djmurpyataagroupdotcom
asked on
Double NAT, bridge mode with cable modem
I have cable internet and I'm trying to configure a Linksys wireless camera to be visible remotely.
Internet -> Cable Modem -> Linksys Wireless Router -> Linksys Wireless Camera
Inside the network everything is fine. I've configured the camera to have a static IP of 192.168.1.222 - I can pull that up in a browser while at home.
My router is at 192.168.1.200 - I've configured it to forward port 1024 to my camera at 192.168.1.222. The router sees the internet IP as 192.168.100.102 (or something similar - it's a local IP). Again, if I point the browser to 192.168.100.102:1024 inside the network - it pulls up the camera. So it seems the router is doing its job.
However, I believe to get this to work remotely, my router needs to see a public IP, right? That way I could point any browser to the public IP xxx.xxx.xxx.xxx:1024 and see my camera. But the cable modem is translating the internet IP to a private one for the router.
I think I understand everything to this point, but this is where the buck passing starts. The documentation for the cable modem (Toshiba PCX2500 http://www.toshiba.com/taisnpd/products/pcx2500manual.pdf) says that "The Cable Modem can only be configured and monitored by your cable operator." My ISP is Earthlink, but all support is handled by Comcast. So Earthlink refers me to Comcast, Comcast says that only the OEM provides support for the hardware.
So... am I correct in assuming that I need to get my cable modem put into bridge mode (so it acts strictly as a modem and not a router)? Is this something that my ISP should be able to assist me with since there seems to be no way to administer the modem myself?
Or... would is a better (easier) solution to get an access point to put between the modem and router?
Internet -> Cable Modem -> Linksys Wireless Router -> Linksys Wireless Camera
Inside the network everything is fine. I've configured the camera to have a static IP of 192.168.1.222 - I can pull that up in a browser while at home.
My router is at 192.168.1.200 - I've configured it to forward port 1024 to my camera at 192.168.1.222. The router sees the internet IP as 192.168.100.102 (or something similar - it's a local IP). Again, if I point the browser to 192.168.100.102:1024 inside the network - it pulls up the camera. So it seems the router is doing its job.
However, I believe to get this to work remotely, my router needs to see a public IP, right? That way I could point any browser to the public IP xxx.xxx.xxx.xxx:1024 and see my camera. But the cable modem is translating the internet IP to a private one for the router.
I think I understand everything to this point, but this is where the buck passing starts. The documentation for the cable modem (Toshiba PCX2500 http://www.toshiba.com/taisnpd/products/pcx2500manual.pdf) says that "The Cable Modem can only be configured and monitored by your cable operator." My ISP is Earthlink, but all support is handled by Comcast. So Earthlink refers me to Comcast, Comcast says that only the OEM provides support for the hardware.
So... am I correct in assuming that I need to get my cable modem put into bridge mode (so it acts strictly as a modem and not a router)? Is this something that my ISP should be able to assist me with since there seems to be no way to administer the modem myself?
Or... would is a better (easier) solution to get an access point to put between the modem and router?
With your Linksys - I obviously referred to your router, the interface connected to the cable modem
ASKER
Yes - in the router configuration, I have a Status tab that shows:
IP Address - 192.168.100.102
IP Address - 192.168.100.102
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can also try - but this is my guess here - to connect the modem to a LAN port on your router. Disable DHCP on your router, as your modem will probably take care of that, and locate the cam on your 192.168.100.0/24 network. Or give it an IP in the same network.
If lucky, it could work (if your modem handles the requests ok).
If lucky, it could work (if your modem handles the requests ok).
The only thing left to to is find out the internet IP. And that can be done by browsing to a website which reports "your" IP-address. The IP-address given there probably is the IP-address assigned to your modem: http://whatismyipaddress.com/
ASKER
You can also try - but this is my guess here - to connect the modem to a LAN port on your router. Disable DHCP on your router, as your modem will probably take care of that, and locate the cam on your 192.168.100.0/24 network. Or give it an IP in the same network.
In my router config, I have DHCP turned on, but I have the option of setting a static IP.
I'm not sure if that's a good idea since any time we have a power outtage or the modem gets reset, it would allocate local IPs to all the devices that are connected. In that case, is it possible that my router could get a different IP and I'd have to reconfigure everything?
