Port forwarding not working on DGA4134

Hi guys,

I am trying to setup port forwarding on my Technicolor DGA4134 on ports 8090 and 2222. I have setup both the port forward rules and firewall rules as I think they should be configured, yet they remain closed when I test.

Please see screenshots of my current configuration. Any help would be much appreciated.

https://pasteboard.co/B8221oeA4w6l.png
https://pasteboard.co/hhE7Fz93ZOJj.png

In your Firewall rules do not specify a SRC Port at all as it will most often be dynamic from the remote sending device.

If you know the traffic will only come from a list or range of particular SRC IPs you can specify them otherwise you are accepting it can come from anywhere on the Internet.

Normally it is bad practice to allow SSH from ANY unless the local receiving device also has its own firewall to filter it further, and having an incoming VPN may be a better option.

Increasingly computers (and some routers) which support being an SSH server may also support installation of Wireguard as a service so you aren't just relying on trusting IPs or a customised port.

The destination NAT (port forward) rules will have an outside destination and inside (translated) destination port which can be the same or different.
It's ok for them to be the same if your devices are listening on those same ports locally.
In other words, you could have SSH arrive at destination port 2222 externally but translated to destination port 22 on the LAN so without needing to change the the standard port for SSH to listen on.

Hi prlzx,

Thank you for your response. I tried your suggestion in removing the SRC port on the firewall rules but unfortunately, I am still unable to browse to the service running on port 8090 or SSH on port 2222. I am testing via a tethered 4G connection (i.e. when device not connected to local wireless) and I am unable to browse the web service that runs locally on 8090 neither connect via SSH on port 2222, as I am able to do locally.

:/

Hi mitchting,

Does your ISP provide you a fixed public IP address or does it change from time to time?

More importantly, do you have a route-able public IP or does your ISP place your router behind CGNAT
e.g. where your router obtains an external address that lies in the range where the first part is 100.64-127…?

Edited by prlzx (Fri 14-Jul-23 15:46:45)

Hi prlzx,

As far as I'm aware, I'm not behind CGNAT. The WAN IP address listed on my router is the same one as that I see when I use a 'what is my IP' site. I do not believe it is static, so changes every now and again.

You can use a simple port scanner which allows for a comma-separated list of ports to test
such as https://dnschecker.org/port-scanner.php
in case your tethering is affecting your results.

Most online port scans only handle TCP but as that is what you are forwarding for http and ssh it should be ok.

If you prefer you can DM me your current public IP and I will test those 2 ports for a response.

Depending on your ISP and supported router you may also have IPv6 setup for your LAN,
in which case your router can allow those ports to that device in the IPv6 firewall without having to forward ports from your router's own address.

Technicolor routers are known to be problematic! Here's another thread with exact same complaint as you for apparently the same router model. https://forums.thinkbroadband.com/technical/f/473564...

I also had this problem years ago when I was with Be Unlimited*! I could not port forward and had to buy a new Netgear router at that time instead.

That's why I always google to find out what router the ISP is supplying. If it is Technicolor/Thomson I avoid as port forwarding simply doesn't work with these routers.