[RESOLVED] 2 questions: Port forwarding and port 25

First question:
Has anyone else had this problem? I try to forward/open ports on my router but it keeps saying network cable unplugged, then it reconnects, then it does this over & over again every 1 or 2 minutes. I have tried resetting the router/modem and not sure why this is happening. I have a Linksys Etherfast® Cable/DSL Router BEFSR41 with latest firmware.

Second question:
I can't seem to connect to SMTP servers on port 25. Even servers that I know are running. I have no firewall installed and the XP firewall is disabled. I am using Knology as my service provider. Do some ISPs block connections to port 25 to prevent e-mail spamming? I'm trying to write an SMTP server and this is proving to be a big problem. I saw nothing on their site mentioning this but haven't tried calling them yet.

Any sort of help or advice is welcome. :sick:

you should be able to access your router through IE, type the default gateway in to the address bar, this sometimes varies, usually 192.168.1.254 works, but i used to have a linksys & that needed 192.168.0.1, you should then get the setup for the router appear in IE, there usually is a page regarding ports / allowing / blocking etc...
if you get a login box appear, it's usually admin as the name & pass.
this could be the answer to both your questions.

if it's a linksys it's blank username and admin as pass.

that router has a built-in firewall. It's possible for a program to change the settings for that router through upnp. check the settings. It's a really annoying tab interface but you should be able to puzzle yourself through it.

It is common for ISPs to block port 25 SMTP traffic. Some of them will proxy any port 25 connection to the SMTP server they provide for your use as part of the services bundle.

Many don't mention this, but may state that any automated transmission of email is a violation of your terms of service.

Quote:

---

Originally Posted by dilettante

It is common for ISPs to block port 25 SMTP traffic. Some of them will proxy any port 25 connection to the SMTP server they provide for your use as part of the services bundle.

Many don't mention this, but may state that any automated transmission of email is a violation of your terms of service.

---

Though, from experiences you wouldn't want to send email from your home internet connection anyways (I'm assuming we are all using a dynamic IP). If you send email from a dynamic IP, about 90% of email providers just drop it without even looking at it.
It's stupid, but you gotta live with it. One solution is just to forward all email to your ISP's email servers. Contact your ISP for their SMTP server details.
I'm also assuming you already have a mail server picked up. Just tell your mail server to relay all outgoing mail to your ISP's SMTP server (usually on port 587). As far as hosting email, I don't think you want to get into that nightmare. Imo, use google apps to host your email.

can you telnet into the server? Try port 24. But i am going to have to agree here. I did a tiny amount of research and found this.

Just a note that I would like to point out.
If you can't telnet to your server FROM THE OUTSIDE (ie your friends house) to some service that you have running on port 25 (ie SMTP) you CAN NOT run email services for yourself. You CAN send, you just can't receive, as the RFC says that the mail server must be on port 25.
Which the ISP's had misinterpreted...as they block port 25 to block you from sending spam, but in reality it only affects the honest consumer/network administrator because the spamming software can still use another port to send email. Sorry, I'll stop ranting now ;).

Yeah I've been HTTP'ing to my router to open/forward the ports that I want open. http://192.168.1.1. Everytime I add a port to be forwarded, my connection drops out at seemingly random intervals...

"Network cable unplugged...", 2 seconds later, "Local area connection connected".......a few minutes later, "Network cable unplugged"...over and over again.

I enabled the DMZ option and then reset the router and modem and for some strange reason it seems to be working without any problems.


2nd question, port 25 still isn't working. Meaning, I cannot open a remote connection to a server running on port 25. ex: Telnet smtp.comcast.net 25...fails. It happens for all SMTP servers I try to connect to. It must be Knology preventing me from "sending spam" which I don't want to do. I'm writing SMTP server software and my server needs to connect to other servers on port 25 so now I am unable to test it...:mad:

That's weird. You wouldn't happen to have flashed that with DD-WRT firmware did you? Or any other customer firmware?

