I will describe the problem that I encounter below which is the error message that I can see in WireShark:
ICMP Destination unreachable (Port unreachable)
I am connecting an IP Camera like this:
IP Camera --> Router(no internet connected) --> My PC Computer
IP Camera IP Address: 192.168.1.101
PC Ethernet IP Address: 192.168.1.104
I have disabled all firewalls in Windows 10 and have no antivirus software
(Above 2 IP are put as static IP Address Reservations in the TP-Link Router)
Now I use some code that I have (I will try to not post the code as I dont think that is the problem).
When I run the code, I use WireShark to sniff out what the problem is and I get as seen in image below this error message:
ICMP Destination unreachable (Port unreachable)
I have googled on this error message and I have red almost every post I can find but no one really tells how to solve this problem. Only what it means.
The image shows the error. However each time I run the code, the source/destination ports changes everytime so they are not static. It could be for example those ports as I tried the code at least 3 times:
Source ports: 65063,64077,51923 etc (PC computer)
Destination ports: 6987,6991,6995 etc (IP Camera)
What is causing this error and what can I do to solve this error?
(Image from WireShark)
Related
I need some help understanding the current situation that I am having with my home network.
My home network is very simple: My ISP is xFinity with a Dynamic IP that doesn't change very frequently. Last IP change occured 6 months ago. It comes into an Arris SB6183 modem that I own. From the Arris, it goes into a Linksys E8540 WiFi 6 Router (or a Netgear R6250 DD-WRT due to troubleshooting). From here, I only have 2 computers: one Linux Desktop, and one personal Windows laptop that I use for web-browsing.
The Linux Desktop machine (LAN IP is 192.168.1.200) has SSHD Service on Port 22. The Router port forwards incoming SSH 22 connection from Internet to Port 22 on 192.168.1.200. Router firewall (SPI) is disabled.
Everything stopped working about 2 weeks ago. I am not able to SSH from outside into my Linux Desktop machine. If I am on the internal LAN, then SSH works just fine.
Using CanYouSeeMe.org shows me that Port 22 cannot connect: "Reason: connection timed out"
Here is what I tried:
Removed the Router and Laptop and plugged in the Linux Desktop
straight into the Arris modem. SSH attempts still shows "Request
timed out"
Made sure that UFW Firewall on Linux is off. No Fail2Ban.
Replaced the Linksys E8450 with Netgear R6250 DD-WRT. No change.
Called xFinity Customer Support and asked "Is Comcast blocking external incoming IPs to Port 22 ?" they responded "We don't block Port 22"
Contacted Comcast Customer Security Assurance and Abuse and asked them to verify if my profile has some Security Profile/Screen in place or some sort of flag. They responded NO.
Then, finally I put a Port Forwarding rule on the router: incoming connection on port 2222 go to SSH 22 on Linux Desktop. And this works!! If I initiate external SSH connection attemps on port 2222 I do indeed connect to my Linux desktop.
In a related news, my Reolink Security APP on my Android Samsung phone no longer connects to my Home Camera over Cellular Data. It connects fine if my Phone connets to the Lan over WiFi.
What are your thoughts ? Does it look like my ISP is blocking incoming connections ? Any help greatly appreciated!
Solution: It turns out ipv6 has got it's own firewall which I didn't know and it filtered out 80 and 443! Thanks so much Nicholas Pipitone!
I'm having difficulties to get apache to accept ipv6 connections (everything perfect on ipv4). Results from ready.chair6.net:
What I tested/tried:
Disabling firewall doesn't change the result
Getting apache to listen on all interfaces or specifically the ipv6 interface doesnt change the result
Executing 'curl https://v6.ident.me/' correctly sends me back my ipv6 address
Netstat tells me that both the ipv4 AND ipv6 address are listening for connections on 80 and 443
I'm really stuck here, what else can I do?
The MX record error means it's having a problem getting the IP address from the DNS servers.
