port forwarding - Ubuntu

This is a discussion on port forwarding - Ubuntu ; I hope that this isn't considered off topic, as it does have something to do with Ubuntu in that I am running my web apps on Ubuntu. Here's my problem: I hava a wireless home network which is connected using ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: port forwarding

  1. port forwarding

    I hope that this isn't considered off topic, as it does have something to
    do with Ubuntu in that I am running my web apps on Ubuntu.

    Here's my problem:

    I hava a wireless home network which is connected using
    a Siemens Gigaset SE567 wireless router.

    When I load the main page, I have the ability to redirect
    requests to any IP on my network. I have found that
    I am not able to do so for some reason.
    I have http running on port 80 on another machine
    as well as ftp and ssh. I have registered my router's IP
    address with dyndns so that I have a website name. But
    when ever I attempt to execute a request to port 80,
    I get the login screen for the modem. This
    happens no matter what machine I am on at the time.
    And from what I understand, those who attempt to access it
    from outside my network get an "access denied" message or something
    like that.


    My question is, is there a way to make this work? I used to have
    a comtrend DSL modem and a DLink wireless router. When I switched
    over to a faster connection, my ISP provided me with this new
    modem/wireless router box. But it seems that something is borked
    and I have no idea. The help/docs for the box tell me that
    I have done everything right. But obviously I have not.


    I would appreciate any insight into this issue as my website
    is now invisible to the outside world; by the time it's done
    it's gonna be really purddy so I'd like for people to be able
    to see it.




    --
    I have nothing to add to this

  2. Re: port forwarding

    Baba O'Reilly wrote:

    > My question is, is there a way to make this work? I used to have
    > a comtrend DSL modem and a DLink wireless router. When I switched
    > over to a faster connection, my ISP provided me with this new
    > modem/wireless router box. But it seems that something is borked
    > and I have no idea. The help/docs for the box tell me that
    > I have done everything right. But obviously I have not.


    If this is an ISP supplied modem/router combo unit, I suspect they've
    disabled port forwarding. Most ISPs don't allow running a server from a
    residential account.

    I run an http server from my main home machine without difficulty. It's
    a simple matter of forwarding port 80 to the local IP of the machine
    with the web interface to the router. It's very straightforward. I doubt
    you're doing anything wrong.

    I'd invest in a separate modem and router.

    --
    Mark Warner
    SimplyMEPIS Linux v6.5
    Registered Linux User #415318
    ....lose .inhibitions when replying

  3. Re: port forwarding

    It has nothing to do with Linux as such. My modem has this function of
    redirecting ports and it works. I suspect that you have not finished
    something, as far as the router setup is concerned.

    Have you checked the basics, that

    1) your inside server is listening on port 80
    2) a) its IP is what you expect it to be
    b) it serves the web page that you want to serve
    3) the router forwards outside port 80 to that IP
    4) The router's IP is what you expect it to be

  4. Re: port forwarding

    On Sun, 25 May 2008 00:11:40 +0000, Baba O'Reilly wrote:

    > I hope that this isn't considered off topic, as it does have something
    > to do with Ubuntu in that I am running my web apps on Ubuntu.
    >
    > Here's my problem:
    >
    > I hava a wireless home network which is connected using a Siemens
    > Gigaset SE567 wireless router.
    >
    > When I load the main page, I have the ability to redirect requests to
    > any IP on my network. I have found that I am not able to do so for some
    > reason. I have http running on port 80 on another machine as well as ftp
    > and ssh. I have registered my router's IP address with dyndns so that I
    > have a website name. But when ever I attempt to execute a request to
    > port 80, I get the login screen for the modem. This happens no matter
    > what machine I am on at the time. And from what I understand, those who
    > attempt to access it from outside my network get an "access denied"
    > message or something like that.
    >
    >
    > My question is, is there a way to make this work? I used to have a
    > comtrend DSL modem and a DLink wireless router. When I switched over to
    > a faster connection, my ISP provided me with this new modem/wireless
    > router box. But it seems that something is borked and I have no idea.
    > The help/docs for the box tell me that I have done everything right.
    > But obviously I have not.
    >
    >
    > I would appreciate any insight into this issue as my website is now
    > invisible to the outside world; by the time it's done it's gonna be
    > really purddy so I'd like for people to be able to see it.


