are in there, you should know what you are doing already :)

1. http://192.168.0.1/ <-- Login to the admin GUI, if you dont know your admin password, you are going to need a lot more help than I can offer :)
2. Click on Objects -> Services -> Custom (in the blue bar on the left)
3. Define a Service for "torrent"

• • Click the "New" button on the top right
  • Service Name: torrent
  • Service Timeout: Use Protocol Default
  • In the table:
    • • Transport Protocol: TCP, Destination Port: Low: 56881 / High: 56881
      • Transport Protocol: UDP, Destination Port: Low: 56881 / High: 56881
      • Press OK
      • _Tip: I realize UDP isnt used yet, but trust me, just configure it now and save yourself trouble later.

1. Define a service for "tracker" (if desired)

• • Click the "New" button on the top right
  • Service Name: tracker*
  • Service Timeout: Use Protocol Default
  • In the table:
    • • 1: Transport Protocol: TCP, Destination Port: Low: 56969 / High: 56969
      • Press OK

1. Define a service for "tracker-ssl" (if desired)

• • Click the "New" button on the top right
  • Service Name: tracker-ssl
  • Service Timeout: Use Protocol Default
  • In the table:
    • • 1: Transport Protocol: TCP, Destination Port: Low: 57000 / High: 57000
      • Press OK

1. Click on Groups under Objects -> Services in the blue bar at the left.
2. Define a new Service Group for all Bit Torrent services just defined (this will make the policy easier later)

• • Click New in the top right
  • Group Name: Bit Torrent
  • Comment: whatever
  • Select the services you have recently created (torrent, tracker, tracker-ssl) and use the "<<<" to move them into the group.
  • Click OK

1. Click on Network -> Interfaces (blue bar on the left)
2. Click "Edit" on the interface that is your "outside" interface... mine is Ethernet3
3. Click "VIP" in the links at the top
4. Define VIP Service for "torrent"

• • Click "New VIP Service" in the top right
  • Virtual IP: (your external IP)
  • Virtual Port: 56881
  • Map to Service: torrent (56881)
  • Map to IP: (your desktop IP) .. mine is 192.168.0.51
  • Server Auto Detection (some people say to uncheck this.. I dont seem to have problems either way)
  • Click OK

1. Define VIP Service for "tracker"

• • Click "New VIP Service" in the top right
  • Virtual IP: (your external IP)
  • Virtual Port: 56969
  • Map to Service: tracker (56969)
  • Map to IP: (your desktop IP) .. mine is 192.168.0.51
  • Server Auto Detection (some people say to uncheck this.. I dont seem to have problems either way)
  • Click OK

1. Define VIP Service for "tracker-ssl"

• • Click "New VIP Service" in the top right
  • Virtual IP: (your external IP)
  • Virtual Port: 57000
  • Map to Service: tracker-ssl (57000)
  • Map to IP: (your desktop IP) .. mine is 192.168.0.51
  • Server Auto Detection (some people say to uncheck this.. I dont seem to have problems either way)
  • Click OK

1. Define a Policy to allow the BitTorrent Services in...

• • Click Wizzards -> Policy
  • From Source Zone: UNTRUST
  • To Destination Zone: home
  • NEXT
  • Leave Source Address at ANY
  • Destination Address: VIP::1
  • NEXT
  • Service: BitTorrent (the group we made earlier)
  • Action: Permit
  • NEXT
  • DO NOT SELECT ANYTHING IN THE NAT PAGE
  • NEXT
  • Suggest not selecting anything in this page either
  • NEXT
  • Authentication: NONE
  • NEXT
  • Schedule: NONE
  • NEXT
  • Review the policy rule...
  • Click NEXT
  • Click FINISH

• • • YOU ARE DONE!

(uh don't forget to unblock the ports on any host based firewalls as well)

[edit] Cisco IOS

In IOS, port forwarding is called 'static NAT mapping'. To generate this mapping, the following syntax will do:

router#configure terminal
router(config)#ip nat inside source static tcp <inside IP address> 6881 interface <outside interface> 6881

Modulo firewall access-lists, that ought to do it, though some explanations are in order:

<inside IP address> is the IP address your computer (on which you are running your bittorrent client (azureus) is running.

<outside interface> refers to the interface connected to the ISP (this could be the DSL interface or whatever; use "show ip interface brief" for a list of interfaces and IP addresses

6881 is, of course, the port for azureus. If you are not using 6881, replace this with whatever port you are using. Note that 6881 appears on the line twice. Make sure they are both the same (unless you want to forward to a different port, but I doubt that will work for bittorrent clients, which advertise the port they are running on to the outside world.

