dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8088
share rss forum feed

kenrogers4

join:2007-09-27
Bandera, TX

pinhole vs setting up dynamic DNS

I posted a question about setting up a pinhole after a changeover
from DSL to Uverse and got the following from DavidG:

just use a dynamic dns service, there are several out there, to point
to your catalog. then set you link on the web page to point to the
page name. say you name it banderalib.dyndns.org, you would
change the link on your main page from »70.128.153.246/cataloging
/servle···y+Search to »banderlib.dyndns.org/cataloging/···y+Search
you run a client on your machine or router, and the link is always
updated without you having to do anything.

I now know the new (supposedly temporary) IP address for the new
uverse router. It is 99.66.110.99. If I enter this on the browser
address line (or in trying to click through to the catalog server on
our web site,) IE comes up with a warning and this line:

There is a problem with this website's security certificate.

plus ways to navigate to the site anyway. So if I set up a dynamic
dns like DavidG suggests it will not get me to the catalog like the
pinhole did that he helped me set up. And I really would not like
to set it up with this fixed IP address anyway.

The new router is a Ubiquity Air Router. I've got the manual
and they have port forwarding capability and call it a "tunnel."
I've tried some things, that haven't worked. If I could get this
working, I would be happy to change the IP address whenever it
changes (probably rarely if ever.)

So could someone who knows either how to use dynamic
dns as an address for the catalog or how to set up the
port forwarding on the Ubiquity Air Router please help.

The web site is this:

»banderalibrary.org

The online catalog link that used to work with the Netopia
pinhole is near the bottom of the page.

Thanks for any help!

Ken Rogers


davidg
Good Bye My Friend
Premium,MVM
join:2002-06-15
none
you will still have to forward the port 80 from the wan side of the router to the machine with the catalog. i have no experience with this new one, but basically you are looking for how to either change the built in Web interface to something like port 8080 and then forward port 80 to the catalog or to set your dyndns service to point to port 8080 adn forward that to the catalog. sorry, i should have included in the previous answer but some some reason i just assumed you knew this still had to happen.
--
Lack of Preparation on YOUR Part does NOT Constitute an Emergency on Mine!


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
reply to kenrogers4
said by kenrogers4:

I posted a question about setting up a pinhole after a changeover from DSL to Uverse

What is the make and model number of the modem used with the uverse internet

kenrogers33

join:2011-09-29
Bandera, TX
It's a Motorola 2210-02

kenrogers33

join:2011-09-29
Bandera, TX
reply to davidg
Hi DavidG:
I'm working on putting together a what-if plan. I think I can do the tunnel on the AirOS Router like we did on the Netopia. I'll bounce it off you when I get my homework done....Ken


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
reply to kenrogers33
The uverse internet uses the motorola 2210-02-1att modem
said by kenrogers33:

If I enter this on the browser
address line (or in trying to click through to the catalog server on
our web site,) IE comes up with a warning and this line:

There is a problem with this website's security certificate

If this is the page you see






















That page is displayed because you have not forwarded port 80 to the computer that has the content you want to serve
Right now port 80 is directed to the ubiquity air router
After you set up the port fowarding on the ubiquity air router clicking the link will display the proper content

Doing this is much easier than setting up the dynamic
dns client that you don't need because the uverse internet public ip address is just like having a static public ip address

kenrogers4

join:2007-09-27
Bandera, TX
Click for full size
Click for full size
Thanks for the help! That modem/router combination was kind of flaky. We kept losing service and had to reset the modem to
re-establish service many times! So we complained to ATT and they sent a new modem/router: a Motorola NVG510. I got it
installed yesterday and it seems to work just fine! Funny, I didn't even have to go through the registration steps...as
if it picked up our data from our previous connection somehow.

Anyway with the NVG510, it seems that setting up the portforwarding or pinhole will be easier. I could just hackaway and
try some things but I thought I'd ask you experts a few questions.

