dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
27
« Comcast hbo goIPV6 »
This is a sub-selection from Can't Ping, Router & Ports
humulu
join:2013-01-28
San Mateo, CA

humulu to NetFixer

Member

to NetFixer

Re: Can't Ping, Router & Ports

Thanks for the responses. So here is the setup (I modified the public addresses):

Hardware
=======
* One Comcast box
* One additional router (R1)
* One server S1
* One additional wireless router (R2)
* SBS box \w 2 NICs

Connections
=========
* Router R1: WAN port conncted to Comcast
* Server S1: Connected to LAN on R1
* Router R2: WAN port conncted to Comcast
* SBS: One NIC connected to Comcast, one NIC connected to switch (SBS acts as DHCP server)

Configuration
==========
Comcast:
Default Gateway: 45.190.10.70
Static IPs: 45.190.10.66-69
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248

Comcast box is set with default values.

Router R1:
WAN:
IP: 45.190.10.69
Gateway: 45.190.10.70
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248
LAN:
IP: 192.168.4.1
Gateway: 192.168.4.1
DNS: 192.168.4.1
Subnet: 255.255.255.0
Port forwarding set for 80, 443, 444 (I realized I don't need 445)

Router R2 and SBS are similarly setup but with different public IPs and no port forwarding.

When I am on a computer behind R2 or SBS I can ping my server S1 and also access the website. However, when I do the same over the internet the ping fails and I cannot access the website. When I use http I get "Error 502 Bad Gateway". When I use https (which is actually what it should be) I get "Internet Explorer cannot display the webpage"

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

1 edit

NetFixer

Premium Member

OK, I just did a limited port scan for basic common TCP ports to the IP address you posted as being used by your router R1, and I did not get a ping reply, or responses on ports 80 or 443. In fact, i can get no ping or traceroute to the entire 45.190.10.70/29 subnet, and a whois query returns "IANA-RESERVED".
EDIT: Oops, I just noticed that you said that you modified your IP information before posting.

Do you have your SMC firewall settings like the image below?




While the SMC firewall for the static IP addresses does work (I have used it myself in the past), it might be best to temporarily disable it for testing.

Just for grins, you might want to browse from your S1 server to my »portscan.dcsenterprises.net and do the port scan test to see if you get a response on ports 80 and 443. (and to also see if my server sees the correct IP address for your R1/S1.
humulu
join:2013-01-28
San Mateo, CA

humulu

Member

I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by humulu:

I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!

I found that the Comcast gateway box's static IP firewall can be setup to work with multiple IP addresses, but it is nonetheless a very rudimentary firewall (with no logging that is visible to the customer), and your secondary firewall is probably a better choice. Glad you got everything working.