Nbrace
asked on
Webserver behind Actiontec DSL modem and Tomato router
Hi
I have I would think a relatively common problem around port forwarding to get to our family's web server which is behind a dsl modem and wireless router. Our configuration is: Static IP issued by our ISP assigned to Actiontec GT701 DSL Modem (its IP = 206.124.xxx.xxx). (Actiontec status: DHCP turn off, NAT on (wouldn't work w/o NAT here), firewall = off). Actiontec LAN IP = 192.168.0.1 IP of downstream Tomato wireless router (running on Linksys WRT54GS hardware) = 192.168.0.10. (Tomato router status: LAN IP = 10.0.0.1, DHCP turned on – scope = 10.0.0.49-100, NAT on, Firewall does not appear to be on – only checked box under firewall settings is for NAT loopback and its check “Forward Only”). The web server running Windows Home Server has a static IP address on Tomato’s LAN at 10.0.0.20 (outside of the DHCP scope), I have port forwarding all 8080 traffic from Tomato to port 80 of our home server. The web server properly recognizes the external IP address that traffic is coming in on (206.124.xxx.xxx) but it throws an error when it tests if its visible from the internet. Other web traffic doesn’t make it through either. … ¿
Stuff I’ve tried: I can ping the name of our webserver myfamily’sname.homeserver. com and it properly replies with the right external IP address -- 206.124.xxx.xxx. I’ve tried putting the webserver on the Actiontec’s LAN – this eliminating the hop from the Tomato router – but I get a password challenge from the Actiontec in that configuration. I’ve tried to set up the Actiontec in “Bridging mode” but according to my ISP – Qwest does not support Bridging on my DSL line (ie requires PPOA among other things…)
Any thoughts on how to get this basic config to go?
Secondarily, we have a second registered domain name, called say:orangedingos.com that also points to 206.124.xxx.xxx. Is there somewhere I can tell either the modem or the router: If traffic is coming in for myfamily’sname.homeserver. com it goes to the server at 10.0.0.20 and if traffic comes in for orangedingos.com it goes to the server 10.0.0.30? Or Is there a way in the URL one can designate which port it should go to – eg: www.orangedingos.com:8080 ? Is this something my ISP can do? Or do will we have to use unfriendly IP address 206.124.xxx.xxx:8080 to get to the right place? Or if I want to use both URLs do I simply need a second IP address?
Thanks for your help !!
Nat
I have I would think a relatively common problem around port forwarding to get to our family's web server which is behind a dsl modem and wireless router. Our configuration is: Static IP issued by our ISP assigned to Actiontec GT701 DSL Modem (its IP = 206.124.xxx.xxx). (Actiontec status: DHCP turn off, NAT on (wouldn't work w/o NAT here), firewall = off). Actiontec LAN IP = 192.168.0.1 IP of downstream Tomato wireless router (running on Linksys WRT54GS hardware) = 192.168.0.10. (Tomato router status: LAN IP = 10.0.0.1, DHCP turned on – scope = 10.0.0.49-100, NAT on, Firewall does not appear to be on – only checked box under firewall settings is for NAT loopback and its check “Forward Only”). The web server running Windows Home Server has a static IP address on Tomato’s LAN at 10.0.0.20 (outside of the DHCP scope), I have port forwarding all 8080 traffic from Tomato to port 80 of our home server. The web server properly recognizes the external IP address that traffic is coming in on (206.124.xxx.xxx) but it throws an error when it tests if its visible from the internet. Other web traffic doesn’t make it through either. … ¿
Stuff I’ve tried: I can ping the name of our webserver myfamily’sname.homeserver.
Any thoughts on how to get this basic config to go?
Secondarily, we have a second registered domain name, called say:orangedingos.com that also points to 206.124.xxx.xxx. Is there somewhere I can tell either the modem or the router: If traffic is coming in for myfamily’sname.homeserver.
Thanks for your help !!
Nat
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
PS ... I hope this post is alittle easier to read !! I realized the first was a little *dense* ... :-)
Hi Nbrace,
It is possible to setup the second router as a switch and Access Point.
To do this you should disable DHCP completely on the router running Tomato and connect a cable between the LAN ports of the two routers (do not use the WAN port anymore on the second router)
Indeed put the second router in the same IP range as the first, just not an IP that's already in use or could be given out by the DHCP server of the first one.
On your second question, yes, if you run one server on port 80 and the other one on 443, you're fine with one single public IP. Just forward the different ports to the different servers.
Regards,
LucF
It is possible to setup the second router as a switch and Access Point.
To do this you should disable DHCP completely on the router running Tomato and connect a cable between the LAN ports of the two routers (do not use the WAN port anymore on the second router)
Indeed put the second router in the same IP range as the first, just not an IP that's already in use or could be given out by the DHCP server of the first one.
On your second question, yes, if you run one server on port 80 and the other one on 443, you're fine with one single public IP. Just forward the different ports to the different servers.
Regards,
LucF
ASKER
Hey thanks for your help here !!! I'm a first-timer to this site and my experience has been great. Thanks for your help !!
-- Nat
-- Nat
Hi Nat,
You're most welcome :)
Regards,
LucF
You're most welcome :)
Regards,
LucF
ASKER
Hey thanks for the thoughtful and accurate response. The key I think was your comment about internal errors with Loopback – once I tried to get to our server externally (from outside our network) -- it worked !! Thanks !! Also the simplified setup instructions were super helpful
The password issue at the top is that when you try to get to the external web address by typing in “https://myfamily’sname.homeserver.com” – a password challenge comes up and it’s asking for the admin password for the DSL modem NOT the webserver. I put a pw on it so that it is a little more secure as it is the device with most exposure to the internet.
Another issue was that our address is hpps://myfamily’sname.home
One other thought I had was this: would it be possible to put both the DSL modem and the Router on the same internal LAN. In this configuration:
Modem would have ISP issued static IP address for its WAN (206.124.xxx.xxx) and would have an internal LAN address of 192.168.0.1. NAT would be turned one, firewall off, etc.
The Tomato router would also be on that subnet statically assigned, say “WAN” address of say 192.168.0.10. Its DHCP would be turned on but issuing addresses in the same subnet such as 192.168.0.49-100. So I guess the question: is can a DCHP router issue addresses on the same subnet as its WAN address. I suspect the answer is: that it can’t …. Can it?
The other thing I am testing is to see if I can have https traffic forwarded through port 443 on to Server A while http traffic forwarded through port 80 gets forwarded to Server B – to get around the two servers with one static IP address issue.
If you have any thoughts, I’d appreciate it !! ¿
-- Nat