The figure above is from the NVG510 control. It is a selection page for a custom service, which for the library will be
the Destiny Catalog on our internal server. With the netopia 2246 we used port 80 for our catalog service and reset the
nominal port to 8080. Here it is wanting a "Global Port Range" and a "Base Host Port". My guess is that I use 80 for
the Base Host Port but what do I put for the Global Port Range? 8080 to 8080? (Allowable is 1 to 65535!)

That takes us to the next figure. In this one I will have added the catalog server with a label and enter the correct
IP address for the "Needed by Device" entry. When these steps are done, the catalog, seemingly, will work. Seems pretty
clear.

Or am I missing something?

And what about security? Should I do anything special to avoid a hacker getting control of our server somehow?

I would sure appreciate help with these two issues: "global port range" and "security adequacy." Any additional comments
to make all of this more understandable would be appreciated also!

Thanks!
Ken Rogers


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

With the netopia 2246 we used port 80 for our catalog service and reset the
nominal port to 8080. Here it is wanting a "Global Port Range" and a "Base Host Port"

The global port range refers to the internet port number
The base host port refers to the port number used on the lan

If the destiny catalog server is using port 8080 and the internet port is 80
The global port would be 80
The base host port would be 8080

If the destiny catalog server is using port 80 and the internet port is 80
The global port would be 80
The base host port would be 80
said by kenrogers4:

And what about security? Should I do anything special to avoid a hacker getting control of our server somehow?

The security is the same as it was with the 2246

kenrogers4

join:2007-09-27
Bandera, TX
Thanks for the quick reply! With the 2246, the nominal port in use was 80 and I changed it to 8080. Then I made port 80 the one to
use with the catalog server within the library. So from what you say
I would leave the base port as 80 and designate 80 to 80 as the
global port range. Correct?

Thanks again, Ken


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

With the 2246, the nominal port in use was 80 and I changed it to 8080

I'm unfamiliar with how you use the term "nominal" does it refer to the port number used by the internal server?
If I don't know your definition of the terms you use I can't provide good answers

The global port number refers to the port number used on the internet
The base host port number can be the same as the global port number unless the internal server is configured to use a different port number

kenrogers33

join:2011-09-29
Bandera, TX
Sorry about the confusion. I think my "nominal" equates to "external internet." Trouble is I know enough to be dangerous. When setting up the pinhole on the 2246 (or later 2247) I first changed the port from 80 to 8080 but left the catalog server access to port 80. Why that first change was necessary, I don't really know or how it is related to this Global Port Range (GPR) setting. Anyway, it worked and our catalog was available from outside the library. That's what I'm trying to accomplish now. Maybe I'll try both: GPR 8080 to 8080 and GPR 80 to 80. Then see if either or both work. Maybe GPR as 80 to 8080 is the correct choice. But that would seem to open the system up to security hazards.
Thanks again, Ken Rogers


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers33:

I think my "nominal" equates to "external internet."

This clears this up for me
"external internet." is the global port range

The server is listening to a certain port number most likely 80 unless you have changed the port number

All web browsers use port 80 for http by default unless the user appends a port number to the url.....so if your catalog server is set to port 80
The global port is 80 and the base host port is aslo 80
The global port has two fields so a range of port numbers can be specified when only one number is needed the second field can be left blank....unless the router complains
Also when the global and base port numbers are the same you may be able to leave the base field blank ....unless the router complains

kenrogers4

join:2007-09-27
Bandera, TX
Thanks for the help! I did try the things discussed above without success. But I was hurrying and may have goofed up. Will keep trying. Ken

kenrogers4

join:2007-09-27
Bandera, TX
Got it working! Have the global range set as 80 to 80. Everything as we've discussed. Thank you, thank you, wayjac and davidg for this and past help!!!
Ken Rogers

kenrogers4

join:2007-09-27
Bandera, TX
One final question, wayjac or davidg. Is the security for this setup as good as it was before with the Netopia? Ken


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

Is the security for this setup as good as it was before with the Netopia?

