Reply
New Visitor
maciejewicz
Posts: 4
Registered: ‎06-10-2011

Need help with Port Forwarding

I recently had triple play set up and I was given a modem/router combo, the SMCD3CNV. I have a project that I'm trying to get up and running, a server where some friends and I will make a website, host files, etc. This is a very low traffic plan. I set up a free domain name at dydns, and when I test the ports, 22 and 80 are "open". I cannot, however, access my server, and my public IP does nothing. Originally it took me to the router login page, now nothing. What can I do to get this working? The server works perfectly with ssh and http on my local network.

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding

Have you actually setup the port forwarding?  If not, instructions can be found in the gateway's User Guide on page 37.  I would recommend assigning the local IP addresses of the server(s) statically so it doesn't change, which would break your port forwarding setup.

 

So, assuming the gateway is at 10.0.0.1, and your server at 10.0.0.8, if the server is running web and sshd server, you would put in port forwards for TCP/UDP 22 and 80 to forward to IP address 10.0.0.8.  If the server is listening on something other than 22 and 80, you use those actual instead of 22 and 80 for the Private Port.  The only requirment is that the outside users need to use the Public Port, and the server itself uses the Private Port.  Usually they are the same, but you can play all kinds of games here if you need/want to.  You can use a whole range as Public Port, but this doesn't sound necessary in your setup.  So the setup would look something like this:

 

Service name: http

Type:         TCP/UDP

Public Port:  80-80

Private Port: 80

Server IP:    10.0.0.8

Active:       CHECKED

 

Service name: ssh

Type:         TCP/UDP

Public Port:  22-22

Private Port: 22

Server IP:    10.0.0.8

Active:       CHECKED

 

While most rotuers/gateways allow for local systems to make use of the WAN IP address, some times there can be issues with routing, so it's always best to do final verification from a real external system. 

 

Also, make sure your Gateway -> Firewall settings are not blocking the incoming requests.  If so, it won't matter what you port forwarding is, it will never get that far.

 

 

New Visitor
maciejewicz
Posts: 4
Registered: ‎06-10-2011

Re: Need help with Port Forwarding

[ Edited ]

Thanks, you really sound like you know what you're talking about. I'll take a look at the user manual right now. Should I disable the router firewall and configure firewalls for the individual PCs? I hate that router/modem combo. The ui is terrible, I can't view half the options. I'd mess around with it, but it manages the phone service too. SIgh...

 

Edit: Oh, and I HAD the port forwarding enabled, but it did nothing. Requests from dydns said open. 

New Visitor
maciejewicz
Posts: 4
Registered: ‎06-10-2011

Re: Need help with Port Forwarding

I'll just tell you what I'm trying to do exactly. I have a linux server running apache, and I want nothing more than to run a website, and have a database or two on it. I've configured the ports on my router to forward to 10.0.0.8  (the local ip of my server). How, AT ALL, can I access this from the outside world? Entering the public ip does nothing, the site name (eg: user.dydns.org) does nothing, and the router firewall is configured as:  Allow (LAN-to-WAN): all Blocked: IDS enabled IDENT (port 113) .I'm at a loss about what to do next. The model is actually SMCD3GNV.

 

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding


maciejewicz wrote:

Thanks, you really sound like you know what you're talking about. I'll take a look at the user manual right now. Should I disable the router firewall and configure firewalls for the individual PCs? I hate that router/modem combo. The ui is terrible, I can't view half the options. I'd mess around with it, but it manages the phone service too. SIgh...

 

Edit: Oh, and I HAD the port forwarding enabled, but it did nothing. Requests from dydns said open. 


I would NOT disable the router firewall.  In fact I would lock it down completely from all incoming requests EXCEPT the stuff on port 22 and 80.  As for the argument of a firewall on individual systesm behind a router firewall, there's a lot of disagreement on that.  I thin they are more trouble than htey are worth except on mobile systems like laptops, etc.

 

If you don't like the SMC gateway (and I can't really blame you for a number of other reasons), then call Comcast and tell them you want a regular EMTA (combo cable modem and digital voice box), like the various Arris TMxxx models commonly in use by Comcast in many places.  These EMTA's have no router function, so you will need your own router, but you can use whichever one you deem best for your needs.  Now this is not to say this gateway won't do what you want, it will and there should be no problem, so I have to assume you have a config error some place.

