# [SOLVED] Ports being Blocked to run a server



## TechJunkie2007 (Nov 24, 2010)

Hello all, 

i am running windows server 2008 R2, and MS Exchange server 2010 SP3. this is a FRESH INSTALL

the only configuration made were the required roles/features to install ADDS and exchange server - IIS / FTP / and all Windows updates. Default DNS records other than 1 reverse DNS on my external IP 

i can not get any connection to this server from outside the LAN, other than FTP port 21 via browser. Now there is a back story to this as well. i am under Comcast residential internet, running this server. I also happen to work for Comcast, and have spoken to HR, and also the director of I.T. for my region, and was approved for this server as the Acceptable Use Policy, Section "technical restrictions" allows personal use. this was reviewed, and accepted. my reason for stating this is that so nobody feels they are violating TSF rules for assisting me. 

i currently did not register my domain via Go Daddy, or another vendor. I am using my external IP until i figure this out. 

i have put the server ( 10.0.0.24) in my routers DMZ, as this is a test environment to pin down the issue so this was a temporary step. 

_i downloaded a free port scanner_ from here - Free Port Scanner - Free download and software reviews - CNET Download.com

i scanned ports - 443,80,379,389,390,3268,636,3269,143,993,110,995,119,563,465,691,102,135,552,53,587 on a local level (10.0.0.24) and my external IP. Every port on a local scan is reported OPEN, and every port on my External IP is CLOSED.

i then disabled the firewall and re-ran both scans, and received the same results. 

Now i have FTP on port 21 configured, and even though it shows as closed, i can still access my FTP server outside the LAN. 

i attached a screen shot of an IPCONFIG / ALL 

i called into Comcast, and advised the issue, and i also spoke to the legal response team, because as some of you may know, if you want port 25 open, that you call that department. so i tried it with these ports. i was advised that all ports are open, i just don't have a static IP address, which i am working on... but im told all ports are open, and i have port forwarding enabled, firewall disabled. 

if i am able to access FTP://xx.xxx.xx.xx then i should be able to access HTTPS:// xx.xxx.xx.xx/owa right? .. i can not.. 

i also think that since i did not register a domain name and MX record, i probably can not send mail.. but thats not the primary issue right now.... ill worry about that after i gain External access. 


i checked a field of logs in the Event viewer and found nothing of relevance.. 


im running out of things to try lol... any ideas from you folks?



thank you !!


----------



## TechJunkie2007 (Nov 24, 2010)

*Re: Ports being Blocked to run a server*

Sorry .. the screen shot was not very visible. I attached another.


----------



## djaburg (May 15, 2008)

*Re: Ports being Blocked to run a server*

The only way to test for sure, is the set your server as your external IP and connect directly to the cable modem. If it work then, you'll know it's something with your router, if not, it's your ISP.


----------



## Wand3r3r (Sep 17, 2010)

*Re: Ports being Blocked to run a server*

"Default DNS records other than 1 reverse DNS on my external IP "

What do you mean by this? Your public IP does not belong in your local dns. 
Comcast dns server ips should be listed under conditional forwarders.

You do not need a static wan ip. Dyndns, I think even go daddy, with a client install can update your registered domain name when the dynamic ip assignment changes.

Do a tracert yahoo.com and post the results for review. I am looking to see if other routers are involved.

Make and model of your router?
Though DMZ is supposed to pass everything through the usual method is to do port forwarding. There are also two components to a open port. One is dmz/forwarding and the other is something has to answer the port query. This means exchange must be running when doing port checks


