0
Visiting a friend who has Frontier FiOS internet and an Actiontec MI424WR broadband router, latest version. While their ethernet connection works for web browsing, they are experiencing what I believe are firewall-related issues connecting to:
Inbound POP and IMAP ports 995, 993 via wifi mobile devices attempting to access imap.gmail.com and pop.gmail.com; and
Outbound POP and IMAP ports 465 (SSL) and 587 and 995 at pop.gmail.com and imap.gmail.com; and
Ethernet connection to Xbox Live; and
Ethernet connection to Hulu.com service via ROKU 2 XS.
My sense is that the fix is as simple as accessing the admin panel at 192.168.1.1 and creating allow rules in the firewall settings; or, to use port-forwarding allow rules; however my experience in these areas on a router - or rather this particular router - is somewhat limited.
I could use some help or recommendations on:
Whether this is likely an issue requiring the creation of a port-forwarding rule or an allow rule in the firewall and;
Whether the rule should be TCP, UDP or BOTH and based on the port or ... ?
I've already explored tech support at Frontier and apparently once you get into the firewall, they are "not allowed" to help you but rather are instructed to upsell you on paid support product offering.
I've already spoken with Google and confirmed that it is not an issue on their end, but likely simply an overtly aggressive firewall setting that needs some exceptions added.
I've also already confirmed that it is THIS router and THIS wifi, as mobile devices ARE able to successfully make these port connections via cellular-only service as well as other wifi networks.
So I've narrowed it down to the router firewall or port-forwarding settings.
Desirae Tilford
Posted 2013-02-08T03:14:10.620
Reputation: 51
What do you mean by "inbound" connections to imap.gmail.com for mobile devices? Why would these connections be incoming? – Paul – 2013-02-08T03:20:21.670
Sorry for the obfuscation. I meant simply that mobile devices are unable to access ports 995 and 993 on pop.gmail.com and imap.gmail.com. This does not have relevance to the router ports but is more a description of the functional problem and symptoms. I did find this to be somewhat useful, however it is not from Frontier. It advises to specify the address of the device or computer that you want to port forward from, but it does not describe how to obtain that or whether it is an IP, domain or ... http://www.actiontec.com/products/product.php?pid=213
– Desirae Tilford – 2013-02-08T03:36:44.317Port forwarding is only for incoming connections, and so not relevant here. So you don't port forward "from", but "to". Are you absolutely sure these ports aren't blocked by the ISP? – Paul – 2013-02-08T03:55:46.627
Great idea to rule out, Paul. I'll try nmap and nc to rule that out and will post outputs. – Desirae Tilford – 2013-02-08T04:02:50.100
Some ISPs will block mail related ports as they expect you to use their mail services - which you can often unblock in control panel or support ticket. – Paul – 2013-02-08T04:04:27.913
Does this confirm that Frontier is blocking?
$ sudo nmap -Pn imap.gmail.com
Starting Nmap 6.25 ( http://nmap.org ) at 2013-02-07 21:08 PST Nmap scan report for imap.gmail.com (173.194.77.109) Host is up. Other addresses for imap.gmail.com (not scanned): 173.194.77.108 rDNS record for 173.194.77.109: ob-in-f109.1e100.net All 1000 scanned ports on imap.gmail.com (173.194.77.109) are filtered
It confirms that the traffic is being blocked - it is possible that the router is doing it but if you can't see any obvious outbound filtering in the router, then the ISP is the most likely culprit. – Paul – 2013-02-08T06:21:15.547
Frontier says they don't do inbound port blocking, so it must be happening at the router level. They weren't much help. I'll call Actiontec in the morning and post a short summary fix here for future users who have this issue. – Desirae Tilford – 2013-02-08T06:48:46.017
It isn't inbound, it is outbound. You are trying to connect to services outside of your local network, which is an outbound connection. – Paul – 2013-02-08T11:22:19.077