# [SOLVED] All ports blocked even with DMZ and firewall down



## osterac

Hi,
I've been trying to open ports 5800 and 5900 for UltraVNC and checking them with online port checkers, but they are always listed as closed. I've even tried taking town windows firewall, my router firewall (although as soon as I disable and apply, it automatically switches back to enabled again), and also DMZ'ing my router. I wonder if it might have something to do with my new modem, but in the config page for that, the advanced settings are locked out. the modem is an arris TM722G, and the router is a linksys wrt-54G with DDWRT firmware.

I'm running windows 7 x64 and using a static local IP, I want to be able to use DynDNS to connect to UltraVNC.
Any ideas?
Thanks


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

Please connect direct to modem to confirm that ports are open and you have connectivity to ultravnc.

If ports are not open please contact your ISP.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

I connected the modem up directly and the ports were still not open. I contacted my ISP and they said the modem does not block ports (except 25) and they can't help me. I have my firewall down and I even tried a clean boot so my antivirus is off.
What could it be?


----------



## wcogent

*Re: All ports blocked even with DMZ and firewall down*

reset the router
use only dmz
try ammyy.com


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

Is the windows firewall the only one you have installed on your pc?

Do you use windows defender at all?

Do you have another computer you can install ultravnc on and test that direct to modem?


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

Windows firewall is the only one I have. I use Microsoft Security essentials. 
I went ahead and tried ipfingerprint.com's port scanners on two laptops that I have, hooked straight up to the modem. The first one had Security Essentials and all ports showed up closed. The second one is a school district PC and I don't know what kind of antivirus it has. All ports showed up closed.
@wcogent: I would try ammyy admin but I need something that is compatible with my phone app.


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

The modem does not have any portforward capability and gives your public ip address to the computer so portforarding is not needed.

Connect direct to modem.

Go to shields up link below and scan the service ports link is what you want leave the firewall disabled and let the scan complete ports in blue are closed, ports in green are stealthed, ports in red are open.

https://www.grc.com/x/ne.dll?bh0bkyd2

Please disable windows defender if it is enabled please also before the test.

Re-enable the firewall and windows defender after test.

Do you have kasperky anti-virus installed at all?

Please let us know the results.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

I did the test. I have Microsoft security essentials for anti-virus, and I thought microsoft discontinued windows defender, at least for windows 7? wasn't it superseded by Microsoft security essentials?
anyway, the only port that was open was 560. there were a few stealthed ports, 136-140 and 444.


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

Yes i think you right about defender it was in vista.

The firewall was disabled when you did the test was microsoft security essentials disabled also.

No other security software is installed and running those other ports may be stealthed from the ISP as you are connected to the internet directly.

Please post an *ipconfig /all *for review when connected to the modem.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

Here's my ipconfig:



Code:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : SEVEN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
   Physical Address. . . . . . . . . : 00-50-8D-B3-D1-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1cd:df2:9fa0:cb04%30(Preferred)
   IPv4 Address. . . . . . . . . . . : 98.208.95.145(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Thursday, October 18, 2012 1:36:44 PM
   Lease Expires . . . . . . . . . . : Saturday, October 20, 2012 8:09:01 PM
   Default Gateway . . . . . . . . . : 98.208.88.1
   DHCP Server . . . . . . . . . . . : 69.252.97.4
   DHCPv6 IAID . . . . . . . . . . . : 436228237
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-48-91-1D-00-50-8D-B3-D1-DC

   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#5
   Physical Address. . . . . . . . . : 00-1F-81-00-08-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-05-B6-01-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::5b6:1b0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::212b:e31d:d13f:cd39%25(Preferred)
   IPv4 Address. . . . . . . . . . . : 5.182.1.176(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Thursday, October 18, 2012 6:27:24 AM
   Lease Expires . . . . . . . . . . : Thursday, October 18, 2012 1:41:33 PM
   Default Gateway . . . . . . . . . : 5.0.0.1
   DHCP Server . . . . . . . . . . . : 5.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 712669471
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-48-91-1D-00-50-8D-B3-D1-DC

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ca.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3028:3590:9d2f:a06e(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::3028:3590:9d2f:a06e%11(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{257B8447-6F3E-4E0B-BE46-EB5A9442E8C2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{828E2B5A-DC40-457D-BBFF-58F104C7F6AA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

MSE (microsoft security essentials) was disabled and my firewall was disabled for the tests. I have no other security software, besides adblock if that counts, and web of trust, but those are just browser plugins.
Comcast claims that the modem only blocks port 25, all others should be open.


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

So apart from the one port reported open and the stealth all other ports were closed showing blue meaning closed.

I think you will have to be firmer with comcast as with no security at all enabled all ports apart from 25 should be open. You have a direct connection with the internet.

If you wish to test another computer you can do so to confirm again.

My only advice is to go back to comcast email the shield up results to them if neccessary by taking a screenshot of results showing all the closed ports and using the port check on the ultravnc ports send that data as well if possible.

Please make sure you have re-enabled all your security software on all systems also.

The ports should be open for ultravnc when connected directly to the internet as you have a Public ip address when connected direct to modem.

We cannot get your ports open for you on the modem only the ISP can do that their end. They need to be checking the ports required.

Please present them with evidence tho.