    Are you trying this locally from the same network? I get the same thing
    at home. If I use my DynDNS address I get the login screen. If I
    connect from the office it works. The only way I can check the web
    server from the same network is to use the local IP address
    --
    Andy Jacobs

  5. Re: port forwarding

    On 2008-05-25, Mark Warner wrote:
    > Baba O'Reilly wrote:
    >
    >> My question is, is there a way to make this work? I used to have
    >> a comtrend DSL modem and a DLink wireless router. When I switched
    >> over to a faster connection, my ISP provided me with this new
    >> modem/wireless router box. But it seems that something is borked
    >> and I have no idea. The help/docs for the box tell me that
    >> I have done everything right. But obviously I have not.

    >
    > If this is an ISP supplied modem/router combo unit, I suspect they've
    > disabled port forwarding. Most ISPs don't allow running a server from a
    > residential account.
    >
    > I run an http server from my main home machine without difficulty. It's
    > a simple matter of forwarding port 80 to the local IP of the machine
    > with the web interface to the router. It's very straightforward. I doubt
    > you're doing anything wrong.
    >
    > I'd invest in a separate modem and router.
    >

    Yeah, that's beginning to look more and more like the cause.
    I've asked a friend to see if my site is viewable from outside my
    network using the URL from dyndns. If it is viewable then
    the problem is easy to get around, just use the internal IP.
    Otherwise, I'll have to contact my ISP and see if they are
    blocking port forwarding. It doesn't make sense though since
    before I switched to this Siemens wireless rounter there was
    no indication that things were blocked.

    Thanks for your help...and sorry for the nymshift, I was on my Vista
    machine posting through XNews.

    --
    * I am the walrus. *
    * RLU 451587 *
    * Running Vista Ultimate SP1 and Ubuntu Gutsy Gibbon *
    * Sea creatures unite and take back usenet http://improve-usenet.org/ *

  6. Re: port forwarding

    I_Am_The_Walrus wrote:
    > On 2008-05-25, Mark Warner wrote:
    >> Baba O'Reilly wrote:
    >>
    >>> My question is, is there a way to make this work? I used to have
    >>> a comtrend DSL modem and a DLink wireless router. When I switched
    >>> over to a faster connection, my ISP provided me with this new
    >>> modem/wireless router box. But it seems that something is borked
    >>> and I have no idea. The help/docs for the box tell me that
    >>> I have done everything right. But obviously I have not.

    >> If this is an ISP supplied modem/router combo unit, I suspect they've
    >> disabled port forwarding. Most ISPs don't allow running a server from a
    >> residential account.
    >>
    >> I run an http server from my main home machine without difficulty. It's
    >> a simple matter of forwarding port 80 to the local IP of the machine
    >> with the web interface to the router. It's very straightforward. I doubt
    >> you're doing anything wrong.
    >>
    >> I'd invest in a separate modem and router.
    >>

    > Yeah, that's beginning to look more and more like the cause.
    > I've asked a friend to see if my site is viewable from outside my
    > network using the URL from dyndns. If it is viewable then
    > the problem is easy to get around, just use the internal IP.
    > Otherwise, I'll have to contact my ISP and see if they are
    > blocking port forwarding. It doesn't make sense though since
    > before I switched to this Siemens wireless rounter there was
    > no indication that things were blocked.
    >
    > Thanks for your help...and sorry for the nymshift, I was on my Vista
    > machine posting through XNews.
    >


    I'm having somewhat same issues with a new NETGEAR WPN824v3 router I
    just bought. I cannot access my web server from inside the LAN using a
    web address, ie: www.myserver.com. Any attempt causes the router login
    window to come up. I can access it through the LAN (machine IP). I can
    access it through a proxy (anonymizer). Googleing suggests people think
    the port forwarding is broken and not working. The fact that it works
    through a proxy or other 'outside' system means that it is working.
    Something else seems to be causing a hiccup somewhere. Re-installing my
    NETGEAR WGR614v6 and it works as expected. Unfortunately, there appears
    to be no fix I can find... will probably return for another brand.