----------



## TechJunkie2007 (Nov 24, 2010)

*Re: Ports being Blocked to run a server*

i actually feel pretty dumb about this.. but i gained External access to the server. I had old ports forwarded in my router, and port 80 & 443 were pointing to the wrong IP on my network. I changed the IP, and i can now access OWA from outside the LAN. i can RDP, acess and login to OWA,and FTP. So the issue of not being able to connect to the server is now resolved. However, i can still not send \Receive emails. i have attached screen shot of my TRACERT to Yahoo, i attached another IPCONFIG/All , and i attached my ports being forwarded. As far as the make and model of my router... this is an XFINITY wireless gateway-modem combo. these only have 4 Ethernet jacks on the back which still is managed by DHCP on the gateway, so, unfortunately, i can not directly connect to the modem. I am connected straight into 1 of those Ethernet jacks, but its not a direct connection to the External IP.. 
"Wand3r3r" i am sorry, when it comes to the DNS, i know enough to be dangerous, but im not actually in a live environment were as business is being conducted. this is on a home server that i am trying very hard to learn effectively, i didnt know that i should have placed those IP's in conditional forwarders... i do now! 
i tried sending an email from GMAIL to my Domain, here is the message... 




This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
[email protected]
Message will be retried for 2 more day(s)
Technical details of temporary failure: 
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720 
[(0) 73.183.38.91 [73.183.38.91]:25: Connection timed out]
----- Original message -----
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=from:to:subject:date:message-id:mime-version:content-type
:thread-index:content-language;
bh=xyyn6kFZIPZYRkYUcWxWbhva/EWMB6xX88XzS9Rx2uw=;
b=EVfYn9e7psBkA4rFmLX4YIevJlazyvUpB5QrEpyVmomwwSrt26HaCgk9NV7Ag2U1hM
MdCLVnM18i1isjhK4rjkXkaJ+DWUHEuyVdfXtH1RX8WFvKOcQvGjeCr6340TxELHSYCs
Bpm+oz49jvv4YXeUJi9bFLgDbCeNzniV4ghB0bM3ydYhvn5IJl5UgehoI6SJbZLjSCMN
1l3gOuzjmDotwNnayXDn3Whvn03lrela01Q40Ywy2seqDD8EreWECQWLo4RLbQMoAJ2b
PXokU3qe5gQBSv6gjpdQ+xYTiy5ZKRV1hpMF2NiS16E24gveBVu8XyL0ZewRrulVflWW
NdtQ==
X-Received: by 10.140.83.49 with SMTP id i46mr61014389qgd.22.1404172290079;
Mon, 30 Jun 2014 16:51:30 -0700 (PDT)
Return-Path: <[email protected]>
Received: from Win8 ([2601:7:a180:b10:3de4:8c3:824e:d0a6])
by mx.google.com with ESMTPSA id d2sm13087980qge.24.2014.06.30.16.51.28
for <[email protected]>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Mon, 30 Jun 2014 16:51:29 -0700 (PDT)
From: "xxxxxxxxxx" <[email protected]>
X-Google-Original-From: "FIRSTNAME LAST NAME" <[email protected]>
To: <[email protected]>
Subject: 
Date: Mon, 30 Jun 2014 19:51:25 -0400
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0008_01CF949C.AD26E490"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac+UvjO7S/7m3ULURJy5NxlzzbTtjQ==
Content-Language: en-us
1





here is the message from my server to GMAIL...



Generating server: Xchange.DxD2007.Net
Receiving server: gmail.com (74.125.25.26)
[email protected]
Remote Server at gmail.com (74.125.25.26) returned '400 4.4.7 Message delayed'
7/1/2014 3:33:17 AM - Remote Server at gmail.com (74.125.25.26) returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10060, Win32 error code: 10060." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 74.125.25.26:25'
Original message headers:
Received: from Xchange.DxD2007.Net (2601:7:a180:b10:842d:558c:d53:3be9) by
Xchange.DxD2007.Net (2601:7:a180:b10:842d:558c:d53:3be9) with Microsoft SMTP
Server (TLS) id 15.0.847.32; Mon, 30 Jun 2014 19:48:18 -0400
Received: from Xchange.DxD2007.Net ([fe80::842d:558c:d53:3be9]) by
Xchange.DxD2007.Net ([fe80::842d:558c:d53:3be9%12]) with mapi id
15.00.0847.030; Mon, 30 Jun 2014 19:48:18 -0400
From: Admin <[email protected]>
To: "[email protected]" <[email protected]>
Subject:
Thread-Index: AQHPlL3Dio6XbBZyhEWMLh9EURCQ9A==
Date: Mon, 30 Jun 2014 23:48:17 +0000
Message-ID: <[email protected]>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.0.0.2]
Content-Type: multipart/alternative;
boundary="_000_7f3f60b5426a430abacd5a6836125d73XchangeDxD2007Net_"
MIME-Version: 1.0


i have no idea what to try at this point. I really do thank you guys for trying tp help!


