Webserver behind Actiontec DSL modem and Tomato router

Hi
I have I would think a relatively common problem around port forwarding to get to our family's web server which is behind a dsl modem and wireless router. Our configuration is: Static IP issued by our ISP assigned to Actiontec GT701 DSL Modem (its IP = 206.124.xxx.xxx).  (Actiontec status: DHCP turn off, NAT on (wouldn't work w/o NAT here), firewall = off). Actiontec LAN IP = 192.168.0.1  IP of downstream Tomato wireless router (running on Linksys WRT54GS hardware) = 192.168.0.10.  (Tomato router status: LAN IP = 10.0.0.1, DHCP turned on – scope = 10.0.0.49-100, NAT on, Firewall does not appear to be on – only checked box under firewall settings is for NAT loopback and its check “Forward Only”).  The web server running Windows Home Server has a static IP address on Tomato’s LAN at 10.0.0.20 (outside of the DHCP scope), I have port forwarding all 8080 traffic from Tomato to port 80 of our home server.  The web server properly recognizes the external IP address that traffic is coming in on (206.124.xxx.xxx) but it throws an error when it tests if its visible from the internet. Other web traffic doesn’t make it through either. … ¿
Stuff I’ve tried: I can ping the name of our webserver myfamily’sname.homeserver.com  and it properly replies with the right external IP address -- 206.124.xxx.xxx.  I’ve tried putting the webserver on the Actiontec’s LAN – this eliminating the hop from the Tomato router – but I get a password challenge from the Actiontec in that configuration.  I’ve tried to set up the Actiontec in “Bridging mode” but according to my ISP – Qwest does not support Bridging on my DSL line (ie requires PPOA among other things…)
Any thoughts on how to get this basic config to go?

Secondarily, we have a second registered domain name, called say:orangedingos.com that also points to 206.124.xxx.xxx.  Is there somewhere I can tell either the modem or the router: If traffic is coming in for myfamily’sname.homeserver.com it goes to the server at 10.0.0.20 and if traffic comes in for orangedingos.com it goes to the server 10.0.0.30?  Or Is there a way in the URL one can designate which port it should go to – eg: www.orangedingos.com:8080 ? Is this something my ISP can do?  Or do will we have to use unfriendly IP address 206.124.xxx.xxx:8080 to get to the right place?   Or if I want to use both URLs do I simply need a second IP address?
Thanks for your help !!
Nat
NbraceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Luc FrankenEMEA Server EngineerCommented:
Hi Nat,
You mentioned: "I’ve tried putting the webserver on the Actiontec’s LAN – this eliminating the hop from the Tomato router – but I get a password challenge from the Actiontec in that configuration."
What I gather from that, is that your Actiontec is responding on the port you wish to use. Is remote administration turned on or something similar? If so, disable it or move it to another port.
Also, if you're testing from the internal network, you might be getting loopback problems. Some routers don't seem to understand if you're trying to access the internal or external side of the router. So do these kind of tests from another location.
Ok, then to the setup.
Your first router should forward traffic on the wanted port (if it's a http server, I'm assuming only port 80) to the WAN of the second router.
In your case, this should be towards 192.168.0.10
Then, the second router needs to be setup to forward that port to the intended webserver (10.0.0.20 or 10.0.0.30)
For your second question, if you want to run multiple websites on a single IP, you'll have to let the webserver handle host headers to provide a different webpage depending on the hostname used. With a single IP it isn't possible to have requests forwarded to another server by routers. So, indeed, either use host headers (for IIS see http://technet.microsoft.com/en-us/library/cc753195(WS.10).aspx or for Apache see http://httpd.apache.org/docs/2.0/vhosts/name-based.html
If you want to use different servers, your best option is to indeed get additional public IP address, but that option also will require you to get a router which can handle multiple public IP addresses. Probably it's best to go with the host header option.
Best regards,
LucF
p.s. As a suggestion, your question is very hard to read because of the layout. Maybe it's better to put more linebreaks in your question so it's easier to spot the needed information to answer your question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NbraceAuthor Commented:
     LucF:
Hey thanks for the thoughtful and accurate  response.  The key I think was your comment about internal errors with Loopback – once I tried to get to our server externally (from outside our network)  -- it worked !! Thanks !!  Also the simplified setup instructions were super helpful  

The password issue at the top is that when you try to get to the external web address by typing in “https://myfamily’sname.homeserver.com” – a password challenge comes up and it’s asking for the admin password for the DSL modem NOT the webserver.  I put a pw on it so that it is a little more secure as it is the device with most exposure to the internet.

 Another issue was that our address is hpps://myfamily’sname.homeserver.com – the https means that I have to open up a secure port – in my case 443 for Windows Home Server.  Anyway it is working now – not sure how to eliminate the loopback issue but may just have to live with it as internally we can get to it via network rather than going out through the internet.

One other thought I had was this:  would it be possible to put both the DSL modem and the Router on the same internal LAN.  In this configuration:
Modem would have ISP issued static IP address for its WAN (206.124.xxx.xxx) and would have an internal LAN address of 192.168.0.1. NAT would be turned one, firewall off, etc.

The Tomato router would also be on that subnet statically assigned, say “WAN” address of say 192.168.0.10.  Its DHCP would be turned on but issuing addresses in the same subnet such as 192.168.0.49-100.  So I guess the question:  is can a DCHP router issue addresses on the same subnet as its WAN address.  I suspect the answer is: that it can’t …. Can it?

The other thing I am testing is to see if I can have https traffic forwarded through port 443 on to Server A while  http traffic forwarded through port 80 gets forwarded to Server B – to get around the two servers with one static IP  address issue.

If you have any thoughts, I’d appreciate it !! ¿

-- Nat
NbraceAuthor Commented:
PS ... I hope this post is alittle easier to read !! I realized the first was a little *dense* ... :-)
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Luc FrankenEMEA Server EngineerCommented:
Hi Nbrace,
It is possible to setup the second router as a switch and Access Point.
To do this you should disable DHCP completely on the router running Tomato and connect a cable between the LAN ports of the two routers (do not use the WAN port anymore on the second router)
Indeed put the second router in the same IP range as the first, just not an IP that's already in use or could be given out by the DHCP server of the first one.
On your second question, yes, if you run one server on port 80 and the other one on 443, you're fine with one single public IP. Just forward the different ports to the different servers.
Regards,
LucF
NbraceAuthor Commented:
Hey thanks for your help here !!! I'm a first-timer to this site and my experience has been great. Thanks for your help !!

-- Nat
Luc FrankenEMEA Server EngineerCommented:
Hi Nat,
You're most welcome :)
Regards,
LucF
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.