Setup: Windows 7 x64 PC and Fedora Laptop, both systems on the same LAN (two VLANS, both untagged, with Windows on one and Linux the other), same subnet, both pingable from each other
Router: Draytek Vigor 2860n, Firmware: 3.8.6_VT4

I am trying to open port 593 for RNDC on 127.0.0.1, from the Linux laptop, to the router; but no matter what I try on the router side (there are at least two Draytek guides to this, using Port Redirection and Open Ports, not to mention the use of IP Objects) I simply cannot get the router to open the required port. I have tried opening the port, DMZ (which cannot be enabled on my router no matter what), disabling the firewall, redirecting the port, and using different subnet ranges, but always the same result: port closed. Does anyone know of a way to do this, or a hacked firmware that will enable me to use open ports for local subnets on a Draytek Vigor 2860n?

Wouldn't you just manage this on the clients? If they can ping each other, chances are they are open anyway.

silverstreak_2006 wrote: Wouldn't you just manage this on the clients? If they can ping each other, chances are they are open anyway.

I would not have thought so, no, - run nmap on your setup and you will see that only a select few ports are open (and that is without an operational firewall). The clients are able to ping each other because port 80 is open by default on the WAN adapter, not so with port 593.

What I am trying to do here is just the same as what would be necessary to open a port for torrenting or gaming but, for reasons I do not understand, my router will not allow ports to be opened outside of those that are already open. firewalld is inactive, Windows firewall does should not come into the equation at all, and I have tested this both with the router firewall and anti-spoofing defences enabled and disabled.

Arlan wrote: I am trying to open port 593 for RNDC on 127.0.0.1, from the Linux laptop, to the router; but no matter what I try on the router side (there are at least two Draytek guides to this, using Port Redirection and Open Ports, not to mention the use of IP Objects) I simply cannot get the router to open the required port.

Port Redirection is for changing the port number used by the outside world, compared with what's actually used internally. IP Objects are just an aid to naming things, so you don't have keep using their IP addresses. Open Ports is the one you want - as per this guide: https://www.draytek.com/en/faq/faq-connectivity/connectivity.nat/how-to-set-up-open-ports/

Pick an unused Index and enter your details:-



This just amounts to

• Choosing the correct WAN Interface,
• the correct LAN-side Private IP address (not 127.0.0.1!) and
• The protocol and Port Range to pass through to this system.

In my (working) example, I allowed both TCP & UDP - I'm not familiar with RNDC, so check - and a single port = 953.

and that's it.

Incidentally, the reason 'ping' works between VLANs is nothing to do with the WAN, or port 80. Ping (i.e. ICMP) is not being blocked by the Router's LAN<->LAN firewall rules by default - so through it goes.

UPDATE

I've just noticed you said port 593 in your original message. If you used that, instead of 953 , it would explain a lot!

(though I'm just as bad; I called it RDNC instead of RNDC!)

That's a highly informative reply, - thanks. - I have been using Open Ports, though, but with no success. I have also tried stopping the firewall on both the Fedora side and on the router side (additionally the anti-spoofing). I am beginning to suspect that possibly the port is open but not being detected correctly by nmap, and that there is an issue / bug with RNDC (the admin side of the named service for BIND); so I am concentrating on trying to get the named service to start at the moment and ignoring the process of using rndc reload. Thanks, too, for clarification on 127.0.0.1 ...and for picking up on my mixed numbers =] .