cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
debbie-d
Beginner
2,662 Views
Message 1 of 6

Port forwarding not working for Smart Hub

I have an Aruba RAP connected to my Smart Hub to allow me to connect to my work network which until recently worked without any problems.

 

It suddenly stopped working, and my IT helpdesk have said they tested it on their broadband connection and it worked, but when I got it back it still doesn't work.  The solution they gave me was to make sure port 4500 was open on my ISP, so I have set up port forwarding direct to the Aruba RAP device:

 

Forward Test.jpg

But the port still shows as being closed, and the Aruba device still does not work correctly:

 

Forward Test.jpg

 

I have also tried this both with the DMZ on and off for this device, and it shows as closed still for both options.

 

Could some please check if what I have set up looks correct, and if there are any other options I may try?

 

Thanks! 

0 Ratings
5 REPLIES 5
flamethrower
Aspiring Expert
2,636 Views
Message 2 of 6

Re: Port forwarding not working for Smart Hub

Hi @debbie-d

 

Welcome to the BT Community Forums.

 

There are many posts in the forums relating to the Smart Hub and port forwarding not working or only working for specific ports. These are marked as solved, perhaps there is something there that can help:

 

https://community.bt.com/t5/Connected-Devices-Other/Port-Forwarding-Frustrations-Smart-Hub/m-p/17200...

 

https://community.bt.com/t5/Connected-Devices-Other/BT-Smart-Hub-port-forwarding-for-Humax-HDR-help-...

 

https://community.bt.com/t5/Connected-Devices-Other/Unable-to-get-port-forwarding-working-on-Smart-H...

 

If these don't help, you might want to consider a third party router. There are lots of options to choose from.

 

Cheers

P.

0 Ratings
smf22
Recognised Expert
2,622 Views
Message 3 of 6

Re: Port forwarding not working for Smart Hub

Hi @debbie-d. Not sure of the answer at this stage, but the port forwarding tool you're using doesn't test for UDP, which is what the Aruba Remote Access Point (RAP) would use. The following is a capture from the same site you used to my public IP address (shown as 217.X.Y.Z in the below) and you can see it's only querying on TCP port 4500 and not UDP port 4500.

 

smf22@erx1:~$ sudo tcpdump -n -i pppoe0 port 4500
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pppoe0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
18:32:26.138793 IP 198.199.98.246.54539 > 217.X.Y.Z.4500: Flags [S], seq 4291691460, win 14600, options [mss 1460,sackOK,TS val 4053981425 ecr 0,nop,wscale 8], length 0
18:32:27.130034 IP 198.199.98.246.54546 > 217.X.Y.Z.4500: Flags [S], seq 851028068, win 14600, options [mss 1460,sackOK,TS val 4053981675 ecr 0,nop,wscale 8], length 0
18:32:27.137300 IP 198.199.98.246.54539 > 217.X.Y.Z.4500: Flags [S], seq 4291691460, win 14600, options [mss 1460,sackOK,TS val 4053981675 ecr 0,nop,wscale 8], length 0
18:32:28.126514 IP 198.199.98.246.54546 > 217.X.Y.Z.4500: Flags [S], seq 851028068, win 14600, options [mss 1460,sackOK,TS val 4053981925 ecr 0,nop,wscale 8], length 0
18:32:28.136068 IP 198.199.98.246.54549 > 217.X.Y.Z.4500: Flags [S], seq 508700908, win 14600, options [mss 1460,sackOK,TS val 4053981926 ecr 0,nop,wscale 8], length 0
18:32:29.135122 IP 198.199.98.246.54549 > 217.X.Y.Z.4500: Flags [S], seq 508700908, win 14600, options [mss 1460,sackOK,TS val 4053982176 ecr 0,nop,wscale 8], length 0

To be honest I'm more than a little surprised that an Aruba solution needs a home user to open ports on their firewall. Typically devices such as this would initiate the connection to the wireless controller on a known public IP address. When a device on your home LAN makes an 'outbound' connection to a public IP address the Hub firewall will automatically create the required firewall state i.e., 'holes' in the firewall, to allow the return packets from the wireless controller back to the RAP.

 

You should only need to open ports on the firewall if the wireless controller at your work initiates a connection to your Aruba RAP. If that's the case there's a couple of question that need answering:

 

1. How does the wireless controller know which public IP address to initiate the connection to so it can connect to your RAP?

2. How does your public IP address within the wireless controller configuration get updated when your Hub reboots or the line resets and you get assigned a different public IP address?

 

When I look at the RAP Installation - Updated that I found it shows the 'one-to-one NAT' and 'Port Forwarding' configured on the 'Corporate firewall' not the home users firewall. Furthermore, in the 'Configuration of the RAP' section it shows exactly what I describe above, where the RAP is connecting to a public IP address.

 

Can you confirm with your IT team that they need ports opened on your firewall? And if they say they do, can you ask them to answer questions 1 and 2 above?

debbie-d
Beginner
2,603 Views
Message 4 of 6

Re: Port forwarding not working for Smart Hub

@flamethrower, many thanks for the reply, unfortunately the solutions to those issues don't seem to help, and I have also tried the Aruba RAP on 3 other routers with the same results.  I just need to make sure that I'm doing everything correctly in the set up of the port forwarding to be able to prove that opening this port doesn't work so I can pass it back to my IT support to resolve the issue.

 

@smf22 thank you so much for your detailed reply.  Unfortunately I'm not particularly technical when it comes to this sort of thing, and I wasn't aware there were different port checkers for UDP and TCP, and didn't realise which one the Aruba RAP used.  I have found a site to check the UDP port (https://check-host.net/check-udp?lang=en), and it shows that it's open for port 4500 even without the port forwarding set up! 

 

I had been told by my IT support that I need my ISP to open port 4500 as the Aruba RAP itself works fine for them, I spoke to BT tech support who couldn't or wouldn't help because it related to my work so that is why I was left to try and resolve it myself.  The information you have provided is really helpful for me to be able to go back to them so they can hopefully see that the issue is their end rather than mine, especially now I can confirm the port is open, so thank you again for your help.  Fingers crossed they'll be able to sort it out for me with this additional information.

0 Ratings
smf22
Recognised Expert
2,593 Views
Message 5 of 6

Re: Port forwarding not working for Smart Hub

Hope it's useful, but obviously come back if you have further questions once you've spoken to your IT support team.
0 Ratings
debbie-d
Beginner
2,589 Views
Message 6 of 6

Re: Port forwarding not working for Smart Hub

Thank you, they are now accepting the Aruba RAP is probably the issue mainly based on the information you provided, and are going to arrange to send me a different one that is hopefully configured correctly.
0 Ratings