Cisco experts required!

CliffyG · 3 Jun 2009 at 22:23

I'm struggling a little with port forwarding at the moment (using online tests show that ports i thought were forwarded aren't) but am beginning to wonder just how good the whole config is. Would a wise cisco expert mind looking over my config and pointing out any glaring errors.

Code:

!This is the running config of the router: 10.10.10.254
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot system flash c850-advsecurityk9-mz.124-15.T3.bin
boot-end-marker
!
logging buffered 52000
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2144062823
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2144062823
 revocation-check none
 rsakeypair TP-self-signed-2144062823
!
!
crypto pki certificate chain TP-self-signed-2144062823
 certificate self-signed 01
  3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32313434 30363238 3233301E 170D3038 30313236 31303135 
  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31343430 
  36323832 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A4B7 7D9DDCF7 6700D0D4 9AC92BAF 2478EE2B A815BBA1 98B820F3 D9BB8BD5 
  CB59886D 99C0062F 7F88E6FB E6C87908 5F3EA506 581BB611 A9E02F91 5CECC861 
  CAE71F72 B25A76C0 6E9F707E B6AB7F61 4D40C77F D0F80647 4FBD2874 98438D33 
  9048D3CF 7153B520 C303DE37 FC5D9603 439CA9AB 41069FA0 30E99008 F21E9B30 
  E1890203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603 
  551D1104 09300782 05434953 434F301F 0603551D 23041830 168014A1 320DE44E 
  8DE2386E 77ABC157 174DF6D4 EF1D1E30 1D060355 1D0E0416 0414A132 0DE44E8D 
  E2386E77 ABC15717 4DF6D4EF 1D1E300D 06092A86 4886F70D 01010405 00038181 
  00851E90 9732D6BB 8A4B595A 6C28D8D6 585A0AA8 95483760 2B9BA9A7 0A84DCDD 
  40D2B48E 198F4B5B BCE4FC2A 57DF3A02 257A04B2 A597997B 3B632B48 F5BADC44 
  B6F65AB0 64900458 4A74AD7C 59A12E3E 50A0AEAA A572ABFE BD00A82C D807C345 
  8CA95D27 1C2D64E9 4E47793E 0DA7F2F6 8620B9DC C7CA7C09 9A07F804 D45F574F CD
  	quit
!
dot11 ssid Home
   authentication open 
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 MY WEPKEY
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.19
ip dhcp excluded-address 10.10.10.22 10.10.10.254
!
ip dhcp pool LAN
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 194.72.0.98 194.74.65.68 
   default-router 10.10.10.254 
   lease 0 3
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip name-server 194.72.0.98
ip name-server 195.74.113.58
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
!
!
!
username MYUSERNAME privilege 15 secret 5 $1$oO/q$m3lm0YRZpdwWfGgJbY1sa1
! 
!
archive
 log config
  hidekeys
!
!
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd remote-host sdmRacac375d 10.10.10.2 Lacac375d enable
ip rcmd remote-host sdmRaf64756a 10.10.10.1 Laf64756a enable
ip rcmd remote-host sdmR9e9ec169 10.10.10.1 L9e9ec169 enable
ip rcmd remote-host sdmRbf9ee3e6 10.10.10.1 Lbf9ee3e6 enable
ip rcmd remote-host sdmR5d582ea9 10.10.10.1 L5d582ea9 enable
ip rcmd remote-host sdmR78612d1b 10.10.10.1 L78612d1b enable
ip rcmd remote-host sdmR8084e6ca 10.10.10.1 L8084e6ca enable
ip rcmd remote-host sdmRa13d2f03 10.10.10.1 La13d2f03 enable
ip rcmd remote-username sdmRa13d2f03
!
bridge irb
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 shutdown
 no dot11 extension aironet
 !
 encryption mode ciphers tkip 
 !
 ssid Home
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 channel 2412
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 no ip address
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname USERNAME
 ppp chap password 0 PASSWORD
!
interface BVI1
 ip address 10.10.10.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat pool POOL1 10.10.10.1 10.10.10.1 netmask 255.255.255.0 type rotary
ip nat inside destination list 102 pool POOL1
ip nat inside source static udp 10.10.10.1 6073 interface Dialer0 6073
ip nat inside source static udp 10.10.10.1 55896 interface Dialer0 55896
ip nat inside source static tcp 10.10.10.1 55896 interface Dialer0 55896
!
ip access-list extended WAN-IN
 remark Demigod
 permit udp any host MY-IP eq 6073
 remark Torrent uses TCP and UDP
 permit tcp any host MY-IP eq 55896
 permit udp any host MY-IP eq 55896
 remark Established
 permit tcp any host MY-IP established
 remark DNS
 permit udp host 194.72.0.98 eq domain host MY-IP
 permit udp host 194.74.65.68 eq domain host MY-IP
 remark NTP
 permit udp any host MY-IP eq ntp
 remark Log Other
 deny   ip any any log
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark Auto generated by SDM for NTP (123) 207.46.130.100
access-list 100 permit udp host 207.46.130.100 eq ntp host 10.10.10.254 eq ntp
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any any eq 55896
access-list 101 permit udp any any eq 5739
access-list 101 permit udp host 195.74.102.147 eq domain any
access-list 101 permit udp host 195.74.102.146 eq domain any
access-list 101 remark Auto generated by SDM for NTP (123) 207.46.130.100
access-list 101 permit udp host 207.46.130.100 eq ntp any eq ntp
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 permit udp any any range 6100 6200
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 10.10.10.0 0.0.0.255 any
access-list 700 permit 0017.ab59.16a4   0000.0000.0000
access-list 700 permit 0018.decd.5048   0000.0000.0000
access-list 700 permit 001f.3a4b.eb21   0000.0000.0000
access-list 700 permit 0000.0000.0000   ffff.ffff.ffff
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 103 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 207.46.130.100
end