For your second question, you don't need the internet to work any sort of server software. It is perfectly fine to configure it and work on it locally. ie you could setup your own DNS server, and have a record for lets say yourcomputername or yourcomputername.tld. You could even take that a step further and add a A record to a domain you already have to a private IP address. So test.yourdomain.tld would resolve to 192.168.1.x and although no one on the outside would be able to use it, you could still use it for internal purposes.

Thanks killerdragon. I need to test if it can send e-mail out to other accounts (hotmail, yahoo, etc). This will be commercial software.

I don't remember the port 25 ever being an issue but to answer your question, I have installed the latest firmware not too long ago from the LinkSys website and that could be it.

Does resetting to factory defaults reset the firmware? Is there anyway to get it back to how it was when I bought the router? I could try "downgrading" if that's possible but I'm not sure which version I should get, I may have to try them all.

Uh huh? I did Telnet smtp.comcast.net 25 from here in Missouri on an ISP most of you would not know and it accepted my connection and responded to the HELO.

An ISP may or may not block port 25, and may only choose to do so based on the network of origination.


"If you send email from a dynamic IP, about 90% of email providers just drop it without even looking at it." An email server can NOT know if the IP you are using is dynamically assigned or not, so I don't know what this statement means.

DigiRev - do you use something to receive your email locally, like outlook? I wouldn't make a lot of changes to ANY router unless you know what you are doing.

A lot of "Home" routers reboot when changes(or certain kind of changes) are made, which causes the loss / up sequence you see on your PC.

Quote:

---

Originally Posted by dbasnett

Uh huh? I did Telnet smtp.comcast.net 25 from here in Missouri on an ISP most of you would not know and it accepted my connection and responded to the HELO.

An ISP may or may not block port 25, and may only choose to do so based on the network of origination.

---

Comcast may block you if you start to send out mass amounts of emails, I was capped at around 10-15/day. Your millage may vary with this, but most ISPs will do a blanket port 25 block as a VERY BAD effort to stop spam. Comcast is really bad about unblocking it once it is blocked for you, on the other hand AT&T is very forgiving. Again, your millage may vary.

Quote:

---

Originally Posted by dbasnett

"If you send email from a dynamic IP, about 90% of email providers just drop it without even looking at it." An email server can NOT know if the IP you are using is dynamically assigned or not, so I don't know what this statement means.

---

I don't know how to show you, but the email server itself really doesn't know, but what it does is it queries some (or several) spam database and if it's on there the database will report why and the email server will then relay that back. How does it know this, you might ask...IP addresses are assigned in ranges by ICANN. Not only do ISPs get specific ranges (or blocks if you will) for IP addresses, the same concept goes for dynamic vs static IPs. More than likely if you asked your ISP what blocks it has for dynamic vs static, they will tell you (after being on hold for a couple of hours of course). I can't think of a spam database that does it off the top of my head, but they do exist I have seen them with my own 3 eyes -> :afrog:

I know my way around the router settings. ;)

The port forwarding is working now and has not dropped the connection the past couple days (I just enabled DMZ for my computer since I need a lot of different ports accessible from the internet). I guess sometimes it works and sometimes it doesn't.

Connecting to any SMTP server on port 25 still fails. The only explanation I can think of is Knology trying to prevent spam mails.

k1ll3rdr4g0n -
I don't know how to show you, but the email server itself really doesn't know...
that is what I said. I agree that there are mechanism's for detecting SPAM based upon IP, but once you leave your network the IP the mail server see's is not the one that you originated with. When I telneted to COMCAST they did not see my 10.x.x.x IP address.

IP addresses are assigned in ranges by ICANN.
IANA assign's blocks of Routable IP's as well as ASN's.

Not only do ISPs get specific ranges (or blocks if you will) for IP addresses, the same concept goes for dynamic vs static IPs.

What?????

An ISP has a set or sets of Routable IP's. These are normally reserved for applications that require Routable IP's or are pooled for day-to-day Internet access via NAT'ing. Typically the ISP's internal network consist of Private IP's that they assign in any manner they choose.

When did you work on your first IP Network?

Quote:

---

Originally Posted by dbasnett

k1ll3rdr4g0n -
I don't know how to show you, but the email server itself really doesn't know...
that is what I said. I agree that there are mechanism's for detecting SPAM based upon IP, but once you leave your network the IP the mail server see's is not the one that you originated with. When I telneted to COMCAST they did not see my 10.x.x.x IP address.