    --
    Norman
    Registered Linux user #461062

  7. Re: port forwarding

    On 2008-05-26, Norman Peelman wrote:
    > I_Am_The_Walrus wrote:
    >> On 2008-05-25, Mark Warner wrote:
    >>> Baba O'Reilly wrote:
    >>>
    >>>> My question is, is there a way to make this work? I used to have
    >>>> a comtrend DSL modem and a DLink wireless router. When I switched
    >>>> over to a faster connection, my ISP provided me with this new
    >>>> modem/wireless router box. But it seems that something is borked
    >>>> and I have no idea. The help/docs for the box tell me that
    >>>> I have done everything right. But obviously I have not.
    >>> If this is an ISP supplied modem/router combo unit, I suspect they've
    >>> disabled port forwarding. Most ISPs don't allow running a server from a
    >>> residential account.
    >>>
    >>> I run an http server from my main home machine without difficulty. It's
    >>> a simple matter of forwarding port 80 to the local IP of the machine
    >>> with the web interface to the router. It's very straightforward. I doubt
    >>> you're doing anything wrong.
    >>>
    >>> I'd invest in a separate modem and router.
    >>>

    >> Yeah, that's beginning to look more and more like the cause.
    >> I've asked a friend to see if my site is viewable from outside my
    >> network using the URL from dyndns. If it is viewable then
    >> the problem is easy to get around, just use the internal IP.
    >> Otherwise, I'll have to contact my ISP and see if they are
    >> blocking port forwarding. It doesn't make sense though since
    >> before I switched to this Siemens wireless rounter there was
    >> no indication that things were blocked.
    >>
    >> Thanks for your help...and sorry for the nymshift, I was on my Vista
    >> machine posting through XNews.
    >>

    >
    > I'm having somewhat same issues with a new NETGEAR WPN824v3 router I
    > just bought. I cannot access my web server from inside the LAN using a
    > web address, ie: www.myserver.com. Any attempt causes the router login
    > window to come up. I can access it through the LAN (machine IP). I can
    > access it through a proxy (anonymizer).


    Huh?

    How does the router know the difference between anonymizer and regular
    outside access???

    Something does not compute here.

    i

    > Googleing suggests people think
    > the port forwarding is broken and not working. The fact that it works
    > through a proxy or other 'outside' system means that it is working.
    > Something else seems to be causing a hiccup somewhere. Re-installing my
    > NETGEAR WGR614v6 and it works as expected. Unfortunately, there appears
    > to be no fix I can find... will probably return for another brand.
    >


    --
    Due to extreme spam originating from Google Groups, and their inattention
    to spammers, I and many others block all articles originating
    from Google Groups. If you want your postings to be seen by
    more readers you will need to find a different means of
    posting on Usenet.
    http://improve-usenet.org/

  8. Re: port forwarding

    Ignoramus7406 wrote:
    > On 2008-05-26, Norman Peelman wrote:
    >> I_Am_The_Walrus wrote:
    >>> On 2008-05-25, Mark Warner wrote:
    >>>> Baba O'Reilly wrote:
    >>>>
    >>>>> My question is, is there a way to make this work? I used to have
    >>>>> a comtrend DSL modem and a DLink wireless router. When I switched
    >>>>> over to a faster connection, my ISP provided me with this new
    >>>>> modem/wireless router box. But it seems that something is borked
    >>>>> and I have no idea. The help/docs for the box tell me that
    >>>>> I have done everything right. But obviously I have not.
    >>>> If this is an ISP supplied modem/router combo unit, I suspect they've
    >>>> disabled port forwarding. Most ISPs don't allow running a server from a
    >>>> residential account.
    >>>>
    >>>> I run an http server from my main home machine without difficulty. It's
    >>>> a simple matter of forwarding port 80 to the local IP of the machine
    >>>> with the web interface to the router. It's very straightforward. I doubt
    >>>> you're doing anything wrong.
    >>>>
    >>>> I'd invest in a separate modem and router.
    >>>>
    >>> Yeah, that's beginning to look more and more like the cause.
    >>> I've asked a friend to see if my site is viewable from outside my
    >>> network using the URL from dyndns. If it is viewable then
    >>> the problem is easy to get around, just use the internal IP.
    >>> Otherwise, I'll have to contact my ISP and see if they are
    >>> blocking port forwarding. It doesn't make sense though since
    >>> before I switched to this Siemens wireless rounter there was
    >>> no indication that things were blocked.
    >>>
    >>> Thanks for your help...and sorry for the nymshift, I was on my Vista
    >>> machine posting through XNews.
    >>>

    >> I'm having somewhat same issues with a new NETGEAR WPN824v3 router I
    >> just bought. I cannot access my web server from inside the LAN using a
    >> web address, ie: www.myserver.com. Any attempt causes the router login
    >> window to come up. I can access it through the LAN (machine IP). I can
    >> access it through a proxy (anonymizer).

