dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
700
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

SpeedStream 5667 Port Forwarding problem

I am having a problem forwarding port 21 on the SpeedStream 5667 from Efficient Networks. I believe I've set everything correctly to allow port 21 to forward to an FTP server on my LAN. However, it continues to want to use its built-in FTP server instead of going past and on to my LAN FTP server ... Any suggestions would be GREATLY appreciated!

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

Where did you set the rule?

Did you test from inside or outside the LAN?

Do you have the Router Manual?

Regards,

Doctor Olds
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

I set port forwarding on the SpeedStream (port 21).

I've tested from both inside and outside the LAN.

I downloaded the PDF from Efficient's site (it's not very helpful!).

Still stumped ... FWIW, I also have a WAP (SMC Barricade) behind the modem with DHCP enabled. I've tried about every option with that too -- disabling DHCP, port forwarding 21, etc.

FRUSTRATING!!!

TIA for any info/help.

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

Are you running the FTP server behind the 2nd router?

Where did you set the rule?

5667 PDF Manuals

5667 Router Manual (891kb PDF)
»support.efficient.com/do ··· uter.pdf
5667 Release Notes (14kb PDF)
»support.efficient.com/do ··· otes.pdf
5667 Quick Start Guide (1.1Mb PDF)
»support.efficient.com/do ··· _QSG.pdf

Regards,

Doctor Olds
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

Yes, running the FTP server behind the 2nd router.

Hadn't seen the Release Notes or QSG but unfortunately, neither of those are any help for this problem ...

Still scratching my head ...

THANKS so far!!!

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

Well that's Double NAPT/NAT and not the easiest way to work with servers of any kind. I suggest you put the server just after the 5667. Did you check Self by accident on your Forwarded Ports? Did you enable WAN access to the 5667 by accident? If yes, those need to be undone.

Regards,

Doctor Olds
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

I agree, double NAPT/NAT means double the trouble! I have taken my WAP out of the equation by hooking the PC that is hosting my FTP server directly to the SpeedStream -- same results. It still wants to use the built-in FTP server on the SpeedStream!

I have tried enabling and disabling the WAN configuration access -- same result -- and no, I did not accidently check "self" for port forwarding although I did experiment to see what that does.

I discovered that turning off the firewall on the SpeedStream renders outbound connections inoperative and then further discovered reading in this forum (probably a post from the good Doctor!) that with the firewall off, machines behind it have to have valid IP addresses vs. the internal, non-routable ones ...

Well, the learning process continues ... I'm still fresh out of ideas so any other suggestions would be GREATLY appreciated!

delete
Bleek..
Premium Member
join:2002-03-23
Bronx, NY

delete

Premium Member

when forwarding to port to 21 .. what ip are you forwarding i to? it has to be forwarded to the machine ip that hosts the ftp .. are your lan machines using dhcp to get ips? if so try to assign the machine hosting the ftp a static ip .. that is outside of the range of the dhcp server on the efficient. ex: my linux box hosts my server .i have it 'STATIC' assigned 192.168.254.100 ..

also ..you can not test it LAN side using your "PUBLIC IP" use the internal LAN IP ... liek when i want to transfer files to my ftp from inside my LAN .. i use 192.168.254.100:2021 .. i forwareded port 2021 to that box ..

what ftp server?
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

BINGO!!!

Finally solved this problem using tips from replies above and a quick call to Efficient tech. support. The problem had to do with dual NAPT/NAT.

As Doctor Olds stated, using dual NAT is not a good idea when running servers and that turned out to be the case here. The SpeedStream was assigning 192.168.254.XXX IPs to the devices behind it and the WAP was assigning 192.168.123.XXX IPs to the devices behind it (LAN machines in this case). Assigning static IPs in the 192.168.254.XXX range took care of the problem.

Thanks for the quick replies and support on this problem. Couldn't see the forest for the trees and without this forum, I'd still be struggling to figure this out.



FWIW, the FTP server I'm running is TYPSoft.
Footer1

Footer1

Member

Well, the saga continues ...

Although I can get the FTP server working while hooked up directly to the SpeedStream, that is not the ultimate solution as I'm unable to use my WAP. When I put the WAP back into the equation, I'm back to dual NAPT/NAT and I can't get the FTP server to work again!

I've tried setting the SpeedStream to 192.168.123.XXX (same subnet as my WAP) but then I'm having problems accessing it. I've also tried disabling DHCP on the WAP and setting a fixed IP on the box running the FTP server but it still can't get past the WAP. I've even put the FTP server box in the "DMZ" (the WAP has this capability) to no avail ...

Does anyone else have a setup similar to this and are you successfully running servers from your LAN??? My WAP is the SMC Barricade (802.11b).

This is driving me NUTS!!!

Thanks in advance ...

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

What are you attempting to do with the FTP server? Running it off of a Wireless PC? Or accessing it from a Wireless PC? If the latter, then just add a fixed route to it in the WAP and access it from it's 192.168.254.X IP instead of the public IP. If the former then you may not be able to do that unless you can set the 5667 into a bridged configuration and let the WAP make a PPPoE connection to your ISP.

If your ISP is PPPoA then you may be out of choices and have to use it the way it works behind only the 5667.

Regards,

Doctor Olds
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

Maybe I'm out of choices ... My ISP uses PPPoA.

I'm not trying to use the FTP server off of a wireless PC. But, the Barricade does have three wired ports and I'm using one of the wired ports for the PC running the FTP server. The WAP does not support fixed routing but the SpeedStream does. So maybe I can add a fixed route to the FTP server that way? I'm not sure it will get past the WAP though ...

And you're right about the WAP and PPPoE. It does support that. However, my ISP is PPPoA so I don't think I'd be able to set the SpeedStream up in bridged mode and make the WAP work with my ISP ... Time for a new WAP??? I'd sort of like 802.11a anyway.

