dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
26
share rss forum feed

Kieran66

join:2012-11-01
Gastonia, NC
reply to Kieran66

Re: [Modem] Port Forwarding doesn't work even with bridged modem

Click for full size
WNR2000 Port Forwarding
Yes, I have the WNR2000's DMZ set to my comp's static IP, and the first application cannot be connected to from the internet. I have a couple of arbitrary ports set up to see if I can successfully test any of them, but so far all of them appear closed. The program is set to pass through the firewall, but that shouldn't matter as I turned the wirewall OFF to test it. Did I understand your question correctly?


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

2 edits
said by Kieran66:

Yes, I have the WNR2000's DMZ set to my comp's static IP, and the first application cannot be connected to from the internet. I have a couple of arbitrary ports set up to see if I can successfully test any of them, but so far all of them appear closed. The program is set to pass through the firewall, but that shouldn't matter as I turned the wirewall OFF to test it. Did I understand your question correctly?

If your question was directed to me (you actually replied to yourself), then yes, you answered my question.

My next question is when you look at the "Router Status" page, does the router show that you are getting a public IP address from AT&T? I seem to recall seeing a warning from AT&T that they were going to start using the 10.0.0.0/8 subnet for WAN IP addresses, and put all non-static IP customers on "carrier grade" NAT. Perhaps that practice has already started in your area? It is your use of the 10.0.0.0 subnet on your LAN that reminded me of that warning.

Here is a link to an article on this site discussing that: »AT&T Warns U-Verse Users of Service Disruption

While the warning implies that only U-verse customers will be effected, that does not mean that AT&T could not have expanded the practice into standard ATM DSL areas too.

Another possibility related to AT&T's use of the 10.0.0.0 subnet, is that even if you are still getting a public IP address on your router's WAN, AT&T might be using that subnet (and have devices with the same IP addresses as devices on your LAN), that could be complicating your use of that subnet for Internet facing applications. I remember having that problem when I used Covad. They used the 192.168.1.0 subnet for some of their internal routers and switches, and that caused problems for me until I changed my private LAN subnet (and my LAN device IP addresses) to something other than 192.168.1.x.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Kieran66
In line with NetFixer See Profile's comments, there is a seemingly rarely used block of RFC 1918 reserved IP addresses which would not conflict with either the 10/8 block, or the 192.168/16 block. Carve a /24 out of the 172.16/12 block. Don't worry about all those slashes; all you need to know is the required subnet mask for a given network address.

RFC 1918 defines three ranges of IP addresses reserved for private networks. Here is the RFC ("Request For Comment"):

»www.faqs.org/rfcs/rfc1918.html

172.16/12 starts at 172.16.0.0, and runs to 172.31.255.255. You can configure the WNR2000 LAN to use 172.16.0.0 with a subnet mask of 255.255.255.0. That would mitigate any conflicts with either of the other reserved blocks.

Instead of your current 10.0.0.112 address, you would be using 172.16.0.112 on your device. Your gateway in routing would be 172,16.0.1.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
said by NormanS:

In line with NetFixer See Profile's comments, there is a seemingly rarely used block of RFC 1918 reserved IP addresses which would not conflict with either the 10/8 block, or the 192.168/16 block. Carve a /24 out of the 172.16/12 block. Don't worry about all those slashes; all you need to know is the required subnet mask for a given network address.

RFC 1918 defines three ranges of IP addresses reserved for private networks. Here is the RFC ("Request For Comment"):

»www.faqs.org/rfcs/rfc1918.html

172.16/12 starts at 172.16.0.0, and runs to 172.31.255.255. You can configure the WNR2000 LAN to use 172.16.0.0 with a subnet mask of 255.255.255.0. That would mitigate any conflicts with either of the other reserved blocks.

Instead of your current 10.0.0.112 address, you would be using 172.16.0.112 on your device. Your gateway in routing would be 172,16.0.1.

Actually AT&T uses both the 10/8 and the 172.16/12 blocks internally. Here is the ipconfig information for a tethered AT&T cell phone connection, and a traceroute to www.dslreports done using that connection.

PPP adapter AT&T Mobility:
 
        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.180.147.18
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.180.147.18
        DNS Servers . . . . . . . . . . . : 172.16.7.167
                                            172.16.7.167
        Primary WINS Server . . . . . . . : 10.11.12.13
        Secondary WINS Server . . . . . . : 10.11.12.14
 
