The Site > Old Forums > Qwest > GT701-WG Modem and port forwarding problem

GT701-WG Modem and port forwarding problem

I forgot to mention:

I have the "Firewall" turned off.

In the port-forwarding section I have it set to forward all port 80 traffic to 192.168.0.2 (for both TCP and UDP)... I set this in both the "port-forwarding" section and the "advanced port-forwarding" section.

Thanks again!

-Max

Linksys port-forward to The Linux box at 192.168.1.100

Also put the Actiontec into DMZ forward to the linksysIP of 192.168.0.2
Actiontec DHCP server to static 192.168.0.2
you have a double NAT

Linksys is port-forwarding to the Linux box, which is why the page serves for IP 192.168.0.2 (IP the DSL router serves the Linksys)... I changed the DMZ to forward to the linksys, and still nothing's changed... Any ideas??

Thanks a ton for your help, by the way!

how are you testing the port. Did you try and set the DHCP static.

reply to maxthecat
I'm trying the global (DSL) IP as well as using www.canyouseeme.org... Canyouseeme is reporting "connection refused"

are you running the program while testing

reply to maxthecat
If you mean Apache, yeah, I'm running that from the Linux box, while attempting to get to it (via the IP and trough canyouseeme) off of the WinXP box... Although the DSL modem obtains it's IP from Qwest (DHCP), the rest of the network is static IP.

The way your testing works

set the Actiontec DHCP server to static or the range.
Otherwise it will work sometimes and sometimes it wont. The IP can float when you reboot the modem. Some routers that Ive seen just float on there own while showing the correct IP.

»www.qwest.com/internethelp/modem···dex.html

Do you have the new firmware.

That is the way i had my network set up two years ago.

Now it's single NAT, my Cisco 678 bridge to router pppoe MAC Address static DHCP

reply to maxthecat
The DSL modem is set to static (no DHCP server), and still it's not serving out the webpages (real IP goes to DSL router).

I'm running the QW04-3.60.2.0.6.3-GT701-WG firmware (latest, I believe).

Would turning off NAT fix this?

(Also, sorry I couldn't get back sooner-- note to self: if you're ever trying to get Qwest to serve out a static ip, which they won't unless you bought one, don't forget your bloody PPoA user/pass after hours )

No, you have dynamic IP. Nat needs to acquire the global IP to make the connection when the dynamic ip changes.

just for fun I have gotten it to work till my ip changed.

Are you still able to get out on the net.
After the DHCP set

you don't need static IP for port forwarding. Only if you don't want to do DNS updates for your server.

reply to maxthecat
With NAT disabled... nah... with it enabled, yes... Hmm.. this is quite perplexing... It looks like everything should work (port-forwarding, DMZ, etc).

reply to maxthecat
I believe I understand why NAT needs to be enabled... If you'd like to type out a more detailed explanation though, I'm new to this, so I'm all ears ...With the DHCP set, I can get out to the net, but none of the port 80 traffic seems to be reaching the webserver.

Thanks again!

did you do »/linequality to see it's something out on the net blocking ICMP/TCP packets also try Shields up
»grc.com/default.htm different site and route.

This is not that difficult of a problem. so be patient there is so much to try.

A: NAT stands for Network Address Translation.

Sorry i did not type this, but i just read it it's simple to understand.

But your confusing me because you know global ip in the modem, and terminology that is more complicated then this. You have a network server Setup with linux and you know how Port forward, port scan the correct port the correct way and setup static DHCP form the router and PC and update your firmware. But your new at this

This is cool Ive never run into situation like this makes it
allot easier quicker to explain things.

To understand what this is, how it functions and why it is needed, we must first cover how the Internet handles communications between computers.

WARNING: Some of the following discussion is simplified and glosses over some of the nit-picking details on how the Internet actually works. For the purpose of this FAQ, the level of detail used is adequate and any statements that are not 100% accurate are intended to avoid needing to go into extraneous detail.

Every computer using the Internet needs an address of the form X.X.X.X (where each X is a number from 0 to 255). Due to the limited number of such addresses, there can be a need for Private Networks with large numbers of computers/devices to have addresses that do not conflict with the Internet Addresses. To fill this need there are certain addresses (10.X.X.X and 192.168.X.X) that have been designated for use on these Private Networks that are not part of the Internet. No computer on the Internet is allowed to have these addresses. When such a network wants to communicate with the Internet it does it though a NAT Gateway (which can often also act as a Firewall) All I will say here about Firewalls is that they are used to control what types of sessions are allowed to cross the Gateway.

