Networking

Ask computer networking questions and get answers ASAP

Ask a Computer Expert,
Get an Answer ASAP!

This answer was rated:

I have a pfSense firewall between my Hopper3 and my ISP,

I have a pfSense...

I have a pfSense firewall between my Hopper3 and my ISP, Optical Network Terminal (1 Gbps up & down fiber service). When the system was installed at the end of last month, I passed all traffic outbound for a while and noted the TCP and UDP ports that were used by the Hopper. I opened those ports for outbound traffic from the Hopper and the Joeys. Until late last week everything was working fine. On Demand content could be selected from the Hopper or the Joeys from the guide (for instance Ch 136, FX On Demand). Since last Friday or Saturday, it no longer works, I get an 145 error code and in the message it says Specific Error Code: 76 Error Message: OD Timeout. The text says that is unable to connect to the server, try again later. My firewall has UpNp disabled and out traffic traffic is limited to ports that I have opened. Based on the State info with all traffic allowed I opened TCP ports 443, 3490, 8080, 8443 and UDP ports 5351, 10102.

Technician's Assistant: Who makes your router, and what device(s) are you connecting to it?

The router is a Supermicro E200-9B Server running pfSense software. I built the system myself. I have a desktop computer, my wife's laptop, my work laptop, two Samsung Galaxy Tab S2 tablets, our two android smart phones, the Hopper and two Blu-Ray players connected to the network. (There might be another device or two that I'm forgetting at the moment). Only the Hopper that a connectivity issue.

Technician's Assistant: Anything else you want the Network Expert to know before I connect you?

I suspect that something changed as far as ports required for connectivity between the Hopper and the On Demand servers late last week and that I need to forward a port or add additional open outbound ports to resolve the issue. If I pass all outbound traffic unrestricted, the On Demand works properly, but I have a firewall because I don't thinks that's a secure configuration. I also tried enabling UpNp, to see if it could establish the proper setup on its own and that didn't work either.

Show More
Show Less
Ask Your Own Networking Question
Answered in 15 hours by:
4/17/2018
Jeremy K
Jeremy K, Digital Educator and Network Engineer
Category: Networking
Satisfied Customers: 50
Experience: 20 years of industry experience across sysops, networking, and security
Verified

Hi, my name is ***** ***** I will do my best to help you today. To make sure I don't miss anything, please give me a minute to review your question.

Ask Your Own Networking Question

Way to run pfSense - it's a terrific homebrew setup. Do you have NAT setup for outbound traffic on that pfSense server?

Ask Your Own Networking Question
Customer reply replied 4 months ago
there is NAT on the outbound traffic. Right now the Hopper is working correctly, but I had to modify my firewall rules to allow TCP & UDP outbound from the Hopper on any port. I should be able to progressively tighten up the allowed ports until I figure out which ports are actually required. Dish could not accurately tell me which ports their system actually requires. I'm not quite sure why I'm not seeing additional ports in the firewall state for the Hopper IP Address. I originally allowed outbound on all the ports that I could see in use and that worked until last weekend.
Customer reply replied 4 months ago
I'm at work now, not at home.

No problem - we can talk through the logistics of the problem and follow-up later once you're home.

Ask Your Own Networking Question
Customer reply replied 4 months ago
OK, I just come back to this link then?

To clarify, traffic for these ondemand services (not just dish) will work with ports dynamically, so the connection gets established by an outbound connection from your PC (through the firewall) and they may reconfigure from time to time - exactly the issue you've detected and diagnosed. However, a NAT automatic setting on your firewall should allow new connections to be set up on an as needed basis - this is the purpose of NAT - so you shouldn't need to open up ports. It's the same for email etc. You should only need to open ports on your firewall if you're planning on running a server locally, i.e. for inbound traffic from outside which can't be anticipated by a NAT rule.

I explain all this to suggest that you may not have NAT set up properly if you've been needing to open up ports for services that you're accessing from your PCs within the LAN.

Ask Your Own Networking Question
Ask Your Own Networking Question

And yep - just come back to this link and we can continue the conversation. I'm on UK time zone, so would be helpful if you give me a wee heads-up so I can make sure to be around so we can pick up the chat. :)

Ask Your Own Networking Question
Customer reply replied 4 months ago
I am on Pacific Time (America/Los Angeles), 9 hours behind you (assuming you're also on summer time). The firewall is currently set to the pfSense default, automatic generation of outbound NAT rules.

Ok, so definitely not Advanced Outbound NAT?

