dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
76531
share rss forum feed


jseymour

join:2009-12-11
Waterford, MI
reply to Blocked

Re: [Business] Comcast Business gateway - bridge mode/forwarding

said by Blocked :

This problem was as I see it was either:
1. Comcast running their remote access on my Cable Modem's port 80, and disallowing port 80 use for anything else.
Unnecessary for them to do that. To access the HTTP port on the cablemodem, they'd access port 80 on your cablemodem's WAN address, just as I do when I want to talk to my cablemodem. Port 80 at anywhere else would go elsewhere, and the router should ignore it.

That is: Unless the router in the cablemodem is incorrectly configured.

said by Blocked :

2. Comcast firewalling incoming port 80 for the part of Oakland I am in.
One would think that would rather annoy the Business customers in that area. Had they done that to me, I would've been on the phone raising holy hell in a NY heartbeat. ISTM unlikely.

Jim

tjsummers51l

join:2010-01-22

Just to clarify, Comcast access the modem using the Comcast network IP of the Modem, NOT the Wan IP. Just thought I'd throw that out there.



jseymour

join:2009-12-11
Waterford, MI

said by tjsummers51l:

Just to clarify, Comcast access the modem using the Comcast network IP of the Modem, NOT the Wan IP. Just thought I'd throw that out there.
They are one in the same.
Comcast's Network (WAN) <-> CM/Router <-> Customer Stuff (LAN)
When the customer has an additional router on their side of the Comcast device:
Comcast (WAN) <-> CM/Router <-DMZ-> Customer Router <-> Customer LAN
The customer-facing side of the CM/Router is its LAN side. The Comcast-facing side of the customer's router is its WAN side.

Jim

tjsummers51l

join:2010-01-22

The comcast network ip is NOT the same as the WAN IP of the modem. Customer's do not see the Network IP.



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9

said by tjsummers51l:

The comcast network ip is NOT the same as the WAN IP of the modem. Customer's do not see the Network IP.
True. The internal managerial IP that is assigned to the modem MAC is not typically known by the sub.


mynameismud

@comcast.net

I've just been handed the joys of dealing with one of these "business gateways"....

Here's my problem:

I have an ASA 5505 that is the remote end of a L2L VPN sitting behind the comcast business gateway. The VPN works fine, but I need to allow vendor support (PCAnywhere) through to a specific device. This is usually not an issue, as I can use one of the spare Public IPs to NAT to the Private IP and modify the outside_acl to allow the ports to be open from the vendors public IP..... but with this comcast device sitting in front I can't get it to "see" the public IP I'm using to NAT with. It technically isn't on any device, so the comcast box doesn't know it's there.

The only option I can see is putting another NIC in the PC I want them to have access to and somehow find a way on the comcast box to NAT the IP while only allowing their public IP to access it via PCAnywhere... and also, none of these PCs are to be allowed standard internet access due to them being critical production devices...... If I could simply get the block of static IPs they gave me sit behind an actual router I would be fine.



jseymour

join:2009-12-11
Waterford, MI

said by mynameismud :

... but with this comcast device sitting in front I can't get it to "see" the public IP I'm using to NAT with.
What do you mean by "it" in the above sentence?

said by mynameismud :

It technically isn't on any device, so the comcast box doesn't know it's there.
By "it" in the above sentence, I presume you mean the public IP you want to use to port-forward to a given device on your LAN?

said by mynameismud :

The only option I can see is putting another NIC in the PC I want them to have access to...
Why would you do that? Just give the interface you have an additional IP. Windows can handle that, these days, no? But I don't understand why you even have to do that. If you're already port-forwarding to that PC, from a public IP, just forward the additional port.

Am I missing something?

said by mynameismud :

... and also, none of these PCs are to be allowed standard internet access due to them being critical production devices...... If I could simply get the block of static IPs they gave me sit behind an actual router I would be fine.
Now I'm really confused. Or one of us is. Isn't the ASA 5505 a firewall router and VPN device?

What is your Comcast modem/router?