Well, unless there are other suggestions out there (switch to Linux?) I think it's time for a new hardware purchase.

Thanks to all for your comments and support!

delete
Bleek..
Premium Member
join:2002-03-23
Bronx, NY

delete

Premium Member

well linux is great .. atleast i love it, but um ... that may not solve your problem ..

MacThrasher
Premium Member
join:2002-04-26
Chagrin Falls, OH

MacThrasher

Premium Member

Click for full size
brought here because of a response to my network setup

If you are running an FTP server through a Wireless Access Point, you will need to assign it a static address all the way down to your FTP server. The only way I could get my system to work correctly is to assign a static address to the WAP, and assign the wireless client (FTP Server, or in my case my laptop) to a static address. If it is DHCP, you run the chance of the address changing. When that happens, the router may send the FTP requests to nowhere, or the wrong address.

Hope that helps.
Footer1
join:2002-10-03
Scandia, MN

Footer1

Member

DING DING DING DING DING!!!

Well, I think I've FINALLY figured this thing out ... So simple yet so complicated ...

Instead of using DHCP on the 5667, I set it to RELAY to the WAP (this is sort of what Doctor Olds recommended when he said to add a fixed route to the PC -- I just added a relay to the WAP instead). The WAP IP is 192.168.123.254. But in the System Status page of the WAP, it shows an IP of 192.168.254.1. I've released it several times but it always seems to come back as 192.168.254.1 for now so I'm hoping that continues.

Anyway, I'm relaying from the 5667 to the WAP with 192.168.123.254 as primary and 192.168.254.1 as secondary. In the WAP, I've got ports 20/21 forwarded to the WAP DHCP assigned IP of my FTP server. This is what seems to have done the trick (the combination of relaying from the SpeedStream 5667 and port forwarding on the WAP). Of course, I also have port forwarding on the SpeedStream set to forward to 192.168.254.1 which as you recall is the IP that has been relayed (?) from the 5667 to the WAP.

Another reason I didn't want to disable DHCP (I couldn't seem to make things work even with it disabled) is that I'm running at least one PC without a monitor (using VNC to get to it) which is wired to the WAP and I want the WAP to assign the IP to it. Not to mention wireless clients which I prefer to have DHCP assigned as well ...

Well, there you have it. THANKS MUCH to all who have provided opinions and support on this problem. I couldn't have done it without you! If anyone cares to comment on how/why it works the way it works, I'd sure be glad to hear it! Otherwise, I'll just chalk it up to the magic of the networking Gods.

smneto
join:2002-11-08
92020-001

smneto to Footer1

Member

to Footer1
I can't open the browser configuration on my 5667. Anyone can help me... i don't have the console cable... how can i make one?

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

What's the full part number on the bottom of the unit? XXX-XXXX-XXX You really should start your own "New Topic" instead of hijacking another person's thread.

Regards,

Doctor Olds
smneto
join:2002-11-08
92020-001

smneto

Member

Then part number is 060-5667-101
Thanks

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

That is not a Router Version as far as I know and it may not have a Web Based GUI. Can you telnet to it an post the software version numbers?

These threads may help explain what you have.

5667 password
»5667 password

(No luck) Accessing 5667 CLI (Telnet)
»(No luck) Accessing 5667 CLI (Telnet)

5667 Missing web interface
»5667 Missing web interface

which 5667 do I really have?
»which 5667 do I really have?

Hope this helps.

Regards,

Doctor Olds

delete
Bleek..
Premium Member
join:2002-03-23
Bronx, NY

delete

Premium Member

oh no not this again ... hehe ..

Doc we need to figure how to pull this firmware ..

but to anyone else that has the bridgemode of this router the 5667 WITHOUT SR .. i suggest you call your ISP .. they may be giving the 5667 WITH SR to those that request it ...

as i know it .. there are still some customers using the old 5667 on my ISP .. because they dont know that the ISP is giving 5667s' with SR at request... so people are using that crummy dialup to dsl server software ..
smneto
join:2002-11-08
92020-001

smneto to Doctor Olds

Member

to Doctor Olds
can i update the firmware to 5667 router?

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

Sure. If Efficient ever puts the 5667 "Secure Route" Router firmware up for sale.

Regards,

Doctor Olds
Shelley6
join:2002-12-08
Colusa, CA

Shelley6 to smneto

Member

to smneto
I talked to efficient and they said the 5667 firmware can not be upgraded because of the isp (frontier, in my case) tweaked the firmware.

P.S. He also said frontier is releasing a new better modem/router December 13th. Maybe this one will include some dmz features? Anyway I'll be frying my 5667 and getting the upgrade.

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

said by Shelley6:
I talked to efficient and they said the 5667 firmware can not be upgraded because of the isp (frontier, in my case) tweaked the firmware.
That is an outright lie from Efficient as any Router that has PPPoA protocol will work with your ISP. Many Citizen/Frontier customers have gotten their units replaced with the Full 5667 Router version that contains the Retail Channel Firmware that was installed by the ISP after they obtained it from Efficient. This has been verified by more than one member here with the Firmware version numbers matching the Retail units.
said by Shelley6:
P.S. He also said frontier is releasing a new better modem/router December 13th. Maybe this one will include some dmz features? Anyway I'll be frying my 5667 and getting the upgrade.
Did you take the advice posted above »SpeedStream 5667 Port Forwarding problem and call your ISP to get the full 5667 Secure Route unit from your ISP?

Please, when you see a older thread (11-08-2002 was the last post in this thread) follow the Forum Guidelines and start a New Topic since your post was not about port forwarding. You should have seen the yellow warning before you posted. It looks like this in case you missed it:

»/r0/do ··· /old.png

Regards,

Doctor Olds