Two things to consider when you're back at your router - are you using multiple interfaces on that supermicro server? NAT can fall over a bit if there are more than just a single eth in and single eth out, so it may be a matter of making sure Automatic NAT is bound to all interfaces. Details here: https://doc.pfsense.org/index.php/Outbound_NAT. Struggles with NAT seem to be one of the main issues with pfSense, so you're definitely not alone on this. Also worth noting (from the documentation - and relevant to your situation):

"For static IP configurations, an interface is considered a WAN by the presence of a gateway on the interface's settings, e.g. Interfaces > OPT1. Having a gateway defined under System > Routing is not enough, it must also be selected on the interface configuration or it will not be considered a WAN for NAT or other purposes."

Ask Your Own Networking Question

Sounds good re: time zones. So shall we plan to regroup in 8 hours or so?

Jeremy K
Jeremy K, Digital Educator and Network Engineer
Category: Networking
Satisfied Customers: 50
Experience: 20 years of industry experience across sysops, networking, and security
Verified
Jeremy K and 87 other Networking Specialists are ready to help you
Ask your own question now
Was this answer helpful?

How JustAnswer works

step-image
Describe your issueThe assistant will guide you
step-image
Chat 1:1 with a network technicianLicensed Experts are available 24/7
step-image
100% satisfaction guaranteeGet all the answers you need
Ask Jeremy K Your Own Question
Jeremy K
Jeremy K
Jeremy K, Digital Educator and Network Engineer
Category: Networking
Satisfied Customers: 50
50 Satisfied Customers
Experience: 20 years of industry experience across sysops, networking, and security

Jeremy K is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you!

RPAustin, TX

My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed.

One Happy CustomerNew York

Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help.

Mary C.Freshfield, Liverpool, UK

This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!!

AlexLos Angeles, CA

Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult.

GPHesperia, CA

I couldn't be more satisfied! This is the site I will always come to when I need a second opinion.

JustinKernersville, NC

Just let me say that this encounter has been entirely professional and most helpful. I liked that I could ask additional questions and get answered in a very short turn around.

EstherWoodstock, NY

< Previous | Next >

Meet the Experts:

Claws224

Claws224

IEEE Network Engineer

1,256 satisfied customers

IEEE, Microsoft

Kevin

Kevin

LAN/WAN Specialist

1,165 satisfied customers

Certified MCSA and MCP Network Administrator with over 20 years of PC experience.

Byron

Byron

PC Support Tech

677 satisfied customers

CCNA, A+, MCSE 11 years at a large law firm.

Eric K.

Eric K.

Network Administrator

510 satisfied customers

13 years of desktop, server and network support experience

Mr. Clark

Mr. Clark

Network Engineer

510 satisfied customers

Computer Business Owner / Former DoD Network Specialist

Chris L.

Chris L.

Support Specialist

448 satisfied customers

Certified Networking expert with over 10 years experience.

Kamil Anwar

Kamil Anwar

Certified Networking Engineer

433 satisfied customers

8+ Years of Experience. / CCNA (S), CCNA (W), CCNA (RS), MCTS, MBCs.