Jim


mynameismud

@comcast.net

said by jseymour:

What do you mean by "it" in the above sentence?
The comcast business gateway

said by jseymour:

By "it" in the above sentence, I presume you mean the public IP you want to use to port-forward to a given device on your LAN?
Yes

said by jseymour:

Why would you do that? Just give the interface you have an additional IP. Windows can handle that, these days, no? But I don't understand why you even have to do that. If you're already port-forwarding to that PC, from a public IP, just forward the additional port.
Windows can handle that, but I think you are misunderstanding... I am trying to use an additional public ip to do the port forwarding with. No packets reach that public IP because the comcast business gateway doesn't know that I am trying to use it. I can't use the public IP that I am using for the L2L VPN for the port forwarding and meet the other requirements.

said by jseymour:

Now I'm really confused. Or one of us is. Isn't the ASA 5505 a firewall router and VPN device?
Yes

said by jseymour:

What is your Comcast modem/router?
The SMC Business Gateway


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

1 edit
reply to archangel37

Ok, first question: How many static public IP's do you have from Comcast??

If you have more than one, or even one, you should have the SMC set to bypass the firewall and all filtering for the static IP block. When you do this, the static IP's look like any other normal public IP address. All ports are open to them for you to do as you wish.

I do not know that much about the ASA firewall, but you should be able to add a second IP from you block of assigned addresses to the same interface as your VPN connection. You should then be able to create the proper forwarding and firewall rules n the ASA to allow what ports you need from the second static IP address to the internal IP of your choice.



mynameismud

@johnsoncitytn.org

ropeguru, the block of 5 IPs was purchased.

I've went through and disabled the firewall, any portforwarding/triggering, and blocking on the SMC device. I had to do that so the L2L VPN would connect.

Well, you just hit on the one issue lots of people have with the ASAs. You can't "add" a secondary IP like you can with their routers/switches, and every other brand of firewall. That might throw some confusion into the loop if you aren't familar with using them, so here is how it is usually done (and this is how we do it at our main site that has a full class C subnet of public IPs)...

ISP Equip [public IP = 4.4.4.1/30]-> Router [outside IP = 4.4.4.2/30] [inside IP = 5.5.5.1/24] -> ASA firewall [outside IP = 5.5.5.2/24] [inside IP = 192.168.1.1/24] [DMZ IP = 10.1.1.0/24]

We can then use a public IP on the ASA for say, our web server that has a DMZ address of 10.1.1.50 so that we nat it to 5.5.5.50. Then do the same for our FTP server..etc.

I don't mean to insult anyone by giving such a basic diagram, but that is how I've always setup my firewalls to NAT and that's how I've always seen it done. But in these cases we have an actual router that we can config with it's inside subnet having a route to it provided by the ISP. It then doesn't matter what is on the inside since the router sees it as a connected network and just forwards the traffic. All the ISP worries about in the above is having a route to the 5.5.5.0/24 subnet, and we handle it from there. In the situation I'm in now, it appears that the SMC needs to see a device using the additional public IPs in order for it to populate a route to that IP.

For instance if you do a tracert to the public IP of my asa at this remote site, the last hop is through the IP of the SMC gateway. If you tracert to one of the other public IPs that we purchased, it gets dropped as there is no device using that IP telling the gateway that a route is needed. What I really need is a way to get the SMC gateway to populate a route back to comcast for the other public IP, so that it can then be used on the ASA as a NAT IP....



jseymour

join:2009-12-11
Waterford, MI
reply to mynameismud

said by mynameismud :

said by jseymour:

What do you mean by "it" in the above sentence?
The comcast business gateway
With the Comcast device sitting in front you cant' get the Comcast Business Gateway to see the public IP you're using to NAT with???

I'm sorry, but that isn't making sense to me.

said by mynameismud :

said by jseymour:

By "it" in the above sentence, I presume you mean the public IP you want to use to port-forward to a given device on your LAN?
Yes
Okay.

said by mynameismud :

... I think you are misunderstanding... I am trying to use an additional public ip to do the port forwarding with.
Oh, I understood that, I just don't understand why. You already have a public IP for which you're forwarding ports to the PC, right? Why not just forward the additional port(s) you want/need for the same public IP?

said by mynameismud :

No packets reach that public IP because the comcast business gateway doesn't know that I am trying to use it.
The CBG doesn't care if you're trying to use additional public IPs or not. If you have 5 static IPs, it's going to be set up for those 5 static IPs.

said by mynameismud :

I can't use the public IP that I am using for the L2L VPN for the port forwarding and meet the other requirements.
I cannot imagine any "other requirements" that would preclude you using the same public IP to forward two different ports to the same inside machine, save perhaps for some clueless MS-"educated" IT department's misguided effort to create security by obscurity.