----------



## TheCyberMan

*Re: All ports blocked even with DMZ and firewall down*

Hi osterac please try forwarding the ports thru the router guide below for you:

Port Forwarding UltraVNC on the Linksys WRT54G - PortForward.com

If that fails please enable the DMZ and add the static ip address of the computer hosting the ultravnc this should forward all ports as you are directly exposing your computer to the internet.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

I have actually tried doing that already. I have been talking to comcast, I talked to them yesterday, and they said that unless a port is in use it may show up as closed? They don't seem to have the ability to open/close ports on their modem and they said they are going to do research and call me back in a couple of days. They want me to try and remote in over ultraVNC from a friend's house, even though I've already tried it from my phone.


----------



## Wand3r3r

*Re: All ports blocked even with DMZ and firewall down*

You would need vnc running to test if its ports are open. With it running what does the ports check report?

ideally if you had another pc/laptop in the house you could use it to test the connection over the lan to make sure it works to begin with.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

When I look up the port with UltraVNC running it says the port is stealthed. Stealthed will not work, correct? I tried from my laptop and phone and was unable to connect.


----------



## Wand3r3r

*Re: All ports blocked even with DMZ and firewall down*

Stealthed will not work. 

Can you post a screen shot of the routers port forwarding page so we can review the settings?
Also please provide the results of a ipconfig /all when connected to the router.

Modem doesn't appear to have any firewall/routing so its not blocking.
http://www.wavebroadband.com/support/internet/docs/TM722-Telephony-Modem-User-Guide.pdf

Do a tracert yahoo.com and post its results for review.

Your phone, was it connected to your wifi network when you ran this test?


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

Here's my IPconfig:



Code:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : SEVEN
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188SU Wireless LAN 802.11n US
B 2.0 Network Adapter
   Physical Address. . . . . . . . . : 00-1A-EF-25-1F-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
   Physical Address. . . . . . . . . : 00-50-8D-B3-D1-DC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1cd:df2:9fa0:cb04%30(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.147(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, October 25, 2012 11:16:40 AM
   Lease Expires . . . . . . . . . . : Friday, October 26, 2012 11:16:40 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 436228237
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-48-91-1D-00-50-8D-B3-D1-DC

   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
#5
   Physical Address. . . . . . . . . : 00-1F-81-00-08-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-05-B6-01-B0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::5b6:1b0(Preferred)
   Link-local IPv6 Address . . . . . : fe80::212b:e31d:d13f:cd39%25(Preferred)
   IPv4 Address. . . . . . . . . . . : 5.182.1.176(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Thursday, October 25, 2012 11:16:36 AM
   Lease Expires . . . . . . . . . . : Friday, October 25, 2013 11:16:51 AM
   Default Gateway . . . . . . . . . : 5.0.0.1
   DHCP Server . . . . . . . . . . . : 5.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 712669471
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-48-91-1D-00-50-8D-B3-D1-DC

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{828E2B5A-DC40-457D-BBFF-58F104C7F6AA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:ceb:1639:bc53:8010(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::ceb:1639:bc53:8010%11(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{257B8447-6F3E-4E0B-BE46-EB5A9442E8C2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A650AD77-BC78-4FB7-83F1-F3A3094E43A0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{06C28106-31D0-4402-B143-10BFA24BCA8D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

and my tracert


Code:


Tracing route to yahoo.com [72.30.38.140]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  DD-WRT [192.168.1.1]
  2     7 ms     9 ms     9 ms  96.120.14.9
  3     9 ms    19 ms    22 ms  te-8-2-ur01.chico.ca.ccal.comcast.net [68.87.203
.201]
  4    13 ms    11 ms    14 ms  te-0-0-0-4-ar03.sacramento.ca.sacra.comcast.net
[68.87.212.113]
  5    16 ms    18 ms    15 ms  pos-0-5-0-0-cr01.sacramento.ca.ibone.comcast.net
 [68.86.90.33]
  6    26 ms    17 ms    19 ms  pos-0-3-0-0-cr01.sanjose.ca.ibone.comcast.net [6
8.86.87.178]
  7    14 ms    16 ms    17 ms  xe-11-0-0.edge1.SanJose1.Level3.net [4.79.43.137
]
  8    33 ms   178 ms    39 ms  ae-33-80.car3.SanJose1.Level3.net [4.69.152.133]

  9    21 ms    22 ms    18 ms  YAHOO-INC.car3.SanJose1.Level3.net [4.71.112.14]

 10    52 ms    19 ms    73 ms  ae-1-d171.msr2.sp1.yahoo.com [216.115.107.87]
 11    18 ms    18 ms    17 ms  et-18-25.fab1-1-gdc.sp2.yahoo.com [67.195.128.67
]
 12    21 ms    19 ms    19 ms  po-10.bas2-3-prd.sp2.yahoo.com [76.13.244.15]
 13    19 ms    18 ms    19 ms  ir1.fp.vip.sp2.yahoo.com [72.30.38.140]

Trace complete.

The phone was tested from wifi, however I tried it from 3G as well and it didn't work. Do you need me to tether my laptop and try connecting that way?

Port forward image attached


----------



## Wand3r3r

*Re: All ports blocked even with DMZ and firewall down*

All the above looks good.

If you connected via wifi on your phone you would only be on the lan. Router settings wouldn't matter. If it didn't work then it means something on the pc is blocking. 

Review the local firewall settings. ultravnc should be in the allowed appliacation list.


----------



## osterac

*Re: All ports blocked even with DMZ and firewall down*

I allowed ultraVNC and now it works. I just didn't know that the port had to be in use to be open, so I assumed my modem was blocking almost everything. Thanks everyone, I think this mystery is solved.


----------



## Wand3r3r

Glad you solved it and thanks for the update.


----------



## TheCyberMan

Glad to hear your issues are solved.


----------