----------



## djaburg (May 15, 2008)

*Re: Ports being Blocked to run a server*

If you're running this from home, many ISP's will block ports necessary to receive (incoming port 25) and potentially send email. Just found this regarding blocked ports and it doesn't necessarily address your outbound email. Do you have your server configured correctly to handle DNS? In other words do you have DNS Forwarders configured properly?


----------



## TechJunkie2007 (Nov 24, 2010)

Honestly, at this point I can't say if I have them configured properly. I will assume no. Do you have suggestions, or would you need info from me to verify if they are? I'll search google nonstop until I get your answer (I'm determined)

The list of blocked ports I'm familiar with. As an employee of Comcast, we have access to intranet sites, that have diagnostic tools with documentation on our modems. But ports, and information on ports on the modem level, we don't have access to. However those ports you mentioned are well known (to me at least ) because I work there, and relay that info to my customers. Now even though I don't have an MX record setup with go daddy yet... I should still be able to send mail out.. (Theoretically ) 😫


----------



## jimscreechy (Jan 7, 2005)

*Re: Ports being Blocked to run a server*

Windows Firewall?


----------



## TechJunkie2007 (Nov 24, 2010)

Ive tried disabling the firewall. But it didn't solve the issue 😫


----------



## djaburg (May 15, 2008)

*Re: Ports being Blocked to run a server*

You did read the link I provided indicating that port 25 is blocked, correct? That would affect inbound email. Outbound could still be DNS being configured incorrectly on the server. Check here for instructions on forwarders.


----------



## TechJunkie2007 (Nov 24, 2010)

Yes, I am aware that 25 is blocked. I have port 25 forwarded to my server anyways. But I am attempting connection on a secured port. 25 is being forwarded only because i am testing all possibilities that I can think of. My forwarders are setup to use comcast DNS servers then a secondary forwarder pointing to OPEN DNS servers, and a 3rd point to google DNS server 8.8.8.8. Using 5 second intervals for the time out I have tried over the past few days using only 1 forwarder (comcast DNS) , send an email then wait to see of that email is rejected, which it eventually was. Then I used the open DNS forwarder, wait for it to be rejected, then I used google. Then I setup all 3 ... And it was then rejected.


----------



## Wand3r3r (Sep 17, 2010)

*Re: Ports being Blocked to run a server*

You don't send email to a dns server. That is not a valid test.

I notice in your tracert that the 2nd hop is starred. That can indicate another router. I would suggest connecting directly to the Comcast modem and run the tracert again. Post the results.

From a domain workstation do a nslookup dxd2007.net. I assume that is your domain name. Does it resolve correctly.
From the same workstation do a nslookup yahoo.com. Does it resolve correctly?


----------



## TechJunkie2007 (Nov 24, 2010)

It was confirmed to me that the comcast SMTP server was blocking my emails, and will continue to block my emails if I use SMTP.comcast.net. Although I received approval to run the server, it was only that... I spoke to our network admin for my region on the comcast network and he tried assigning me a static IP address, but it was rejected due to needing a business class account. He can't change that rule. It's set by corporate. The approval was only to protect me from violating rules. I was advised, and shown the policy that if you have a dynamic ip on a comcast network.. The SMTP server blocks traffic. 

So I purchased my domain name through a registrar and they provide a free SMTP smart host, I added this to my send connector and that resolved my issue. I can now successfully send and receive emails without issue. I can access OWA / RDP / FTP and emails flow fine. 

Sorry everyone.. This whole time the issue was not have a static IP. And I was using SMTP.comcast.net 

Now that this is fixed, I have other issues to resolve. I will start a new thread on these concerns. 

Thank you for all the advice, I learned a few things by this.


----------