    >
    > Huh?
    >
    > How does the router know the difference between anonymizer and regular
    > outside access???
    >
    > Something does not compute here.
    >


    Outside access works, whether it's a proxy or direct access as well
    as localhost. Even FTP doesn't work unless it's from the outside or
    localhost. This happens from any computer on my LAN (wired or wireless)
    They all offer up the router login window. Somehow, it seems that a
    request for the Internet IP address (provided by ISP) is being resolved
    to my router administration IP (LAN 192.168.1.1) as even typing the
    Internet IP address in the URL bar brings up the router login window.
    How or what would cause that, I don't know. All I do know is that one
    router does this and one does not. The one that does not is flaking out
    on me, so i'm trying to replace it.


    > i
    >
    >> Googleing suggests people think
    >> the port forwarding is broken and not working. The fact that it works
    >> through a proxy or other 'outside' system means that it is working.
    >> Something else seems to be causing a hiccup somewhere. Re-installing my
    >> NETGEAR WGR614v6 and it works as expected. Unfortunately, there appears
    >> to be no fix I can find... will probably return for another brand.
    >>

    >



    --
    Norman
    Registered Linux user #461062

  9. Re: port forwarding

    Norman Peelman wrote:

    > Outside access works, whether it's a proxy or direct access as well
    > as localhost. Even FTP doesn't work unless it's from the outside or
    > localhost. This happens from any computer on my LAN (wired or
    > wireless) They all offer up the router login window. Somehow, it seems
    > that a request for the Internet IP address (provided by ISP) is being
    > resolved to my router administration IP (LAN 192.168.1.1) as even
    > typing the Internet IP address in the URL bar brings up the router
    > login window. How or what would cause that, I don't know. All I do
    > know is that one router does this and one does not. The one that does
    > not is flaking out on me, so i'm trying to replace it.



    Are the two routers identical?

    Brand and version -- and settings?

    Sometimes the port forwarding is hidden in an area with a name like PnP
    Forwarding. Also check for port range forwarding and see if there's
    something there that is different.

    If the routers and configuration are identical, but they don't behave
    identically, then the answer is in the one misbehaving.


    --
    John

    No Microsoft, Apple, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  10. Re: port forwarding

    John F. Morse wrote:
    > Norman Peelman wrote:
    >
    >> Outside access works, whether it's a proxy or direct access as well
    >> as localhost. Even FTP doesn't work unless it's from the outside or
    >> localhost. This happens from any computer on my LAN (wired or
    >> wireless) They all offer up the router login window. Somehow, it seems
    >> that a request for the Internet IP address (provided by ISP) is being
    >> resolved to my router administration IP (LAN 192.168.1.1) as even
    >> typing the Internet IP address in the URL bar brings up the router
    >> login window. How or what would cause that, I don't know. All I do
    >> know is that one router does this and one does not. The one that does
    >> not is flaking out on me, so i'm trying to replace it.

    >
    >
    > Are the two routers identical?
    >
    > Brand and version -- and settings?
    >
    > Sometimes the port forwarding is hidden in an area with a name like PnP
    > Forwarding. Also check for port range forwarding and see if there's
    > something there that is different.
    >
    > If the routers and configuration are identical, but they don't behave
    > identically, then the answer is in the one misbehaving.
    >
    >


    Different routers but same brand. The original one is a NetGear
    WGR614v6 and the new one is a NetGear WPN824v3. The admins are exactly
    the same except the new one has some extra wireless features. Setting up
    port forwarding is the same on both. I can get there by using localhost
    or the box name but it just seems clunky and I think it should work
    right. I've emailed NetGear and they've told me to adjust the MTU and
    try turning off the SPI firewall... well that didn't work either (nor
    did I think it would) so I set them back to original. It's got to be a
    firmware bug... just how long to wait is the question (as there are none
    yet).

    --
    Norman
    Registered Linux user #461062

  11. Re: port forwarding

    Norman Peelman wrote:

    > Different routers but same brand. The original one is a NetGear
    > WGR614v6 and the new one is a NetGear WPN824v3. The admins are exactly
    > the same except the new one has some extra wireless features. Setting
    > up port forwarding is the same on both. I can get there by using
    > localhost or the box name but it just seems clunky and I think it
    > should work right. I've emailed NetGear and they've told me to adjust
    > the MTU and try turning off the SPI firewall... well that didn't work
    > either (nor did I think it would) so I set them back to original. It's
    > got to be a firmware bug... just how long to wait is the question (as
    > there are none yet).



    I'm having trouble understanding the above. Maybe you can amplify or
    clarify?

