| Westell 327w to 7500 Public LAN issue Hi all,
I am using CenturyLink FTTP service and have had a Westell 327w for the last few years. They recently replaced all of the fiber equipment and dropped off a new modem, the 7500.
Here is how I have things set up. I have a small block of IP's from CenturyLink which are used to expose some servers behind the Westell. I have the ethernet cable connected to the WAN uplink port on the Westell, and use both private and public LAN.
I have my servers hard coded to use the IP's provided by CenturyLink and use the Private LAN DHCP server to assign addresses for some other devices I want to be outside of my main WatchGuard FireBox such as IP phones and the like (which I do not want to have public IP's).
On the 327w, this worked without any problem, but as soon as I put the 7500 in place, it seems no one can access my external IP's assigned to my servers. Has something changed with how the Westell devices work? Can you still use both public and private LAN at the same time? |
|
 sashwaPixie Cat Crunchin' n Foldin'Premium,Mod
join:2001-01-29
Alcatraz
kudos:14 | Dusteater, would you like me to move this over to our CenturyLink forum to see if you can get some help with this? Please let me know.
And welcome to the site. |
|
| Sure, I figured it would be more related to the DSL Modem, but maybe someone in that forum knows. Might be some differences with my connection/modem. |
|
sashwaPixie Cat Crunchin' n Foldin'Premium,Mod
join:2001-01-29
Alcatraz
kudos:14 | Hold on - I'll get this done now.
Good luck. |
|
 wayjacPremium,MVM
join:2001-12-22
Indy
kudos:1 | reply to Dusteater
You should be able to duplicate the 327 configuration on the 7500 the gui's look different but work the same |
|
| I went through and dupicated the settings exactly, and on the 7500 I cannot access any of my public LAN IP's behind the Westell. Same configuration, and 327w works, 7500 does not. Everything else works with it though.
Here is another question, with the FTTP service they provide, do we even need the DSL modem any more? I would actually love to just have my WatchGuard Firebox handle all that and eliminate a step. |
|
| reply to Dusteater
Did you have a DMZ setup before? Seems like that would be the only way it would work behind a NAT router. |
|
wayjacPremium,MVM
join:2001-12-22
Indy
kudos:1 | reply to Dusteater
Can you give details about the changes you made |
|
| From the base configuration, I have changed the WAN port to be Ethernet Port 1 and entered my PPPoE login crednetials. I have enabled Public LAN and entered my proper IP address and subnet. I have enabled Private LAN as well as DHCP server for Private LAN.
As to your question joebleed, there are no DMZ settings on the device. This does work on the 327w and not on the 7500. |
|
wayjacPremium,MVM
join:2001-12-22
Indy
kudos:1 | Sounds like the setup is correct............
When you enable public lan the private lan is disabled |
|
| That is where the problem may lie. I have both enabled, and both work at the same time on the 327w. Maybe the way I am working now is just a fluke and shouldn't actually work. But I find it useful to use both at the same time because of how I have things setup at my site. |
|
wayjacPremium,MVM
join:2001-12-22
Indy
kudos:1 | I think you should be using private lan and set the public ip's directly on the computers that need public ip's |
|
| Ahh ok. I was under the impression to have any servers with public static IP's behind the Westell, you had to have public LAN enabled. I will experiment with this tonight and see what the results are. |
|
|
|
wayjacPremium,MVM
join:2001-12-22
Indy
kudos:1 | You'll need the public lan enabled and the public lan dhcp server disabled |
|
 billaustinthey call me Mr. BillPremium,MVM
join:2001-10-13
North Las Vegas, NV
kudos:2 | reply to Dusteater
My suggestion is to get a router that will let you assign multiple IP's to the WAN interface. This way you can do 1:1 NAT, and control the amount of protection each server has. This will require a modem you can bridge, but usually works better than trying to rely on the router built into the modem.
You could use PfSense or Monowall on a spare machine or single-board PC designed for the task. I use Mikrotik on a spare PC with multiple LAN ports, and a bridged Netgear DM111P DSL modem. |
|
| reply to Dusteater
I'm having the same problem, just as you described. I have an 8 bit subnet with 6 usable IP numbers from Centurylink. In the past, with both the Westell 6100 single port modem/router, and then later with the Westell 327w 4 port wireless modem/router, I've been able to assign some machines to static IP numbers, and others were able to pick up dynamic IP numbers.
I was also able to assign some of my machines to specific dynamic numbers outside of the range the router is set to provide so that even if a device is on the DHCP router numbers, they get the number they ask for (nice).
A couple of days ago, a tech had to come out to check my low speed issues and during the visit he installed the 7500. All seemed well as I was able to set up both the Private DHCP router, and the Public Wan numbers just like the 327w. It took me a couple of days to realize, that although I could assign the Statics to machines and they could go online, I could not reach or even ping the machines from other locations outside my network.
After several calls to their Business DSL Tech Support I was pretty disgusted. The first tech told me to call Westell (who will not provide end user support for modems they sell in bulk to ISP's). The second tech told me that what I wanted to do couldn't be done unless I used DMZ's (not in the 7500's menus) or port forwarding (which CenturyLink does not support). When I asked him why I would buy static IP's and then have to resort to port forwarding he informed me that since I could get online that CenturyLink would not support me with either DMZ's or Port Forwarding... I wasn't trying to do either. I was just trying to get the network working like it did last week and the last 4 years.
After the second call, I dug out an old Westell 6100, set it up, and repaired my broken network. I can now use both the dynamic router in the device to assign IP numbers to temporary computers I work with, and still assign permanent Static IP's to my main machines and a couple of servers. The second tech told me that even though I had selected to not block any traffic in the firewall settings of the 7500, I hadn't actually turned it off, and couldn't turn it off (or he didn't know how). The manual for the Westell router is not available from Westell, they refer you to NetGear where it is available as a PDF download.
When I set up this network about 4 years ago, the tech support for CenturyTel seemed to be pretty good, and even helped me set up the reverse dns I required for the server I was using. The hardware worked very well, and met all of my needs.
The current state of affairs is that I'm getting referred to the manufacturer, and then told to call CenturyLink's business office and get a 327w device. I'll try that tomorrow, and if I get it then I'll continue to use their leased equipment. Since the eBay cheap 327w's will work with CenturyLink by changing the VPI/VCI to 8 and 35, from 0 and 35, I have that as an option if I just want to drop their leased equipment. The new 7500 is only going to cost me about $50 per year with broken service, so that's $50 I could save. |
|
| Yeah, it's really sad the new modems do not support this. I did more testing and never got the 7500 to work. I am back on my 327w, though I still don't understand why we even need to use modems at all. I'd love to just use my Firebox to all of this. Not a fan of how CenturyLink sets up their FTTH. |
|
| You do not have to use the Westell routers for FTTH. I have set one up with a Linksys router. |
|
