SR101 and SR102 Sky Hub port forwarding/testing

Sky the broadband internet service provider.

Moderator: embleton

Post Reply
User avatar
embleton
Site Admin
Posts: 769
Joined: Sat Aug 02, 2014 2:40 pm
Location: Plymouth
Contact:

SR101 and SR102 Sky Hub port forwarding/testing

Post by embleton » Fri Jul 24, 2015 11:12 am

With port forwarding on these two routers it is done by the browser by browsing to http://192.168.0.1 and selecting the Security Tab at the top of the page. These routers will then prompt for a user name and password, the default for these are admin and sky as the password. For the majority of standard service ports they can by selected from a drop down list, by pressing the Firewall Rules menu, and then either selecting outbound rules; traffic from your network to the outside world. Or in the majority of cases inbound rules; for traffic arriving at the router that needs to be sent to internal LAN server(s).

When you select the Add button under inbound rules, you are presented with a list of options, of these three have to be changed, the rest can usually be left at there default. This is the actual service selection, an example is HTTP (TCP port 80) for a web server that you running internally on a LAN server computer; and this can be selected right from the drop down list of services offered. The Action should be changed to allow always, and Send to LAN server should be set to the IP address of the computer concerned.

What if the service is not show on the drop down list, then you need to add the service. This can be done by selecting the security tab, then services. One is then offered boxes that you full in with details that need to provided; the name of the service, which you can enter anything that is descriptive, type that can be TCP, UDP or both of these protocol types. The start port, and the finish port; usually the start and finish ports are the same numerical numbers.

The LAN server IP address is easy to obtain on Windows by dropping down to a command prompt and typing 'ipconfig/all', which will list details concerning the net connection including its IP address. Once the above details are provided then one needs to apply the setting in both cases for adding a service or firewall rule.

The router should now be forwarding the service port to the computer concerned and it's time to test the connection. In the majority of cases one can confirm that the service port is open by scanning the public IP address of the connection, to obtain its public IP address type into Google 'what is my IP address'. For scanning the open ports there are several websites that offer a service to scan standard TCP ports, these ports are stateful in the majority and will reply accordingly to traffic, It is more difficult to scan UDP ports because they'll not respond unless the traffic is especially crafted for the service concerned because they're usually stateless or it's necessary to open a control port, as is the case with ftp.

What if after these steps the port doesn't respond to requests. For Windows users the operating system has a firewall that will block incoming traffic that has not be initiated from Windows itself, and this will also need to be setup to allow the traffic to pass through the firewall on Windows itself. To confirm whether this is the reason you can drop the firewall completely temporary during testing, and then setup the required rules in the firewall if it works as necessary. For setting up the firewall on Windows there is an article on the Microsoft website that explains the process, use that article that you can search for on Google by typing 'firewall setup windows' into the Google search engine.

It the port still doesn't show as open then factory reset the router and redo the complete process above, if it still doesn't operate as expected then ensure the port is open internally on the LAN itself, by using another computer or smart phone/tablet to identify where this issue resides; if it's the router then replace it.
Inbound Firewall Rules
Inbound Firewall Rules
image.jpg (31.76 KiB) Viewed 32257 times

This above figure is correctly configured for a website server on LAN IP address at http://192.168.0.12, a ftp server at ftp://192.168.0.12 and remote desktop protocol for Windows. The other two protocol services https (port 443) and port 7070 that are forwarded are defined but not enabled.

For setting up a fixed IP address for the server concerned it is best to allocate an IP address from the reservation pool. This can be done by selecting the advanced menu item on the router. Then select LAN IP setup, Add and select from the list the device/server you require the IP to be fixed. Apply the setting and you're done. This will ensure when you reboot the router the device(s) concerned will be allocated the same static IP address.

Post Reply