Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to cshake
Re: SpeedStream 5200 hijacking incoming http connections?
said by cshake  :I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card. Don't know what this is about as I've never heard of it since PPPoE does not use MAC IDs for authentication. It uses PPP. Just like a dial-up connection. That sounds like misconfiguration again as I know Windstream doesn't use MAC IDs. That is usually a Cable Broadband issue only since they use DHCP to assign one PC (behind the Cable Modem) the one Public IP that the Account is allowed.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to cshake
I will repeat that you are less secure and I mean in the 5200 itself (open to reconfiguration/take over using CSRF Attacks and other exploits that attack unsecured/insecure Router/Modem configurations) since the 5200 still has a Web Interface with both WAN and LAN side active plus being DMZ'd to the Wireless Netgear Router. The Netgear Router is likely secure and the PCs on the LAN would be taken care of by the Netgear, so that leaves the 5200 that should really be Bridged so you don't have insecure DMZ running and don't have Doubled NAT/NAPT translation being performed on each packet in and out of your LAN. Networks should always be built under the KISS principle.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cshake
join:2009-05-12
Marcellus, NY
| reply to Doctor Olds
Thanks for the reply! I wasn't aware of the loopback 'feature' of the router. I guess I just searched the forums instead of the FAQ as well.
Upon testing with a proxy, I do actually get the page I'm looking for, so I don't actually need to change it into bridge mode.
I contend, however, that I'm just as secure this way. While the modem has disabled firewall and DMZ enabled, the Netgear router behind it (the only thing connected directly to it) has its firewall turned on, remote access disabled, and only the ports I specify are forwarded into the lan.
I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card.
Sorry about not using the Windstream forum, but I figured this was more of a hardware issue than custom firmware. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to cshake
You can't test a LAN based Web Server from inside the same LAN trying to use the WAN IP. You have to be outside testing from the WAN side.
»Efficient Networks Forum FAQ »I'm trying to run a Server and I get the Router page instead of my Server?
It is best to set the 5200 Modem/Router into Bridge Mode and then setup your Wireless Router to handle the connection completely using PPPoE. That way you only have to Forward Ports in the Wireless Router. You are actually less secure the way you have it with things partially disabled and DMZ'd.
The only time the 5200 Web Interface is disabled is when the Modem is in Bridge Mode using the manual link here: »192.168.254.254/brgmode.htm
»Windstream DSL FAQ »How do I change into Bridged Mode with the 4200 or 5200?
BBR has a dedicated »Windstream Forum.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cshake
join:2009-05-12
Marcellus, NY
| 
Connections Summary |
I was able to get it working with a wireless router, and for normal use it has worked fine for a little over 4 years now. I set up NAPT only forwarding to the router (NETGEAR now, started with a Linksys, both worked fine), set the router as DMZ, turned off the firewall on the 5200, and was able to use all the ports for games, p2p, and basically found that when I did port forwarding at the 2nd router level, it worked fine.
However, I have come to find that whenever I try to forward http or https (starting at ports 80 and 443, but I also tried hosting on different ports and forwarding them), the modem seems to intercept the connection and tries to use the web interface. The web interface is disabled, so no combination of username and password works on the prompt. I enabled the web interface over http (specified port 9980), connected with a web browser to my external IP (no port specified, so :80), and was able to log into the interface!
I tried setting it as NAT only mode, with the router as the only address, again with firewall off and DMZ on, but it refuses to allow http or https traffic through to the inside network. I know the server itself is fine, I've been using it on my university connection for the past 4 years while I was at school.
Is there anything I can do to fix this, or am I destined to never be able to run my small webserver on this connection? |
|