IP addresses are assigned in ranges by ICANN.
IANA assign's blocks of Routable IP's as well as ASN's.

Not only do ISPs get specific ranges (or blocks if you will) for IP addresses, the same concept goes for dynamic vs static IPs.

What?????

An ISP has a set or sets of Routable IP's. These are normally reserved for applications that require Routable IP's or are pooled for day-to-day Internet access via NAT'ing. Typically the ISP's internal network consist of Private IP's that they assign in any manner they choose.

When did you work on your first IP Network?

---

If Comcast's SMTP server do not see your IP address then how can they route the packet back to your computer?
Also, every IP is in the message header, I'll PM you a sample. The IP includes the sender's IP and the IP address of the sending SMTP server. And for the record, when I telneted into smtp.comcast.net and sent ehlo, it recongized my public IP address.
Let clarify something, 10.x.x.x is a private IP address. No server on the internet should ever see that. The IP address you should be concerned about is your public. Now, lets say that smtp.comcast.net somehow did see your IP address as 10.x.x.x (highly improbable as this would have to be done at some OSI layer, you know that thing) smtp.comcast.net would have no idea how to route that packet back to your machine because who knows where that network exists, so it does one of 2 things: sends the packet to a router that might know where its at or just drops it. More than likely it will just drops it. In the case that it did see the IP address as a private IP address it should never make a connection let alone return any packets back. Your external IP address can be seen here: http://www.whatismyip.com

Any "real" ISP I knew never hands out private IP address. Maybe if you were running your own wireless ISP, thats one thing, probably other wireless services (such as starbucks) run a linksys router that hands out private IPs, BUT almost any internet connection that goes to the property almost will get its own external IP address. Dial-up, broadband, and DSL are 3 I know for sure, and I would almost bet 10 cents that fiber is the same way. If it doesn't, and you are getting private IP and paying anything more than 10$/month you are getting ripped off.

Oh yeah, since you asked, I was just starting to work with computers with IPX was getting phased out/TCP was becoming the dominant networking protocol. Since then I have worked on several types of networking equipment, linksys, netgear, dlink routers. This recent semester in college I setup a Cisco swtich, Cisco router, and a PIX. Lots of fun :D

Oh and also its not "IP Network" its just network. Not all network's used IP addressing schemes, example token ring. Anyone still alive to talk about that? ;)

Edit: Email sent.

Technically, a mail server like Comcast or Hotmail, or whatever, could do an MX lookup on the sending IP address/DNS name to see if it is actually an e-mail server or not. So it is not impossible but that would slow things down.

Regardless, blocking access on port 25 is just stupid. :mad: And to think I'm paying > $100/mo for their service.

it's standard to do this. You have to shell out extra for a "business" account, which also increases your upload speed.

Quote:

---

Originally Posted by DigiRev

Technically, a mail server like Comcast or Hotmail, or whatever, could do an MX lookup on the sending IP address/DNS name to see if it is actually an e-mail server or not. So it is not impossible but that would slow things down.

---

You are confused on what an MX record really is. MX is just telling the internet "hey my mail servers can be found at these locations" AND you are also allowed to specific which mail servers are contacted in order. SPF is really what you want, but it's not really adopted.

Edit: By adopted, I mean its not really emphasized in mail servers. Like, a popup doesn't come up saying "you should setup a SPF record for your domain if you haven't already!"

Quote:

---

Originally Posted by DigiRev

Regardless, blocking access on port 25 is just stupid. :mad: And to think I'm paying > $100/mo for their service.

---

I'm with you on that one, fortunately so do many others. Hell, you know that some ISPs even redirect port 25 to THEIR mail server. So, what ever emails you send, they could read (AOL is one example). But, we are at the mercy of the monopoly ISPs and how they want to run their networks. Comcast even thinks they could prevent traffic to a certain P2P system. The FCC gave Comcast a long glare and eventually they agreed to take out that system, I believe it was called sandvine.

