how-to block ads
|
|
Uniqs:
1346 |
Share Topic
 |
 |
|
Kieran
join:2012-11-01
Gastonia, NC | [Modem] Port Forwarding doesn't work even with bridged modem! I am horribly uneducated about networking, everything I have learned has been from googling for days straight until I finally piece the answer together from 1000 sites.... This time though I cannot find the solution, however I find several threads in this area of this site that came SO close to my problem, yet did not help me with it because my router is different. Maybe I missed something, but this is ridiculously frustrating and it would just be so much faster and easier at this point to work with someone to solve the problem.
I recently upgraded from an older Motorola modem to the never version, a Motorola Netopia 3360 ADSL Modem. I also us a Netgear WNR2000 router for WiFi. When I had the older Motorola modem, I was using DMZ to route the traffic right to my computer's static IP (at least I am fairly certain that is what I was doing; it worked in any case). The 3360 however seems to have greatly reduced options... I could not find any sort of IP pass-through and after about 2 days of searching around, I found that setting up a bridged connection between the router and the modem would make it so the router handles all incoming traffic.
TO THE BEST OF MY KNOWLEDGE, I set the bridge up between the 2. As I said I am woefully uneducated about networking. The internet seems faster if nothing else, but this could be my imagination. I can also no longer access the GUI page for the 3360 modem, but various sites said this was normal once the modem was behind the router and a direct connection can still be used to change settings if need be. I set it up so that the router has my PPPoE information, and I have flawless internet access, but the ports I am trying to forward are still firmly welded shut. I have shut off all the firewalls that I can find to test it with canyouseeme.org and the PFPortChecking tool, neither could find any of the ports, and the applications that require the ports cannot get through. The WNR2000 has very simple, straightforward port forwarding directions, and the ports are set to use the static IP I configured, it's just not working and I cannot why. Any idea? If I missed any information that would help let me know, and I apologize in advance should this already be a solved problem. I thought I checked fairly thoroughly these past few days, but with my luck the answer will be 3 posts down from here. | |
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| Re: [Modem] Port Forwarding doesn't work even with bridged modem If you put your PC in the WNR2000's DMZ (and have the application running on the PC), is application still not visible to the Internet?
Having the application running (and not having the PC's firewall blocking access) is as important as the DMZ and/or port forwarding in the NAT router.
If your WNR2000 is similar in function to my WNR1000, I found that if I have Remote Management enabled (no matter what port is used), the WNR1000 will not forward port 80, or pass it through to the DMZ. I have found that my WNR1000 also blocks port 123 regardless of DMZ and/or port forwarding. I have also run into other routers that would (seemingly) arbitrarily block DMZ and port forwarding for specific ports such as 1080 and 8080.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to Kieran
Probably going to be nearly impossible to help you without screenshots of your router port forward page. | | |
|
Kieran
join:2012-11-01
Gastonia, NC | reply to Kieran
WNR2000 Port Forwarding |
| |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
2 edits | said by Kieran:Yes, I have the WNR2000's DMZ set to my comp's static IP, and the first application cannot be connected to from the internet. I have a couple of arbitrary ports set up to see if I can successfully test any of them, but so far all of them appear closed. The program is set to pass through the firewall, but that shouldn't matter as I turned the wirewall OFF to test it. Did I understand your question correctly?
If your question was directed to me (you actually replied to yourself), then yes, you answered my question.
My next question is when you look at the "Router Status" page, does the router show that you are getting a public IP address from AT&T? I seem to recall seeing a warning from AT&T that they were going to start using the 10.0.0.0/8 subnet for WAN IP addresses, and put all non-static IP customers on "carrier grade" NAT. Perhaps that practice has already started in your area? It is your use of the 10.0.0.0 subnet on your LAN that reminded me of that warning.
Here is a link to an article on this site discussing that: »AT&T Warns U-Verse Users of Service Disruption
While the warning implies that only U-verse customers will be effected, that does not mean that AT&T could not have expanded the practice into standard ATM DSL areas too.
