Port Forwarding / NAT / Router Issues

Buffalo technology /
November 11, 2010 at 19:56:42
Specs: Windows XP SP2, 2GB
Hey All,

What I'm attempting to accomplish is very simple, and something I've done many many times before. None the less, I've now spent 2 days messing with it and can't seem to make it work. I look forward to you pointing out my ignorance on the topic as it will certainly come as a welcome relief!

Here's my situation:
Internet Connection: Fiber-optic DSL | Internet comes directly in to WAN port on router. Dynamic IP address.

Current Router: Buffalo Air Station w/ latest version of Tomato firmware loaded.

Device to access from outside world: Has a web interface on port 80. It's accessible internally. IP: | Device CAN BE pinged internally from router as well as web interface accessed via a computer.

Router IP:

I don't have an STATIC IP, but here's the current IP:

To get around NOT having static IP, I'm using No-IP:

MAC Address 00:24:A5:6F:9E:95
Connection Type DHCP
IP Address
Subnet Mask
MTU 1500
Note that when I lookup my IP, I receive this:
Your IP Address is
On one site...
and on another site:
Your IP Address Is:
(My App isn't accessible through EITHER URL)

I've configured port forwarding in order to gain the access I need. Here's how I've done so: (Using Tomato)
App: Miox
Port From: 80
Protocol: Both
IP Address:
Port To: 80
Enable: Checked
This does not work. It's not accessible via the IP nor the URL. If I use a port checker like in this example...
I just checked a port (9211) which was a random port I attempted to forward to port 80...using a port checking tool, and here's what I got:
Error: I could not see your service on on port (9211)
Reason: Connection refused

Notice my IP. It's different!
This is what my public IP actually is:

This site: http://www.canyouseeme.org/

Initially returns the PROPER public IP. But AS SOON as I check for an open port, the results that are returned give me THE OTHER IP that I listed previously. (

I tested this on our router here at the office, and I don't get these mixed results. I get a consistent IP returned. Same router, same software....

I was wondering IF I was only returned with the NAT'd IP if I tried to access a port that I'd attempted to forward. That's not the case though, any port returns the NAT'd IP.
Error: I could not see your service on on port (21)
Reason: Connection timed out

So I came up with the idea that maybe it's port 80. I went and using Tomato forwarded a random port, like 9911 to port 80 on the proper local LAN IP. (
I went to a port checker site, tested it, and it came up as blocked...
and of course wasn't accessible via this URL:
-or- this one...

What's crazy, is in a matter of SECONDS, I setup port forwarding on our router here at the office (same router, same software) and it worked fine...
Immediately tests as forwarding port 9911 to port 80. I don't even have a service setup on port 80 for the forwarding, but it tests as open. Unlike the other location that I'm trying to do this on.

Here's a few more details about the situation:
----------TOMATO DEVICE LIST ---------------
Interface MAC Address IP Address Name RSSI Quality Lease
vlan1 00:02:5D:1B:B0:00
[oui] [static]
br0 00:19:DB:6E:2B:90
[oui] [static]
br0 00:05:E4:00:FD:DB
[oui] [static]

-----------TOMATO ROUTING TABLE------------
Destination Gateway Subnet Mask Metric Interface * 0 br0 (LAN) * 0 vlan1 (WAN) * 0 lo
default 0 vlan1 (WAN)

I'm stumped here. I don't have a clue what could be causing this.

I truly appreciate any help and advice you can offer!

See More: Port Forwarding / NAT / Router Issues

Report •

November 12, 2010 at 06:56:06
Some ISPs block port 80 to prevent web servers from being run at home. Try remote desktop to test access instead.

How do you know when a politician is lying? His mouth is moving.

Report •

November 12, 2010 at 07:31:38
Thanks for the Info! I had previously called the ISP to verify port 80 incoming isn't blocked. We are safe. Any other ideas ?

Report •

November 12, 2010 at 07:37:49
How often does your IP change?

I have DHCP on my ADSL at home but the IP never actually changes unless the MAC address of the external device changes. I have a friend who lives far away who's provider has his ADSL setup to change his IP every 20 minutes or so.

The only problem I see for you is if yours changes quite frequently like my friend's does.

If it doesn't, then I suspect you've just configured your port forward incorrectly is all. Kill the one you've already created and redo it.

You can test using RDC (it uses port 3389) like guapo said to verify everything is working correctly.

Make sure your remote computer is connecting to the correct external IP.

I would double check the external IP in tomato, and then with an internal (LAN) client, I would verify by going to "what's my ip" (google it and follow the link).

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***

Report •

Related Solutions

November 12, 2010 at 07:44:21
I'd say at the very least it changes every 24 hours.

I've reconfigured the port forwarding many many times. No luck:(

As noted in my original post I've tried other ports as well...

I appreciate all your help.

Report •

November 12, 2010 at 08:20:41
I'm guessing you didn't try RDC?

It would be interesting to see if it works properly or not. If not, I'd suggest you have an issue with the target PC then and not the forward or external IP.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***

Report •

November 12, 2010 at 12:13:40
I did that test as well. Says it is closed:
Port 3389 is closed on

Report •

November 12, 2010 at 15:46:20
Use nmap or another port scanner on whatever your current address is. Do it from a neighbor's house.

How do you know when a politician is lying? His mouth is moving.

Report •

November 12, 2010 at 18:40:19
I had the same thing at my last client offices. Every time you send "my IP" request it would go via different proxy servers, hence different IPs every time, and absolute impossibility to connect from outside using those IPs, because to get in you need yet another IP - of the actual firewall server. Talk to ISP support about it.
Oh, got to write about it on my home networking blog

Report •

November 15, 2010 at 19:04:44
Thanks to everyone for your replies. I verified with our ISP last week during this issue that port 80 incoming IS NOT blocked. They claim they don't block it ;)?

Also, I'm pretty sure at this point that is NOT the issue.

To be safe, I've purchased a static IP.

Using the static IP, I have successfully unblocked 3389 (RDP) pointing to the one desktop on the network. This reports an OPEN PORT!

So...Under the theory that my ISP is lying to me and really IS blocking port 80, I then told 3389 to redirect to PORT 80 and to the local IP of the device I'm attempting to access.

A new test immediately resolves: CLOSED! - Timeout.

Makes me believe the local device is screwed up. EVEN THOUGH, I can ping the device from the router, and access the web interface locally.

What do you think of this theory?

Report •

November 16, 2010 at 07:31:15
Could it be your IIS or Apache configuration? What server software are you using & what OS?

How do you know when a politician is lying? His mouth is moving.

Report •

Ask Question