PDA

View Full Version : Need networking help


schatzi
09/14/2012, 04:49 PM
I can access my apex from inside my network, it's outside that's giving me problems. COuld someone look over the screenshots and see what I'm missing??

Using a Linksys WRT54G and tzodns.com.

http://i371.photobucket.com/albums/oo152/mcady68/apexsetup.jpg

http://i371.photobucket.com/albums/oo152/mcady68/ddns.jpg

http://i371.photobucket.com/albums/oo152/mcady68/portforward.jpg

http://i371.photobucket.com/albums/oo152/mcady68/tzo.jpg

Thanks for the help!!

RussM
09/14/2012, 05:46 PM
Your port forwarding is not quite right, but it should work as is.

When you only want a single port opened, just put the desired port number in for both Start and End in the port forwarding. Change the port forward to Start and End of 9969. Also, the protocol only needs to be TCP; "Both" is OK, but is not necessary, so change to TCP only.

Your DDNS setup appears to be good, and when I tested, your hostname resolves to the proper address.

What is the LAN IP address of the router? If it is not 192.168.1.1, change the Apex default gateway to match the router's LAN IP address.

And is the Linksys' WAN/Internet IP address 184.6.85.71, or something else, like a 192.168.x.x address?

It looks like your ISP service is Embarq/CenturyLink DSL; what is the model of the DSL modem/gateway they provided?

schatzi
09/14/2012, 06:56 PM
Your port forwarding is not quite right, but it should work as is.

When you only want a single port opened, just put the desired port number in for both Start and End in the port forwarding. Change the port forward to Start and End of 9969.

Changed

Also, the protocol only needs to be TCP; "Both" is OK, but is not necessary, so change to TCP only.

The New User guide says the Apex requires both (pg 36) but I switched to TCP.

Your DDNS setup appears to be good, and when I tested, your hostname resolves to the proper address.


Does this mean you were able to get to the login prompt of my apex?

What is the LAN IP address of the router? If it is not 192.168.1.1, change the Apex default gateway to match the router's LAN IP address.


It is 192.168.1.1

And is the Linksys' WAN/Internet IP address 184.6.85.71, or something else, like a 192.168.x.x address?

On the Status page of the Linksys it says the IP address is 10.0.0.2. The internet IP address as reported by the Linksys on the DDNS page is 184.6.85.71. When I go to whatismyip.com with my laptop, cable connected to the router, I get 72.37.249.140, when I go to whatismyip.com with my iPhone connected via wireless to my router I get 184.6.85.71.

When I have the tzodns pointing to 10.0.0.2 I can access the Apex with the iPhone app when I am at home connected to the wireless but not out of the house. When I have tzodns pointing to the 184 address or the 72 address the app does not work anywhere.

It looks like your ISP service is Embarq/CenturyLink DSL; what is the model of the DSL modem/gateway they provided?

Yes it's CL DSL, modem model is EQ660R-F1

schatzi
09/14/2012, 07:37 PM
One other change I've made that doesn't seem to help was unchecking "Block Anonymous Internet Requests" on the Security page of the LInksys as suggested on portforward.com

I guess I didn't mention the only out of the house internet I have access to at the moment is using the Apex app through my cell phone data.

And email is working.

RussM
09/14/2012, 09:32 PM
The EQ660 is a relabeled XyZEL router - that's what I figured (the most common model used by Embarq), but didn't want to make any assumptions. So, you actually have two routers daisy-chained. I'll talk more about that later.

Is your laptop owned by your employer? It probably has some sort of web security software which is causing all traffic to go through a web security service gateway... it may be called ScanSafe, or it might be a Cisco product (ScanSafe, Inc. was bought out by Cisco about 2 years ago). That 72.37.249.140 address is a ScanSafe/Cisco server - so when you use the notebook to access whatismyip.com, whatismyip.com is giving you an inaccurate response. When using the iPhone, whatismyip.com is giving an accurate IP address.

The User Guide is incorrect... http/web services is TCP traffic, not UDP. I'm surprised I haven't noticed that in the Guide! Telnet also uses only TCP, which is the only other protocol used by the Apex which can be carried across the Internet. As I said earlier, while there's nothing wrong with "Both", "TCP" is the proper setting. I only mentioned it because you already needed to go in and edit the port forwarding ;)

Disabling "Block Anonymous Internet Requests" as a general practice is actually a bad recommendation. It does need to be disabled for some online gaming, but it will not help at all in this case, and reduces security. Go ahead and re-enable it.

Now, regarding the daisy-chained routers. There are several different approaches that can be taken.

1. you can do double port forwarding in the routers... in the 660R, port forward port 9969 to the WAN address of the Linksys, and then port forward the Linksys to the Apex as you currently have.

2. Enable the DMZ mode of the 660R (if it has one - not all 660-series routers do); put the WAN IP of the Linksys in the DMZ host field of the 660R.

3. Put the 660R is bridge mode (which disable all routing and firewall features, effectively turning it into a just basic DSL modem). Your Linksys is then the main firewall/router. This is the best option of the three. But there's a catch - some ZyXEL 660R model do not retain the bridge mode setting permanently - it only lasts as long as the unit has power, and reverts to normal router/firewall mode after a reboot. This is obviously a big problem, if your router is one of the ones that do not retain bridge mode persistently.

