Trouble Shooting Port Forwarding for HP Media Server
Posted on | February 21, 2011 | Comments Off on Trouble Shooting Port Forwarding for HP Media Server
HP Media Smart Server – troubleshooting Remote Access to media services.
Recently I had the opportunity to spend some time trouble shooting a problem with remotely accessing an HP Media Smart Server. A friend of mine had been beating his head against the wall for awhile trying to get access to his box from locations outside of his home network. He had things working well at home but could not seem to crack the code of opening up his router to gain access to appropriate ports from other locations.
The UPnP option was not doing the trick for him.
I did a little research before I went to visit and found there is a fair amount of support available for these boxes. Sadly some of the recommendations were not very helpful so I thought I would take a little time and jot down the steps that we took to resolve his problems – maybe you will get a laugh out of it or maybe you will cry. Hard to say.
The first thing that I did was run some port scanning software from my office pointed at his personal “homeserver.com” hostname to check and see what ports might be open. None. Well, I thought that was interesting because my friend had explained to me that he had set up his router to port forward everything that was necessary.
In hindsight I should have known then and there what the problem was (I think this is why they say hindsight is 20/20). But, I am not always that bright and thought that maybe there was a problem with my software or maybe his dynamic DNS wasn’t working or, you know, something else was wrong.
The next thing was to check with the ISP supplying him internet connectivity at his home to find out their policies on running services with a residential account. As expected they did have some policies in place that prevented remote access to ports used for web services, outgoing mail services, NetBT ports, things like that. But not port 443, or 3389, or 4125. These are the ports that will need to be open for us to get set up and going.
At this point I asked him if he had more than one router at home, this is not uncommon anymore with VOIP specific routers, etc., being placed into service. If you happen to have two routers, one connected to the other, that configuration can create a special set of routing problems. One solution for avoiding dual router (double NAT) problems is to set up the DMZ on your non VOIP router and then hook the VOIP router into your primary router all by itself as the DMZ device. If your ISP allows for multiple devices to be hooked to your DSL/Cable modem then another simple solution is to use a switch as the first device after the Cable/DSL modem and hook your two routers separately to two different ports on the switch. If you are using two routers one behind the other for a special reason make sure that they are on different lan ip ranges.
So, back to the one router approach since that was all he had. I showed up at his home and passed on the wine – which was tough because it was pretty good wine. Sadly, I need all my available brain cells working when I am troubleshooting and a glass of wine will definitely slow me down.
We began by checking that the Media Server Web interface was available locally. In our browser we used the IP address of the server instead of its name, for instance https://192.168.123.15. We also made sure that we had remote desktop access to the server. Both of these worked locally. Good.
Next step was to take a look at DNS resolution for his server host name – that was all as it should be – so we moved on to https://www.grc.com and used ShieldsUP! To check for open ports. Not a one. Hmm.
Popped up the router in a browser, logged in, and took a look there. Double checked the IP address and and ports that were being forwarded onto the media server. It all looked good. But still no ports were open from outside the network. I had brought a laptop and hooked it up to my verizon phone for internet access so we could test access from outside his local network. Still no go.
Then we decided to change the server IP address from it current ‘reserved dhcp’ to a manually assigned IP address outside of the DHCP range being handed out by the router (a D-link DIR 825). Some routers just don’t like to forward ports to DHCP assigned IP addresses – even when the directions say they will.
Magically ShieldsUP! now showed the appropriate ports as open and I was able to access his Media Services from my remote laptop. Everyone was happy.
The saddest part was that I had run out of time and had to leave, so I still missed out on the glass of wine.