New modem, now can't get rid of yellow light

1. What version of BitComet are you using? - 1.16

2. What type of Internet connection do you have (ADSL, etc.)? - cable

3. Do you have a modem? Do you use a router? What make and model are each one of them? Have you forwarded your port? - modem is Motorola SBG941, I’m using the built-in router. Port is forwarded.

4. If you have more than one router, be sure to mention the make and model of both devices, how are they connected (i.e. in which connector of both devices is the network cable plugged) and which one of the devices is connected to or is the modem.

Also, if you have more than one computer make sure to mention in this case, to which router is every one of them connected. - One computer is directly connected to modem, the other uses a wireless connection. Both have yellow light issues. The computer with the wired connection uses Bitcomet 1.27 64 bit. I’m on the wireless computer using 1.16.

5. What version of Windows, Firewall and Antivirus do you use? - Vista Basic 32 bit, AVG internet security. The wired computer uses Windows 7 64 bit, AVG internet security.

I was having no problems with Bitcomet at my prior address. When I moved, I changed service providers and changed modems. I don’t remember what the old modem was. I disabled wireless on my current Motorola modem and used my old Netgear router to see if that would fix the yellow light but it did not so I went back to using the Motorola by itself. I disabled the firewall in the Motorola and forwarded my port (55567). I also disabled wireless encryption.

The short answer to this is: either your modem is mis-configured or one software firewall on your computers is blocking the port (AVG or another one).

Unknown data:

has anything changed in the software configuration of your PCs since you moved, or not? (E.g. installing new applications, changing security suites/settings)

is Windows Firewall disabled on your PCs or not?

is the port open in AVG?

It’s not easy to summon a solution to your issue since we’re not in front of your equipment and we can’t really test and retrieve the info ourselves.

One easy way to narrow down the area of the problem would be to put your modem into bridge mode but I’m not sure if the firmware of this model supports that (check the manual).

Short of that, you may try to borrow a simple cable modem from somebody (with no router included) and see if you still get a blocked port. If you do, then it’s your PC at fault.

If you don’t then it is your router which is misconfigured.

The basic point to keep in mind while you search, is that you have one or more firewalls blocking incoming internet connections.

That’s what firewalls do, what they’re for.

Some hardware, like the Motorola cable gateway and your Netgear router, have firewalls built into their firmware.
Windows comes with a software firewall which is active by default. There are third-party software firewalls that run on your computer.
Some kinds of internet connection are firewalled. Nearly all kinds of wireless connections are.

Firewalls do not communicate with each other. None of them say, “Active firewall already running here!” to any of the others, so you can have a dozen firewalls and not realize it.

You only need one, so you need to find all of the others and disable them, then configure the one to open your chosen listen port for incoming traffic.

Just to clarify, the Netgear router is out of the equation at this point. I’m using the Motorola modem’s wireless capability to access the internet at this point.

Nothing has changed in my settings since the move. I was using Bitcomet with AVG with no problems. Windows firewall is disabled in both computers.

A side note on AVG: I don’t see an option to open the specific port, but under the application settings for Bitcomet is says “allow for all” as opposed to “allow for safe”, “ask” and “block”. But like I said, I was using Bitcomet with no issues before.

To sum up the firewall situation: The only hardware firewall is the Motorola’s and I have disabled it. Windows firewall is disabled on both computers. Both computers use AVG which worked fine on my last modem.

I guess that points to a mis-configuration in the Motorola? I’m not looking forward to messing with those settings because when I was trying to get it’s wireless to work for me, it seemed like every time I changed something, it would stop all internet completely. The wired computer couldn’t even connect. I would have to use the pinhole reset button a few times and unplug it a few times before it would connect again. Even now the wireless signal just stops a few times a day. I don’t remember seeing anything about a “bridge mode” but I’ll check again.

Do you know what specific settings I should focus on in the Motorola?

Don’t want to interrupt, and I haven’t read the entire post, but I’ll give you a link to a setup guide for your router.

http://portforward.com/english/routers/port_forwarding/Motorola/WR850Gv6.1.4/default.htm

Maybe this might be of help to you.

As TUUS points out above, you should focus on the port forwarding settings, making sure they are done right.

Also check that against the Manual port forwarding section of the BitComet Wiki guide to make sure that all steps are covered (e.g. setting a static IP for your PC in the range of the network used by your current router, etc.).

If you disabled the firewall on the Motorola, then you had nothing to forward a port through.

There is no pro-forma “bridge mode”, this simply refers to deactivating the firmware firewall. (Firmware between different manufacturers can use widely different terms to mean the same things.)

One reset, if done properly, returns the device to factory default settings. If it takes more than one, then it’s either being done incorrectly or the device is defective.