When a computer wants to talk to another computer on the Internet it starts a Session with that other computer. For a computer to be contacted to create such a session, it must "listen" for the attempt to start a session. The listening is done via Port-Numbers (ie: Listen for an attempt to start a session to my "Port Number X"). There is a list of "Well Know Ports" that tell what Port Number to use to start different types of sessions. For example if you are Web Surfing, you connect to the Web Site and ask for Port Number 80. To send Email, you'd ask for Port Number 25.

The contacting Computer also needs a Port Number so that it can receive the responses. This Port Number comes from a range that is allocated for stating sessions and is unique for the life of that session. IOW, if you are Web Surfing and have more than one session open, each session has it own unique Port Number (this allows the browser to know which window to display the incoming information in). The Session is defined by its two endpoints. Thus if you have a Web Session it would be X.X.X.X:5788Y.Y.Y.Y:80. If you open another Web Window and go to that same site, the session might be X.X.X.X:5789Y.Y.Y.Y:80.

The forgoing is what happens when the computers are both on the Internet. What happens if one of the computers (let us for simplicity say the one who is doing the Web Surfing) is on one of the aforementioned Private networks and has an address of 192.168.l.50? When it tries to go to the Web Site, it will try to start a session 192.168.l.50:5789Y.Y.Y.Y:80. The messages destined for Y.Y.Y.Y will be sent to a computer that is acting as a Gateway (this is a computer that can talk to both the Private Network and the Internet and does NAT). On the Private Network this Computer is know as 192.168.1.1 while on the Internet it is known as Z.Z.Z.Z. When the message gets to it, it will alter the reference in the message that says "I am from 192.168.l.50" to say "I am from Z.Z.Z.Z". It will also assign its own Port Number from the stating sessions range (let us say 7777). Thus it starts its own session of Z.Z.Z.Z:7777Y.Y.Y.Y:80 with the Web Site. It also adds to a table the fact that it's Port 7777 is really 192.168.l.50:5789. This is the reason for NOT keeping the real computer's Port Number. It must be able to tell who it is acting as and using the real computer's Port Number can cause problems if another computer (such as 192.168.1.99) wants to start a session as 192.168.l.99:5789 (IOW: using the same Port Number as 192.168.l.50 is using). By assigning a Port number of 7778 to 192.168.l.99's request the two attempts to use Port Number 5789 are kept separate.

To the Internet, the two sessions LOOK like they are the same computer (which in reality they are since they are being sent to/from the Gateway Computer). As each message comes in from the Internet the Gateway Computer uses the Port Number in the incoming message to determine who to send it to on the Private Network and it sends the message to the Private Network with the correct 192.168.1.X address and Port Number). Internet directed messages get the same treatment in the other direction (use the table to get the Internet side address and port and send it on its way).

It is all very elegant. The Internet sees the whole Private Network as being the Gateway Computer (and is not even aware of the Private Network) while the computers on the Private Network see the Gateway as the Internet.

reply to maxthecat
Well, I know the terminology because I've set up my Linksys router to port-forward/trigger for things like XBConnect (allows you to play XBox games over non-XBLive servers)... It seems like a very simple process to get the same working for port 80 traffic, but for some reason, I seem to be having issues :P ...When I say I'm new, I mean I don't really understand the intricacies of NAT, DMZ, etc.

As for the tests, shields up reports that ports 80 and 113 are closed, everything else is stealth. Linequality couldn't ping the ip

Cool well now we have to break it down

»www.showmyip.com/ use this tell me what you get

Since the ICMP is getting Dropped. I don't think there is a setting on the GT701-WG for discarding wan pings but forwarding to your links probably has this setting for discarding pings.

Canyouseeme is reporting "connection refused, shields up reports that ports 80 and 113 are closed for business on the PC they are not stealth.

looks like we need to see if the server is open to
connections and more.

can you run pppoe. Then you could download soft pppoe for Linux set your modem to bridge, No NAT strait to PC box for a testing with no forwarding, pulling your IP inside.

»www.qwest.com/internethelp/modem···dex.html

Or use a old 56k modem in the Linux box just to test. Use your qwest name and password, that is in your modem, for the pp protocol connection

reply to maxthecat
Excellent! Got it to work! Thanks a ton wingman-- I appreciate all your help