dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3362
share rss forum feed

KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

Netgear 7550 Routing Table -- How To?

In a separate thread, I asked whether it was possible to do "hairpinning" with the Netgear 7550. This is where a client inside the LAN can access services published by port forwarding via the external, WAN address.

Most home routers support this behavior. This is useful because mobile devices can use the same URLs to access these services whether at home or on the road.

I was looking at the routing table in the 7550 advanced settings. I suspect that I just need to add a single entry that routes to the WAN port, but I haven't been able to find any syntax documentation or practical examples of how to use this feature.

The Netgear 7550 is just a rebranded Westell 7500. Routing table configuration has been available on Westell routers since forever. Has anybody ever used it? I've Googled the daylights out of this (crickets) -- nothing.


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

Crickets here too. Gaa... somebody must know.


gozer
Premium
join:2010-08-09
Rochester, NY

1 edit
reply to KUppiano

I did read and respond to your first post about this and sugested a way to trick your lan. Did you try what I posted? My idea was to set your browser to use a proxy server and see if that lets you get to your server.

I also think there is a way to configure the rules to make this work the first thing is what the default firewall rules are set at by default they can overide an allow rule. I was also thinking you can just change the default conection error html file to one that has a link that is the lan IP you can get to your server from so when away the url will work and when at home it will fail and you get the custom error page with the local hyperlink click it and you in.


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

I'm not sure I completely understand what you are describing here. I have not tried the proxy idea, because I don't believe it will accomplish my objective. The way routers do "hairpinning" is, it recognizes that a request originating in the LAN with the router's WAN address as the target IP needs to go back through the NAT, so port forwarding and translation takes place just as if the packet had arrived from the WAN.

The NAT port translation is crucial, because, for example, a web server inside the LAN running on port 80 might need to be translated from port 8080 on the WAN.

Routing rules typically provide for this behavior, but I need to know the exact syntax for a Westell 7500 / Netgear 7550 router. The routing table is there for all to see, and I can even view the rules that it has by default, but I would only be guessing at what they are saying, or what I would need to add. The rules are very esoteric, and I can only guess at the interface names.


gozer
Premium
join:2010-08-09
Rochester, NY

Ok I have some ideas how to do this. But I have a few questions.
Do you use DyDns?
If so you may be able to setup a second DyDns name set it to a static IP that is on the host machine not sure if DyDns will let you set the IP to a private network and mask. But if you can then you can just set a static route in the router to route any lan request for DyDns domain name would provide the host IP to the server and if done in a browser it would use the http standard port of 80.


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

I appreciate your suggestion, but I'm afraid that still doesn't solve my problem, because my requirement is to use the same web address inside and outside my LAN. I do use DynDns, and it provides DNS resolution to the WAN side of my router.

It works everywhere except inside my LAN. I would need a different DNS name to map to my internal LAN server addresses. I might as well just point my browser (and other apps) to the internal addresses when I'm at home. With "hairpinning" the router will do a U-turn, and still do the NAPT (network address and port translation) automatically. This is the first router I've used that doesn't seem to handle this "out of the box".

I really just want someone to point me to documentation and/or examples of the Westell 7500/Netgear 7550 routing table syntax and endpoint naming convention. It lets me edit the routing table, but there's no documentation on how to do it.


gozer
Premium
join:2010-08-09
Rochester, NY

Were the other routers that had hairpinning on them also a modem?


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

said by gozer:

Were the other routers that had hairpinning on them also a modem?

I can't remember that far back. The last DSL modem/router combos I used were some early SMC and Zoom models, about 7 years ago, and I wasn't using mobile devices much back then.

I really can't think of any technical reason it should matter whether the modem is internal or external to the enclosure though.

gozer
Premium
join:2010-08-09
Rochester, NY

It does. And has to do with the routers nat and your PC or w/e device you try to use to connect to the server from within the LAN. This is why I thought of having a second DyDns name. I think this will work yes you will have to use the other domain name when at home but it should work for all your devices then for anyone that comes to your house too by just useing the other name. You set the DyDns other name to static so you dont need to even run the updater program and set the static for it to the nat IP of your server then set a static route in the router. I did some looking and from what I found you may not have any way to make hairpinning work if the router doesnt support it even if you edit the routing tables manualy.


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

It seems as though that would be an implementation detail.

There should be an endpoint (or virtual connection) where the DSL ATM gets converted to TCP/IP that would be the hairpinning interface. I can't say whether that is exposed in a combo router. If I were designing it, I would make it modular exactly like that. That is why I want the routing table docs. If they did it that way, then I could get access to it.

My PC simply makes a DNS lookup request and gets an IP addy, which it then uses to contact the remote endpoint. It's up to the router to figure out where to send the request. The router should be able to say, "oh, that's me!" and send the request back through NAT, just as if it arrived on the DSL ATM circuit.

I'm willing to be educated, but I'm really finding very little information about this. It must be proprietary, and not shared on the web.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2
Reviews:
·Frontier Communi..

A Frontier employee told me a few months back that they did not receive any documentation with the 7550. The setup guide that I previously gave you the link to is an in-house publication. Hopefully one of the Frontier engineers or technicians that post in this forum can provide you with a definitive answer.