< Previous | Next >

Related Networking Questions
Can you tell me how to set up my UFW firewall on Ubuntu to
Hello can you tell me how to set up my UFW firewall on Ubuntu to only allow my vpn and anything else you think is a must through? I don't understand how firewalls work and what needs to connect to my … read more
Russell H.
Russell H.
Computer Technology Consultant
Vocational, Technical or Trade Scho
792 satisfied customers
Plex: My Roku streaming stick cannot connect to my Plex
Plex: My Roku streaming stick cannot connect to my Plex media server on my laptop. I get the message on my Roku when trying to connect: computer offline . unreachable. What is wrong?… read more
Michael Hannigan
Michael Hannigan
Bachelor\u0027s Program
239 satisfied customers
I need help configuring iptables on my ASUS RT-AC56U running
I need help configuring iptables on my ASUS RT-AC56U running the 378.51 Merlin firmware. I have dual WAN connections. One is using the normal WAN port and is a connection to Comcast (DHCP IP service).… read more
Byron
Byron
PC Support Tech
Bachelor's Degree
677 satisfied customers
I recently switched to Comcast/xfinity and they installed a
I recently switched to Comcast/xfinity and they installed a CISCO DCP3939 Modem/Router. Now, due to port forwarding issues, I am having trouble getting my 3 Ethernet cable connected computers to conne… read more
Jason Jones
Jason Jones
AAS Information Technology
6,329 satisfied customers
Hi! I cant get dish online to connect through to the internet.
Hi! I can't get dish online to connect through to the internet. It connects to my home (wireless) network and has sufficient connectivity, but something seems to be blocking it. My blockbuster and on … read more
Michael Hannigan
Michael Hannigan
Bachelor\u0027s Program
239 satisfied customers
I have recently purchased a netgear n300 dsl modem/router.
I have recently purchased a netgear n300 dsl modem/router. I am using this in my SOHO business and I have two polycom ip phones connected along with other hardware. Everything works fine with the exce… read more
SSolim
SSolim
90 satisfied customers
iomega personal cloud. Router not configured for port forwarding. a
iomega personal cloud. Router not configured for port forwarding. a connection cannot be verified between TZO's servers and your device. im using a netgear WNDR3700 i forwarded port 50500 and the ip o… read more
John Iacono
John Iacono
Managing network engineer
Bachelor
265 satisfied customers
Please check our Linksys E1000 connections to see if they
Please check our Linksys E1000 connections to see if they are consistent with the following: Outbound ports that must be open TiVo set top boxes and TiVo Desktop software must be able to access the Ti… read more
derrickonline
derrickonline
Information Technology Manager
328 satisfied customers
Need help with inbound call routing on MS Lync 2010. Outbound
Need help with inbound call routing on MS Lync 2010. Outbound calls work. Inbound call to Lync client show 404. Can't locate help.… read more
Douglas
Douglas
SEM Specialist
163 satisfied customers
I have hughes.net for internet. I have belkin wireless. I
I have hughes.net for internet. I have belkin wireless. I need to VPN to use my work computer. When I try to VPN it says the "Secure VPN connection Terminated locally by the Client. Reason 412:The rem… read more
RussellA
RussellA
Solutions Architect
Bachelor\u0027s Degree
123 satisfied customers
Hello----I have a Net Gear Router nad it seems to be causing
Hello----I have a Net Gear Router nad it seems to be causing a problem with a program called---Log Me In Hamachi---it will not allow me to connect with anyone in the network that I am in---can you hel… read more
AJ Bunde
AJ Bunde
Server/Network Engineer
Vocational, Technical or Trade Scho
63 satisfied customers
I am having difficulty connecting to EA Servers even though
I am having difficulty connecting to EA Servers even though I am signed in to Xbox live. I used to be able to connect without any problems but I just got cable and internet set up. My connection is wi… read more
Kevin
Kevin
LAN/WAN Specialist
High School or GED
1,165 satisfied customers
I have a Linksys router WAG160N for adsl connection through
I have a Linksys router WAG160N for adsl connection through a carrier in UAE -Etisalat. I m unable connect to a VPN when I connect through Linksys and I can connect to VPN using a different brand of r… read more
James
James
Network & System Administrator
Bachelor\u0027s Degree
9,067 satisfied customers
I am trying to configure my Belkin F5D7633-4 Router to allow
I am trying to configure my Belkin F5D7633-4 Router to allow a piece of hardware to operate correctly and I need to open up three ports - I have the hardware manfacturers settings but cannot work out … read more
Andy Kalita
Andy Kalita
Clearing Systems Analyst
Vocational, Technical or Trade Scho
910 satisfied customers
I have a Linksys WRTU54G-TM router in my home and two X-Box
I have a Linksys WRTU54G-TM router in my home and two X-Box 360's on the LAN. I am trying to get both to be in open NAT status. The way I am reading to do this is with port forwarding of 4 ports, 53, … read more
Christopher Bessler
Christopher Bessler
Senior Network Engineer
Associate Degree
1,587 satisfied customers
I am having trouble connecting to EA servers,called PS3 support
I am having trouble connecting to EA servers,called PS3 support and was told I had to do something with TCP and UDP ports.What do I do?… read more
Erik B.
Erik B.
Network Engineer
Associate Degree
4,134 satisfied customers
Im using windows vista ultimate sp1 and I need to be able
I'm using windows vista ultimate sp1 and I need to be able to telnet localhost 25, this reports connect failed I have no antivirus, internet security, or firewall, opened port through firewall I I can… read more
Bohack
Bohack
Administrator of Network Operations
Technical or Trade School
70 satisfied customers
I have been trying to share my PC with Xbox like your mag ...
I have been trying to share my PC with Xbox like your mag shows in Februry issue. I have Network Magic on my PC which shows the Xbox but it doesn''t show up in my network places. When I click shared o… read more
Geek Squad Erik
Geek Squad Erik
Secret Weapon
High School or GED
4 satisfied customers
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Show MoreShow Less

Ask Your Question

x