Q: port forwarding airport extreme

Sorry for delay I attempted to post a reply last night and clearly failed.

The Airport uses one of those 5000 ports.. I will check which but the whole rule will have failed because one port is already in use.

You should use individual rules for each port.. that will quickly show you which is being used.

For the one that is used you will need to figure out a work around.. port translate instead of port forward (or map as apple calls it). It still might be a problem though.

Airport do not use standard ports for configuration.

You probably do not need all the ports.. eg if you use HTTPS for remote access you only need 443.

Apple used ports table is here.

TCP and UDP ports used by Apple software products - Apple Support

It fails to show what I need.

Here is the scan of my Time Capsule.

Port Scan has started…

Port Scanning host: 192.168.2.201

  Open TCP Port: 5001   commplex-link

  Open TCP Port: 5009   winfs

Port Scan has completed…

So it needs 5001 and 5009. You will not be able to use 5001.

Try the other ports.. 8081, 443, 7001 just to see if the port is already allocated to something.

One of the issues with manual port forwarding is being unable to tell what is already being used.

If all of them fail then post all the setup info from the airport utility for your AE and we will try and track down the problem. I need to see your actual DHCP setup.

I must say I am unimpressed with apple routers when you mix the network up in any sort of complicated way. There is simply no advanced controls and no way to find out what has gone wrong.. no logs, no tables of ARP or DHCP or anything. In a mixed environment it can be darn difficult because Apple do not support upnp which is crazy.

You might find going back to a more standard router is the best way around the problem.. bridge the Airport to it and use it for wireless and whatever.

FYI, the AirPort base stations work with the following IP protocols and their associated ports:

• mDNS (Bonjour) for discovery: UDP 5353
• HTTP (for photos and video): TCP / UDP 80
• RTSP (for audio, volume control, & metadata): TCP / UDP port 554
• RAOP (AirTunes/AirPlay): TCP port 5000, 5001 (control) & UDP port 6000 (data)
• NTP (for clock sync): TCP / UDP port 123
• RTP (for QuickTime/streaming):  UDP 6970-6999

I would not accept any internet version of your port is blocked.

The Apple routers often give false negatives.. the only real test is to run the app.

ie Do the port forward.. and then test it from an actual internet connection doing the actual connection to your NAS.

Only the failure of an actual remote connection should be taken as a failure.

I should have pointed that out earlier.

The method we use to test is very simple telnet command.

telnet URLaddress port

So to see example.

https://kb.acronis.com/content/7503

Telnet will not actually connect of course but you should see clear attempts and maybe some output..

If it cannot reach the port then it will clearly have message to that effect.

I still cannot see why it is not working unless you are using a double NAT.

If you do a traceroute from a computer on your LAN do you have two different private IP addresses in the output.. if so you will have issues.

How are you working out the public IP? And Apple do not support standard Dynamic DNS. So you really need to buy a static iP from your ISP or use a different method.

And yes.. a standard router is just a lot easier.

From remote you cannot use the local IP .. you must use the public IP.

So you typed

telnet 192.168.1.10 7001

That is impossible.. that is a private IP and cannot be routed over internet.

Go to https://www.whatismyip.com/what-is-my-public-ip-address/

Locate your public IP and substitute that.

telnet publicIP 7001

This will not work if your public IP is also private.. like a building ethernet service.

And it can be difficult if your ISP uses a proxy. Since the returned public IP is not validly yours.

About used up what I know..

I can get you inside the AE firmware but from that point I cannot really tell you what to do. I don't know why it isn't working. You telnet test with 8398 is clearly good so it was the other ports not working.

My normal work-around would be to reset the AE to factory and start over with just one computer plugged in.. leave the rest of the network off. Immediately setup your port forwards.. so they take precedence over anything else that comes later.. once a port is allocated it cannot be used again.

Make extra sure that your NAS is actually getting the address assigned to it and is fully accessible in local lan.. if still not working remote access then something has gone wrong.. but I don't know what to point to.. especially as this is not a new setup.. only a new router.

For some jobs Apple routers are difficult.. this is one of them.

I also cannot use an Apple router as it does not work with my ISP. But it works fine doing the job I have for it.. and I am happier using a router with advanced controls.