    You stated you cannot contact a server on your LAN, but you can if you
    go "outside" to the Internet and back in? I know that is a "roundabout"
    way of stating it. ;-)

    Maybe you meant other people can get access to the server from "outside"
    through your router, with the respective port forwarded to the server
    IP, but you cannot access the server -- period?

    Adding to the confusion is where you state, "I can get there by using
    localhost or the box name" which doesn't seem logical because
    "localhost" is your workstation, not the server. Unless you are saying
    you can access the server from its own console? One and the same computer?

    Using the "box name" also would indicate you are using either the hosts
    file on the workstation, or you are running a DNS server inhouse.

    This is quite confusing to me. Can you elaborate better so I can form a
    picture of what you have, and what is happening?

    What is/are the service(s) and port(s) (i.e. http-80, ftp-21, ssh-22, etc.)?


    --
    John

    No Microsoft, Apple, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  12. Re: port forwarding

    John F. Morse wrote:
    > Norman Peelman wrote:
    >
    >> Different routers but same brand. The original one is a NetGear
    >> WGR614v6 and the new one is a NetGear WPN824v3. The admins are exactly
    >> the same except the new one has some extra wireless features. Setting
    >> up port forwarding is the same on both. I can get there by using
    >> localhost or the box name but it just seems clunky and I think it
    >> should work right. I've emailed NetGear and they've told me to adjust
    >> the MTU and try turning off the SPI firewall... well that didn't work
    >> either (nor did I think it would) so I set them back to original. It's
    >> got to be a firmware bug... just how long to wait is the question (as
    >> there are none yet).

    >
    >
    > I'm having trouble understanding the above. Maybe you can amplify or
    > clarify?
    >
    > You stated you cannot contact a server on your LAN, but you can if you
    > go "outside" to the Internet and back in? I know that is a "roundabout"
    > way of stating it. ;-)
    >


    My web server runs on my desktop system -> 192.168.1.5, I can connect
    to my web server from:

    http://localhost/
    http:///

    the above apply to any computer on my LAN

    http://192.168.1.5 (gets me the default site of course)

    and from outside the LAN using the web site(s) urls

    > Maybe you meant other people can get access to the server from "outside"
    > through your router, with the respective port forwarded to the server
    > IP, but you cannot access the server -- period?
    >


    Access from outside works as expected... I can only access the web
    server as stated above. Even if I type in the 'outside' ip address of
    the server directly:

    http://w.x.y.z

    .... I cannot access the server. I am given the router admin login
    screen. Again, access from outside works as expected. From inside the
    LAN I cannot use the domain ip or www.myserver.com without being given
    the router admin login screen.

    > Adding to the confusion is where you state, "I can get there by using
    > localhost or the box name" which doesn't seem logical because
    > "localhost" is your workstation, not the server. Unless you are saying
    > you can access the server from its own console? One and the same computer?
    >


    desktop/web server -> same system

    > Using the "box name" also would indicate you are using either the hosts
    > file on the workstation, or you are running a DNS server inhouse.
    >


    Yes, sort of... I have my hosts file set to resolve the localhost to
    whatever the standard loopback is (127.0.0.1) and the to
    192.168.1.5 (added after this problem started). The router obtains the
    DNS address automatically from the ISP and of course the router acts as
    the DHCP server for the LAN. A very standard setup.

    > This is quite confusing to me. Can you elaborate better so I can form a
    > picture of what you have, and what is happening?
    >
    > What is/are the service(s) and port(s) (i.e. http-80, ftp-21, ssh-22,
    > etc.)?
    >


    HTTP is port forwarded to 192.168.1.5 (80)
    FTP is port forwarded to 192.168.1.5 (20-21)

    ....standard settings (setup on these routers is not confusing at all)

    A simple switchout of routers and the problem goes away. No settings
    need be adjusted on the router(s) or the system.

    --
    Norman
    Registered Linux user #461062

  13. Re: port forwarding

    On 2008-05-25, Andy Jacobs wrote:
    >
    > Are you trying this locally from the same network? I get the same thing
    > at home. If I use my DynDNS address I get the login screen. If I
    > connect from the office it works. The only way I can check the web
    > server from the same network is to use the local IP address


    Good news, it's all "sorted" now. I set up dyndns within the gui
    of the router and now I can access my website on Ubuntu outside
    of my network. I am still not able to access it within my network
    apart from typing in the internal IP address, but I can work with
    that.

