Port Forwarding on Netgear R6300

Works fine on my R6700, use it all the time for remote access to my ip security cams.

What port(s) are you opening? Cox does block a few ports, see here. Have you assigned a static IP address to the device you are forwarding to? That can be done by dhcp reservations by MAC address. Some more details about what you are trying to do may help generate more suggestions, thanks.

+1 everything Allen said. Would you happen to be trying to forward port 443? Could be related to this issue/bug. Basically even though the router can only use port 443 locally, and not remotely, but it blocks inbound from working for other devices on your network.

Thanks for the response AllenP.

I have tried forwarding ports 22, 5555, 65101, 65102, 65103 with no luck.

I have assigned a static IP to the device I'm trying to forward to.

I've also reserved it in the DHCP reservations section.

What is strange...in the log messages on the router, the incoming port is not the port I am specifying when trying to connect, for example I requested to come in on 65102, but it comes in on 46335:

[LAN access from remote] from xxx.xxx.xxx.xxx:46335 to 192.168.1.2:22, Friday, Jan 20,2017 10:59:35
[Log Cleared] Friday, Jan 20,2017 10:59:11

I really don't know how the high ports, refereed to as "ephemeral ports", are treated. Ports I have success with are in the 8xxx range and vnc on 55xx. Here is a listing of official and unofficial port usage, you may want to try unused ports <32K.

Thanks for sticking with me Allen.

I'm beginning to think there is a problem with this router.

When I scan for open ports, it shows the management port is open at 8443. But doesn't recognize that ports 8000 or 22 are open.

Even though they are in the port forward list.

[david@iuam ~]$ nmap -A -T4 -PT8443 72.210.xxx.xxx

Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-20 12:22 MST
Nmap scan report for ip72-210-xxx-xxx.ph.ph.cox.net (72.210.xxx.xxx)
Host is up (0.037s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE        VERSION
8443/tcp open  ssl/tcpwrapped
|_sslv2: server supports SSLv2 protocol, but no SSLv2 cyphers

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.30 seconds



[david@iuam ~]$ nmap -A -T4 -PT8000 72.210.xxx.xxx

Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-20 12:23 MST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.09 seconds

[david@iuam ~]$ nmap -A -T4 -PT22 72.210.xxx.xxx

Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-20 12:25 MST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.10 seconds

Perhaps it would help if we understood what you are port forwarding for. Is it just for remote management? 

Just trying to forward port 22 ssh.

I have a linux PC inside the network. Just want to be able to login to that box via SSH.

Can you post a copy/picture of your port forwarding rules? Also, is you want to use port 22, why are you coming in on a different port?

Can you SSH from within the LAN? If so, try setting the box into the DMZ for a short period to see if the router's firewall is blocking it.

Last, have you read this thread? I certainly agree the router isn't making things easier.

Port 22 is pretty popular port to scan. I was hoping to use a higher port to "mask" the service.

I can ssh from the LAN..I'm not sure how to set up the DMZ, but I can look around.

Here is my forwarding rule at the moment.

See here for Netgear DMZ instructions. Just be sure to set a DHCP reservation for the static IP used if it's within the DHCP pool and you want it to work long term in the DMZ.

And if the only reason you picked port 22 is for testing, try picking another port under 9000  that isn't related to remote management. Since the router has known bugs with remote management, it would be better to test with something else.

PS. The screenshot you uploaded doesn't seem to be working. Can you give the link to where you uploaded it to instead?

I split this image so you can see the port forward AND the dhcp reservation on the same screen.

I also tried these ports:

I might be to the point that I need to try another router... I need to confirm it's the router that's not allowing the ports and not COX.

FYI, I did also try the DMZ to no avail.

DavidS said:
I need to confirm it's the router that's not allowing the ports and not COX

You can bypass the router to do that. Connect the PC direct to the modem and reboot the modem. Warning: This will change your IP, and you may not be able to get your old IP back if needed. Then again, so will getting a new router unless you use MAC cloning.Not a issue if you use DDNS. Then find out what your new IP is and try to access that IP on port 22.  BTW, what model modem do you have?

" it shows the management port is open at 8443."

Could you explain this a bit more? Did you have that port forwarded or do you have the Netgear remote management set to that in the UI? The request coming in should match the port at the end of the IP, IE 68.1.2.3:22. Is it part of the cell phone software maybe? Have you tried getting in from a normal SSH client on a PC off the network? I wonder if the cellular connection of the cell phone could be causing a issue too.