Rich · 3 Jun 2009 at 22:28

"ip nat inside" is missing from your inside interface, VLAN1.
Think you need to apply that WAN ACL to an interface while you are at it

CliffyG · 3 Jun 2009 at 22:37

Rich said:
"ip nat inside" is missing from your inside interface, VLAN1.
Think you need to apply that WAN ACL to an interface while you are at it

Please take into account im a bit of a noob

, what exactly should i do?

Chief Wiggum · 3 Jun 2009 at 22:54

Rich said:
"ip nat inside" is missing from your inside interface, VLAN1.
Think you need to apply that WAN ACL to an interface while you are at it

Actually, ip nat inside isn't missing, it's reffered to in Bridge Group 1 (BVI 1)

Assuming that you can get to the internet to run these tests via this router would indicate that your outbound nat (overload) to the internet is working just fine (internet will only work if nat inside, outside and an overload is setup), so that only leaves the forwarding (internet to the host) to look at.

Looking at the config:

Code:

ip nat inside source static udp 10.10.10.1 6073 interface Dialer0 6073
ip nat inside source static udp 10.10.10.1 55896 interface Dialer0 55896
ip nat inside source static tcp 10.10.10.1 55896 interface Dialer0 55896

The first two lines, you wil never see a website report this as working as UDP is connectionless, so it won't report back to the website that it's open, unless something in the application running on these ports has a mechanism to do so.
The only one that should work is the third statement, and only then if the host that you're forwarding to is listening on this port - a simple test would be from the router, do a telnet (you'll need to do this via the command line ideally)

telnet 10.10.10.1 55896, if that doesn't respond (timeout) then even though the port is forwarded through the router, the testing website won't see it as open as nothing on the other end responds - it's a black hole.

With regards to the ACLs not being used - this looks like it's all been done by SDM - just generated, but looks like it's not applied - which is fine, it's just sitting there waiting to be used - but it's not going to interfere with your testing if you leave it like that at the moment

CliffyG · 3 Jun 2009 at 23:12

LOL i'm an idiot forgot to open uTorrent before testing

. It does work.

Does the Nat pooling thing look ok for the range of forwarded ports?

EDIT

Can i get rid of access-lists 1,2,100,101 and 103 then?

EDIT 2

And does the follwing refer to the dns servers the router will use if required?
ip name-server 194.72.0.98
ip name-server 195.74.113.58

Chief Wiggum · 3 Jun 2009 at 23:16

easily done.

Not sure on the NAT pool bit - it's been over two years since I looked at that kind of thing

Sorry fella

Chief Wiggum · 3 Jun 2009 at 23:19

CliffyG said:
EDIT

Can i get rid of access-lists 1,2,100,101 and 103 then?