    Cheers


    --
    * I am the walrus. *
    * RLU 451587 *
    * Running Vista Ultimate SP1 and Ubuntu Gutsy Gibbon *
    * Sea creatures unite and take back usenet http://improve-usenet.org/ *

  14. Re: port forwarding

    In article ,
    Ignoramus7406 wrote:
    > > I'm having somewhat same issues with a new NETGEAR WPN824v3 router I
    > > just bought. I cannot access my web server from inside the LAN using a
    > > web address, ie: www.myserver.com. Any attempt causes the router login
    > > window to come up. I can access it through the LAN (machine IP). I can
    > > access it through a proxy (anonymizer).

    >
    > Huh?
    >
    > How does the router know the difference between anonymizer and regular
    > outside access???
    >
    > Something does not compute here.


    No, it all makes sense. You misread slightly. He can't access it using
    the outside address *from* *inside*.

    The router is on two networks. Let's call them LAN and WAN. WAN ==
    Internet for purposes of this discussion. The router has a "real" IP
    address on WAN, assigned by the ISP. On the LAN side, it uses
    non-routable addresses, typically 192.168.x.y.

    When you set up port forwarding to allow access to a server on the LAN,
    the router looks for accesses *from* *WAN* to the forwarded port, and
    maps them to the designated machine and port on LAN. As far as I've
    seen, they all get this right.

    What happens when a machine on LAN tries to access the forwarded port on
    the "real" IP address? Some home routers recognize this as a special
    case, and go ahead and handle this case of LAN => LAN forwarding.

    However, some do NOT handle this. They only set up a forwarding rule
    from WAN => LAN, not LAN => LAN, so either nothing responds, or, if it
    is port 80, some take it as an attempt to access their administrative
    pages.

    He apparently has a router like this. So, from the LAN, if he tries to
    access www.myserver.com, that gets mapped by DNS to the "real" address,
    and the router can't handle it. If, however, he goes through an
    external proxy, then it hits the WAN => LAN case, and works fine.

    There are two ways to solve this problem.

    (1) Get a router that looks for the WAN address on the LAN and applies
    the forwarding rules. Unfortunately, this is not something most
    reviewers check for, and the manual is often silent on what happens in
    this case, so finding such a router is somewhat of a crapshoot.

    (2) Use your hosts files, or run your own DNS server for your LAN, and
    map www.myserver.com to the 192.168.x.y address on the LAN of your
    server. Your LAN clients then will connect directly to the server, and
    not try to go through the router.


    --
    --Tim Smith

  15. Re: port forwarding

    Tim Smith wrote:
    > In article ,
    > Ignoramus7406 wrote:
    >>> I'm having somewhat same issues with a new NETGEAR WPN824v3 router I
    >>> just bought. I cannot access my web server from inside the LAN using a
    >>> web address, ie: www.myserver.com. Any attempt causes the router login
    >>> window to come up. I can access it through the LAN (machine IP). I can
    >>> access it through a proxy (anonymizer).

    >> Huh?
    >>
    >> How does the router know the difference between anonymizer and regular
    >> outside access???
    >>
    >> Something does not compute here.

    >
    > No, it all makes sense. You misread slightly. He can't access it using
    > the outside address *from* *inside*.
    >
    > The router is on two networks. Let's call them LAN and WAN. WAN ==
    > Internet for purposes of this discussion. The router has a "real" IP
    > address on WAN, assigned by the ISP. On the LAN side, it uses
    > non-routable addresses, typically 192.168.x.y.
    >
    > When you set up port forwarding to allow access to a server on the LAN,
    > the router looks for accesses *from* *WAN* to the forwarded port, and
    > maps them to the designated machine and port on LAN. As far as I've
    > seen, they all get this right.
    >
    > What happens when a machine on LAN tries to access the forwarded port on
    > the "real" IP address? Some home routers recognize this as a special
    > case, and go ahead and handle this case of LAN => LAN forwarding.
    >
    > However, some do NOT handle this. They only set up a forwarding rule
    > from WAN => LAN, not LAN => LAN, so either nothing responds, or, if it
    > is port 80, some take it as an attempt to access their administrative
    > pages.
    >
    > He apparently has a router like this. So, from the LAN, if he tries to
    > access www.myserver.com, that gets mapped by DNS to the "real" address,
    > and the router can't handle it. If, however, he goes through an
    > external proxy, then it hits the WAN => LAN case, and works fine.
    >
    > There are two ways to solve this problem.
    >
    > (1) Get a router that looks for the WAN address on the LAN and applies
    > the forwarding rules. Unfortunately, this is not something most
    > reviewers check for, and the manual is often silent on what happens in
    > this case, so finding such a router is somewhat of a crapshoot.
    >
    > (2) Use your hosts files, or run your own DNS server for your LAN, and
    > map www.myserver.com to the 192.168.x.y address on the LAN of your
    > server. Your LAN clients then will connect directly to the server, and
    > not try to go through the router.
    >
    >


    I think that about nails it... like i said the WGR614v6 works like a
    charm (other than I think it's over-heating), The WPN824v3 is the one
    giving me fits... both NetGear. I really do believe it's nothing more
    than a firmware issue - easily fixed.