Solution: Try dig +short AAAA $hostname and dig +short MX $hostname, with $hostname being your URL. If you don't see an IPv6 IP in the terminal, then you don't have DNS fully setup. If you just recently setup your URL, then wait a day for caches to be updated. If it's been a while, talk to who you bought the domain name from / who's responsible for making your URL point to your IP.
Note: MX is only for mail. If you don't want incoming mail / that's not what the problem is, then that test is testing something it doesn't have to test, and you can ignore it.
More possibilities: Is the hostname on line 4 the same as the host name on the second to last line? Try pinging that IPv6 address from line 4 on a different computer (Not on the same private network); what do you get?
If you get a response, try nmaping the IPv6 on another computer to see if port 80 is open to the public.
-If the nmap fails then try checking your port forwarding settings if you're behind a NAT. If you're not behind the NAT then something might be blocking the request in-between their computer and your computer (Very unlikely); you can try telnet'ing to port 80 remotely and see if you're getting the requests - because then it's just an apache issue.
-If nmap succeeded, then what do you get? Send an HTTP request over command line from the another computer and see if you get a response.
If pinging doesn't work, then you're just not connected to the internet (o.O), idk how to help with that. If pinging the IPv6 works but pinging the URL doesn't, then dig must not be showing anything and it's the DNS as mentioned previously. If dig does show something in that case, then I'm lost.
Device: Raspberry Pi 2 Model B
OS: Raspbian Stretch ( no desktop ) with static ip
Router: Belkin F9K1103
DNS service: Hosting on Norwegian version of domainnameshop.com
Greetings. I'm in the process of setting up my Pi as a server. The current motive is to be able to ssh into the device from another network and host a Git server on it.
It works great at home using the local ip address, but when it comes to port forwarding port 22, NOTHING works... I've tried for at least 10 hours combined, scavenging the internet for solutions on this topic, rasbian / raspberry related port forwarding or general. Nothing seems to work. I've tried everything it seems, and no matter what i do the tests show that the port is CLOSED.
I'm currently port forwarding the Pi's local ip and port 22 on the networks port 22 ( also tried port 3322 to the pi's port 22 ) on BOTH the router and the modem using the internet provider's own service for port forwarding online ( Telenor ). The Pi is connected with an ethernet cable, and I've tried connecting it to both the router and the modem when doing all the tests. I've also tried to add 'Port 22' and 'Port 3322' in the Pi's SSH configuration file.
I've also tried to use a DNS service in which I'm forwarding my home network's ip address but still no luck.
Can anybody please help me before I go insane? I'm I missing something crucial? I can't count on both my hands how many forum posts I've been reading and guides on both raspberry or general port forwarding..
Ok so I found out what was wrong.
Our modem is quite new and advanced, and the internet provider has their own online admin panel for it with its own port forwarding solution and what not. So this was apparently a case of classic double NAT conflict. The router tries to port forward to the modem which would normally just bridge that onto the web, but the modem is in a sense being port forwarded too by the internet provider and it's own services.
What I had to do was reverting the static IP configs on the Pi, unplug it from the wifi router, then plug it directly to the modem and then port forward it using our internet providers online admin panel for the modem.
Now it works brilliantly.
I don't have a ton of experience with routers or port forwarding, but I do have a new Raspberry Pi and I wanted to see if I could set up a simple Hello World page just for educational purposes. I have quite a bit set up with apache2 already installed and the web page works great on my local area network, however I can't connect to it using my LTE from my phone, telling me this thing does not connect to the internet.
I am currently using Rasbian under all the default settings from the pi.
My router is an all in one modem and router, from xfinity. After sifting through countless sites trying to solve this issue, the following 2 were the closest thing to my particular issue. My reputation is not high enough to put more than 2 links, so I will put the most important ones..
So to the best of my knowledge this is the way to do it ...
1) Set the web server up to work locally
2) Then go into the router with the IPv4 or IPv6 (shouldn't matter which) and forward all Port 80 traffic to, say, Port 8080 where my PI 'should' be listening, then send back my web page down through Port 80 to the client calling the web page.