EDIT 2

And does the follwing refer to the dns servers the router will use if required?
ip name-server 194.72.0.98
ip name-server 195.74.113.58

Re-Edit 1

They're not doing any harm being there - if you're going to do it, do it via the SDM as it may confuse it otherwise.

Re-Edit 2

Yeah only the router will use those, clients will use the ones specified in the DHCP pool

V-Spec · 3 Jun 2009 at 23:27

CliffyG said:
LOL i'm an idiot forgot to open uTorrent before testing . It does work.

Does the Nat pooling thing look ok for the range of forwarded ports?

Assuming you want to dynamically NAT ports 6100 - 6200 to the outside interface, then yeah it should work fine... This is normally what people do instead of typing 100 static NAT statements for each port, or they want to round-robin packets to mutliple internal addresses in a rotary pool when there is only one outside local address...

Test it and check the "show ip nat translation" command, you should see lots of dynamic entries for UDP 6100 - 6200.

CliffyG · 3 Jun 2009 at 23:44

OK thanks for help everyone

.

CliffyG · 4 Jun 2009 at 00:11

Right reapplied new config and did that translations command and got the followig:

Code:

CISCO#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp MY-IP:6073 10.10.10.1:6073    ---                ---
tcp MY-IP:55896 10.10.10.1:55896  ---                ---
udp MY-IP:55896 10.10.10.1:55896  24.59.111.196:47531 24.59.111.196:4753
1
udp MY-IP:55896 10.10.10.1:55896  24.122.72.32:60616 24.122.72.32:60616
udp MY-IP:55896 10.10.10.1:55896  60.52.54.1:10070   60.52.54.1:10070
udp MY-IP:55896 10.10.10.1:55896  68.150.187.196:61706 68.150.187.196:61
706
udp MY-IP:55896 10.10.10.1:55896  69.127.163.95:49758 69.127.163.95:4975
8
udp MY-IP:55896 10.10.10.1:55896  69.159.243.30:61358 69.159.243.30:6135
8
udp MY-IP:55896 10.10.10.1:55896  71.138.186.209:56800 71.138.186.209:56
800
udp MY-IP:55896 10.10.10.1:55896  74.14.97.112:60186 74.14.97.112:60186
udp MY-IP:55896 10.10.10.1:55896  75.75.23.46:60257  75.75.23.46:60257
udp MY-IP:55896 10.10.10.1:55896  76.172.47.123:32997 76.172.47.123:3299
7
udp MY-IP:55896 10.10.10.1:55896  77.211.86.28:28146 77.211.86.28:28146
udp MY-IP:55896 10.10.10.1:55896  80.39.39.107:6882  80.39.39.107:6882
udp MY-IP:55896 10.10.10.1:55896  86.91.223.213:54424 86.91.223.213:5442
4
udp MY-IP:55896 10.10.10.1:55896  87.20.73.119:51000 87.20.73.119:51000
Pro Inside global      Inside local       Outside local      Outside global
udp MY-IP:55896 10.10.10.1:55896  88.84.168.198:36819 88.84.168.198:3681
9
udp MY-IP:55896 10.10.10.1:55896  89.233.211.160:35001 89.233.211.160:35
001
udp MY-IP:55896 10.10.10.1:55896  90.154.220.23:51136 90.154.220.23:5113
6
udp MY-IP:55896 10.10.10.1:55896  91.77.15.8:32804   91.77.15.8:32804
udp MY-IP:55896 10.10.10.1:55896  115.192.162.208:23240 115.192.162.208:
23240
udp MY-IP:55896 10.10.10.1:55896  116.234.141.204:24766 116.234.141.204:
24766
udp MY-IP:55896 10.10.10.1:55896  118.172.24.203:25714 118.172.24.203:25
714
udp MY-IP:55896 10.10.10.1:55896  120.28.235.198:53358 120.28.235.198:53
358
udp MY-IP:55896 10.10.10.1:55896  200.93.19.186:6623 200.93.19.186:6623
udp MY-IP:55896 10.10.10.1:55896  ---                ---
udp MY-IP:56184 10.10.10.1:56184  194.74.65.68:53    194.74.65.68:53
tcp MY-IP:63874 10.10.10.1:63874  209.85.137.19:80   209.85.137.19:80
tcp MY-IP:63876 10.10.10.1:63876  72.14.221.189:80   72.14.221.189:80
tcp MY-IP:63878 10.10.10.1:63878  72.14.221.189:80   72.14.221.189:80
tcp MY-IP:63880 10.10.10.1:63880  69.63.186.11:80    69.63.186.11:80
tcp MY-IP:63883 10.10.10.1:63883  91.151.218.11:80   91.151.218.11:80
Pro Inside global      Inside local       Outside local      Outside global
tcp MY-IP:63886 10.10.10.1:63886  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63887 10.10.10.1:63887  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63891 10.10.10.1:63891  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63892 10.10.10.1:63892  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63893 10.10.10.1:63893  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63895 10.10.10.1:63895  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63897 10.10.10.1:63897  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63899 10.10.10.1:63899  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63902 10.10.10.1:63902  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63903 10.10.10.1:63903  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63905 10.10.10.1:63905  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63907 10.10.10.1:63907  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63909 10.10.10.1:63909  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63911 10.10.10.1:63911  91.151.218.10:80   91.151.218.10:80
