Ok....figure this one out for me

[Bubblegum Bandit]

The Facts:

I am trying to host a server on my home network. I currently suscribe to MSN broadband. I was recently told that there was no way to turn off the NAT on my NetDSL modem that MSN supplied me with, therefore I could not host the server. However, MSN will now give out your keycodes so that you can use another modem but will offer you no support if you choose to do so.

I have friend from back home who sent me an Alcatel Speed Touch Home modem thinking it would work. Well, the Home doesn't support PPP so I found a crack to upgrade the modem to a Speed Touch Pro which does. I currently have connection to the internet via this modem. I use a D-Link DI-604 as my router.

 

The Problemo:

If I try to totally disable the NAT on the new modem and use the firewall on my router, I cannot connect for some reason. But, if I leave the NAT on the modem and try to use "pinholes" in the modem described in this article(http://homepages.paradise.net.nz/kemyst/id34.htm) I still cannot get to the webserver through this setup. I have my webaddress and all the DNS stuff to send me to the ip that MSN has given me. When I type in my url it pulls up the modem home screen on my computer. Therefore I am assuming that it is the modem that is the problem.

 

The Question:

Can anyone help me configure this setup so that I can host my webserver from my home network?

 

I can give you specific ips and things, as to what the modem's ip is, the router's ip and stuff like that if you feel like you can help me, but I'm not sure that I should just post it on the forums. Basically I have been trying to tell the modem via the article I referenced above to send the ip MSN gave me to the interior ip that I have assigned the server using the virtual server function in the router.

 

Any ideas or thoughts would be greatly appreciated. I have a webserver stitting here gathering dust that I would like to put to some use.

 

Thanks in advance,

Bubble

aim = hugebod

[mrX]

What router are you using?

[Bubblegum Bandit]

um...D-Link DI-604

[Gond]

Ok, you did this to your modem?

 

"nat create protocol=tcp inside_addr=<address of your router DI-604> inside_port=80 outside_addr=0 outside_port=80"

 

Then

 

"nat save"

 

Then you have to go to our router (DI-604) and open the port on it to your web machine. So, if your router is like mine you will have a table for adding ports. Enter port 80 and have it direct to the IP address of your web server. It will be an inside address.

 

So, the modem will send port 80 traffic to the DI-604 and then the DI-604 will route to the server.

 

It really should be that simple.

[Bubblegum Bandit]

First...thanks for you help Gond.

 

Still didn't work....I have tried many variations of what you suggest Gond (because I wasn't sure what to use for the inside and outside ips and such) but none of them worked. I used the nat create like you said and then went to the router and configured what they call the virtual server section which told port 80 to forward to the webserver. I don't get the modem home page any more though, now I just get the cannot find server? I know the server is configured right because I had it working on another connection before, and I double checked my ip to make sure that it didn't change and it hasn't. So I don't know what's wrong now.

 

I don't know if this should matter, but I had to configure my router to a static ip so that the SpeedTouch would connect. Should I use the inside address as the ip that I call up the router with or the ip that I configured in the static ip?

 

Example: the modem ip is say 100.20.0.138 so I had to configure a static ip of 100.20.0.139 on the router to get the connection to work. But to call up the router's web access I have to use a whole different ip, say 165.254.0.1.

 

Yet another question:

When I tell it to "nat list" it gives me a list of I presume these pinholes, but in the list it has 3 ip addresses, inside, outside, and foreign. What is the foreign address and why are all of the foreign addresses assigned to port 80?

[Gond]

Not sure on the foreign address...I think you should break it down piece by piece to see what works. Make sure it serves a page. Just for giggles lets say your modem external address is 25.0.0.1, internal 192.0.0.1 and your router is 192.0.0.2 and your server is 192.0.0.3

 

1. From a computer on the same net as your server (both on the 192 network...ex 192.0.0.4) attempt to hit the site on the SERVER IP address (192.0.0.3). If this works then your server is configured properly.

 

2. Try to hit the site on the DI-604 IP address (192.0.0.2). If this works then your DI-604 is configured properly and the problem is the modem.

 

3. To test the full deal you might have to use a computer connected to the web via a different connection than what your server is on. It might get all confused trying to, for example, connect to 25.0.0.1 from 25.0.0.1 which your request is stamped with when it exits your network.

 

When you telnet into your modem you want to use the internal address(192.0.0.1).

 

Configuring your modem with a static IP for inside is fine. I had to do this in the past as well because my only other option was for the modem to issue IP's having both the modem and router issue IP's isn't good. Just make sure you use an IP that isn't in the range of IP's for the router to issue.

 

Can you post an example of the "nat list" you get? If you don't want to do that here just PM me or AIM me later tonight (gond214).

[Bubblegum Bandit]

Ok, whatever, I don't know enough about security to know what people can do with these ips, I'll just ask a moderator to delete the post once I get it figured out.

 

Ok, the ip assigned by my ISP, like from whatsmyip.org is 63.228.82.131

the modem ip that I type to web interface it is 10.0.0.138

the static ip I configured in the router for connection is 10.0.0.139

submast 255.255.255.0

ISP Gateway 10.0.0.138

Primary DNS 10.0.0.138

router ip that I use to web interface it is 192.168.0.1

my comp has ip 192.168.0.100

my bros comp has ip 192.168.0.101

server has ip 192.168.0.102

 

I can access both the router and the server via the other computer that is connected to the system.

 

Now, hopefully with the ability to be more specific we can figure it out.

 

Thanks for all your help Gond.

