# Unable to forward port.



## purpursky (Feb 2, 2013)

Hello,

So I need to forward certain ports to play/log-in game:
TCP: 80, 443, 2099, 5222, 5223, 8393-8400
UDP: 5000:5500

I did forward them in my router and checked them with PFPortChecker, every port seems to open except 2099, I don't understand why.

Note that I disabled Windows Firewall, Router's Firewall, and I'm using Kaspersky Internet Security which I disable while checking ports/logging to game

Uploaded screenshots for your review.


----------



## TheCyberMan (Jun 25, 2011)

Hi and welcome to TSF,

Try using a colon : to seperate the ports 60, 443, 2099 click apply and reboot router.


----------



## purpursky (Feb 2, 2013)

TheCyberMan said:


> Hi and welcome to TSF,
> 
> Try using a colon : to seperate the ports 60, 443, 2099 click apply and reboot router.


Hi TheCyberMan,

I did, but no luck, it says "..is not according to specs".
Forgot to mention my modem's model is AirTies RT-204 (modem firmware is up-to-date by the way)


----------



## TheCyberMan (Jun 25, 2011)

Please check that Kaspersky Ndis 6 filter miniport is also disabled or uninstalled when the firewall is, this is used for detecting threats by the anti-virus but can also block legitimate apps as well and can interfere with internet connectivity.

Go to start>control panel>network and sharing centre >change adapter settings:

Right click *Local Area Connection(wired)* or *Wireless Network Connection* whichever you use:
Click *Properties
*Look for *Kaspersky Ndis 6 Filter miniport *and remove checkmark from it to uninstall it click ok and restart computer check the port 2099 using PFPortchecker.

Please ensure you have a copy of Kaspersky Internet Security to re-install the filter after test. Before re-install of filter disable anti-virus first then open the Kaspersky disc and navigate to the Klimx86(32-bit) or klimx64(64-bit) file and lick to open and install. 

After install is done of the filter then enable the anti-virus.


----------



## Wand3r3r (Sep 17, 2010)

Port being open means something is listening on that port. You may need to start the game, mimimize it and then check to see if the port 2099 is open.


----------



## purpursky (Feb 2, 2013)

TheCyberMan,

I tested it as you suggested, still couldn't log in to game 
Kaspersky has been removed from computer now.

Hello Wand3r3r,

I did it as you said, opened game and port checker and after I clicked log-in button, tested whether it opens or not, it didn't. :frown:

Also want to mention that when I had Kaspersky installed checked connections established through an application called Kaspersky Network Monitor: it shows that connection is established with xxxxx:2099 port but 0 bytes sent/ 0 bytes received :nonono:

To log in game it says I need ports 5222, 5223 also forwarded but no idea why there are displayed as opened while 2099 is not


----------



## Wand3r3r (Sep 17, 2010)

Make 2099 its own entry to see if that makes difference.


----------



## purpursky (Feb 2, 2013)

Wand3r3r said:


> Make 2099 its own entry to see if that makes difference.


Nope it didn't, I had even put it in as ranges like 2000-2100. Moreover re-installed Windows after these problems. Might there be problems with my modem then (it is not behind another router) ? or ISP? :banghead:


----------



## Wand3r3r (Sep 17, 2010)

Since other ports open you are not behind another router and a modem can't filter traffic.

Appears this game is league of legends. There should be a config file concerning its ports.

Do you have a dmz option on the router? I would set the game servers lan port to dmz which should open all ports and the game should work.


----------



## purpursky (Feb 2, 2013)

Wand3r3r said:


> Since other ports open you are not behind another router and a modem can't filter traffic.
> 
> Appears this game is league of legends. There should be a config file concerning its ports.
> 
> Do you have a dmz option on the router? I would set the game servers lan port to dmz which should open all ports and the game should work.



Yes it is LoL :grin:

And yes there is a DMZ under NAT tab of modem menu, will be checking that up now.


----------



## purpursky (Feb 2, 2013)

It didn't help either


----------



## Wand3r3r (Sep 17, 2010)

Was just 2099 only still blocked?

There has to be a local firewall blocking access. If forwarding worked 98% the DMZ should have worked 100%

Add the LoL exe file to the trusted app list of the firewall.


----------



## purpursky (Feb 2, 2013)

Yup it is still,

By the way, English is not my first language, therefore I better post some more pics :grin:



So, as you see I had disabled Windows Firewall before like this in the picture (also ended its service via Service management console) and now decided to enable it again and add exceptions for LoL executables, DMZ is also enabled, router firewall disabled.










No luck :frown:

I can't think of any other firewall :banghead:


----------



## Wand3r3r (Sep 17, 2010)

You have not mentioned the pc being part of a domain before. You have a microsoft domain controller at home and this pc is joined to it?

Otherwise you should be looking at the public or private profiles.

Also please clarify if after the dmz connection if it was only 2099 or more ports that failed.


----------



## purpursky (Feb 2, 2013)

Wand3r3r said:


> You have not mentioned the pc being part of a domain before. You have a microsoft domain controller at home and this pc is joined to it?
> 
> Otherwise you should be looking at the public or private profiles.
> 
> Also please clarify if after the dmz connection if it was only 2099 or more ports that failed.


Actually I don't exactly know what microsoft domain controller is, but I highly suspect that there is anything like that at home :grin: If you are asking that because of firewall setting's screenshot, note that other profiles are also customized as domain profile, thus they are also intentionally highlighted.