4. Connect the Linksys up to the ZyXEL using one of the Linksys' LAN ports (not the WAN/Internet port - *nothing* gets plugged into the WAN port in this scenario). This bypasses the Linksys' router and firewall, eliminating the double router. When connected this way the Linksys become a basic switch and wireless access point. If you do this, you MUST disable DHCP in the Linksys, and set the LAN IP address to one in the same subnet as the ZyXEL (you could use 10.0.0.2). If you do this, disable DHCP, save settings, then change the IP address, save settings. At this point you will lose the browser session with the Linksys. Then, change the cable connects as described. You will then need to restart every network device on your network so that each device can get a new IP address directly from the ZyXEL router. And since your Apex is statically addressed, you will need to reconfigure it to use a 10.0.0.x address.


#1 and #2 are the easiest, but both still retain the double router and double NAT (network address translation). Double NAT can adversely affect a number of things, such as VPN and online gameplay, and overall causes a slight performance decrease.

#3 is by far the best, but is the riskiest to accomplish... if you don't do it right, you can turn the CL router into a brick. Plus there's the bridge mode persistence issue which might or might not apply in your case.

#4 is a good compromise.

RussM
09/14/2012, 09:40 PM
I did omit the option that is both easiest and best - call Embarq and see if they will swap that 660R for a basic DSL modem. They will do that in a few areas IME, but for the most part, they only deal with those (bleepin') DSL XyXEL routers. It'll probably be a no-go, but definitely worth a try.

schatzi
09/15/2012, 09:26 AM
thanks for the great response! You are correct about every piece. It's a computer from my employer, yes with a bunch of security on it. I went with option 1 because it didn't involve me leaving the house. Probably the best answer is going to the local CL office and swapping out the modem, but they probably don't have one anyway.

I did a port forward on the DSL modem and my app through AT&T data now works. I"ll be checking with an off site pc later today but I'm sure it works. One oddity, probably due to the double router, is the app needed a second profile to work within my LAN, pointing at the 10.x.x.x number.

One final question, I've put a bunch of info out here on the web now with these posts, do I have security concerns? I've got my apex user/password changed to something that isn't the default, same with my linksys router, but just wondering.

Thanks again, I appreciate it.

RussM
09/15/2012, 09:39 AM
The issue with you needing to use two profiles in the app is a common one. Without going into all the gory geeky details of why, some routers support using the external address and port forwarding to access another device on the same local network, some do not. If you are curious, Google 'hairpinning'. Your Linksys does, but the ZyXEL does not. You found the right solution.... one controller profile will work when you are home on WiFi, and the other will work the rest of the time (on 3G/4G or WiFi not at home)

Just delete the images from photobucket if you want. The most important thing is that you have changed the default username and password. Hopefully you've chosen a good strong complex password.

I tested - I got the Apex login prompt. You done good!

The_frog_man
09/16/2012, 10:34 PM
Hello Russ, I am also a bit confused with my router and port forwarding; hopefully you can help me. I am using a linksys router as a repeater to get a wireless signal from my home wireless router which is an apple airport router. Do I need to change the port forwarding values for both routers or just one? I am on Time Warner. Hopefully you can help. Thanks

RussM
09/16/2012, 10:47 PM
I am using a linksys router as a repeater to get a wireless signal from my home wireless router which is an apple airport router.Please explain exactly how you are doing this.

The_frog_man
09/16/2012, 10:51 PM
The linksys router is connected to my main home router via wifi. My apex system is connected via ethernet cable to the linksys router. I have a home connection to the apex, just not outside my home network.

The_frog_man
09/17/2012, 12:34 AM
Any thoughts?

RussM
09/17/2012, 06:51 AM
What model is the Linksys "router"? It sounds like it is not actually a router, but is a wireless bridge. If that's the case, then the only port forwarding you need to do is in the AirPort (it's called port mapping in the Airport)

The_frog_man
09/17/2012, 04:57 PM
I looked into the apple router settings and the apex isn't found. When I go into the linksys router configuration the apex is there. I put the ip figures and port figures like you have mentioned above, but when I put that ip with the new port forward settings in the explorer it doesn't load. I'm doing something wrong

RussM
09/17/2012, 05:54 PM
What is the model of the Linksys "router"?
Is it running stock firmware, or have you changed it to 3rd party firmware like Tomato or DD-WRT?
I need to understand EXACTLY how that Linksys is connecting to the AirPort via WiFi.

Post screen shots!

The_frog_man
09/17/2012, 06:42 PM
I am running dd-wrt on the linksys router. Will provide model number when I get home from work later today. Thank you so much for your time on this thus far

RussM
09/17/2012, 08:18 PM
No need for the model number - that you are running DD-WRT is enough info. The Linksys must be in Client Bridge Mode, not in Repeater or Repeater Bridge modes. Before you change the operating mode, remove all port forwarding you attempted in the Linksys.

The_frog_man
09/17/2012, 09:39 PM
So once I clear all info how do I change setting to make it bridge mode?

The_frog_man
09/17/2012, 09:46 PM
Will I still need to change the parameters in my apple router or will it just be through my linksys router?

RussM
09/17/2012, 10:04 PM
What parameters? If you are talking about port forwarding - you should only need to do port forwarding in the AirPort router

RussM
09/17/2012, 10:20 PM
So once I clear all info how do I change setting to make it bridge mode?DD-WRT Wiki (http://www.dd-wrt.com/wiki/index.php/Main_Page)

The_frog_man
09/17/2012, 10:34 PM
Thank you, I will post here with other questions regarding port forwarding if I have any when setting up my apple router