said by mynameismud :

said by jseymour:

Now I'm really confused. Or one of us is. Isn't the ASA 5505 a firewall router and VPN device?
Yes
Very well. See next question.

said by mynameismud :

said by jseymour:

What is your Comcast modem/router?
The SMC Business Gateway
Which "SMC Business Gateway?" Is it an SMC8014, by chance? If so: I would set the 8014 for Disable Firewall for True Static IP Subnet Only and Disable Gateway Smart Packet Detection, set my (inside) router's WAN to the public IP/network assigned me by Comcast, and let it do all the filtering/firewalling/NATing/port-forwarding/etc.

But before you go mucking-about and possibly breaking things, I'll reiterate: Having the public IP you're apparently already successfully using to port-forward to the inside PC forwarding an additional port is no different from using a second IP to forward that same port, except the latter is unnecessarily more complicated.

Jim


mynameismud

@johnsoncitytn.org

Jim, see my above reply to ropeguru. You are misunderstanding the issue I am having with the SMC device and the public IPs.

"Oh, I understood that, I just don't understand why. You already have a public IP for which you're forwarding ports to the PC, right? Why not just forward the additional port(s) you want/need for the same public IP?"

"But before you go mucking-about and possibly breaking things, I'll reiterate: Having the public IP you're apparently already successfully using to port-forward to the inside PC forwarding an additional port is no different from using a second IP to forward that same port, except the latter is unnecessarily more complicated."

No, I'm trying to use ANOTHER Public IP in the block that was purchased with the service to NAT with.

One public IP for the ASA's outside interface.
Another public IP for NAT to the private IP of the PC.
The SMC device is using the "gateway" Public IP.

No traffic is reaching the IP I'm trying to NAT with, which I believe is due to the SMC not seeing it used on an actual device with a MAC arped to it.

As far as the model, I'm not sure. I'll be onsite this afternoon and can check then.

"I cannot imagine any "other requirements" that would preclude you using the same public IP to forward two different ports to the same inside machine, save perhaps for some clueless MS-"educated" IT department's misguided effort to create security by obscurity."

I can do that perfectly fine on the ASA, the issue is with the SMC "seeing" the IP since it isn't connected to an actual device.

And drop the attitude, please.... I realize this might not be the most productive arena for this discussion, but seeing as how I can't bring you to the site to look at it, then this forum will have to do. I think if you did come to the site, see the requirements needed and the issues we are having, then you would understand.



ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

said by mynameismud :

I can do that perfectly fine on the ASA, the issue is with the SMC "seeing" the IP since it isn't connected to an actual device.

I do not understand this part... When you setup the SMC to not hinder your public IP's at all, they are a true routed block of IP's.

So, if you have a block of 5 usable the top IP is the gateway IP for the block and the 5 IP's below it are your usable IP's.

So, if you have a block assigned, and I am just using these IP's as an example, where your default gateway for the block is 192.168.1.6, your five usable are 192.168.1.1-5. Your ASA public interface already has one public assigend to is and should look like IP=192.168.1.1, netmask=255.255.255.248, defaultGW=192.168.1.6. Any IP in that block would work and be fully accessible to that interface.

Here is a quick write up I found on how to add multiple IP's to the single ASA interface:

Hello ssittig,

Basically, you just put static NAT statements in for each IP address specifying both outside public (translated) address and inside private address. You can implement one-to-one NAT, which essentially maps all TCP/UDP ports from the public to the private address, or you can implement port redirection where you only map specific ports from outside to inside addresses. Having said that, that doesn't mean you have to allow all those ports through the firewall...it's just for mapping purposes.

To implement one-to-one NAT for your 5 addresses, say to inside IP's 192.168.1.249-253, you would do this:

static (inside,outside) x.x.110.249 192.168.1.249 netmask 255.255.255.255
static (inside,outside) x.x.110.250 192.168.1.250 netmask 255.255.255.255
static (inside,outside) x.x.110.251 192.168.1.251 netmask 255.255.255.255
static (inside,outside) x.x.110.252 192.168.1.252 netmask 255.255.255.255
static (inside,outside) x.x.110.253 192.168.1.253 netmask 255.255.255.255

Note that the above commands DO NOT allow any traffic inbound to those addresses, it just sets up the mapping. To allow traffic to those addresses, you would use "access-list" statements, like below:

access-list outside_access_in permit tcp any host x.x.110.249 eq smtp
access-group outside_access_in in interface outside

The first "access-list command above would allow SMTP (e-mail) traffic from any external host on the Internet to IP address x.x.110.249 which maps to inside address 192.168.1.249. The second "access-group" command then applies that access-list (named "outside_access_in") to the outside interface in an inbound direction.