    --
    Norman
    Registered Linux user #461062
    -Have you been to www.php.net yet?-

  16. Re: port forwarding

    Norman Peelman wrote:

    > A simple switchout of routers and the problem goes away. No
    > settings need be adjusted on the router(s) or the system.
    >



    Thanks for that additional information, but I'm afraid it still doesn't
    provide me any clue as to why your LAN doesn't work correctly. It almost
    has to be the differences between these two routers. That difference is
    a big red flag, and should be the focus as to "why."

    I run into similar LAN vs. WAN problems here. I split the output of my
    cable modem through a 5-port 10/100BaseT switch. One port feeds a
    Linksys BEFSR41 router for my "main" LAN, which includes several servers
    (SMTP/POP3, NNTP, HTTP, NTP, DNS, Fetchmail, Stunnel) and a bunch of
    workstations. This LAN has five different FQDNs pointed to it.

    Another port from the switch feeds a second BEFSR41 router that has an
    FTP server on it, This provides better security for the main LAN because
    the old FTP server is running on Windows XP Pro SP2, which I don't
    trust. It will soon be rerouted to vsftpd which is running on a Debian
    box. This additional WAN IP router also feeds an experimental
    SMTP/POP3/IMAP server (Postfix/Exim, Dovecot/Courier) for testing and
    evaluation, and it has one FQDN pointed to it.

    A third WAN IP is pulled from the 5-port switch and it feeds an SMC WiFi
    router, basically for isolation (NAT firewalling) for an old iMac, which
    I use to access the servers on the other two LANs for testing. This is
    necessary to see what people on the Internet can do, since running a DNS
    server makes the LAN "inside" connections behave somewhat differently.

    I have a fourth SMC WiFi router that I sometimes use for similar
    testing, and as a backup if needed. These last two LANs with the WiFi
    routers have no FQDN since they are only for temporary testing. Should I
    need to connect to them from the "outside" I will just use the
    dotted-quad WAN IP. They have their WiFi portion disabled and antennas
    removed. I bought them new a couple of years ago, on sale for $9.00,
    because I figured that was a great price just for the 4-port 10/100BaseT
    switches alone. ;-)

    The problems discovered when accessing a LAN server from the LAN
    containing a DNS server, and then from the WAN, can be hair-pulling at
    times. Having more than one FQDN in some of the server's configuration
    files is also a possible source of trouble until it is figured out and
    corrected. A-records, CNAMEs, MX records, FQDNs, hostnames, .... Like
    you, a lot of this configuration is trail and error to verify what will
    work and what won't. And it takes time.

    One thought, since you mention FTP: Do you have data ports assigned for
    the connection other than port 20? The server, being behind a NAT
    router, won't be listening on any port except the control port. I use a
    block of ports way up high (something like 20000 through 20100), and
    have them configured in the FTP server as well. And since the FTP server
    is behind a NAT router, the passive mode must be used.

    This may be a possible difference in the routers -- port range
    forwarding. But it shouldn't affect the port 80 data since HTTP is much
    simpler.

    Can you return the suspected router for refund or exchange? That sounds
    like the fastest solution.

    Good luck, and keep us informed.


    --
    John

    No Microsoft, Apple, Intel, Novell, Trend Micro, nor Ford products were used in the preparation or transmission of this message.

    The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do. The GPL sounds like it was written by a human being, who wants me to know what I can do.

  17. Re: port forwarding

    Tim Smith wrote in
    news:reply_in_group-817DC1.17572227052008@news.supernews.com:

    > In article ,
    > Ignoramus7406 wrote:
    >> > I'm having somewhat same issues with a new NETGEAR WPN824v3
    >> > router I
    >> > just bought. I cannot access my web server from inside the LAN
    >> > using a web address, ie: www.myserver.com. Any attempt causes the
    >> > router login window to come up. I can access it through the LAN
    >> > (machine IP). I can access it through a proxy (anonymizer).

    >>
    >> Huh?
    >>
    >> How does the router know the difference between anonymizer and
    >> regular outside access???
    >>
    >> Something does not compute here.

