dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2334
share rss forum feed

humulu

join:2013-01-28
San Mateo, CA

Can't Ping, Router & Ports

I have comcast business with 5 static IPs. There are 2 routers (R1, R2) connected to the comcast box each setup with one of the static IPs on the WAN side of the router. One of the computers behind R1 is hosting a website requiring port 80, 443, 445.

I can access the website from a computer that is behind router R2. However, I cannot access it from the internet. Some goes for pinging (ping is enabled both on the comcast box and R1). It works from a computer behind R1 or R2 but not from the internet.

What do I need to do to get this to work?


ExoticFish

join:2008-08-31
Stuarts Draft, VA

How exactly do you have the routers and modem connected together ?
--
»www.VAJeeps.com
»www.BronzedBod.com


humulu

join:2013-01-28
San Mateo, CA

1 edit

Each router has an Ethernet cable from its WAN port to one of the port of the comcast box. Is this the correct setup? If so why can't I reach the website. I do not think I need any port forwarding on the Comcast (I have it on my router or otherwise I could not even access it from computer behind R2).


harald

join:2010-10-22
Columbus, OH
kudos:1

Comcast has furnished you with router/modem combination. You need to turn off the router portion, i.e. turn the Comcast router into a bridge, and connect the modem to a switch. Your two routers then connect to the switch.



EG
The wings of love
Premium
join:2006-11-18
Union, NJ
kudos:9
reply to humulu

FWIW, bridging a CC supplied gateway device can not be done in the User Interface by the end user. You will need to call in to request that.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 recommendation

reply to humulu

If the servers behind the secondary router are using private IP addresses, then you will still need to do port forwarding in the secondary router to the server. Also, you won't be able to use port 445 on a Comcast connection (either business or residential) because Comcast blocks that port (Ports blocked on Comcast's network )

If you are using public IP addresses in the same subnet on the LAN and WAN of the secondary router, that will also be problematic for most soho grade routers (you would have to have a router that supported a true DMZ interface, not the typical software pseudo DMZ for a single server).

You are going to have to supply some actual details of exactly how everything is connected and configured in order to get advice that is not just a generic guess.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
reply to harald

said by harald:

Comcast has furnished you with router/modem combination. You need to turn off the router portion, i.e. turn the Comcast router into a bridge, and connect the modem to a switch. Your two routers then connect to the switch.

That can only be done with the business class gateway box by a Comcast tech, not the customer. Also, doing that would kill the customer's static IP addresses since Comcast only assigns static IP addresses to their gateway box if it is actually being used as a gateway router.

What the OP describes doing should work with no problems (except for trying to use port 445). I used to operate multiple servers behind the Comcast business gateway and a secondary router (a Cisco RV082) with no problems. Most likely there is just a configuration problem with either the OP's secondary router, or the server.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

humulu

join:2013-01-28
San Mateo, CA
reply to NetFixer

Thanks for the responses. So here is the setup (I modified the public addresses):

Hardware
=======
* One Comcast box
* One additional router (R1)
* One server S1
* One additional wireless router (R2)
* SBS box \w 2 NICs

Connections
=========
* Router R1: WAN port conncted to Comcast
* Server S1: Connected to LAN on R1
* Router R2: WAN port conncted to Comcast
* SBS: One NIC connected to Comcast, one NIC connected to switch (SBS acts as DHCP server)

Configuration
==========
Comcast:
Default Gateway: 45.190.10.70
Static IPs: 45.190.10.66-69
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248

Comcast box is set with default values.

Router R1:
WAN:
IP: 45.190.10.69
Gateway: 45.190.10.70
DNS: 75.75.75.75
Subnet Mask: 255.255.255.248
LAN:
IP: 192.168.4.1
Gateway: 192.168.4.1
DNS: 192.168.4.1
Subnet: 255.255.255.0
Port forwarding set for 80, 443, 444 (I realized I don't need 445)

Router R2 and SBS are similarly setup but with different public IPs and no port forwarding.

When I am on a computer behind R2 or SBS I can ping my server S1 and also access the website. However, when I do the same over the internet the ping fails and I cannot access the website. When I use http I get "Error 502 Bad Gateway". When I use https (which is actually what it should be) I get "Internet Explorer cannot display the webpage"



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

1 edit

OK, I just did a limited port scan for basic common TCP ports to the IP address you posted as being used by your router R1, and I did not get a ping reply, or responses on ports 80 or 443. In fact, i can get no ping or traceroute to the entire 45.190.10.70/29 subnet, and a whois query returns "IANA-RESERVED".
EDIT: Oops, I just noticed that you said that you modified your IP information before posting.

Do you have your SMC firewall settings like the image below?




While the SMC firewall for the static IP addresses does work (I have used it myself in the past), it might be best to temporarily disable it for testing.

Just for grins, you might want to browse from your S1 server to my »portscan.dcsenterprises.net and do the port scan test to see if you get a response on ports 80 and 443. (and to also see if my server sees the correct IP address for your R1/S1.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

humulu

join:2013-01-28
San Mateo, CA

I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage

said by humulu:

I did indeed change the public IPs as mentioned in the previous post. In the meantime I purchased another router to put the SBS behind that router/firewall so I can disable the firewall on the comcast box. That did the trick and everything works now, i.e. ping and access to the website. Thanks!

I found that the Comcast gateway box's static IP firewall can be setup to work with multiple IP addresses, but it is nonetheless a very rudimentary firewall (with no logging that is visible to the customer), and your secondary firewall is probably a better choice. Glad you got everything working.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

tjsummers51l

join:2010-01-22
reply to NetFixer

You can not have the Comcast Router Bridged with static IP's. If you have them bridge the modem, you will not be able to use the statics. Applying the statics on your device and making sure smart packet detection and firewall is turned off will be the close to a bridge modem that you can get with Comcast and static Ip's.


humulu

join:2013-01-28
San Mateo, CA

Thanks to everybody who helped. I really appreciate it.