In my router config, I have DHCP turned on, but I have the option of setting a static IP.
I'm not sure if that's a good idea since any time we have a power outtage or the modem gets reset, it would allocate local IPs to all the devices that are connected. In that case, is it possible that my router could get a different IP and I'd have to reconfigure everything?
Well, that's a tricky one. I presume the address provided by the modem is provided by DHCP, enabled on the modem (or did you manually configure the 192.168.100.102?).
Also, the router, connected with a LAN port to the modem, will no longer require an address, because it will act as layer 2 switch. It also will no longer provide routing, since that's been taken care of by the modem (as the NAT traversal is, because otherwise, you'd never get a local address on the LAN side of the modem).
In any case, an address will be available on your client, depending on the lease time. Check ipconfig /all for details on that. If you have a lease time of +48h, you'll probably have a day before your hosts start releasing their address (and searching for the DHCP server).
If you wish to be completely fault-tolerant, setup the IP address management through static addresses within the 192.168.100.0/24 range. This will keep you on the same subnet as the modem, and providing an address when the modem is off-line.
Hope it helps
Also, the router, connected with a LAN port to the modem, will no longer require an address, because it will act as layer 2 switch. It also will no longer provide routing, since that's been taken care of by the modem (as the NAT traversal is, because otherwise, you'd never get a local address on the LAN side of the modem).
In any case, an address will be available on your client, depending on the lease time. Check ipconfig /all for details on that. If you have a lease time of +48h, you'll probably have a day before your hosts start releasing their address (and searching for the DHCP server).
If you wish to be completely fault-tolerant, setup the IP address management through static addresses within the 192.168.100.0/24 range. This will keep you on the same subnet as the modem, and providing an address when the modem is off-line.
Hope it helps
Do you own a domain registration? If you do, you may be able to use a dynamic dns service. There are many free ones for home users (try www.dyndns.com or dearch for dynamic DNS).
This is important though:
Your router needs to support Dynamic DNS since you are forwarding to a non-computer device.
Many (low-end & mid-range) routers support dynamic DNS, check in your router's setup. If you do not have this capability then the rest of this writeup is moot.
What it does:
Dynamic DNS is a service where you can setup an account & register your URL within it, then at your router side you setup your Dynamic DNS account information with in the router. The router communicates with the service and "tells" the service your current IP number. You set up your public DNS record pointers to point your selected URL at the service's IP number. When you (or someone else) accesses your special URL it goes to the service and gets re-directed to your current IP number. You will need to have a rule that routes incoming packets destined for your designated port to the camera's internal Ip address & port. If your public IP address changes, your router will update the Dynamic DNS service.
This need not affect anything else you have on your domain URL. Say you have a webpage www.mydomain.com. You select a URL of something like djmurpyataagroupdotcom.myd
Check out a Dynamic DNS website for more detailed information.
Just a thought.
This is important though:
Your router needs to support Dynamic DNS since you are forwarding to a non-computer device.
Many (low-end & mid-range) routers support dynamic DNS, check in your router's setup. If you do not have this capability then the rest of this writeup is moot.
What it does:
Dynamic DNS is a service where you can setup an account & register your URL within it, then at your router side you setup your Dynamic DNS account information with in the router. The router communicates with the service and "tells" the service your current IP number. You set up your public DNS record pointers to point your selected URL at the service's IP number. When you (or someone else) accesses your special URL it goes to the service and gets re-directed to your current IP number. You will need to have a rule that routes incoming packets destined for your designated port to the camera's internal Ip address & port. If your public IP address changes, your router will update the Dynamic DNS service.
This need not affect anything else you have on your domain URL. Say you have a webpage www.mydomain.com. You select a URL of something like djmurpyataagroupdotcom.myd
Check out a Dynamic DNS website for more detailed information.
Just a thought.
What dosdet2 is claiming here, is a bit premature. This is ok, if you can actually reach the inside of your network. DNS does nothing else than providing a name to the ip-address you have on the internet. Unless you can reach your cam on Layer 3, upper layers aren't worth mentioning.
Have you succeeded in reaching your cam? Otherwise - consider the drawing.
doublenatbridgemode.jpg
Have you succeeded in reaching your cam? Otherwise - consider the drawing.
doublenatbridgemode.jpg
To explain the drawing:
1. setup your router as layer 2 (do not use the WAN port, but a switch port to uplink to the modem) Then DHCP will be done by the modem, providing an address scheme for your network hosts which require DHCP¨.
