Ports closed when checked with canyouseeme.org

networking router port-forwarding port

11,316

You have confirmed that you are behind Carrier Grade NAT.

This is confirmed by the fact that you have a class-A private address as your routers WAN address. But when checked by canyouseeme.org you see a public address. (The address that is doing NAT/Masquerading)

Contact the ISP to see if you can obtain a public IP number. They are the only ones that can help you in this situation. Another option would be looking for another carrier.

Regards,

11,316

Yashas

Updated on September 18, 2022

Comments

Yashas over 1 year

I am having trouble understanding how ports work.

What I tried to do: I wanted to check if a particular port was open on my laptop. The port that i chose to check was the port used by bittorrent client for incoming connections. Let's say the port used by my bittorrent was 51346. I went to canyouseeme.org to check if that port was open. It showed an error.

Here is when the confusion started.

My bittorrent client is using the port without any issues. It was receiving data which means it must have been listening on that port. So, no firewall issues here. But why does cannyouseeme.org show me an error. I did check with other open port checker tools online. All show me the same error.

So, where am i going wrong? Why is it that I am not able to check if the port was open?

Extra Info (You can skip this if you want)

This is not the first time I am messing around with ports. I first tried to setup a public web server on my laptop with little luck. I had faced the same problem. I was running the server on port 80. But to the outside world, that port was closed. My idea was to access the web server with my public ip address. I tried it on a different port, didn't work. I setup port forwarding, still couldn't access the web server. Disabled windows firewall, didn't work. Initially I thought somehow my ISP is blocking all the ports which sounds ridiculous. I eventually gave up on trying to setup a public web server. Then I had to change my ISP and again gave the public web server idea a shot. Again failed. I still have no idea where I cam going wrong.

My current knowledge on how it all works: Any computer can access any other computer on the internet using the IP address. DNS only comes into the picture to translate the host name into an IP address. So, technically I should be able to access a web server setup on my laptop using my public IP address. But wasn't able to.

If you read till the end, thank you. Please correct me if my understanding of networks is flawed anywhere.

Edit: I am using Windows 10. But tried it with Windows 8.1 as well.
- HelpingHand almost 6 years
  
  On your laptop, the port can be listening, but what address is it bound to?For example,you can have a port listening on 192.168.0.2:80. In this case a client that can access your computer with the above IP address can connect to the port providing port 80 is open from a firewall perspective. Port 80 could be listening on just 127.0.0.1:80. In this case only processes on the local computer can connect to it. It could be listening on all interfaces, i.e. 0.0.0.0:80? I would start by understanding locally what interface the port is listening on. netstat -ano > net.txt would be a good start.
- HelpingHand almost 6 years
  
  ...If it's on an external interface on your computer, port forwarding from your router to it should work but then your IP on your laptop could change if you're getting an IP from your router by DHCP. Was it setup as static on your computer as I'm sure the port forwarding rule would have been to a static IP.
- Yashas almost 6 years
  
  @HelpingHand TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1032 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1536 0.0.0.0:0 LISTENING 692 The netstat cmd did help. So if I am getting this right, the applications listening on above ports are bound to all IP address and not just the localhost. So, I should be able to check online if my port is open and it shouldn't give an error right?
- Yashas almost 6 years
  
  Yes, I have configured a static private IP address in my router settings.
- HelpingHand almost 6 years
  
  That tells me that port 135 is listening on all interfaces and the PID of the process listening is 1032, this is going to be the svchost.exe process that hosts the RPC endpoint Mapper. 445 is listening on all interfaces and the PID is 4 which is the Sytem process - this is file and print sharing/SMB. Port 1536 is listening the PID is 692. No idea what that is, what is PID 692? Just because, they are locally open, doesn't expose the ports to the internet which is a good thing. You'd have to port forward the ports to your computer from the router.
- HelpingHand almost 6 years
  
  Typically you would configure your "server" computer with a static IP from the client in the IP range of your network. I.e. if your router is 192.168.1.1, then at your client, in the interface settings you might set it explicitly to be 192.168.1.10. This way it won't ask for a IP from the pool of DHCP addresses your router is dishing out.
- Yashas almost 6 years
  
  @HelpingHand Okay. I just now created a simple node.js server. And bound it to "0.0.0.0" so that it listens to all ip addresses on port 8080. I disabled my windows firewall. I setup port forwarding by matching the external port 9586 to the internal port 8080 for ip address 192.168.0.103 (my laptop). So, I should be able to get a response from my server using the url: "my_public_ip:9586". Am i right?
- HelpingHand almost 6 years
  