tcp MY-IP:63913 10.10.10.1:63913  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63915 10.10.10.1:63915  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63917 10.10.10.1:63917  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63919 10.10.10.1:63919  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63921 10.10.10.1:63921  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63923 10.10.10.1:63923  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63925 10.10.10.1:63925  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63927 10.10.10.1:63927  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63929 10.10.10.1:63929  91.151.218.11:80   91.151.218.11:80
Pro Inside global      Inside local       Outside local      Outside global
tcp MY-IP:63931 10.10.10.1:63931  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63933 10.10.10.1:63933  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63935 10.10.10.1:63935  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63937 10.10.10.1:63937  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63939 10.10.10.1:63939  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63941 10.10.10.1:63941  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63943 10.10.10.1:63943  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63945 10.10.10.1:63945  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63947 10.10.10.1:63947  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63949 10.10.10.1:63949  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63951 10.10.10.1:63951  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63953 10.10.10.1:63953  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63955 10.10.10.1:63955  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63961 10.10.10.1:63961  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63962 10.10.10.1:63962  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63963 10.10.10.1:63963  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63964 10.10.10.1:63964  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63965 10.10.10.1:63965  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63967 10.10.10.1:63967  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63969 10.10.10.1:63969  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63971 10.10.10.1:63971  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63973 10.10.10.1:63973  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63975 10.10.10.1:63975  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63977 10.10.10.1:63977  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63979 10.10.10.1:63979  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63981 10.10.10.1:63981  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63983 10.10.10.1:63983  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63985 10.10.10.1:63985  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63987 10.10.10.1:63987  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63989 10.10.10.1:63989  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63991 10.10.10.1:63991  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63993 10.10.10.1:63993  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63995 10.10.10.1:63995  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63997 10.10.10.1:63997  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:63999 10.10.10.1:63999  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:64001 10.10.10.1:64001  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:64003 10.10.10.1:64003  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:64005 10.10.10.1:64005  91.151.218.11:80   91.151.218.11:80
tcp MY-IP:64007 10.10.10.1:64007  209.85.229.102:80  209.85.229.102:80
tcp MY-IP:64009 10.10.10.1:64009  69.63.186.11:80    69.63.186.11:80
tcp MY-IP:64011 10.10.10.1:64011  69.63.176.173:80   69.63.176.173:80
CISCO#

All those high ports aren't in my 6100 - 6200 range :confused:

.

Chief Wiggum · 4 Jun 2009 at 07:44

Thats fine - normal behaviour for TCP connections all the ones at the bottom are TCP for you browsing the Web

For example
tcp MY-IP:64007 10.10.10.1:64007 209.85.229.102:80 209.85.229.102:80
is your router, from your PC on Source port 64007 (which is a random number over 1024) going to 209.85.229.102 (google) on port 80 (http)

A number or your UDP connections are on 55896 which you specified on your Translations inbound and also 6073 too

Can't see any others on the ports you specified, but might mean that it's not been called yet...

CliffyG · 4 Jun 2009 at 09:13

Ok thanks, will fire up demigod tonight and run the command again.

jubei · 7 Jun 2009 at 22:44

CliffyG said:
Ok thanks, will fire up demigod tonight and run the command again.

Demigod unplayable for me on anything higher than 2v2 using virgin cable, mental spikes if i try 3v3 or above. So annoying.

CliffyG · 7 Jun 2009 at 22:52

I know this is of no consolation but its working fine for me

.