HCHTech
Well-Known Member
- Reaction score
- 4,197
- Location
- Pittsburgh, PA - USA
So I went to a potential new clients today, a small company that manages standalone ATMs (think non-bank units). They had an amicable parting of ways with their previous IT vendor. I found the standard list of someone not really being cared for properly - no backups, no firewall, no organization, no surprise. - ha.
Anyway, they were surprisingly receptive to fixing these problems - we'll be doing monitoring and managed antivirus, installing a firewall, and organizing their backups. The owner was telling me about trying to get a new software for managing their clients' machines working. It sounded to me like a simple networking issue, so I foolishly offered to "take a look" while I was there. When will I ever learn?
They have business FIOS, and with one of their standard gateways. The software vendor had failed in an earlier attempt to forward the required ports. I figured I could fix that quickly to get them a head start on training until we could get our firewall installed.
You can probably guess the next part. 90 minutes later, I threw in the towel with only a partial success. There were a total of 8 ports that needed to be forwarded to the workstation this software was using as a "server". So I gave that machine a static IP, then set about creating the forwarding rules in the FIOS gateway. They have a pretty standard setup where you create a forwarding rule containing the ports you want to forward, then assign that rule to the IP address of the machine you want to forward to. Seems simple enough, took me less than 10 minutes to put that in place, but naturally, it didn't work. Checking with a port scanner showed those ports were all still closed. I should say that I had disabled the computer's firewall just in case that was affecting things.
After struggling with different settings, I erased everything and started again from scratch with a single port so there would be fewer variables. Turns out if I specify an "Any --> port#" rule, it worked. "port# --> port#" rule did not work. Ok, fair enough. Created the group rule again using "Any --> port#" entries, applied the group to the machine's IP, and no go. I tested each of the 8 ports separately, and found 1 of them worked, but 7 did not. The working one wasn't first on the list, but maybe their box doesn't like doing groups. I created 8 separate rules and applied them all to the machine's IP, and still only that single rule worked. I rebooted the gateway again, no change. One last time, I deleted everything and put it all in again as a group rule, applied it, then rebooted the gateway before testing. Now, 6 of the 8 ports were working. I checked very carefully that there were no conflicts with other rules, tried creating a second group of just the two troublemakers from the first group, but no go. I deleted everything again and created just a single rule with one of the ports that worked before, it still worked. I then edited that rule to replace the port with one of the ports that failed, and it still failed.
In the end I put back in the group rule with all of the required ports, applied it and we were back to 6 working and 2 not working. That let most of the functions in their software work. Once we get a real firewall in there we can do it right - but seriously, I don't even know why I tried making that piece of junk work, I should know better.
Anyway, they were surprisingly receptive to fixing these problems - we'll be doing monitoring and managed antivirus, installing a firewall, and organizing their backups. The owner was telling me about trying to get a new software for managing their clients' machines working. It sounded to me like a simple networking issue, so I foolishly offered to "take a look" while I was there. When will I ever learn?
They have business FIOS, and with one of their standard gateways. The software vendor had failed in an earlier attempt to forward the required ports. I figured I could fix that quickly to get them a head start on training until we could get our firewall installed.
You can probably guess the next part. 90 minutes later, I threw in the towel with only a partial success. There were a total of 8 ports that needed to be forwarded to the workstation this software was using as a "server". So I gave that machine a static IP, then set about creating the forwarding rules in the FIOS gateway. They have a pretty standard setup where you create a forwarding rule containing the ports you want to forward, then assign that rule to the IP address of the machine you want to forward to. Seems simple enough, took me less than 10 minutes to put that in place, but naturally, it didn't work. Checking with a port scanner showed those ports were all still closed. I should say that I had disabled the computer's firewall just in case that was affecting things.
After struggling with different settings, I erased everything and started again from scratch with a single port so there would be fewer variables. Turns out if I specify an "Any --> port#" rule, it worked. "port# --> port#" rule did not work. Ok, fair enough. Created the group rule again using "Any --> port#" entries, applied the group to the machine's IP, and no go. I tested each of the 8 ports separately, and found 1 of them worked, but 7 did not. The working one wasn't first on the list, but maybe their box doesn't like doing groups. I created 8 separate rules and applied them all to the machine's IP, and still only that single rule worked. I rebooted the gateway again, no change. One last time, I deleted everything and put it all in again as a group rule, applied it, then rebooted the gateway before testing. Now, 6 of the 8 ports were working. I checked very carefully that there were no conflicts with other rules, tried creating a second group of just the two troublemakers from the first group, but no go. I deleted everything again and created just a single rule with one of the ports that worked before, it still worked. I then edited that rule to replace the port with one of the ports that failed, and it still failed.
In the end I put back in the group rule with all of the required ports, applied it and we were back to 6 working and 2 not working. That let most of the functions in their software work. Once we get a real firewall in there we can do it right - but seriously, I don't even know why I tried making that piece of junk work, I should know better.