  That sounds correct, I guess it still doesn’t work? On your phone if connected to your network over WiFi or another local device on the network. If you open a browser and navigate to 192.168.0.103:8080 I assume you get a response from node, for example a test page?
- Yashas almost 6 years
  
  @HelpingHand Yes, you are right. I do get a response on my phone which is connected to the LAN. But not able to access it using my public IP address
- HelpingHand almost 6 years
  
  I can only think that the port forwarding isn’t correct, maybe add a screenshot of the router config and details on the make and model?
- HelpingHand almost 6 years
  
  Does your ISP have anything about not allowing the hosting of web servers and services. They could be blocking certain ports but 9586 isn’t an obvious choice to block. Maybe try a few different ones?
- Yashas almost 6 years
  
  @HelpingHand ibb.co/album/cnOXaa This helps?
- Yashas almost 6 years
  
  @Moab There is no all ports button.
- HelpingHand almost 6 years
  
  If you go to: grc.com/port_9586.htm as per the above example, does it show as open as a status? I assume the IP shown is correct, i.e. the same as the one you've been trying? Out of interest, who is your ISP, I'd be interested to read any policies they have regarding hosting external services such as web servers.
- Moab almost 6 years
  
  Sorry, hit proceed then all service ports button....grc.com/x/ne.dll?bh0bkyd2
- Yashas almost 6 years
  
  @HelpingHand The port is shown as stealth. For reference, this is the result i got image.ibb.co/jsCGX8/4.png And the ISP I am using is Act Broadband
- Yashas almost 6 years
  
  @Moab After it checked all ports from 0-1056, all the ports are in stealth. Not a single open port.
- Yashas almost 6 years
  
  @HelpingHand I found something interesting here superuser.com/a/1168771/916378. Could this be the reason for no port being open for me. If so, how do I overcome it.
- Tim_Stewart almost 6 years
  
  @yashas, can you provide the first two octets of your WAN IP address please. This will confirm to us whether or not you are Infact behind carrier grade NAT. You only need to provide something like (10.0.x.x, 172.16.x.x or 192.168.x.x). Do not post the full address
- Yashas almost 6 years
  
  @Tim_Stewart it is 49.207
- Tim_Stewart almost 6 years
  
  This is the address your routers WAN interface is showing being assigned from the ISP? Or are you trying from canyouseeme.org or similar?
- Yashas almost 6 years
  
  @Tim_Stewart That's the weird part I don't understand. The address shown on my router's page is different compared to the public ip address shown by online websites like canyouseeme.org. The above 49.207.xx.xx is shown by canyouseeme.org. But my router shows 10.242.xx.xx. For more info, image.ibb.co/nyuFS8/2.png
Yashas almost 6 years

That makes sense. But I have a doubt. I found this simple static web server called fenix server. It makes your local development publicly accessible by assigning it a temporary domain name on localtunnel which essentially points to your IP address. How come this works if I am behind a CGN?
Tim_Stewart almost 6 years

Erm, execpt for it doesn't actually point to your address. You are creating a outbound connection, (the ssh tunnel) tunnel.me which is on a FQDN webserver that is using the ssh tunnel to reach your Fenix instance. Don't be confused by this, it's a service for people who don't know how to port-forward, or people in your situation that do not have a public IP. This can be verified by doing a whois lookup on the domain name address it gives you. It's pretty well explained in this video. youtu.be/liYneTTtYhM
Yashas almost 6 years

I kinda get it. But I am unfamiliar with SSH tunnels and how the tunnel is used to reach the fenix instance on my laptop. If you know any resources that explain these concepts, please do share. Thanks a lot for you help!
Tim_Stewart almost 6 years

Absolutely, I have heard it called reverse ssh tunneling before. I'm sure you could find plenty of reading material on Google for bidirectional ssh tunneling. Here is a pretty good answer on the subject. unix.stackexchange.com/questions/46235/…
Tim_Stewart almost 6 years

@yashas, have you checked out aws.amazon.com/free/… aws tier 1? You can pretty much host whatever you want.
Yashas almost 6 years

Oh, I didn't know about aws tier 1. It's amazing. It'll help a lot in learning. Thanks for letting me know. Networking is pretty awesome. I am still pretty psyched about Reverse SSH tunneling.