For UDP, replace the 'tcp' keyword with the keyword 'udp'. The rest stays the same.

An example:

ip nat inside source static tcp 10.0.0.10 6881 interface FastEthernet0 6881
ip nat inside source static udp 10.0.0.10 6881 interface FastEthernet0 6881

In this example, 10.0.0.10 is the IP address of my machine running azureus. The interface connected to the ISP (the cable modem in this case) is FastEthernet0.

NOTE: Make sure to open a hole for port 6881 (tcp and udp, if udp is mapped). If you have a firewall running on the outside interface (a likely scenario), add "permit tcp any any eq 6881" to the firewall access-list BEFORE any 'deny all' statements. One simple way to do this is to run "show ip access-list <list-name>" where <list-name> refers to the access-list on the outside interface (which would sounds like "ip access-list foo in" where foo is the list-name and 'in' tells it to apply it to incoming traffic). The outpu from the show-command above will have 'numbers' in the first column, like 10, 20, 30, etc... If you need to insert a line in the middle, pick a number between the two lines you want to insert between. I.e. 25 if you want to get in between 20 and 30. For example:

router#configure terminal
router(config)#ip access-list extended foo
router(config-ext-nacl)#25 permit tcp any any eq 6881

If you want udp, do the same (with a different line number) for udp instead of tcp.

That should do it.

DISCLAIMER: This works for me on a 1700 router, running 12.3(8)T5. It should work with anything reasonably recent, but I don't have the information to tell "as of version X.Y". Nor can I guarantee that this will work with other esoteric configurations involving vlans (though my 1700 uses some), vrf's, DSL, whatever. Your mileage may vary. Good luck!

[edit] Siemens ADSL C-010-I

Open up http://198.162.1.1/ (or, if your router is configured at another address, open up that address instead) in your favorite browser and login to your router administration area.

Select "Virtual Server" in the left frame under the "Configuration" category. These are the entires you have to write in the available boxes: Public Port - Start: 6881 Public Port - End: 6881 Private Port: 6881 Host IP Address: (the IP address of your computer on your LAN - 198.162.1.200 in my case, YMMV)

After that, click the "Add this setting" button and select the "Save Settings / Reboot" link in the left frame under the "Configuration" category. Click the "Save & Reboot" button and wait a while until your router reboots. You should have no problems with your connection after this.

Good luck! :)

[edit] Microsoft's ISA Server 2004

Configuring BitTorrent's ports on ISA is very simple. You only have to create BitTorrent Protocol definitions, a new Access Rule and a Server Publishing Rule. You can skip Server Publishing Rule if you do hot plan to host a tracker. It all boils down to these simple steps:

1. Create three new portocols (please note that I assume that you are using ports range 5973-5983)

  a) Azureus TCP Outbound
     Primary, TCP, Outbound (ports 5973-5983)
     Secondary, TCP, Inbound (ports 5973-5983)
  b) Azureus TCP Inbound
     Primary, TCP, Inbound (ports 5973-5983)
     Secondary, TCP, Outbound (ports 5973-5983)
  c) Azureus UDP
     Primary, UDP, SendRecieve (ports 5973-5983)
     Secondary, UDP, SendRecieve (ports 5973-5983)

2. Create access rule

  action: allow
  protocols: all created at step 1.
  from: internal network
  to: external network
  users: users that allowed to use Azureus

3. Edit Firewall Client Application Settings. From Microsoft ISA 2004 Server Management Console open Configuration>>General>>Define Firewall Client Application Settings. Add two new settings

  a) application: Azureus
     key: ServerBindTcpPorts
     value: 5973-5983
  b) application: Azureus
     key: RemoteBindUdpPorts
     value: 5973-5983

4. Apply the setings on the ISA sever to make them effective.

5. Enable firewall client on the client machines and setup Azureus to use tcp and udp ports in range 5973-5983.

Now you are ready to use Azureus behind ISA server 2004 and there should be no NAT problems (i.e you get green smileys). If you also want to host the tracker you have to follow one more simple step i.e creating a server publishing rule.

To create your server publishing rule start the server publishing rule wizard and call the server "BitTorrent (Server)". Enter the local IP address of the server that will be running your bittorrent client. Select the "BitTorrent (Server)" protcol definition we have defined earlier and then select the networks you want to start the listener on. Click finish and the apply button to activate your changes to your ISA server and you are ready to start using BitTorrent on your network.

• _Tip: Per the PortForwarding page, lets just start using a non-standard port right now :)