Syrotech SY-GPON-1110-WDONT - Port forwarding - BSNL

[chinninitin]

Hi,

I need to do Port forwarding, (need to direct incoming msgs to particular pc on network) earlier I used to do same with wired broadband,
I am having SY-GPON-1110-WDONT modem, and BSNL FTTH with Fiber Basic Plan, need your help in understanding below

1. I am getting dynamic IP but that's global one, so can I do Port Forwarding in FTTH?
2. If yes, is there any way, or guide can you suggest/help to get this done.

Regards
Nitin

 

[CHOPSHOT]

I have the same router as well and I have setup port forwarding on mine for torrent.

1) Dynamic IP shouldn't be a problem.
2) I'm no expert at this but I did mine with trial and error because I couldn't find any good guides out there.

Since you've mentioned that you've done it in the past so I'm assuming that you know the basics but I understand that the cheap router interface makes it difficult to find the port forwarding settings in the router interface.

You can find port forwarding settings under Application > Advanced NAT > Nat Configuration tab once you've logged into your router.

Once you've had a look at the contents of the NAT Configuration tab just let me know if you have some specific doubts or you need a detailed guide from start to end, I'd be happy to help to the best of my abilities.

 

[chinninitin]

@CHOPSHOT

Thanks for replay and I had tried gathering some help from google, youtube etc, but unable to figure out, I suspect BSNL is blocking ports opening and forwarding , it would be great help if you can share your settings.
or with my experience/study I concluded that following things needs to be verified for this, can you help with below settings


1. Network -> Internet -> NAT Configuration , what is the NAT value, NAT1..NAT2. NAT3. NAT4 ?
2. Application -> Advanced NAT -> DMZ configuration needs to be disabled or enabled? I guess we need to give IP address of device which needs to get communications from Global IP to that device IP on particular PORT is it correct?
3. Application -> Advanced NAT -> NAT Configuration, I have few queries, What is " Server IP Addr" and "Internet IP Addr" setting to fill with? as per my understanding Server IP means the IP address of end device/PC and Internet IP means the Global IP allocated on particular instant (Static/Dynamic) , I am correct? please correct me with your settings.
4. apart from above, have you done anything on UPNP setting? Application -> UPNP -> UPNP Configuration

if we can workout and get success, we will make (I do it) document and publish here in the interest of others

Thank you,

 

[CHOPSHOT]

Hi @chinninitin , I had a decent chat with BSNL officials of my area and at least here they are not blocking ports from being opened or forwarded.
Regarding your queries:

1) I know our routers have NAT 1-4 but back when I was doing my hit and trial experiment with port forwarding every where on the internet i could only find NAT 1-3 with the following categories:
NAT 1(Great but largely open and less secure)
NAT 2(best mix of security and being open to requests from outside the network)
NAT 3(very restrictive and secure as well but may create problems for requests coming from outside the network)

MINE IS SET TO NAT 2

2) DMZ doesn't have to be enabled for enabling port forwarding. Large businesses may use DMZ to keep their servers hosting their public website(which is accessible to the whole world) separate from their internal servers (only accessible to the employees etc. of the company) on a single network.

MINE IS SET TO DISABLED

3) This is the part which is most ambiguous on the internet because the particular nametags ("Server IP Addr" and "Internet IP Addr") used by these cheap routers are not explained easily on the internet, so your understanding pretty much matches mine on this one. So basically this setting is required so that :
3.1) External devices send packets to the external IP address (Internet IP Addr) and port (External start port and External end port)
3.2)The NAT router maps those packets and re-transmits those packets on the Internal network to the internal IP address (Server IP Addr) and the Internal Port (SPORT).

One important thing is that you need to assign your device the one that needs to communicate with the outside devices to have a static internal IP address (e.g : 192.168.1.10) which you will then fill up in the Server IP Addr field and leave the Internet IP Addr field empty if you have dynamic Ip and in case you have a static IP assigned from BSNL then fill that one instead and the respective ports which need to be opened as per the internal and external side of the network.

4) UPnP, if you enable it then you don't have to open or forward any ports as it will automate that process for you but it will do it for any kind of incoming request coming into your network from outside on any port and hence it is less secure, so i personally recommend to port forward only the required ports.

MINE IS DISABLED

If you have any other doubts do let me know, I'd love to help you with that document.

