Link to home
Start Free TrialLog in
Avatar of Nbrace
Nbrace

asked on

Webserver behind Actiontec DSL modem and Tomato router

Hi
I have I would think a relatively common problem around port forwarding to get to our family's web server which is behind a dsl modem and wireless router. Our configuration is: Static IP issued by our ISP assigned to Actiontec GT701 DSL Modem (its IP = 206.124.xxx.xxx).  (Actiontec status: DHCP turn off, NAT on (wouldn't work w/o NAT here), firewall = off). Actiontec LAN IP = 192.168.0.1  IP of downstream Tomato wireless router (running on Linksys WRT54GS hardware) = 192.168.0.10.  (Tomato router status: LAN IP = 10.0.0.1, DHCP turned on – scope = 10.0.0.49-100, NAT on, Firewall does not appear to be on – only checked box under firewall settings is for NAT loopback and its check “Forward Only”).  The web server running Windows Home Server has a static IP address on Tomato’s LAN at 10.0.0.20 (outside of the DHCP scope), I have port forwarding all 8080 traffic from Tomato to port 80 of our home server.  The web server properly recognizes the external IP address that traffic is coming in on (206.124.xxx.xxx) but it throws an error when it tests if its visible from the internet. Other web traffic doesn’t make it through either. … ¿
Stuff I’ve tried: I can ping the name of our webserver myfamily’sname.homeserver.com  and it properly replies with the right external IP address -- 206.124.xxx.xxx.  I’ve tried putting the webserver on the Actiontec’s LAN – this eliminating the hop from the Tomato router – but I get a password challenge from the Actiontec in that configuration.  I’ve tried to set up the Actiontec in “Bridging mode” but according to my ISP – Qwest does not support Bridging on my DSL line (ie requires PPOA among other things…)
Any thoughts on how to get this basic config to go?

Secondarily, we have a second registered domain name, called say:orangedingos.com that also points to 206.124.xxx.xxx.  Is there somewhere I can tell either the modem or the router: If traffic is coming in for myfamily’sname.homeserver.com it goes to the server at 10.0.0.20 and if traffic comes in for orangedingos.com it goes to the server 10.0.0.30?  Or Is there a way in the URL one can designate which port it should go to – eg: www.orangedingos.com:8080 ? Is this something my ISP can do?  Or do will we have to use unfriendly IP address 206.124.xxx.xxx:8080 to get to the right place?   Or if I want to use both URLs do I simply need a second IP address?
Thanks for your help !!
Nat
ASKER CERTIFIED SOLUTION
Avatar of Luc Franken
Luc Franken
Flag of Netherlands image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Nbrace
Nbrace

ASKER

     LucF:
Hey thanks for the thoughtful and accurate  response.  The key I think was your comment about internal errors with Loopback – once I tried to get to our server externally (from outside our network)  -- it worked !! Thanks !!  Also the simplified setup instructions were super helpful  

The password issue at the top is that when you try to get to the external web address by typing in “https://myfamily’sname.homeserver.com” – a password challenge comes up and it’s asking for the admin password for the DSL modem NOT the webserver.  I put a pw on it so that it is a little more secure as it is the device with most exposure to the internet.

 Another issue was that our address is hpps://myfamily’sname.homeserver.com – the https means that I have to open up a secure port – in my case 443 for Windows Home Server.  Anyway it is working now – not sure how to eliminate the loopback issue but may just have to live with it as internally we can get to it via network rather than going out through the internet.

One other thought I had was this:  would it be possible to put both the DSL modem and the Router on the same internal LAN.  In this configuration:
Modem would have ISP issued static IP address for its WAN (206.124.xxx.xxx) and would have an internal LAN address of 192.168.0.1. NAT would be turned one, firewall off, etc.

The Tomato router would also be on that subnet statically assigned, say “WAN” address of say 192.168.0.10.  Its DHCP would be turned on but issuing addresses in the same subnet such as 192.168.0.49-100.  So I guess the question:  is can a DCHP router issue addresses on the same subnet as its WAN address.  I suspect the answer is: that it can’t …. Can it?

The other thing I am testing is to see if I can have https traffic forwarded through port 443 on to Server A while  http traffic forwarded through port 80 gets forwarded to Server B – to get around the two servers with one static IP  address issue.

If you have any thoughts, I’d appreciate it !! ¿

-- Nat
Avatar of Nbrace
Nbrace

ASKER

PS ... I hope this post is alittle easier to read !! I realized the first was a little *dense* ... :-)
Avatar of Luc Franken
Luc Franken
Flag of Netherlands image
Hi Nbrace,
It is possible to setup the second router as a switch and Access Point.
To do this you should disable DHCP completely on the router running Tomato and connect a cable between the LAN ports of the two routers (do not use the WAN port anymore on the second router)
Indeed put the second router in the same IP range as the first, just not an IP that's already in use or could be given out by the DHCP server of the first one.
On your second question, yes, if you run one server on port 80 and the other one on 443, you're fine with one single public IP. Just forward the different ports to the different servers.
Regards,
LucF
Avatar of Nbrace
Nbrace

ASKER

Hey thanks for your help here !!! I'm a first-timer to this site and my experience has been great. Thanks for your help !!

-- Nat
Avatar of Luc Franken
Luc Franken
Flag of Netherlands image
Hi Nat,
You're most welcome :)
Regards,
LucF