Bubble

 

oh, forgot the telnet thingy. Under nat list you have these headings:

 

Index, Protocol, Inside-address:port, Outside-address:port, Foreign-address:port,flgs,expir,state, control

 

an example entry is(there are like 60 or so every time I tell it to list):

1,1,10.0.0.139:1062,63.228.82.131:10001,192.168.1.1:80,1,4,11

[Gond]

From the sound of things you have the network setup great. Did you try the tests I posted above?

 

 

Now, this

Index, Protocol, Inside-address:port, Outside-address:port, Foreign-address:port,flgs,expir,state, control

 

an example entry is(there are like 60 or so every time I tell it to list):

1,1,10.0.0.139:1062,63.228.82.131:10001,192.168.1.1:80,1,4,11

 

Basically this says that any request on 63.228.82.131 on port 10001 is going to be passed to 10.0.0.139 port 1062. The foreign address confuses me tho...You said you got this from someone so I wonder if they had some entries here that are causing you trouble. I can't think of any reason why there would be default entries in here. If you are able to hit your server via the router then I'd look for an entry with the external 63.228.82.131:80 entry and see where it's sending the traffic.

[Bubblegum Bandit]

Ok, yeah, I tried the things you mentioned above. I can access the server via one of my other networked comps. I can also access the router via the other comp. I don't think that it would matter, but I do have more than one website on the server that I am using virtual hosts for, so the ip won't take me directly to my page, however it does take me to the default server page. I'm thinking it has to be the modem. Because when I try to type in my url to search the web, it is bringing up the modem's web interface thingy.

 

I didn't find any entrys that had the 63.228.82.131:80 in the outside-address field either.

 

So, would it hurt if I just deleted all of the other entries? The only things I really want to be able to open are the ftp and http ports, that is all the server is gonna be used for. So what if I just deleted all the entries and then started over. Do you think this could in some way hurt the modem?

[Gond]

Unless those entries are default for some reason. I guess you could try to get a list printed out in case you have to add them back later.

 

When you attempt to do the 2nd test you don't want to get the router configuration page, you want to hit the router IP and have it direct to your web server.

 

Not sure about multiple websites. I assume you only have one web server running on port 80. If you have multiple web servers running they will have to be on different ports.

[Bubblegum Bandit]

Ok, I'm not sure hot to go about doing the second test you were talking about.

 

However, I did go ahead and try to delete the entries in the nat. I would get 2 of them deleted and then for some reason the modem would reboot itself. Then when I would log back into telnet and do nat list it would give me a larger list than before? I tried for about thirty minutes to delete stuff but it never seemed to get any smaller.

 

There is only 1 webserver running that hosts a couple of different websites. You have to use a function on the webserver called virtual hosts. I know that it is working though because it is set up like it was before I moved and I had no problem then cause my cable modem had no firewall. Bah, no cable providers here where I live now.

[Gond]

For the first test you entered, for example:

 

http://192.168.0.102/index.html

 

For the 2nd test you would enter:

 

http://192.168.0.1/index.html

 

This is only to show that your router is functioning properly and forwarding the request.

 

Strange that the list keeps getting larger. I could see it rebooting and staying the same size...maybe those are needed entries.

[Chief]

I had problems with a couple of things until I went into my software firewall and gave all the right things server access to the web permissions. I couldn't tell if you were saying you had a software firewall on your machine, but that helped me.

 

Chief

[Bubblegum Bandit]

ok, what I did was take the virtual hosting off and set it up as if I only had one website on the server. Right now, I can get to the home page if I use the network ip --->192.168.0.102/home.html. But, I cannot get that to work through the router using ---->192.168.0.1/home.html. So therefore the router must not be sending the request right, right?

 

So I went back and double checked the virtual server entries to make sure they were correct. I even got out the book for the router, and from what I can tell I did everything correctly. Am I just out of luck or what?.

 

To answer your question Cheif, I don't have a software firewall, I have a firewall on both my router and my modem and I'm trying to get them to line up to send the web requests to a server I am trying to run on my home network.

 

Thanks,

Bubble

[Gond]

After checking your manual I'm not sure that test would work. I think the router will only forward the info from the WAN IP and the IP I gave you was the LAN IP.

 

Still thinking

[Bubblegum Bandit]

Ok, well guess what, I talked to another one of my firends and he got me this far.

 

What I did was this....I went into the modem and changed the ip of the modem...ie...from 10.0.0.138 to 192.168.0.6....then configured my connection to work with that. So, I went and pinholed the modem with the addresses 192.168.0.6 and 0.0.0.0 on port 80. Viola, the webserver now works for users OUTSIDE my network.

 

The only way I can see my websites is to physically go into the server and pull up the pages. Which is fine I guess, but I would rather be able to access them via the computer that I play games and do work at. I can't simply type in the local address because the server is using virtual hosts to differentiate the different websites I am hosting...I don't want to pay for multiple ips. So, thanks for all of the help on getting the modem pinholed and stuff, if you have any ideas on what might help me be able to actually see my webpages from an inside comp, let me know.

 

Bubble

 

DA DA DA DA DA DA....UPDATE: (just imagine unsolved mysteries music)

Ok, found a way around that problem....set the default webserver file to home.html....added a couple of links to home.html that point into the different folders that hold the other websites' files. So, now I type in the local ip for that comp, it automatically pulls up a page for me with links to each of my websites. I know I'm not actually viewing them over the web, but hey, its the same thing!

 

Thanks Gond for all your help, I really appreciate it.

[Gond]

np...glad you got it working.