If you want to just map specific ports from the public addresses to inside addresses, then the static command would take the form:

static (inside,outside) tcp x.x.110.249 smtp 192.168.1.249 smtp netmask 255.255.255.255

The above command would only map the SMTP port from the public address x.x.110.249 to inside address 192.168.1.249. You would still have to put in the access-list mentioned above to allow inbound SMTP traffic. With this form of the static command, if you put in an access-list command that tried to allow other port traffic inbound, it wouldn't work because you have only mapped the single port TCP 25 (SMTP) in your static. That's the difference between this form of the static and the first form presented above.

Hopefully, that will get you off to a good start...good luck!

»www.experts-exchange.com/Securit···515.html


jseymour

join:2009-12-11
Waterford, MI
reply to mynameismud

said by mynameismud :

Jim, see my above reply to ropeguru. You are misunderstanding the issue I am having with the SMC device and the public IPs.
I think I see part of the problem, right here, if what you wrote there is correct:
said by mynameismud :

ISP Equip [public IP = 4.4.4.1/30]-> Router [outside IP = 4.4.4.2/30] [inside IP = 5.5.5.1/24] -> ASA firewall [outside IP = 5.5.5.2/24] [inside IP = 192.168.1.1/24] [DMZ IP = 10.1.1.0/24]
A /30 is only four addresses, two usable. One will be the CBG's address, leaving one usable. You need a /29 to get 6 usable, 5 for your own use.

Here's another problem with something you wrote there:
said by mynameismud :

For instance if you do a tracert to the public IP of my asa at this remote site, the last hop is through the IP of the SMC gateway. If you tracert to one of the other public IPs that we purchased, it gets dropped as there is no device using that IP telling the gateway that a route is needed.
...
... the issue is with the SMC "seeing" the IP since it isn't connected to an actual device.
That isn't how routing works. It's not how traceroute works, either. If you have, say,
Network: 1.2.3.8/29
HostMin: 1.2.3.9
HostMax: 1.2.3.14
Broadcast: 1.2.3.15
Hosts/Net: 6
and routing is set up correctly everywhere, a traceroute, ping or other traffic directed toward, say, 1.2.3.11 is going to go to and through that router, regardless of whether 1.2.3.11 actually exists on the interface configured for 1.2.3.8/29.

said by mynameismud :

And drop the attitude, please...
Sorry, just trying to make sense of what you were trying to say. I'll leave you to it, then, shall I?

Good luck.

Jim


mynameismud

@johnsoncitytn.org
reply to ropeguru

said by ropeguru:

Here is a quick write up I found on how to add multiple IP's to the single ASA interface:

Hello ssittig,

Basically, you just put static NAT statements ..... have only mapped the single port TCP 25 (SMTP) in your static. That's the difference between this form of the static and the first form presented above.

Hopefully, that will get you off to a good start...good luck!

»www.experts-exchange.com/Securit···515.html
ropeguru, maybe I didn't explain it very well in my original description. What you linked to and posted there is what I am doing. That doesn't really add the IP to the interface like I thought you were inclining that I do. On cisco routers/switch you can assign a secondary IP to an interface. Much like you can put a second IP on a windows NIC. Sorry for the confusion.


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

said by mynameismud :

ropeguru, maybe I didn't explain it very well in my original description. What you linked to and posted there is what I am doing. That doesn't really add the IP to the interface like I thought you were inclining that I do. On cisco routers/switch you can assign a secondary IP to an interface. Much like you can put a second IP on a windows NIC. Sorry for the confusion.
Yep, they are actually virtual IP's on the single interface as the link described. If you have the SMC and your interface setup correctly, the SMC acts as a true router and it should work just fine. The SMC doesn't have to "see" anything additional.


mynameismud

@johnsoncitytn.org
reply to jseymour

said by jseymour:

said by mynameismud :