Under 10.0.0.1 I find this...
Then I go to 'Advanced'
I have tried from Start port 80 to End port 8080, which my 2 PI files I edited to listen for that port.
Those files are under
sudo nano /ect/apache2/sites-enabled-000-default.conf
and
sudo nano /ect/apache2/ports.conf
I changed
Listen 80
to
Listen 8080
and all other combinations alongside changing my router Start and End ports... none of which worked so I am lead to believe there is either a knowledge gap or I am doing something terribly wrong.
I just want to put a simply Raspberry pi web server online from my Local connection at home using a Comcast xfinity router. If anyone has any experience doing, I would seriously appreciate it, I've spent far too many hours trying to walk through this alone, so now I am reaching out to the faithful stackoverflow community.
It sounds like you are almost there.
For you to be able to access your raspberry pi server from the internet, you need to find your external ip address. Your router has one external ip address that you can reach from the internet. While on your wifi, search google for "what is my ip" Google may display it as the top result, or you might have to click into a site like ipchicken. Write this IP address down.
Next, setup your router to forward all port 80 (default http port). Try setting Apache to listen on port 80, and have your router set with start port and end port to be port 80 (this makes it so you don't have to put :port-number in the address, i.e. you will do http://your-ip-address rather than http://your-ip-address:8080). The start port is the port on the external network, the end is the port that your Apache server is running on the raspi.
It looks like your raspi has the ip address of 10.0.0.17 on your local network based on your screen shot. If it doesn't, change the IP address in the port forwarding section of the router configuration to be the IP address of your pi. You can figure out what the assigned IP address of your pi is through the router interface, or by typing ifconfig -a and looking for the ip address of the adapter that you're using to connect to the network. Your router may have the ability to assign a static ip address to your raspberry pi while it's connected to your network. It would say something like DHCP reservation. You'd need to find the MAC address of your pi. You can do that with ifconfig -a as well. Then configure your modem to always assign your pi the same ip address that you've configured in the port forwarding.
Now that everything is setup, switch to your cellular connection and then try to go to the ipaddress that Google gave you.
type your-ip in browser address bar -> port 80 request to your modem's IP -> you've set external port 80 requests to be forwarded to port 80 on your internal network for the device 10.0.0.17 -> your raspberry pi will serve the HTML
Note: The external ip address of your modem is most likely not static unless you specifically pay for a static address. This address usually will stay the same for at least a day though, so if you're just testing, it's not a big problem. In the future, if you want to ensure that you'll be able to reach your pi, look into dynamic dns.
I am running out of Ideas. I did look for others similar subject but almost all suggest firewall or checking if program is really listening on this port.
Because my internet provider su__, their equipment can not forward port 80, I am running my Apache on port 10080, later also try 10081. Because the page never opened I started to investigate with Wireshark. I get some record on this port so I continue testing with writing own TCPServer and TCPClient. I am using the same code except for host and port. In console I get error:
SocketException: System.Net.Sockets.SocketException (0x80004005): No
connection could be made because the target machine actively refused
it 193.77..:10080 at System.Net.Sockets.TcpClient..ctor(String
hostname, Int32 port) at Client.Program.Connect(String server,
String message) in d:\Projekti\ASP.N
ET\Tests\Client\Client\Program.cs:line 33
At this point I can say, that Apache and demo program worked when using for host localhost, but not when I use home.mydomain.si. Of course subdomain is routed to my static ip (because remote desktop is working). Both ports are routed to 192.168.1.27. I use static IP not DHCP.
I add exception for inbound and outbound rules for port 10080 and 10081. Then I even disable firewall. No antivirus is installed. Using Windows 7. Netstat shows that someone is listening on port 10080. Wireshark shows some activity on port 10080. Screenshot Wireshark is for TCPListener program not Apache.
Please share some ideas. I am desperate.