dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8581
share rss forum feed


emjayef

join:2007-11-25
Pleasant Hill, CA
Reviews:
·Anveo
·Astound Broadband
·Comcast

Switched to Arris TG862G/CT, port forwarding no longer works

I have two Ubuntu 12.04 systems, one desktop, one server. I was having problems with my old ubee modem + Netgear router, so I just got this Arris gateway/router combo. Now I can't seem to connect to any servers (web, ssh, etc). The firewall is disabled, the servers are running fine (locally), my external IP has been triple checked multiple times, and I've gone through every setting on the gateway, filled in the servers in port forwarding, tried every suggestion I could find, and even reset the modem. I also tried briefly enabling DMZ for the one computer.

I can ping my IP both by name (vis dyndns) or ip address, but connections simply time out. Shields Up shows stealth mode for all ports, which they think is a good thing, but obviously it's not what I want.

The only thing that changed besides the gateway is the local IP, from 192.168.x.x to 10.0.0.x. Also, my Netgear router opened ports to all computers that might be listening, where this Arris allows specific local computers, and only one computer at a time can be open for any given port.

In the past, I've never had any problems running servers on my computers. It must be the gateway, but I've tried everything, I think.



NetFixer
Freedom is NOT free
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

I am not familiar with the Arris TG862G/CT, but does it have a firewall setting that allows you to disable the SPI firewall (and just use NAT as a pseudo firewall)?

I can recall working with a Motorola/Netopia DSL gateway router that allowed you to setup port forwarding rules and/or a software DMZ, but no ports would actually be forwarded to the server(s) behind the router (and the DMZ still blocked all incoming traffic) unless you also explicitly disabled the SPI firewall.

I don't know what kind of Netgear router you were using, but with a single public IP address and NAT, the Arris TG862G/CT method of only allowing you to forward any given port to one server is normal. And even if your Netgear allowed you to setup that kind of rule, you would not have actually been able to forward the same port to multiple servers at the same time if you only had one public IP address. Opening a port (which generally means making an exception in the SPI firewall) is not the same as forwarding the port through a NAT router.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.



emjayef

join:2007-11-25
Pleasant Hill, CA
Reviews:
·Anveo
·Astound Broadband
·Comcast

The firewall defaults to blocking nothing, but I totally disabled it anyway. I also disabled things like parental controls, and anything else that might matter.

After an hour or two of searching, I found one older discussion (»forum.universal-devices.com/view···&t=11370) that said Comcast disabled port forwarding completely, saying you need a static IP with business class internet. This was the only place anywhere that mentioned this. So I'll call them and ask about it, and if it's true, I'll either try to switch to a gateway-only, or just buy one and use my wireless router.

My Netgear router is a RangeMax WNR3500. It's been a while since I set anything, so I could be mixed up, but I know I never specified the local IP address - in fact, it has changed now and then. I never tried having more than one server, though. Might be an interesting thing to try if I get a chance. Right now, it would be hard to check, as I can't disable the router part of the Arris gateway.



emjayef

join:2007-11-25
Pleasant Hill, CA
Reviews:
·Anveo
·Astound Broadband
·Comcast
reply to emjayef

OK, I figured this out... it is actually working, but with this setup, it disallows access to the external IP from inside the network. I never had that problem before, so I didn't know that some routers had this "feature."

I was able to check by using a free external proxy (hidemyass.com), and using it, I was able to connect to my server. A bit inconvenient, and I am planning to return this gateway/router and get a simple modem without router since there's no way to disable the router section by a mere user.



flwpwr

@comcast.net

said by emjayef:

OK, I figured this out... it is actually working, but with this setup, it disallows access to the external IP from inside the network. I never had that problem before, so I didn't know that some routers had this "feature."

I was able to check by using a free external proxy (hidemyass.com), and using it, I was able to connect to my server. A bit inconvenient, and I am planning to return this gateway/router and get a simple modem without router since there's no way to disable the router section by a mere user.

This is correct although you could call in and have them put hat in bridge mode, there are some issues you need to consider.

There are a series of issues with arris devices both in bridge mode and normal, they have some incompatibilities with apple and xbox [older white model from what I hear] products from what I have read, I assume by apple they mean iphones/ipads at this time.

So I would recommend getting a different modem just for simplicity.

That said there are separate port forwarding and port triggering sections, you need to make sure you are in the correct section for what you want.

The dory ui for the most part is standardized, but I do not have an arris in front of me to verify atm.

»www.google.com/url?sa=t&rct=j&q=···&cad=rja


emjayef

join:2007-11-25
Pleasant Hill, CA
Reviews:
·Anveo
·Astound Broadband
·Comcast

Thanks for the input. That guide was handy, and seems to pretty much match what is available.

I don't have xbox or other gaming devices, although I do have some older Apple equipment, though not iphone/ipad at this time. But guests sometimes do, so if it's anything serious, I'd want to avoid it, if possible.It's not hard for me to go to the Comcast outlet, so I'll probably go by there soon to see what they have.

I've never had a need to use the port triggering, just the port forwarding. I have a Calibre server with my ebooks (with login), and sometimes my sister connects to that, and I have a web server that I don't use much right now, that outsiders could use to check progress on web sites I would work on. I use dynDNS for the access. Always worked perfectly in the past when I had the Ubee modem and my own router. It was nice to be able to test things out locally as a sanity check, even though I can access the servers directly within the network.

Do you know which modems from Comcast are most reliable (in case I have a choice)? I have telephone service, so that is a limitation.



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9
reply to flwpwr

said by flwpwr :

There are a series of issues with arris devices both in bridge mode and normal,

Hmmmm... FWIW, my experience is that they work fine when they are bridged to act as straight cable modems. What kind of issues do they have after they are bridged ?


emjayef

join:2007-11-25
Pleasant Hill, CA
Reviews:
·Anveo
·Astound Broadband
·Comcast

I'd also be interested in that. I connected my old Netgear wireless router to the Arris router just to try it out, and check the settings. Strangely enough, I found that there are no port forwarding rules at all, and no DMZ port, yet it forwarded to all the servers I've ever had running. That's slightly scary, and a surprise.

But I also discovered that it seems to have the problem I was seeing with dropouts in downloading, so if I want to use the Arris in bridged mode, or get a different modem, I'll need a new router. Since the Arris modem seems to be working well for the wired connection, I can try bridged mode instead of a new modem.

One question I have now is whether the wireless mode is very good - it seems to work OK most of the time, but I think it may occasionally have short disconnects. It's so hard to know for sure, but when I listen to internet radio in the morning, it will reconnect once or twice, and I sometimes see a message on my Android device about the wireless network connecting, implying that it lost the connection.



flwpwr

@comcast.net
reply to emjayef

said by emjayef:

Do you know which modems from Comcast are most reliable (in case I have a choice)? I have telephone service, so that is a limitation.

I do not know which modems are most reliable. That said all-in-ones add unnecessary complications that you can avoid by simply getting a straight modem, and using your REAL router versus that lowest bidder comcast designed thing.