Can't Get Access to HTTPD, VNC

Posts: 35 · Posted: Thu Oct 21, 2004 2:21 am Post subject: Can't Get Access to HTTPD, VNC

Hi All,

This is my setup.

CBL MDM -> 24.x.x.x MTA -> 192.168.102.1 -> 192.168.102.100 Netgear WR614 -> 10.10.10.1

Settings for MTA:
NAT/DHCP 192.168.102.100 Forward for ports 80, 5900,5901

Setting for router:
Basic Settings:
DHCP (192.168.102.100)
Note: I have to enter my comcast DNS for access to world
DNS:
x.x.x.x
x.x.x.x

Lan IP
10.10.10.1
DHCP: 10.10.10.100-254

Port forward to 10.10.10.254 80, 5900, 5901

Server:
10.10.10.254

So.

Internet works.. great.
However, cannot get to my web server from outside.

I tried on the MTA setting the DMZ to 100. This breaks everything. Nothing works. Disable it, I get web access from inside out, but then i can't get "in" to my machines from outside.

Help anyone!?

Posts: 46 · Full Forum Member Joined: Sep 06, 2004 Posts: 46

First, You don't want to forward ports 5060 and 5061. These are needed by the adapter. Forwarding actually takes the ports away from the adapter! Port 80 does need to be forwarded if you're sending out a web page. You need to make sure that your forwarding TCP in that case. Any additional ports you're using with your site, you may nee to forward as well (Streaming?). At least forward port 427 (TCP) as well.

To make sure you're getting your DNS servers, you may want to manually enter the two or three addresses (You can call your ISP for the addresses) into the adapter, your router and even in your Network control panel. Then you're not relying on the adapter to get them from your ISP properly.

Posts: 35 · Posted: Thu Oct 21, 2004 9:41 am Post subject:

1. I didn't forward 5060 or 5061 (I forwarded 5900, 5901 (VNC))
2. The problem here is isn't forwarding the ports that I have asked it to.
3. I don't get internet access unless I manually add the DNS servers from Comcast to the my Netgear router. If I dont add them, then I get no access to the internet. DNS doesn't resolve.
4. The DMZ Feature on the MTA is supposed to route all traffic not related to Vonage to the IP Specified. When I set this, everything breaks. This has been noted by a number of people. I noted this after I made this post. Has anyone received resolution to this?

Thanks for the response anyway Las_Vegas.

Posts: 16 · Vonage Forum Associate Joined: Oct 20, 2004 Posts: 16

You should be able to get your web server via putting in the real local IP of the server in your browser..

if not then you have something else going on.

do you have a domain behind your router?

if so add the ip for your domain controller to your routers list of DNS's.

then it will or should resolve properly.

generally what happens is that without your machine attempting to use a local dns is that your dns request is pushed outside of your network to your isp's DNS server. That causes havok with NAT. your request gets resolved to your cable modems IP which in turn attempts to forward to the real IP of server through the NAT router and then pushs it back outside of the network to come back to your workstation. that kind of double nat resolution doesnt work.

at least thats how i understand it. basically put your local dns servers local ip into your routers list of dns servers. then all your workstations will get that added to their list of DNS servers.

Or you can update your worksations host file to point the domain name of your web server to its real local IP.

My.local.server 10.10.10.1

Posts: 16 · Vonage Forum Associate Joined: Oct 20, 2004 Posts: 16

whoops i think i missread your problem

you cant access from outside.

disable one of the nats on the routers.
you have a double nat going on which is very complicated.

you must know that serving behind a single nat is difficult. serving behind a double nat is not needed.

you only need one of the devices providing NAT and you should be able to turn it off of one of them.

your domain name is being resolved to your cables modems IP.
that inturn is being translated to your first nat device then that gets translated by your second nat device.

I would imagine that iif you look at the log of your server it is actually gettiing the requests but it cant route back out of the double nat.
your would need to port forward on both nat devices.

its just too complicated.

turn off the nat of the second router and make it act like a switch instead f a router.

Before i got vonage i had a linksys wan router. Vonage sent me the linksys voip wan router. I turned off the wan and NAT routing of the linksys i had and let the vonage router take of that. so my linksys acted like a switch.

you dont want double nat. thats bad mkay.

