dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
4212
gadgetboyj
Premium Member
join:2009-08-25
Staten Island, NY

gadgetboyj

Premium Member

Port forwarding with router in Actiontec DMZ

I have my Apple router behind the Actiontec, connected LAN - WAN.

My router is in the Actiontec's DMZ, and I have a web server running on my Apple router's network.

I have port 80 forwarded to the server on my Apple router. From outside my internet connection, at a neighbor's house for example, I can access the web server by typing in the web address just fine.

While I'm in my network, however, I can only access the server by typing in the IP address. Typing in the web address brings up the Actiontec's login page.

So it appears any requests coming from the Actiontec's WAN are forwarded to my router in the DMZ just fine, but requests on the Actiontec's LAN, as well as my router's LAN, are not forwarded.

I can fix this by creating a specific port forwarding rule on the Actiontec that forwards port 80 to my Apple router's address. This is redundant though, I have to forward any port I need access to internally twice, once in my router, and again in the Actiontec.

I have the same problem with any port, I'm just using 80 as an example, because of the way it brings up the Actiontec's Web UI.

Is there any way to fix this and make the Actiontec pass requests from devices connected in the LAN be forwarded to my router?
tnsprin
join:2003-07-23
Bradenton, FL

tnsprin

Member

If its in a DMZ you really shouldn't have to do any port forwarding.

Mahalo
join:2000-12-20
united state

Mahalo to gadgetboyj

Member

to gadgetboyj
Add a DNS entry for the web server in the router. Pg 145 of the document
»www.actiontec.com/suppor ··· 0_v1.pdf
hubrisnxs
join:2009-12-30
Fountain Valley, CA

1 edit

hubrisnxs

Member

I am wondering if the dmz wrks lan to wan. I am sure it does, but I hear people saying sometimes it doesn't work, and I am wondering if that is legitimate because lan to wan, or if they are crazy

At any rate, your problem is not that, it's the loopback function.

A user at the vz forums had a similiar problem, so I will cut and paste his answer from actiontec. You may need to check if your router supports loopback, I'll do some google searches and see if it does

The actiontec does not, so maybe I will share what vz forum user found out, but it applies to him being behind an actiontec only, no 2nd router. your answers may be similiar.
quote:
Can't access public static IP internally only externally
From Lbfscwiki
Jump to: navigation, search
Problem: Can't access public static IP internally only externally (LOOPBACK)

==========
Router: M14124WR ActonTec

OS: MAC

My company just started using FIOS small business (w/static IPs). We run exclusively on MACs.

We have 3 computers that we use as servers 2 are for private use and 1 is used as a public server (links for streaming audio to various clients and staff)

The public server we can access internally only via 192.186.1.x via Apple Filing Protocol (afp://) however we can't access the public static IP which is 108.27.234.xx internally. There is no problem accessing the public static IP externally. However we do need access to the public Static IP internally as well because we share music files both internally/externally and would like to fix this issue.

Here are the current settings for the Static NAT for 108.27.234.xx in the FIREWALL SETTINGS

Local Host: xxxx

Public IP Address: 108.27.234.xx

WAN Connection Type: All Broadband Services

Enable Port Forwarding For Static NAT (checked)

Protocol

Name / Ports / Action

HTTP - Web ServerTCPAny -> 80 FTP - File TransferTCPAny -> 21 HTTPS - Secured Web Server

TCP Any -> 443 Ping - ICMP Echo Request ICMP Echo Request Remote Desktop TCPAny -> 3389

UDP Any -> 3389

Could someone please shed some light on this. Thanks,

--------------------------------------------------------------------------------

Resolution:

=============
Your setup and configuration are unique, so you need to follow these instructions to correctly configure the MI424 and to open or forward the ports to your server. To program multiple static IP Addresses to your router WAN port, follow these instructions. Log into the router. Click on My Network\on the left click Network Connections. Select the type of broadband connection Verizon installed from the ONT to the router WAN port. Click Settings at the page bottom. Scroll down to Internet Protocol and click the drop down. Select the Use the Following IP Address option. Enter your FIRST IP Address of your block. Enter the subnet mask and gateway IP Address. Scroll down a little further and enter the primary and secondary DNS servers Verizon provided with your block. Click Apply Now, click on New IP Address at the page bottom. Enter your next public IP Address and subnet mask. Click Apply. Ignore the error message and apply anyway. The subnet mask Verizon uses is NOT correct for a block but they use it anyway. The router will correctly apply the IP Address to the WAN port. Continue clicking the New IP Address until all of your public IP Addresses are assigned to the routers WAN Port. Have someone outside of your LAN network ping each IP Address. All of your public IP Addresses should respond to a ping request. If any IP Address does NOT respond to a ping, the IP Address may not be provisioned for service and you cannot use that IP Address. Once your IP Addresses are entered and tested, then follow these instructions to forward the ports to any internal private IP Addresses servers using STATIC NAT. To open ports in the MI424 with multiple public IP Addresses follow these instructions. First, make sure all of your public IP Addresses have been mapped to your WAN port and that they all respond to a ping request from the Internet. Any IP Address that does NOT respond to a ping is not provisioned at Verizon and would be useless for an Internet service connection. Once the IP Addresses are all mapped and respond to a ping request, click on Firewall Settings. Click Yes On the left, click on STATIC NAT. Click the red ADD Enter the IP of the computer you wish to forward the connection too from the Internet, or click the drop down arrow and select the computer\network devices name from the list. Type in which of your PUBLIC IP Addresses you want the connection coming in on. Leave the WAN Connection setting set to All Broadband Devices. Check the box Enable Port Forwarding for Static NAT A PROTOCOL box appears. Click the drop down. There are many pre-programmed services under SHOW BASIC SERVICES. Most basic server ports are listed here. WEB\EMAIL\Etc Select SHOW ALL SERVICES and there are many more pre-programmed entries. If the ports you need are not one of the many pre-programmed entries, select SPECIFY PROTOCOL Click the red ADD that appears. In the EDIT SERVICE screen, give your program or application a name. Click the red ADD SERVER PORTS. Set your protocol to TCP Two fields appear, SOURCE and DESTINATION. NEVER touch the SOURCE port, always leave this set to ANY. DESTINATION is the computer you're opening the ports too, select SINGLE or RANGE and enter your port or ports. Click APPLY. The EDIT SERVICE SCREEN reappears. Again, click the red ADD SERVER PORTS. Set PROTOCOL to UDP Again, leave SOURCE port alone or set to ANY Set DESTINATION to SINGLE or RANGE and enter your port or ports. Click APPLY. Check the EDIT SERVICE SCREEN. You should have a TCP and a UDP entry for ever port or range of ports you're attempting to open. Once your ports are all mapped, click the APPLY button at the bottom of every page until the STATIC NAT page reappears. All of your ports should show here and they should show as ACTIVE in GREEN under status. Your ports for that public IP to the private LAN device are now open.


gadgetboyj
Premium Member
join:2009-08-25
Staten Island, NY

gadgetboyj to Mahalo

Premium Member

to Mahalo
There already appears to be an entry for my router in the DNS Server section, should i add another with different settings?

Mahalo
join:2000-12-20
united state

Mahalo

Member

Put an entry for the server on the Apple router. Example, mimic your external DNS name. If it is called MyServer.com put MyServer with an IP of 192.168.2.23 (example) in the DNS entry. Then you should be able to hit your server by "http://myserver"