I think the security for the nvg510 is just as good as the netopia's security

Did you know that motorola owns the netopia brand

kenrogers4

join:2007-09-27
Bandera, TX
Yep, but you sure can't tell it from the control pages: Netopia 2246 and 2247 utterly different from either M 2210 or 510. Different worlds...I doubt the designers talk to each other.

kenrogers4

join:2007-09-27
Bandera, TX
A puzzle: With the Netopias we could access the catalog from within the library. Now with the NVG510 we can access the catalog from outside the library (i.e., from home) but not from within the library. This made me think I had failed to get it working initially! But when I went home and, on a whim, tried it, it was working!!! Elated, you bet, but puzzled. Makes testing more difficult because I have to go home or have a cohort test from their home if I try something new. Any ideas as to why? Thanks, Ken


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

Now with the NVG510 we can access the catalog from outside the library (i.e., from home) but not from within the library

It's very normal to not be able to access "services" on your lan by using your public ip address when using att issued equipment

kenrogers4

join:2007-09-27
Bandera, TX
Back at the start of this sequence I asked about problems with dynamic IP addresses. Now we have gone through several modem/router combinations and I have a form of pinhole working with a fixed IP address.

At zerigo.com I established a free domain, bandlibcat.org, for the purpose of dynamically determining the IP address when it changes (even if rarely) so I don't have to go in and edit the web site when it changes. What I have on our website is an entry like this:

»{IP address}/...etc.

What I want is this:

»bandlibcat.org/...etc.

If the dynamic domain will get the current IP address (from ATT servers with the info) and substitute it, everything will be working like I want it to. When I tried to go about using ATT servers, to get the current IP address to use in the new dynamic domain, I couldn't get anywhere. I got on a chat with ATT tech support and they were no help at all. I sent zerigo support an email stating the question as above with no answer. Can anyone here, wayjac or davidg, please give me a clue as to how to do this?

Thanks, Ken


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

If the dynamic domain will get the current IP address (from ATT servers with the info) and substitute it

The nvg510 has the current public ip address

You should be able to "attach" the public ip address to the domain name at the zerigo website
You should also be able to find out how to update the public ip address

kenrogers4

join:2007-09-27
Bandera, TX
I got onto the zerigo website to try to "attach" as you suggested and went all over clicking on all possibilities. Couldn't see anything that came close. They want to use their servers (with fees of course) and don't seem to have any sort of way to do what we need. Maybe another dynamic dns outfit will. There are lots to choose from.

waltersaegir

join:2002-05-24
Los Altos, CA
Keep us posted on your progress.
I'm scheduled for an installation tomorrow and I will be facing the same problem.
I suppose there is still no documentation for the NVG510.

OpenDNS.com has some support for Dynamic IP. Not sure how their solutions compare with others.


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
reply to kenrogers4
I used the wrong term........

I found that zerigo has a api that will update the ip address....
I think this is a waste of time for you because your public ip address won't be changing

kenrogers4

join:2007-09-27
Bandera, TX
reply to waltersaegir
I've been favorably impressed with the NVG510. It has lots of help definitions, almost documentation, on the control pages. So it helped me a lot in setting up the port forwarding (or pinhole.) I looked at your OpenDNS.com site and found a client called "OpenDNS-Updater-2.2.1.exe." This purportedly "sends your network's new IP Address to OpenDNS whenever it should change." I saved it and have it now but I really don't know how to use it. Working.... Suggestions welcome!

kenrogers4

join:2007-09-27
Bandera, TX
reply to wayjac
It has changed once since we got Uverse. Granted...seldom. What's the API and how do you use it? And thank you for sticking in there with me!


wayjac
Premium,MVM
join:2001-12-22
Indy
kudos:1
said by kenrogers4:

It has changed once since we got Uverse. Granted...seldom

That ip change was prompted when the modem was changed

I have no experinance with the use and configuration of the software or the api

kenrogers4

join:2007-09-27
Bandera, TX
I just went poking around Zerigo and found their API areas. I guess their API is like the "OpenDNS-Updater..." client and I presume you would launch it periodically (perhaps daily) to update a file that the sets the IP address on the website that links to the catalog. All pretty vague so far. Groping.