Posts: 35 · Posted: Sat Oct 30, 2004 9:26 am Post subject:

hi.

well.. I understand why double nat is complicated, but it should work regardless.

anyhoo. problem is still there.

1. port 80 is open from outside
2. ATA is configured for NAT/DCHP with 80 forwarding to 192.168.102.100 (this is the IP the Netgear WR614 receives).
3. The LAN is setup to have the router have the IP of 10.10.10.1 and DHCP out a block of 100-150.
4. I have had to manually set the DNS on the router to Comcast's DNS servers to get any nameserving to work on the 10.10.10.x ips.

a. I had tried to turn off NAT/DHCP on the ATA - no connectivity to internet
b. I have tried setting the DMZ on that ATA to point to the routers assigned IP (192.168.102.100) - no connectivity to internet
c. I saturate my bandwidth, so placing the ATA behind the router allow all my ports to be managed correct, however, I had quality problems as there was no QoS available in the router.

I am not sure how to get this double nat thing to work - IP traffic seems to be fine, so I can't understand why the port 80 forwarding doesn't work.

Posts: 7 · New Forum Member Joined: Oct 06, 2004 Posts: 7

You're not alone in this. I had the exact same issue with placing my netgear wgr614 behind my motorola mta. If I told the MTA to forward ports to the router, then told the router to forward those same ports to a PC, it just did not happen. If I put the MTA inside my router, then my call quality was poor and I kept losing my connection.

I ended up scavaging up an old P166 with 2 NICs and running m0n0wall on it. I use it as my router and put both the MTA and the netgear behind it. It can do traffic shaping, so I am able to prioritize all packats from the MTA and keep the phone quality high. I turned off all NAT and DHCP from the netgear and it acts as a glorified hub/wireless AP.

Sorry, I just figure there is some sort of compatibility issue between the nethear routers and the motorola adaptor.

Posts: 16 · Vonage Forum Associate Joined: Oct 20, 2004 Posts: 16

well from what i have read the motorola device will only nat for one device. its dhcp gives out one ip address.

Useless.

I was thinking while reading the aboe post about setting up a PC to do the routing.

yes the situation doesnt look too good.

Have you looked at all into getting a secodn IP? although i fear that wont help your situation either because of the QOS problem.

It would be much like having the ata behind your router.

hmmm. difficult problem. well.... what you could also do is ditch the motorola and going out and buying one of the linksys 3 lan port 2 phone 1 wan routers. RT31P2.
Or talk to vonage about getting one on of them.

They have proper NAT and DHCP and such.

THe motorala is simply not intended for what its being used for.

If you could traffice shape on the router then the ATA could be placed behind it.

Using a machine as a router would work well enough although a bit bulky and has some setup.

Could give you the opportunity to set up an A/V server that acts like a router as well.

Posts: 35 · Posted: Sun Oct 31, 2004 3:46 pm Post subject:

Thanks for the reply.

I called Vonage just now...

They are pushing an update system-wide tonight at 9pm EST which is supposed to update the Motorola firmware.

They said this should address my port forwarding issues.

They also said they have been having problems today as a results of the daylight savings time change (which I have no idea why it would cause installation of firmware issues).

So, we'll see tonight at 930.

Cross your fingers.

I will let all know if this update changes anything! lol

This is what I have now, let's see at 930 if anything has changed.

Software Version: VT20_01.2.d4
Bootrom Version: VT20_01.2.d4
Hardware Version: Model: VT1000 Revision: 0 BSP: 1.2/0
Config File Version: 1098424236329/1002310826

If anyone currently has this [port forwarding/DMZ] working on their Motorola box, would you please post your version information from the help tab.

Thanks.

Posts: 35 · Posted: Thu Nov 04, 2004 7:56 am Post subject:

something definately got pushed:

Version Information
Software Version: VT20_01.2.d4
Bootrom Version: VT20_01.2.d4
Hardware Version: Model: VT1000 Revision: 0 BSP: 1.2/0
Config File Version: 1099300046921/1002310826