You say “the wireless signal stops a few times every day”. How do you determine that this happened – what makes you think the signal stops? What do you do to fix it when it happens?

Have you tried re-enabling the WIndows firewall, and disabling AVG’s? Do you appear to get an open listen port then? If so, this suggests that AVG’s configuration is not the same as it was. Keep in mind that you need a known working firewall.

Kluelos, the firewall and the NAT processes on a router are 2 distinct things.

You can disable the firewall on your router and you’d still have to forward your port in order to get incoming connections to reach to any application that needs them.

The firewall doesn’t do NAT, it just filters packets based on the rules you set (by default is set to block all incoming and allow all outgoing).

Usually when you set a NAT forwarding rule, your router automatically opens that port in the firewall as well, on the great majority of SOHO models.

But that doesn’t mean the 2 things are the same or one, the router just does this to make your life a bit easier (and that of their support staff, too) as many users would forget about that (and the whole process already seems enough complicated as it is, to some).

Even if you disable both the firewall and the NAT processes on a router (some routers allow you to disable NAT as well) you’ll still be left with IP routing between the WAN interface address and the LAN one (except this won’t work with a public IP on the WAN side and a private one on LAN) provided they are both public or private and from different subnets.

I think by disabling the firewall, kluelos means to put the computer in DMZ, which also disabled the NAT, or directs all unassigned ports towards the DMZ computer.

TUUS, AFAIK putting a LAN host in DMZ doesn’t really disable NAT on the majority of SOHO routers. It only disables the firewall for that host and forwards all of the ports into the NAT process towards that PC, except for those ports which are explicitly forwarded towards other PCs on the LAN.

In fact the DMZ offered by SOHO routers is a “pseudo-DMZ” since most home users have a single public IP, therefore if your router truly assigned your public IP to the DMZ PC the others on your LAN would be cut off the Internet. It would require that you have more than one public IP to do that and make it work along with the rest of your LAN but I have yet to encounter a SOHO router which can do that (this is usually encountered in enterprise LANs which use “real” DMZ for their public servers and where a firewall separates the DMZ-ed hosts from the rest of the LAN).

When I said “the wireless stops a few times a day”, I should have said the internet stops a few times a day. Both computers lose their connections frequently. The windows network icon in the lower right gets a red X over it and the internet does not work. I do nothing to fix it, it just reconnects after a few minutes.

I have not tried enabling windows firewall and disabling AVG’s but I have disabled AVG without enabling windows so there is no active firewall and I still get a yellow light in Bitcomet. When you say I need a known working firewall does that mean Bitcomet won’t work without one? I’m going to call my ISP and see if they can help trouble shoot this modem.

Would I be able to post pictures of my modems settings on here for people to see? Would that help?

Yes, the DMZ setting is like fowarding all non assigned ports towards one computer. It doesn’t disable NAT, just directs all traffic there by default.

Kluelos said you need a firewall simply because without one, you would become infected by some type of malicious connection very quickly.

As for the cutting out problem, that sounds like a router issue so I’d contact their tech support and see if they are of any help. Perhaps there is a new firmware update you can install.

The port issue also sounds like a router issue, but a separate one.

As for posting screenshots, your welcome to, but I don’t know if it will help.

ps. I’m sure kluelos and grey wizard will have more thoughts to offer.

Have you tried to follow the guide I’ve sent you to, in order to see if your port forwarding is done correctly?

This seems like a very probable port forwarding misconfiguration.

But if you’re expecting us to do it from here, by looking at the screenshots this is going to take a very long time, since we don’t have this model of router at our disposal and can’t guide you into the direct menus and specific settings.

Since there already is a guide for your modem model on www.portforward.com, the Wiki guide combined with that should pretty much hold your hand through all the steps.

So try it and report back if you get stuck anywhere.

The internet has been working great all day today, very strange. I haven’t called the ISP yet or done anything at all. I figured I’d give Bitcomet a shot since my connection has been fast and hasn’t been dropped while surfing and streaming video. Within a second of opening Bitcomet… Green light! It just fixed it self, I hate it when stuff like this happens. I downloaded a 650MB file in a few minutes.

Could the fact that it all of a sudden works be a clue as to what is causing my problems? In an earlier post in this thread I was thinking a mis-configuration with the modem but now that I’m getting a green light without changing anything, I’m thinking firmware or just a generally bad modem.

if the port just suddenly opened on it’s own, then I’d say that it was opened by uPnP (universal plug n play). As to why it hadn’t worked before, your guess is as good as mine, but you can’t argue with success.

We’ve gone round on this issue before.

Assume a computer with no firewall software, connected to a router, in turn connected to the internet. The router’s firewall is turned off, so that it does not block any kind of incoming traffic. Do you think that this computer is safe from infection, because of NAT?