    >
    > No, it all makes sense. You misread slightly. He can't access it
    > using the outside address *from* *inside*.
    >
    > The router is on two networks. Let's call them LAN and WAN. WAN ==
    > Internet for purposes of this discussion. The router has a "real" IP
    > address on WAN, assigned by the ISP. On the LAN side, it uses
    > non-routable addresses, typically 192.168.x.y.
    >
    > When you set up port forwarding to allow access to a server on the
    > LAN, the router looks for accesses *from* *WAN* to the forwarded port,
    > and maps them to the designated machine and port on LAN. As far as
    > I've seen, they all get this right.
    >
    > What happens when a machine on LAN tries to access the forwarded port
    > on the "real" IP address? Some home routers recognize this as a
    > special case, and go ahead and handle this case of LAN => LAN
    > forwarding.
    >
    > However, some do NOT handle this. They only set up a forwarding rule
    > from WAN => LAN, not LAN => LAN, so either nothing responds, or, if it
    > is port 80, some take it as an attempt to access their administrative
    > pages.
    >
    > He apparently has a router like this. So, from the LAN, if he tries
    > to access www.myserver.com, that gets mapped by DNS to the "real"
    > address, and the router can't handle it. If, however, he goes through
    > an external proxy, then it hits the WAN => LAN case, and works fine.
    >
    > There are two ways to solve this problem.
    >
    > (1) Get a router that looks for the WAN address on the LAN and applies
    > the forwarding rules. Unfortunately, this is not something most
    > reviewers check for, and the manual is often silent on what happens in
    > this case, so finding such a router is somewhat of a crapshoot.
    >
    > (2) Use your hosts files, or run your own DNS server for your LAN, and
    > map www.myserver.com to the 192.168.x.y address on the LAN of your
    > server. Your LAN clients then will connect directly to the server,
    > and not try to go through the router.
    >
    >


    That is an absolutly excellent explanation and it works perfectly.
    I added an entry to my hosts file and poof....

    --
    There are 10 types of people in this world. Those who understand binary
    and those who don't.



  18. Re: port forwarding

    In article <483cc6c1$0$20194$4c368faf@roadrunner.com>,
    Norman Peelman wrote:
    > I think that about nails it... like i said the WGR614v6 works like a
    > charm (other than I think it's over-heating), The WPN824v3 is the one


    I too had a router that was overheating. Looking at the specs, it said
    it was rated for up to 40C (that's 104F), and my apartment was surely
    not that hot. However, it was that hot inside the router. Using in IR
    thermometer, I got readings of just a bit over 104F at the times it
    started flaking out. I could keep it happy if I set up a fan to blow on
    it, but that was annoying.

    The router was consistently running about 25F above my apartment
    temperature (when I didn't have that fan on it). I replaced it with a
    router that was specced to 50C (122F) and that one had no trouble making
    it through the summer in my apartment without air conditioning.

    The temperature limits are usually printed in the manual, and you can
    usually find the manual online before buying, so if you have an
    environment where heat might be a problem, I'd recommend looking toward
    the ones with the higher temperature ratings next time you are buying a
    router.

    --
    --Tim Smith

  19. Re: port forwarding

    Tim Smith wrote:
    > In article <483cc6c1$0$20194$4c368faf@roadrunner.com>,
    > Norman Peelman wrote:
    >> I think that about nails it... like i said the WGR614v6 works like a
    >> charm (other than I think it's over-heating), The WPN824v3 is the one

    >
    > I too had a router that was overheating. Looking at the specs, it said
    > it was rated for up to 40C (that's 104F), and my apartment was surely
    > not that hot. However, it was that hot inside the router. Using in IR
    > thermometer, I got readings of just a bit over 104F at the times it
    > started flaking out. I could keep it happy if I set up a fan to blow on
    > it, but that was annoying.
    >
    > The router was consistently running about 25F above my apartment
    > temperature (when I didn't have that fan on it). I replaced it with a
    > router that was specced to 50C (122F) and that one had no trouble making
    > it through the summer in my apartment without air conditioning.
    >
    > The temperature limits are usually printed in the manual, and you can
    > usually find the manual online before buying, so if you have an
    > environment where heat might be a problem, I'd recommend looking toward
    > the ones with the higher temperature ratings next time you are buying a
    > router.
    >


    ....or drill a bunch of vent holes in the case.

    --
    Norman
    Registered Linux user #461062

+ Reply to Thread