how-to block ads
|
cshake
join:2009-05-12
Marcellus, NY
| SpeedStream 5200 hijacking incoming http connections?
Connections Summary |
I was able to get it working with a wireless router, and for normal use it has worked fine for a little over 4 years now. I set up NAPT only forwarding to the router (NETGEAR now, started with a Linksys, both worked fine), set the router as DMZ, turned off the firewall on the 5200, and was able to use all the ports for games, p2p, and basically found that when I did port forwarding at the 2nd router level, it worked fine.
However, I have come to find that whenever I try to forward http or https (starting at ports 80 and 443, but I also tried hosting on different ports and forwarding them), the modem seems to intercept the connection and tries to use the web interface. The web interface is disabled, so no combination of username and password works on the prompt. I enabled the web interface over http (specified port 9980), connected with a web browser to my external IP (no port specified, so :80), and was able to log into the interface!
I tried setting it as NAT only mode, with the router as the only address, again with firewall off and DMZ on, but it refuses to allow http or https traffic through to the inside network. I know the server itself is fine, I've been using it on my university connection for the past 4 years while I was at school.
Is there anything I can do to fix this, or am I destined to never be able to run my small webserver on this connection? | |
|  | | cshake
join:2009-05-12
Marcellus, NY
| Re: SpeedStream 5200 hijacking incoming http connections? Thanks for the reply! I wasn't aware of the loopback 'feature' of the router. I guess I just searched the forums instead of the FAQ as well.
Upon testing with a proxy, I do actually get the page I'm looking for, so I don't actually need to change it into bridge mode.
I contend, however, that I'm just as secure this way. While the modem has disabled firewall and DMZ enabled, the Netgear router behind it (the only thing connected directly to it) has its firewall turned on, remote access disabled, and only the ports I specify are forwarded into the lan.
I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card.
Sorry about not using the Windstream forum, but I figured this was more of a hardware issue than custom firmware. | |
| | | 
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| Re: SpeedStream 5200 hijacking incoming http connections? I will repeat that you are less secure and I mean in the 5200 itself (open to reconfiguration/take over using CSRF Attacks and other exploits that attack unsecured/insecure Router/Modem configurations) since the 5200 still has a Web Interface with both WAN and LAN side active plus being DMZ'd to the Wireless Netgear Router. The Netgear Router is likely secure and the PCs on the LAN would be taken care of by the Netgear, so that leaves the 5200 that should really be Bridged so you don't have insecure DMZ running and don't have Doubled NAT/NAPT translation being performed on each packet in and out of your LAN. Networks should always be built under the KISS principle.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
| | |
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by cshake  :I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card. Don't know what this is about as I've never heard of it since PPPoE does not use MAC IDs for authentication. It uses PPP. Just like a dial-up connection. That sounds like misconfiguration again as I know Windstream doesn't use MAC IDs. That is usually a Cable Broadband issue only since they use DHCP to assign one PC (behind the Cable Modem) the one Public IP that the Account is allowed.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
| | | |
|