I checked other ports now with DMZ on, they are open. Even I created rule for ports 2000-2100, every port in range passes port check but not 2099  This is kinda odd :grin:

Not sure it will help, but I notice something unusual ipconfig /all : 

Ethernet adapter Подключение по локальной сети: (Connection to local network)

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-7A-98-78
DHCP Enabled. . . . . . . . . . . : No 
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::30a8:a6a3:c048:ec92%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.50(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 251667540
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-9B-08-1E-00-24-54-7A-98-78

_*DNS Servers . . . . . . . . . . . : 192.168.2.1*_ (same as default gateway?) 
NetBIOS over Tcpip. . . . . . . . : Enabled


----------



## Wand3r3r (Sep 17, 2010)

You should have no forwarding rules if the pc is in the dmz. This will create a conflict.

Its normal to reference the gateway for dns. Now if you were running a DC that would be different. It would be referenced for dns.

Those other profiles; personal and public are not for a domain but if standalone [like you are] concerning internet and lan access. Both should be in the Off setting also or set the public to allow LoL exe /application.


----------



## purpursky (Feb 2, 2013)

Wand3r3r said:


> You should have no forwarding rules if the pc is in the dmz. This will create a conflict.
> 
> Its normal to reference the gateway for dns. Now if you were running a DC that would be different. It would be referenced for dns.
> 
> Those other profiles; personal and public are not for a domain but if standalone [like you are] concerning internet and lan access. Both should be in the Off setting also or set the public to allow LoL exe /application.


Ok I turned off port forwarding, DMZ is on. Embarrassed to say it again didn't work either :blush: 

Should I renew my modem, ISP & computer then ? :grin:


----------



## TheCyberMan (Jun 25, 2011)

Do you have a copy of Kaspersky internet security which can be used for a re-install and is it still installed on your computer?


----------



## purpursky (Feb 2, 2013)

TheCyberMan said:


> Do you have a copy of Kaspersky internet security which can be used for a re-install and is it still installed on your computer?


Yes there is a copy of it , I can install if needed. Should I ?


----------



## TheCyberMan (Jun 25, 2011)

That is good please try running the removal tool for kaspersky below follow the instructions:

Removal tool for Kaspersky Lab products


----------



## purpursky (Feb 2, 2013)

TheCyberMan said:


> That is good please try running the removal tool for kaspersky below follow the instructions:
> 
> Removal tool for Kaspersky Lab products


Did that, nothing has changed :frown:


----------



## Wand3r3r (Sep 17, 2010)

do a tracert yahoo.com and post the results for review.


----------



## purpursky (Feb 2, 2013)

Ok.

Tracing route to yahoo.com [206.190.36.45]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.2.1
2 25 ms 25 ms 23 ms access-server2.bakinter.net [10.111.111.5]
3 23 ms 25 ms 24 ms edge-router1.bakinter.net [10.111.2.1]
4 26 ms 24 ms 24 ms 10.111.12.1
5 30 ms 27 ms 24 ms DeltaTelecom-BakInterNet-link-for-INTERNET-Xchan
ge.az-ix.net [85.132.2.245]
6 * 27 ms 29 ms r01-greenXchange-r03.AZ-IX.net [85.132.60.6]
7 * * * Request timed out.
8 * 105 ms * DeltaTelecom-FFM01-yellowXchange-BK02.AZ-IX.net
[85.132.60.70]
9 113 ms 115 ms 113 ms ge-1-3-0.pat2.dee.yahoo.com [80.81.193.115]
10 216 ms 219 ms 217 ms as-1.pat2.dcp.yahoo.com [66.196.65.129]
11 282 ms 304 ms 285 ms ae-7.pat2.che.yahoo.com [216.115.100.137]
12 291 ms 277 ms 279 ms ae-5.pat2.dnx.yahoo.com [216.115.96.55]
13 302 ms 289 ms 291 ms ae-8.pat1.gqb.yahoo.com [216.115.96.122]
14 289 ms 283 ms 306 ms ae-1.msr1.gq1.yahoo.com [66.196.67.5]
15 298 ms 300 ms 303 ms xe-8-0-0.clr1-a-gdc.gq1.yahoo.com [68.180.253.13
1]
16 305 ms 302 ms 304 ms et-17-1.fab6-1-gdc.gq1.yahoo.com [98.137.31.184]

17 296 ms 299 ms 303 ms po-13.bas1-7-prd.gq1.yahoo.com [206.190.32.21]
18 325 ms 307 ms 295 ms ir1.fp.vip.gq1.yahoo.com [206.190.36.45]

Trace complete.


----------



## Wand3r3r (Sep 17, 2010)

That is what I was afraid of. You notice your next hop after your gateway is NOT 37.61.20.149? I am not even seeing it in the hops.

Your isp is using private ip [10.111.111.5]. Normally you can't do any port forwarding because they need to forward the same ports in their router to your router and they won't do that.

You can call your isp and see if they will open port 2099 for you but otherwise there is nothing you can do to make port forwarding work. You need a public wan ip to have that happen.


----------



## purpursky (Feb 2, 2013)

Wand3r3r said:


> That is what I was afraid of. You notice your next hop after your gateway is NOT 37.61.20.149? I am not even seeing it in the hops.
> 
> Your isp is using private ip [10.111.111.5]. Normally you can't do any port forwarding because they need to forward the same ports in their router to your router and they won't do that.
> 
> You can call your isp and see if they will open port 2099 for you but otherwise there is nothing you can do to make port forwarding work. You need a public wan ip to have that happen.


I see. Finally Thanks for helping me out wand3r3r!!! I was trying to fix this almost 3 weeks. 

I had called ISP before, and their customer service really sucks, they just aswered my question like "no no no" not checking out or asking me anything. I will give another call to ISP tomorrow and will get angry :angry:, other than I might change my ISP if that will work.


----------



## purpursky (Feb 2, 2013)

------


----------