2. setup your router as router (L3) and route to your cable modem. Let your router take care of DHCP or not (DHCP being an unroutable protocol)
But, without the ability of making absolutely sure that you can port forward through your modem and your router, your attempts will make no progress at all.
In setup 1, you need to access the modem, and forward the port you want to reach on your cam from here. If you can't, it stops there.
In setup 2, your modem should be setup as transparent bridge, so the internet address is assigned to the WAN port of your router, giving you the option of only configuring port forwarding on your Linksys.
Either way, you need to be able to access config on the modem. If you can't access/modify config (or have someone access/modify config), your efforts will probably be meaningless.
1. setup your router as layer 2 (do not use the WAN port, but a switch port to uplink to the modem) Then DHCP will be done by the modem, providing an address scheme for your network hosts which require DHCP¨.
2. setup your router as router (L3) and route to your cable modem. Let your router take care of DHCP or not (DHCP being an unroutable protocol)
But, without the ability of making absolutely sure that you can port forward through your modem and your router, your attempts will make no progress at all.
In setup 1, you need to access the modem, and forward the port you want to reach on your cam from here. If you can't, it stops there.
In setup 2, your modem should be setup as transparent bridge, so the internet address is assigned to the WAN port of your router, giving you the option of only configuring port forwarding on your Linksys.
Either way, you need to be able to access config on the modem. If you can't access/modify config (or have someone access/modify config), your efforts will probably be meaningless.
ASKER
I don't have multiple ports on the router (LAN / WAN image: http://www.linksysbycisco.com/US/en/products/WRT54G2) - there is only one named Internet, and then 4 available ports for more devices. The cable modem side is plugged into Internet and nothing else is connected.
Now is when I get embarrassed - I *completely* forget that have a VOIP modem too. I would assume that it is completely transparent and does no routing, so hopefully it's meaningless in this situation.
Cable Modem -> VOIP Modem -> Router -> Cam
I need to make sure the VOIP modem does no routing, then I need to make sure that I can either make the cable modem bridgeable OR configure port forwarding in the cable modem (and set router as static IP). Sound right?
Now is when I get embarrassed - I *completely* forget that have a VOIP modem too. I would assume that it is completely transparent and does no routing, so hopefully it's meaningless in this situation.
Cable Modem -> VOIP Modem -> Router -> Cam
I need to make sure the VOIP modem does no routing, then I need to make sure that I can either make the cable modem bridgeable OR configure port forwarding in the cable modem (and set router as static IP). Sound right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I believe it's a Motorola VT1005, probably 5 yrs old. http://www.vonage.com/support/files/pdf/VT1005_UserGuide.pdf This manual shows that I can put the VOIP modem behind the router (voice traffic won't be prioritized, but that's ok). I think that's the first thing I should try - heck it might make ALL of this go away!!
I do have a DDNS service set up - linksys-cam.com - you get a free year with the purchase of the camera. I'll probably set that up. What I meant by setting up static IP was to change the router from using DHCP to Static. Hopefully moving VOIP will help, otherwise, it sounds like I need to get the right person on the phone at Comcast. :)
I do have a DDNS service set up - linksys-cam.com - you get a free year with the purchase of the camera. I'll probably set that up. What I meant by setting up static IP was to change the router from using DHCP to Static. Hopefully moving VOIP will help, otherwise, it sounds like I need to get the right person on the phone at Comcast. :)
ASKER
I don't want to leave you guys hanging any longer on this - I haven't got it fixed, but I think we've worked thru the concept in order to make it work.
My VOIP modem has the option to disable DHCP. Next, I need to get the downstream router configured based on the IP address being given to it, then set up port fwding to the camera on the router.
I've got another few weeks until I really need to have it set up, but it should be doable now. Thank you for your help! :)
My VOIP modem has the option to disable DHCP. Next, I need to get the downstream router configured based on the IP address being given to it, then set up port fwding to the camera on the router.
I've got another few weeks until I really need to have it set up, but it should be doable now. Thank you for your help! :)
just to get it straight - the WAN IP on your Linksys is not a public IP on the internet?