What happens to a packet of unsolicited incoming traffic in this situation? What does the router do with it?

According to good networking practice, the very last resort, the thing you do only when you can’t find anything else to do with it, is to drop the packet, because you can’t retrieve it if you do, and the data might be very vital. Never, never drop the packet without specific instructions to do so, unless there is simply nothing else you can do with it. Always err on the side of preserving the data.

What does the router do with unsolicited incoming traffic? It sends it to all of the connected devices. Remember, it doesn’t have the firewall rule telling it to block unsolicited incoming traffic – you turned that off. It has no way of determining which device this packet was intended for. It does not want to drop the packet unless there isn’t any other option. So it sends the packet to everyone, in hopes of getting it where it is intended to go.

A badly-designed router, breaking this rule, would say, “I’ve got nowhere to specifically send this packet, so I’ll just take it upon myself not to send it anywhere, and to lose the traffic forever.” That’s an unforgivable network sin, and something most network administrators would never knowingly allow on their networks.

The computer is very much in danger of infection.

I humbly disagree, kluelos.

And to answer your question, yes, NAT offers a degree of protection.

Except NAT is prone to hacking and that’s why it is always accompanied by a firewall. But the technology in itself it does exactly that, among other things - deny access at the LAN hosts from outside, in the absence of any mappings, because it doesn’t have any grounds to believe anybody on the LAN is expecting that traffic.

It doesn’t do that as a firewall does, on purpose, with security as a first goal in mind.

It just does it because logic dictates that if the LAN admin didn’t set up any mappings then no incoming traffic is going to be expected/needed or, even more important, wanted.

I’ve never seen a NAT process even on a SOHO router which does what you speak of.

Did you see any device which works in that way?

Because I’m curious.

Anyways, you can disable the firewall on your router, disable UPnP and delete all the existent port-forwarding mappings and try to send unsolicited traffic from the outside and see if any of your PCs gets anything. You can run Wireshark or whatever tool you like to make sure.

NAPT (or overload NAT, as it’s otherwise called) was designed to allow LAN clients to access the Internet by sharing one single IP public address (well not necessarily only one but less than the number of LAN hosts, that is).

That’s the only thing it does by default.

In order to do the reverse thing (forward incoming connections) it needs mappings.

Flooding traffic to all LAN ports is not its mission and I’ve never encountered a router (even SOHO) which did that. That would actually be a bad thing.

Even if by some weird chance that option would exist, no network admin in his right mind would leave it enabled because then even the dumbest kid would only need to know how to use the ping command in order to mount a D.O.S. ping-flood attack on your LAN once he’s got your public IP.

Moreover, every single application running out there on the Internet (be it legit or not) which tries to ping, scan or test your IP would impact your LAN traffic, probably even to the point of bringing it down.

If an equipment exists out there, which does that, then I’d say it’s a poorly programmed one and that behavior is a flaw.

I’d never use such a thing if it existed, for security reasons. Firewall enabled or not, no exterior traffic has any business entering my LAN if there are no mappings for it (no mappings = nobody WANTS or EXPECTS that traffic on my LAN and thus it’s NOT WELCOME).

But as I said, I’ve never seen any router to behave in such a way.

As TUUS says, if it suddenly got green all by itself that most probably means that now UPnP works for you and does the mapping job automatically in your stead.

You’ll probably want to leave it as it is, since it’s working for now.

Except that if UPnP failed you before, there is a good chance that it will fail you again.

When that happens, if you’ll want to put an end to it make sure you follow through with the manual forwarding guide, before posting again about this, since you’ll be in the same place as you were yesterday and there is nothing new we can tell you until you’ll provide the requested data.

No, it’s actually very WELL designed: it would be your scheme, to just drop the traffic, that is deeply flawed and irresponsible. Routers must not, and do not, take it on themselves to do this, and most system administrators would reject and refuse one that did so.

Rule 1 is “Don’t lose network traffic”.

“Told to dump it”, via a firewall rule, is one thing. "Deciding on my own to just dump it " is entirely another, and is an intolerable violation of Rule 1. Asked what happened to my irreplaceable and extremely valuable traffic, the (red-faced) net admin can only shrug and stammer, “the network threw it out”, likely just before they hand him a pink-slip.

The clearest evidence of this is that, if it were actually true, you wouldn’t need a firewall behind a router. You could simply rely on the absence of mappings for the router to protect you from all unsolicited traffic, and configuring a router would be quite a bit easier (not to mention designing one!). The router itself would not need a firewall: all it would take is a lack of defined connections. Any device behind it would be safe and secure from penetration (because the router would be dropping all of that network traffic for lack of instruction about what to do with it). We wouldn’t even need to protect against worms.

That’s most emphatically not so.