Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to cshake
Re: SpeedStream 5200 hijacking incoming http connections?
You can't test a LAN based Web Server from inside the same LAN trying to use the WAN IP. You have to be outside testing from the WAN side.
»Efficient Networks Forum FAQ »I'm trying to run a Server and I get the Router page instead of my Server?
It is best to set the 5200 Modem/Router into Bridge Mode and then setup your Wireless Router to handle the connection completely using PPPoE. That way you only have to Forward Ports in the Wireless Router. You are actually less secure the way you have it with things partially disabled and DMZ'd.
The only time the 5200 Web Interface is disabled is when the Modem is in Bridge Mode using the manual link here: »192.168.254.254/brgmode.htm
»Windstream DSL FAQ »How do I change into Bridged Mode with the 4200 or 5200?
BBR has a dedicated »Windstream Forum.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
cshake
join:2009-05-12
Marcellus, NY
| Thanks for the reply! I wasn't aware of the loopback 'feature' of the router. I guess I just searched the forums instead of the FAQ as well.
Upon testing with a proxy, I do actually get the page I'm looking for, so I don't actually need to change it into bridge mode.
I contend, however, that I'm just as secure this way. While the modem has disabled firewall and DMZ enabled, the Netgear router behind it (the only thing connected directly to it) has its firewall turned on, remote access disabled, and only the ports I specify are forwarded into the lan.
I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card.
Sorry about not using the Windstream forum, but I figured this was more of a hardware issue than custom firmware. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| I will repeat that you are less secure and I mean in the 5200 itself (open to reconfiguration/take over using CSRF Attacks and other exploits that attack unsecured/insecure Router/Modem configurations) since the 5200 still has a Web Interface with both WAN and LAN side active plus being DMZ'd to the Wireless Netgear Router. The Netgear Router is likely secure and the PCs on the LAN would be taken care of by the Netgear, so that leaves the 5200 that should really be Bridged so you don't have insecure DMZ running and don't have Doubled NAT/NAPT translation being performed on each packet in and out of your LAN. Networks should always be built under the KISS principle.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to cshake
said by cshake  :I set it up this way originally because the modem only worked when a PC was connected with their software suite that 'registered' the username and password for the account. It kept track of the MAC address of this 'authorized' computer for the account after it had entered the account details, and I was only able to connect the router and have the DSL work when I turned on MAC spoofing to duplicate the PC's network card. Don't know what this is about as I've never heard of it since PPPoE does not use MAC IDs for authentication. It uses PPP. Just like a dial-up connection. That sounds like misconfiguration again as I know Windstream doesn't use MAC IDs. That is usually a Cable Broadband issue only since they use DHCP to assign one PC (behind the Cable Modem) the one Public IP that the Account is allowed.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
