dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
24
share rss forum feed
« Comcast hbo goIPV6 »
This is a sub-selection from Can't Ping, Router & Ports


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

reply to humulu

Re: Can't Ping, Router & Ports

If the servers behind the secondary router are using private IP addresses, then you will still need to do port forwarding in the secondary router to the server. Also, you won't be able to use port 445 on a Comcast connection (either business or residential) because Comcast blocks that port (Ports blocked on Comcast's network )

If you are using public IP addresses in the same subnet on the LAN and WAN of the secondary router, that will also be problematic for most soho grade routers (you would have to have a router that supported a true DMZ interface, not the typical software pseudo DMZ for a single server).

You are going to have to supply some actual details of exactly how everything is connected and configured in order to get advice that is not just a generic guess.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

humulu

join:2013-01-28
San Mateo, CA
Thanks for the responses. So here is the setup (I modified the public addresses):

Hardware
=======
* One Comcast box
* One additional router (R1)
* One server S1
* One additional wireless router (R2)
* SBS box \w 2 NICs

Connections
=========
* Router R1: WAN port conncted to Comcast
* Server S1: Connected to LAN on R1
* Router R2: WAN port conncted to Comcast
* SBS: One NIC connected to Comcast, one NIC connected to switch (SBS acts as DHCP server)

Configuration
==========
Comcast:
Default Gateway: 45.190.10.70
Static IPs: 45.190.10.66-69
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248

Comcast box is set with default values.

Router R1:
WAN:
IP: 45.190.10.69
Gateway: 45.190.10.70
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248
LAN:
IP: 192.168.4.1
Gateway: 192.168.4.1
DNS: 192.168.4.1
Subnet: 255.255.255.0
Port forwarding set for 80, 443, 444 (I realized I don't need 445)

Router R2 and SBS are similarly setup but with different public IPs and no port forwarding.

When I am on a computer behind R2 or SBS I can ping my server S1 and also access the website. However, when I do the same over the internet the ping fails and I cannot access the website. When I use http I get "Error 502 Bad Gateway". When I use https (which is actually what it should be) I get "Internet Explorer cannot display the webpage"


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit
OK, I just did a limited port scan for basic common TCP ports to the IP address you posted as being used by your router R1, and I did not get a ping reply, or responses on ports 80 or 443. In fact, i can get no ping or traceroute to the entire 45.190.10.70/29 subnet, and a whois query returns "IANA-RESERVED".
EDIT: Oops, I just noticed that you said that you modified your IP information before posting.

Do you have your SMC firewall settings like the image below?




While the SMC firewall for the static IP addresses does work (I have used it myself in the past), it might be best to temporarily disable it for testing.

Just for grins, you might want to browse from your S1 server to my »portscan.dcsenterprises.net and do the port scan test to see if you get a response on ports 80 and 443. (and to also see if my server sees the correct IP address for your R1/S1.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

humulu

join:2013-01-28
San Mateo, CA
I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!


NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
said by humulu:

I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!

I found that the Comcast gateway box's static IP firewall can be setup to work with multiple IP addresses, but it is nonetheless a very rudimentary firewall (with no logging that is visible to the customer), and your secondary firewall is probably a better choice. Glad you got everything working.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.