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding


maciejewicz wrote:

I'll just tell you what I'm trying to do exactly. I have a linux server running apache, and I want nothing more than to run a website, and have a database or two on it. I've configured the ports on my router to forward to 10.0.0.8  (the local ip of my server). How, AT ALL, can I access this from the outside world? Entering the public ip does nothing, the site name (eg: user.dydns.org) does nothing, and the router firewall is configured as:  Allow (LAN-to-WAN): all Blocked: IDS enabled IDENT (port 113) .I'm at a loss about what to do next. The model is actually SMCD3GNV.

 


As long as the proper port forwards are in place and the firewall is no blocking things, then all you need to do to access the web server is point at the gateway's public IP address, like this:

 

http://xxx.xxx.xxx.xxx/whatever.html

 

where xxx.xxx.xxx.xxx is the public IP address of the gateway.  If you ahve dyndns setup propely, then just use the registered hostname instead.  Can you ping the dyndns name from some outside system?  Do the resolved IP match the public IP on the gateway?

 

If it doesn't work, check the Apache access and error log for any problems.  Also check your httpd.config file for a proper Listen setting.  What are you using?

 

It would help here if you detail the Apache config, the output of ifconfig -a, the exact port forwarding setup, the Apache access and error logs, and the Gateway -> Connection -> Status page of the gateway.

New Visitor
maciejewicz
Posts: 4
Registered: ‎06-10-2011

Re: Need help with Port Forwarding

Thank you for all your help. As it turns out, everything was properly configured the first time around, I just had to access the server externally. I can't believe it was that simple. The site is good-looking, albeit rudimentary, but again, thank you very much.

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding

Glad its working for you.  As I said before, there can be issues accessing your WAN IP from BEHIND the router.  Some routers support this, some don't.  Always use an external system for test/verification.

New Visitor
Jverlin1234
Posts: 1
Registered: ‎07-14-2011

Re: Need help with Port Forwarding

Is there any way to update the firmware on the SMCD3GNV router so that I can set up more than 9 port forwarding rules?

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding

No.  I recommend you either get rid of it with an actual cable modem, and get a router that will support what you want.  Alternately, you can have the gateway placed into birdge mode (essentially turning it into a cable modem), and get your own router as above.  Either way, get your own router.

New Visitor
althoralthor
Posts: 2
Registered: ‎06-19-2012

Re: Need help with Port Forwarding

[ Edited ]

Hey Baric-

I've seen a bunch of your posts and had a question.


I recently went with comcast triple play so they sent me a new cable modem (the arris tg862) to replace my current cable modem.  I have a cisco/linksys router that i use for wireless and to share my internet connection and all seems to work fine.

 

Where i run into issues is when I attempt to fire up ftp to transfer a file that I may need for work.  This is not something I need often, so I guess I'm not that concerned with it (I can always email it to myself, etc.) but what I noticed is that when i look at my wan ip address in my cisco router, it shows as a 10.0.0.x (private) address.  So, my dyndns updates itself with that address (which obviously wont work).  I have tried to connect to what I know to be my public address, but that fails too.

 

My internal range (from my cisco router on inside) is a 192.168.x.x address range.

 

So is this an issue with double natting do you think?

 

*EDIT* and yes, I am aware of the usage policy.  As i said, this is not something that I am all that worried about, and can find other ways to transfer these small files.  Just more curious than anything else.

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Need help with Port Forwarding

[ Edited ]

Yes, you have a double NAT setup.  The TG862 is a full gateway with router AND modem and by default all devices connected to it get an IP address in the 10.0.0.1/24 range.  I would recommend you call the gateway support folks at 800-363-2416, have them bridge the gateway and your Cisco router will again be getting the public IP address on the WAN side.  When ftp'ing across a NAT firewall, stick with passive ftp, it usually works best.

 

At that point your dyndns client in the Cisco will start working again.  In the future if you have issues or get a router that doesn't support a DynDNS client, DynDNS does have clients you can run on your computer to work across your NAT firewall.  I use the Win7 client here.

New Visitor
althoralthor
Posts: 2
Registered: ‎06-19-2012

Re: Need help with Port Forwarding

Thanks.  So I had on line chatted with 3 different comcast techs and they all assured me I was in bridged mode.  But it was still not working.  I called that number and first tech told me i was partially in bridged mode.

 

He finished it off and all is working now, even my work vpn which was acting oddly is now all good.

 

Thanks for posting that toll free number.