Another possibility related to AT&T's use of the 10.0.0.0 subnet, is that even if you are still getting a public IP address on your router's WAN, AT&T might be using that subnet (and have devices with the same IP addresses as devices on your LAN), that could be complicating your use of that subnet for Internet facing applications. I remember having that problem when I used Covad. They used the 192.168.1.0 subnet for some of their internal routers and switches, and that caused problems for me until I changed my private LAN subnet (and my LAN device IP addresses) to something other than 192.168.1.x.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 | reply to Kieran
In line with NetFixer  's comments, there is a seemingly rarely used block of RFC 1918 reserved IP addresses which would not conflict with either the 10/8 block, or the 192.168/16 block. Carve a /24 out of the 172.16/12 block. Don't worry about all those slashes; all you need to know is the required subnet mask for a given network address.
RFC 1918 defines three ranges of IP addresses reserved for private networks. Here is the RFC ("Request For Comment"):
»www.faqs.org/rfcs/rfc1918.html
172.16/12 starts at 172.16.0.0, and runs to 172.31.255.255. You can configure the WNR2000 LAN to use 172.16.0.0 with a subnet mask of 255.255.255.0. That would mitigate any conflicts with either of the other reserved blocks.
Instead of your current 10.0.0.112 address, you would be using 172.16.0.112 on your device. Your gateway in routing would be 172,16.0.1.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum | |
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
1 edit | said by NormanS:In line with NetFixer 's comments, there is a seemingly rarely used block of RFC 1918 reserved IP addresses which would not conflict with either the 10/8 block, or the 192.168/16 block. Carve a /24 out of the 172.16/12 block. Don't worry about all those slashes; all you need to know is the required subnet mask for a given network address.
RFC 1918 defines three ranges of IP addresses reserved for private networks. Here is the RFC ("Request For Comment"):
»www.faqs.org/rfcs/rfc1918.html
172.16/12 starts at 172.16.0.0, and runs to 172.31.255.255. You can configure the WNR2000 LAN to use 172.16.0.0 with a subnet mask of 255.255.255.0. That would mitigate any conflicts with either of the other reserved blocks.
Instead of your current 10.0.0.112 address, you would be using 172.16.0.112 on your device. Your gateway in routing would be 172,16.0.1.
Actually AT&T uses both the 10/8 and the 172.16/12 blocks internally. Here is the ipconfig information for a tethered AT&T cell phone connection, and a traceroute to www.dslreports done using that connection.
PPP adapter AT&T Mobility:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.180.147.18
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 10.180.147.18
DNS Servers . . . . . . . . . . . : 172.16.7.167
172.16.7.167
Primary WINS Server . . . . . . . : 10.11.12.13
Secondary WINS Server . . . . . . : 10.11.12.14
C:\>tracert www.dslreports.com
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
1 * * * Request timed out.
2 203 ms 157 ms 151 ms 172.26.248.2
3 160 ms 175 ms 171 ms 172.16.7.82
4 156 ms 152 ms 165 ms 10.251.11.32
5 167 ms 201 ms 153 ms 10.251.10.2
6 200 ms 166 ms 482 ms 10.252.1.1
7 152 ms 163 ms 162 ms 209-183-048-002.mobile.mymmode.com [209.183.48.2]
8 240 ms 143 ms 164 ms 172.16.75.1
9 155 ms 203 ms 162 ms 12.94.97.13
10 150 ms 162 ms 174 ms cr1.dlstx.ip.att.net [12.122.100.26]
11 173 ms 176 ms 165 ms gar26.dlstx.ip.att.net [12.123.16.85]
12 153 ms 166 ms 144 ms 4.68.62.229
13 184 ms 812 ms 275 ms vlan60.csw1.Dallas1.Level3.net [4.69.145.62]
14 215 ms 180 ms 219 ms ae-63-63.ebr3.Dallas1.Level3.net [4.69.151.134]
15 167 ms 201 ms 177 ms ae-7-7.ebr3.Atlanta2.Level3.net [4.69.134.22]
16 176 ms 555 ms 207 ms ae-2-2.ebr1.Washington1.Level3.net [4.69.132.86]
17 186 ms 223 ms 194 ms ae-81-81.csw3.Washington1.Level3.net [4.69.134.138]
18 210 ms 204 ms 261 ms ae-82-82.ebr2.Washington1.Level3.net [4.69.134.153]
19 188 ms 199 ms 202 ms ae-4-4.ebr2.Newark1.Level3.net [4.69.132.102]
20 189 ms 218 ms 198 ms ae-21-52.car1.Newark1.Level3.net [4.69.156.37]
21 214 ms 196 ms 219 ms NETCCESS.car1.Newark1.Level3.net [4.26.16.190]
22 210 ms 293 ms 189 ms 0.e3-3.tbr2.mmu.nac.net [209.123.11.77]
23 257 ms 201 ms 214 ms 0.e1-1.tbr2.oct.nac.net [209.123.10.21]
24 177 ms 214 ms 198 ms vlan808.esd1.oct.nac.net [209.123.10.42]
25 181 ms 218 ms 202 ms www.dslreports.com [209.123.109.175]
Trace complete.