ISP Equip [public IP = 4.4.4.1/30]-> Router [outside IP = 4.4.4.2/30] [inside IP = 5.5.5.1/24] -> ASA firewall [outside IP = 5.5.5.2/24] [inside IP = 192.168.1.1/24] [DMZ IP = 10.1.1.0/24]
A /30 is only four addresses, two usable. One will be the CBG's address, leaving one usable. You need a /29 to get 6 usable, 5 for your own use.
Jim, in that description I was describing how my ISP connection that comes into my main site, not the remote site which has the CBG in it. Having a /30 on it works fine.

said by jseymour:

Here's another problem with something you wrote there:
said by mynameismud :

For instance if you do a tracert to the public IP of my asa at this remote site, the last hop is through the IP of the SMC gateway. If you tracert to one of the other public IPs that we purchased, it gets dropped as there is no device using that IP telling the gateway that a route is needed.
...
... the issue is with the SMC "seeing" the IP since it isn't connected to an actual device.
That isn't how routing works. It's not how traceroute works, either. If you have, say,
Network: 1.2.3.8/29
HostMin: 1.2.3.9
HostMax: 1.2.3.14
Broadcast: 1.2.3.15
Hosts/Net: 6
and routing is set up correctly everywhere, a traceroute, ping or other traffic directed toward, say, 1.2.3.11 is going to go to and through that router, regardless of whether 1.2.3.11 actually exists on the interface configured for 1.2.3.8/29.
Jim, here are the public IPs:

CBG 173.164.8.166
ASA 5505 173.164.8.161
IP attempting to use for NAT 173.164.8.162

I understand what you saying, but I still an not able to get any packets to 173.164.8.162 because the CBG is not routing then to the ASA, which is 173.164.8.161. That is the point I was trying to make with my description to ropeguru.

If I had a way to setup the CBG to send traffic bound for .162 to .161 (as I do at my main site) then I would be set. But it appears that that isn't possible with the way comcast has provisioned this service.


mynameismud

@johnsoncitytn.org
reply to ropeguru

said by ropeguru:

Yep, they are actually virtual IP's on the single interface as the link described. If you have the SMC and your interface setup correctly, the SMC acts as a true router and it should work just fine. The SMC doesn't have to "see" anything additional.
If I didn't have the CBG and my ASA setup correctly, then how would it be routing to the ASA IP now?


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

Wrong subnet mask that puts the other IP into a different subnet and therefore not accessible...



mynameismud

@johnsoncitytn.org

said by ropeguru:

Wrong subnet mask that puts the other IP into a different subnet and therefore not accessible...
I'm not sure I follow you on this.... What device do you think I might have the wrong subnet mask on? The only two devices are the CBG and the ASA, and the ASA is communicating fine over the internet. It has to for the L2L VPN to be working. There is no SM option entered when using the second public IP to NAT...


jseymour

join:2009-12-11
Waterford, MI
reply to mynameismud

said by mynameismud :

Jim, here are the public IPs:

CBG 173.164.8.166
ASA 5505 173.164.8.161
IP attempting to use for NAT 173.164.8.162
From this, I assume you have 173.164.8.160/29 assigned you by Comcast.

said by mynameismud :

I understand what you saying, but I still an not able to get any packets to 173.164.8.162 because the CBG is not routing then to the ASA, which is 173.164.8.161.
Of course not, because the ASA is only ARPing for 173.164.8.161. Something arrives at the CBG for .162, it asks (on its "LAN" side) "Hey, who has this address?" and nobody answers.

said by mynameismud :

If I had a way to setup the CBG to send traffic bound for .162 to .161 (as I do at my main site) then I would be set. But it appears that that isn't possible with the way comcast has provisioned this service.
.162 is the VPN end-point for that end of the VPN, no? Okay. I don't know the ASA, or its predecessor, the PIX, at all, but, from what little I've read there's no reason you can't set up .162 on the ASA's "WAN" side and forward whatever you want.

I'm assuming that the "router" you showed in your ASCII diagram earlier doesn't actually exist at this remote site, that the connection is CBG<->ASA.

Jim


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA
reply to mynameismud

said by mynameismud :

I understand what you saying, but I still an not able to get any packets to 173.164.8.162 because the CBG is not routing then to the ASA, which is 173.164.8.161. That is the point I was trying to make with my description to ropeguru.

