Why my Port Forwarding rule is not working?

I'm a total noob about TCP/IP, and try to set a port forwarding rule.

What I'm trying to do is this:

I have multiple computers connected to my router (zyxel p-660hw-t1 v2), one of them is working as Ubuntu Server
I want to connect that Ubuntu Server by entering my public IP, and a specific port. So I want to type 88.225.my.ip:26600 (is it safe?) and get served the apache homepage
It has apache installed, and working, when I type 192.168.1.35 from my home network. So I guess it's local IP is 192.168.1.35.

Now, I'm trying to forward port 26600 to 192.168.1.35.

These are my modem settings page. (They are in Turkish, couldn't figure out how to display in English, but you will recognize the keywords, and I'll try to explain)

1st: NAT -> Port Forwarding page : enter image description here

2nd: Firewall -> General

The unchecked box means "Active Firewall". So the other rules are not applying anyways, right? enter image description here

3rd: Firewall -> Rules

Activated uPnP, But I deactivated it now, it doesn't work either way.. enter image description here

4th: Advanced -> UpnP -> General enter image description here

Can you please tell me what am I doing wrong?
And I would really appreciate it if you explain your answer, to a noob :)

Edit:

Or how can I identify what the problem is?

jeff

Posted 2013-07-27T16:42:54.697

Reputation: 489

Regarding the "88.225.my.ip:26600 (is it safe?)" part. Yes, as long as you keep the web server (in your case Apache) and all extra software which might be invoked froma webpage (e.g. PHP) up to date, then it should be safe. – Hennes – 2013-07-27T17:12:33.250

Not related to your question, but if you don't have any UPnP devices in your network, you might want to turn it off as it's considered a security risk. Actually, just turn it off. See https://www.grc.com/unpnp/unpnp.htm

– happy_soil – 2013-07-27T17:13:27.527

@happy_soil, I thought that upnp standed for "enable port forwardings" or something. Ok I'll turn it off. Thanks for both comments. And thanks Hennes for inserting the pictures in the post :) – jeff – 2013-07-27T18:47:29.530

and please somebody upvote me, so I can upvote all the help :) – jeff – 2013-08-04T15:06:23.707

Answers

It seems like you cannot forward a different port than the one setup on your server. For instance, your firmware doesn't allow forwarding port 26600 of your WAN IP to port 80 of your local machine.

You might want to change the port on which Apache serves its HTTP service before enabling the port forwarding.

Open /etc/apache2/httpd.conf in a text editor. Find this line:
```
Listen 80
```
Change it for:
```
Listen 26600
```
Restart Apache
```
sudo service httpd restart
```

Follow this link to learn more on how to forward ports on your router. You will forward port 26600 to 26600 to your local IP 192.168.1.35.

user7429642

Posted 2013-07-27T16:42:54.697

Reputation: 1 121

Hi Gregory, Thanks so much for your answer. But I'm really confused here. In my router settings page. It asks me these parameters: (port to forward , ip to forward) so doesn't it work like My_WAN_IP:Port -> My_Local_IP ? I mean, the port 26600 is relevant to my router, not my PC, am I wrong ? I mean, it will forward port 26600 to my local ip, then it will choose the default port 80 inside my PC. So making Apache listen port 26600 should not change the situtation. But I will try it anyways. There is clearly somethying I don't understand.. – jeff – 2013-08-04T14:56:16.207

Hi Cengiz, the port 26600 is unfortunately relevant to your PC too. Some routers allow you to forward one port to another. For instance, you can sometimes make bindings to forward port 10000 of your WAN IP to port 80 of your PC's IP. In your case, your firmware only allows you to forward the very same port. If you decide you wish to access your Web server on port 26600 of your WAN IP, you must also set your PC to serve HTTP on port 26600. Then the forwarding will be from your WAN IP, port 26600, to your local PC's IP, port 26600. – user7429642 – 2013-08-04T14:59:50.427

wow, I didn't know that. Ok I'm now gonna try to change Apache settings. And one more question, is it possible that my ISP is blocking some ports? Because it most probably does. And if so, what port should I choose? 26600 is something I made up. I just need one empty port. Which one should I use? I even tried port 80. I only need FTP and HTTP besides Unity MasterServer (My web application), should I chose a "standard" / "default" open port? – jeff – 2013-08-04T15:04:45.730

Yes, many ISPs block ports 21 (FTP), 80 (HTTP) and 443 (HTTPS) to their residential customers. They normally allow these ports only for commercial customers. Any port over 10000 should be fine. – user7429642 – 2013-08-04T15:08:00.777

In answer to your question. "is it safe?" Personally i would not do it. The machine you want accessible from the outside world probably can access every other machine in your house and is also probably not dedicated just for just apache. If this machine gets compromised so could your data on this machine and others.

Spend a couple quid a month and get some shared hosting or for a little bit more a VPS.

FYI - Security is not just down to server config and security but also your web application your hosting.

user2375592

Posted 2013-07-27T16:42:54.697

Reputation: 101

Thansk! OK, but for now, there is not an application, nor data in my web server. It just shows "It Works!" default page of apache. And the reason I'm trying to do this is I want to setup a Unity MasterServer, so security is not my main concern now. When it is, I will of course rent a VPS. But I'm trying to learn how to do it myself. – jeff – 2013-07-28T16:34:09.987