FWIW, I don't see any private subnets being used on my backup AT&T WiFi hotspot connection (which goes through a traditional AT&T ATM based DSL circuit), but that does not mean that AT&T is not using mixed public/private IP addresses for some DSL locations. Here is the same traceroute to www.dslreports using that connection.
C:\>use-att.cmd
Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time=177ms TTL=253
Ping statistics for 192.168.1.254:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 177ms, Maximum = 177ms, Average = 177ms
C:\>route change 0.0.0.0 mask 0.0.0.0 192.168.9.9 metric 10
You are now using the Windcrest AT&T backup connection!
C:\>tracert www.dslreports.com
Tracing route to www.dslreports.com [209.123.109.175]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms ps1.dcs-net [192.168.9.9]
2 3 ms 3 ms 3 ms ap1-dcs-net [192.168.8.254]
3 261 ms 276 ms 271 ms 192.168.1.254
4 532 ms 340 ms 149 ms adsl-74-240-252-1.bna.bellsouth.net [74.240.252.1]
5 268 ms 198 ms 56 ms 70.159.210.120
6 186 ms 177 ms 365 ms 70.159.210.122
7 608 ms 89 ms 63 ms 70.159.210.119
8 340 ms 118 ms 308 ms 12.81.32.144
9 244 ms 41 ms 36 ms 12.81.32.45
10 198 ms 156 ms 230 ms 74.175.192.138
11 371 ms 207 ms 47 ms cr1.nsvtn.ip.att.net [12.122.148.14]
12 210 ms 128 ms 113 ms cr2.attga.ip.att.net [12.122.28.105]
13 627 ms 432 ms 211 ms attga02jt.ip.att.net [12.123.22.153]
14 591 ms 248 ms 188 ms 192.205.34.234
15 451 ms 190 ms 178 ms ash-bb1-link.telia.net [80.91.246.76]
16 122 ms 107 ms 98 ms nyk-bb2-link.telia.net [213.155.134.128]
17 169 ms 65 ms 369 ms nyk-b3-link.telia.net [80.91.247.21]
18 120 ms 66 ms 79 ms netaccess-tic-133837-nyk-b3.c.telia.net [213.248.99.90]
19 413 ms 679 ms 492 ms 0.e1-4.tbr1.mmu.nac.net [209.123.10.101]
20 336 ms 599 ms 185 ms 0.e1-1.tbr1.oct.nac.net [209.123.10.17]
21 192 ms 247 ms 370 ms vlan804.esd1.oct.nac.net [209.123.10.2]
22 311 ms 64 ms 261 ms www.dslreports.com [209.123.109.175]
Trace complete.
Also (in AT&T's defense), while they have to some extent allowed their DSL infrastructure to decay, it isn't as bad as the above traceroute seems to indicate. The excessive lag is due to a relayed WiFi connection to a very busy hotspot in my apartment complex's leasing office. A traceroute to www.dslreports.com done directly from that hotspot's Netopia 3347 router is shown below (I have access because I maintain that network).
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander. | |
|