KUppiano
Karl Uppiano

join:2003-02-02
Ferndale, WA

said by Hank:

A Frontier employee told me a few months back that they did not receive any documentation with the 7550. The setup guide that I previously gave you the link to is an in-house publication. Hopefully one of the Frontier engineers or technicians that post in this forum can provide you with a definitive answer.

Maybe I should set off an emergency flare to get their attention.

gozer
Premium
join:2010-08-09
Rochester, NY
reply to KUppiano

Ok did more research and first could not find even one dsl modem/router that was said to have hairpinning on it. So you can build your own router or buy a cisco or find a home router that does support hairpinning and doing this with any router that doesnt have a simple setting to do so is not easy and may involve a high end router translate a return dns to the private lan address or can be done if you run a DNS or have access to one that you can tell it to return an different ip based on where the request came from. Please try my way I believe its the only way that wont cost or need another lan router and alot of work.



Hank
Searching for a new Frontier
Premium
join:2002-05-21
Burlington, WV
kudos:2
reply to KUppiano

That may work.

I find it hard to understand why anyone would buy a production device without documentation.


gozer
Premium
join:2010-08-09
Rochester, NY
reply to KUppiano

This is why you do not want to do what you want to do with a router that does not have the hairpinning built into it you would have to edit two tables the routing table and the bad one the nat routing that would let you do it. Nat stops this loopback to keep people from spoofing the router by sending a lan or private ip that has a net mask for your lan and if you change this you basicly defeat what nat does to stop intrution to your lan from out side so to setup hairpinning on a router that does not have a step of rules to keep this confined to the lan side. just turn nat off and go for broke.



Ben J
Triple Play Architect
Premium
join:2011-09-16
Fort Wayne, IN
kudos:7
reply to Hank

said by Hank:

I find it hard to understand why anyone would buy a production device without documentation.

Does that really surprise you at all about Frontier? Actually, there is documentation, just none that's externally published and little that's provided to technicians. The modem is supposed to be simple to subscribers. It's the whole "if we supply documentation on how to do other things with it, then our CSRs/techs get roped into supporting those other things." I won't argue if that's really a good business idea or not (I'm pretty sure I can guess where you guys all stand on the matter), but the documentation is intentionally bleak and not all config items are available in the GUI. You are literally on your own to make anything other than the basic config work, if it's even possible to do what you want.

That said, I run a very similar port forward setup at home and will dogfood this for you over the weekend with a 7550 and maybe a couple of our other modems. I suspect a simple WAN route is not going to be sufficient to get this done. If I can't make it work, I'll relay the question up to Netgear on Monday for a definitive (though officially unofficial) answer.
--
Transparency Disclosure and Disclaimer: I am a Frontier employee posting in my own personal capacity. The opinions and positions expressed are my own and do not necessarily reflect those of Frontier.

gozer
Premium
join:2010-08-09
Rochester, NY

One question can you get to your server from your lan with the the DDNS pub resolution using just the dsl modems router?


gozer
Premium
join:2010-08-09
Rochester, NY
reply to Ben J

One question can you get to your server from your lan with the the DDNS pub resolution using just the dsl modems router? I have used telnet to access some routers to gain access to all of its settings not shown in the GUI.
I would apreciate if you could test my idea and set up a new DDNS name w/staic ip that is your lans host private IP and set a static route in the modem/router and see if this works.



Ben J
Triple Play Architect
Premium
join:2011-09-16
Fort Wayne, IN
kudos:7

said by gozer:

I would apreciate if you could test my idea and set up a new DDNS name w/staic ip that is your lans host private IP and set a static route in the modem/router and see if this works.

Well, that would work but wouldn't meet the OP's requirements of using the same hostname for both internal and external. If his service is a web server and his DynDNS service supported DNS round robin (multiple A records), it would work as most modern browsers will automatically move to the next A record if the first doesn't respond. But services like DynDNS don't support multiple A records. Maybe multiple /etc/host entries to get the same?

Along that concept (and not using DNS), you could add the WAN IP of your modem as a secondary IP to the server. Then on the clients you want to access the server using the "WAN IP" address from inside the network, you static route (on the client) the WAN IP to the real LAN IP of the server.

For example, I configured this for my terminal server:

int eth0
ip address 192.168.1.200 255.255.255.0
ip address real.wan.ip 255.255.255.252 secondary (or as a loopback interface)

Then on my PC, I did:

route add -p real.wan.ip mask 255.255.255.255 192.168.1.200

This caused my PC to send all packets for the WAN IP of the modem directly to the terminal server, bypassing the modem. That works fine until I take my laptop with the static route off the private LAN network and somewhere else (say to the coffee shop down the street). Then my connections back home get blackholed if I forget to remove the static route.

I can get around that by forgetting about the static route on the PC entirely, artificially widening the mask (or changing the subnet) on my LAN DHCP pool to be inclusive of the WAN IP, and enabling proxy-arp on my terminal server. That works for me, but I suspect his "server" is not a Cisco router which supports proxy-arp. Also, all of these would be annoying in that I'd have to update the server manually every time my WAN IP changed. Not really a clean solution.
--
Transparency Disclosure and Disclaimer: I am a Frontier employee posting in my own personal capacity. The opinions and positions expressed are my own and do not necessarily reflect those of Frontier.