Again I'm no expert in this it's just what I learned from my hit and trial attempts, but I'll try to help as best as I can.

 

[chinninitin]

@CHOPSHOT

Thanks a lot, did some experiments today,

1. Changed NAT4 to NAT2
2. DMZ as set earlier to my one of local IP 192..x.x.x and left enabled as is.
3. NAT advanced settings I created rule with port and 192.xxx IP as server IP and Internet IP I just left it blank, ( got message saying leaving field blank will lead to get traffic from any IP, infact we need this only )

Made Herculas Setup utility set to Server mode to listen port 4000 and used some TCP client app from mobile (Mobile connected to vodafone) and tried connecting and communication works fine, I am able to send query to server and server able to reply back.
Purpose solved.

Now Disabled DMZ (also restarted modem to makesure no other issues) and tested same pattern, working fine and able to do server client communication on given port.

let me do some more work on this and then will get back to you with results and also I will document with snapshots

Once again Thanks a lot.

Regards.
Nitin

 

[CHOPSHOT]

@chinninitin You're welcome, Glad to hear that it's working for your use case.

So does this kind of prove that DMZ is optional for port forwarding and may not be necessary for average users for the purpose of gaming or torrent, because that is what my understanding was from scouring the internet?

I simply wanted to port forward for torrent and so I did all those experiments in the past the result of which is that I was able to answer your queries (Hopefully it helped), so you seem pretty knowledgeable about this stuff, out of curiosity If you don't mind could you please explain what that Hercules utility is and its applications?

Also, just a friendly reminder that don't forget to censor any personal details while taking screenshots.

Regards,
CHOPSHOT

 

[chinninitin]

@CHOPSHOT

Nice conversation going on.. lot of interesting things to share with you
1. YES, DMZ is not necessary and its purely optional , fact is, if some one using DMZ, no need to use NAT and port routing, DMZ diverts all port conversations to particular IP which we configure. This may leads to security threat opening all ports, so if our application requires particular port(s) , recommended to use NAT only,

2. Coming to Hercules tool, its just network testing tool available online for free, Hercules SETUP utility | HW-group.com where you can test serial ports, or sockets like this, so how use this tools to check my PC accepting incoming traffic from remote clients, means I will configure this tool as "server" with port number, and I know IP, I know port, so any TCP client software or same Hercules tool in different PC can communicate with this PC by connecting as "client" and exchange data. I am attaching snapshots exp1. Configured server at PC and conencted through mobile app and sent Hi Hello, exp 2. opened another instant of Hercules app on same pc/anther PC and connected to server as client and sent some data.
Source
Here you can view pics

and another interesting things NAT1, NAT2.... NAT4 , NAT1 and NAT2 gave me another issues using Microsoft Teams, so I kept setting back to NAT4 and now its working fine and MS teams also working fine

Soon will make document in detail

Regards
Nitin

 

[CHOPSHOT]

@chinninitin We're having a pretty insightful conversation here.

1) So by this account it seems DMZ is pretty similar to UPnP as far as opening all ports go but it's more secure than UPnP because as far as my understanding is DMZ creates sort of a virtual sub network within the same network so only the devices within the sub network are at risk whereas in UPnP every device on the network is at risk.

2) Sounds like an interesting tool, I'll try to experiment with it in my own free time to what else can be done.

Regards,
CHOPSHOT

 

[chinninitin]

@CHOPSHOT

Yes, UPnP (Universal Plug n Play) over network leads to open all traffic and all ports, and of course Big Security threat if we use for this kind of router where it acts as interface between LAN and WAN,
if it is only LAN no problem , it allows to share resources like network drives, printers and scanners etc. but out side network, big question mark,
for out side network people to access internal resource, best way is VPN (controlled and firewall environment)

tool is good, you can also try packetsender application also.

tried understanding NAT1,2,3 but no where im able to get proper document about it, every one talks with respect to Playstation and NAT1...2..3..
unfortunately NAT4 I never found, but in my modem that was the default setting. some thing un documented?

Regards
Nitin

 

[Luciifer]

@CHOPSHOT @chinninitin
Hi, I am also using BSNL, while trying to connect a friend system using Parsec , I am not able to connect. Getting "Failed to make Peer to Peer connection". Help me with this if you can.