C:\>tracert www.dslreports.com
 
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
 
  1     *        *        *     Request timed out.
  2   203 ms   157 ms   151 ms  172.26.248.2
  3   160 ms   175 ms   171 ms  172.16.7.82
  4   156 ms   152 ms   165 ms  10.251.11.32
  5   167 ms   201 ms   153 ms  10.251.10.2
  6   200 ms   166 ms   482 ms  10.252.1.1
  7   152 ms   163 ms   162 ms  209-183-048-002.mobile.mymmode.com [209.183.48.2]
  8   240 ms   143 ms   164 ms  172.16.75.1
  9   155 ms   203 ms   162 ms  12.94.97.13
 10   150 ms   162 ms   174 ms  cr1.dlstx.ip.att.net [12.122.100.26]
 11   173 ms   176 ms   165 ms  gar26.dlstx.ip.att.net [12.123.16.85]
 12   153 ms   166 ms   144 ms  4.68.62.229
 13   184 ms   812 ms   275 ms  vlan60.csw1.Dallas1.Level3.net [4.69.145.62]
 14   215 ms   180 ms   219 ms  ae-63-63.ebr3.Dallas1.Level3.net [4.69.151.134]
 15   167 ms   201 ms   177 ms  ae-7-7.ebr3.Atlanta2.Level3.net [4.69.134.22]
 16   176 ms   555 ms   207 ms  ae-2-2.ebr1.Washington1.Level3.net [4.69.132.86]
 17   186 ms   223 ms   194 ms  ae-81-81.csw3.Washington1.Level3.net [4.69.134.138]
 18   210 ms   204 ms   261 ms  ae-82-82.ebr2.Washington1.Level3.net [4.69.134.153]
 19   188 ms   199 ms   202 ms  ae-4-4.ebr2.Newark1.Level3.net [4.69.132.102]
 20   189 ms   218 ms   198 ms  ae-21-52.car1.Newark1.Level3.net [4.69.156.37]
 21   214 ms   196 ms   219 ms  NETCCESS.car1.Newark1.Level3.net [4.26.16.190]
 22   210 ms   293 ms   189 ms  0.e3-3.tbr2.mmu.nac.net [209.123.11.77]
 23   257 ms   201 ms   214 ms  0.e1-1.tbr2.oct.nac.net [209.123.10.21]
 24   177 ms   214 ms   198 ms  vlan808.esd1.oct.nac.net [209.123.10.42]
 25   181 ms   218 ms   202 ms  www.dslreports.com [209.123.109.175]
 
Trace complete.
 

FWIW, I don't see any private subnets being used on my backup AT&T WiFi hotspot connection (which goes through a traditional AT&T ATM based DSL circuit), but that does not mean that AT&T is not using mixed public/private IP addresses for some DSL locations. Here is the same traceroute to www.dslreports using that connection.

C:\>use-att.cmd
 
Pinging 192.168.1.254 with 32 bytes of data:
 
Reply from 192.168.1.254: bytes=32 time=177ms TTL=253
 
Ping statistics for 192.168.1.254:
    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 177ms, Maximum = 177ms, Average = 177ms
 
C:\>route change 0.0.0.0 mask 0.0.0.0 192.168.9.9 metric 10
You are now using the Windcrest AT&T backup connection!
 
C:\>tracert www.dslreports.com
 
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  ps1.dcs-net [192.168.9.9]
  2     3 ms     3 ms     3 ms  ap1-dcs-net [192.168.8.254]
  3   261 ms   276 ms   271 ms  192.168.1.254
  4   532 ms   340 ms   149 ms  adsl-74-240-252-1.bna.bellsouth.net [74.240.252.1]
  5   268 ms   198 ms    56 ms  70.159.210.120
  6   186 ms   177 ms   365 ms  70.159.210.122
  7   608 ms    89 ms    63 ms  70.159.210.119
  8   340 ms   118 ms   308 ms  12.81.32.144
  9   244 ms    41 ms    36 ms  12.81.32.45
 10   198 ms   156 ms   230 ms  74.175.192.138
 11   371 ms   207 ms    47 ms  cr1.nsvtn.ip.att.net [12.122.148.14]
 12   210 ms   128 ms   113 ms  cr2.attga.ip.att.net [12.122.28.105]
 13   627 ms   432 ms   211 ms  attga02jt.ip.att.net [12.123.22.153]
 14   591 ms   248 ms   188 ms  192.205.34.234
 15   451 ms   190 ms   178 ms  ash-bb1-link.telia.net [80.91.246.76]
 16   122 ms   107 ms    98 ms  nyk-bb2-link.telia.net [213.155.134.128]
 17   169 ms    65 ms   369 ms  nyk-b3-link.telia.net [80.91.247.21]
 18   120 ms    66 ms    79 ms  netaccess-tic-133837-nyk-b3.c.telia.net [213.248.99.90]
 19   413 ms   679 ms   492 ms  0.e1-4.tbr1.mmu.nac.net [209.123.10.101]
 20   336 ms   599 ms   185 ms  0.e1-1.tbr1.oct.nac.net [209.123.10.17]
 21   192 ms   247 ms   370 ms  vlan804.esd1.oct.nac.net [209.123.10.2]
 22   311 ms    64 ms   261 ms  www.dslreports.com [209.123.109.175]
 
Trace complete.
 

Also (in AT&T's defense), while they have to some extent allowed their DSL infrastructure to decay, it isn't as bad as the above traceroute seems to indicate. The excessive lag is due to a relayed WiFi connection to a very busy hotspot in my apartment complex's leasing office. A traceroute to www.dslreports.com done directly from that hotspot's Netopia 3347 router is shown below (I have access because I maintain that network).




--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.