You can request port 25 be opened, but good luck with that. I have actually had success with AT&T, though even they are a little weary to open it up right away.

And also, for the record, an SMTP server can be run on a port other than 25. Say port 26. So, the port 25 block does nothing but hurt the honest customers and people who want to host their own email. The RFC says that for you to send email, the server doesn't have to be listening on port 25, it just has to be on port 25 if you want to get email.

:mad: kill - read my post carefully, Please.

I said that Comcast did NOT see my Private IP address. Please DON'T send me IP packets, I was sniffing packets, probably, before you were born. And I don't need calrification about RFC1918 addressing or IP routing in general.

"Any "real" ISP I knew never hands out private IP address." If you have COMCAST I have $100 bucks that says your cable modem has a Private Network Number, unless you are paying extra. edit - Matter of fact, I bet any Major ISP is only handing out Private Network Numbers.

I have been a Networker sincel the late 70's. HDLC, Token Ring, FDDI, ISDN, Ethernet, SONET(T1 - OC48), ATM, and WDM / DWDM. It isn't a real Cisco Router unless it takes up over half of a rack, and preferably a whole rack.

My first IP network(circa 78-81):

Honeywell DN355 <----------> BBN C-30

If you search on those terms you might even be able to come up with a name for that network, you may have even heard of it.

Quote:

---

Originally Posted by dbasnett

:mad: kill - read my post carefully, Please.

I said that Comcast did NOT see my Private IP address. Please DON'T send me IP packets, I was sniffing packets, probably, before you were born. And I don't need calrification about RFC1918 addressing or IP routing in general.

"Any "real" ISP I knew never hands out private IP address." If you have COMCAST I have $100 bucks that says your cable modem has a Private Network Number, unless you are paying extra. edit - Matter of fact, I bet any Major ISP is only handing out Private Network Numbers.

I have been a Networker sincel the late 70's. HDLC, Token Ring, FDDI, ISDN, Ethernet, SONET(T1 - OC48), ATM, and WDM / DWDM. It isn't a real Cisco Router unless it takes up over half of a rack, and preferably a whole rack.

My first IP network(circa 78-81):

Honeywell DN355 <----------> BBN C-30

If you search on those terms you might even be able to come up with a name for that network, you may have even heard of it.

---

If comcast is handing out private IPs then why is it I am able to port forward port 80 on my router and able to access the server from a friends house using the IP address that comes from comcast? Or from my AT&T DSL connection for that matter?
And that wasn't an IP packet I sent you. That was an email + headers.
A packet would have looked like this:

Quote:

---

3 0.000000 192.168.1.122 66.199.250.170 TCP TCP: Flags=.S......, SrcPort=3879, DstPort=8911, Len=0, Seq=4016349710, Ack=0, Win=65535 (scale factor not found)
00 40 10 10 00 01 00 18 F3 E5 ED AB 08 00 45 00 00 30 26 E9 40 00 80 06 D4 4A C0 A8 01 7A 42 C7 FA AA 0F 27 22 CF EF 64 A2 0E 00 00 00 00 70 02 FF FF C0 E9 00 00 02 04 04 EC 01 01 04 02
.@......óåí«..E..0&é@.€.ÔJÀ¨.zBÇúª.'"Ïïd¢.....p.ÿÿÀé.....ì....

---

And the email was just showing you that, indeed, there is mechanisms in place for tracing the origin of an email sender. And even if comcast doesn't see your private IP, they see your public IP which gets traced back to your ISP and your ISP can trace that back to you. It would be up to you to figure out which machine on your network it came from, but if its residential that's usually trivial.

And the router I was working on was rack mounted and took up about half the rack. I could get the model numbers if you are really interested. Though, they didn't have an updated IOS, partly because the university I am attending can't afford an upgrade and it was just donated equipment...so they worked with what they got.

And calm down, I haven't seen someone get so angry when I was trying to explain how I am right. A good argument entails point - counter point - point - counter point. Not point - counter point - get angry + point - counter point.

k1ll - go ahead and tell me the first octet of you and your friends IP address in the cable / dsl modem?

Please don't send me anything unless we agree that you should.

You obviously have missed my hints.