If I had a way to setup the CBG to send traffic bound for .162 to .161 (as I do at my main site) then I would be set. But it appears that that isn't possible with the way comcast has provisioned this service.
Does CBG=SMC??

Comcast uses RIP to setup the routing to an end user's block of IP's. They assign the block in your SMC and anything to that block Comcast knows about and routes appropriately. If I traceroute to one of your IP's that is not is use, of course it is going to die at your gateway. But as soon as you add it as a virtual IP to your WAN interface, when there is a broadcast asking whos has this IP, your ASA should, if configured correctly, answer up and the same mac is tied to both IP's.

I currently have a pfsense firewall setup at home where the WAN has a one static IP and three virtual IP's doing just what you want to do. The main IP is for my LAN access to the internet and the virtual IP's are 1:1 NAT to my DMZ for various services.


mynameismud

@omcastbusiness.net

Problem solved!!!

Are you ready???

I noticed the VPN drop about 30 minutes ago and stay down for several minutes. When it came back up I checked the ASA. It had reloaded, so I called the plant to see if someone had unplugged it for some reason or if maybe I had an issue with the power supply, etc...

Turns out the supervisor installed a UPS for the ASA and CBG, which I had asked him to earlier this week so they wouldn't lose power while waiting for the generator to kick in. So, no biggy... Then I get a call from the support vendor asking what setting I had to change to get PCAnywhere working. Well, I hadn't made any changes. He tells me it is working fine now, and I verified that I can now PCAnywhere into the box as well.

I double checked my ASA config and I didn't see any changes. The only thing I can figure is that the CBG didn't take the changes I made to it to turn off the firewall and other settings. But the L2L VPN wouldn't come up until I made those changes to the CBG, so I don't really know what the issue was. I never power cycled the CBG after I made any changes because I didn't think it would need reloaded....



ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

Glad it is working, but for cclarification could you still please define what a "CBG" is??



jseymour

join:2009-12-11
Waterford, MI

said by ropeguru:

Glad it is working,
<AOL>

said by ropeguru:

but for cclarification could you still please define what a "CBG" is??
My bad. I started using "CBG" for "Comcast Business Gateway" because we didn't know for sure what he has and I got tired of typing-in "Comcast Business Gateway" all the time

Jim


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

said by jseymour:

said by ropeguru:

Glad it is working,
<AOL>

said by ropeguru:

but for cclarification could you still please define what a "CBG" is??
My bad. I started using "CBG" for "Comcast Business Gateway" because we didn't know for sure what he has and I got tired of typing-in "Comcast Business Gateway" all the time

Jim
Thanks.. Didn't think of that...


Tordek
Make the outages go away
Premium
join:2009-09-07
Great White
kudos:2
reply to jseymour

said by jseymour:

...I got tired of typing-in "Comcast Business Gateway" all the time
Thats why i have Hotkeys / Macros

Comes in REAL handy


JTC
Always Mount A Scratch Monkey

join:2002-01-09
USA

1 recommendation

reply to jseymour

said by jseymour:

said by ropeguru:

Glad it is working,
<AOL>

said by ropeguru:

but for cclarification could you still please define what a "CBG" is??
My bad. I started using "CBG" for "Comcast Business Gateway" because we didn't know for sure what he has and I got tired of typing-in "Comcast Business Gateway" all the time
I was parsing it as Comcast Border Gateway for some reason. Normally in a forum, I just call it the SMC.

Personally tho, I tend to refer to it as 'THAT FSCKING FPOS!%^$!^%$!%^!!!!', but that's less presentable.
--
All hardware sucks, all software sucks, some just suck more than others

ethanwa

join:2009-02-24
reply to archangel37

I have the EXACT same problem as the original poster to this thread. I cannot see my web servers internally to the network. I have a dynamic IP with DynDNS. I will call Comcast tomorrow and get a static IP and post if that fixes the problem. I'm pretty sure it will.

Ethan



JTC
Always Mount A Scratch Monkey

join:2002-01-09
USA

said by ethanwa:

I have the EXACT same problem as the original poster to this thread. I cannot see my web servers internally to the network. I have a dynamic IP with DynDNS. I will call Comcast tomorrow and get a static IP and post if that fixes the problem. I'm pretty sure it will.
At the very least, it will make it a heck of a lot easier to setup.

Have you checked the SMC and made sure that all the extra crap is turned off on it?
--
All hardware sucks, all software sucks, some just suck more than others