• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1946
  • Last Modified:

Can't Connect to Router w/ Comcast Static IP

I've been working on creating a VPN for our office network and am running into some issues. I've got business-class internet on a Comcast-provided SMC8014 router with a static IP (x.x.x.206/30). I have DHCP on the router disabled, and Comcast has set it up for the closest thing to bridged you can get with this modem (a pseudo-bridged mode of sorts from what I've read). It's local IP is 10.1.10.1.

I've got a cable that runs from the modem into the first port of a WRT54g with DD-WRT v24-sp2 vpn installed. All of the other computers are plugged into a basic switch that's plugged into the WRT54g. DHCP is turned on and the router is assigning addresses correctly, we can get on the internet through it, etc etc. The local IP of the WRT54g is 10.1.10.2 with a gateway of 10.1.10.1. The WAN IP is x.x.x.205, subnet 255.255.255.252 and gateway x.x.x.206. According to Comcast (who I've called many many times), this is the correct setup. And that's where they always leave me--they're not allowed to go further than that.

The issue is that I can't even ping x.x.x.205. I can access x.x.x.206 from an external connection just fine, but not 205. ALL routing features on the modem are turned off, dhcp is off--I can't find a single reason why I wouldn't be able to access the Linksys from an outside connection.

Now the ultimate goal is to get OpenVPN working. All the certs and firewall stuff are plugged into DD-WRT and if something is wrong with the setup I feel like I could track the issues down and fix it, but none of that matters when you can't even ping the IP the client is supposed to connect to.

I'm really at a stand-still here. Any suggestions?
0
heliosthesungod
Asked:
heliosthesungod
  • 6
  • 3
1 Solution
 
n2fcCommented:
Who gave you the x.x.x.205 IP?

From what you said, the ONLY static IP you have (from comcast's router) is x.x.x.206!
0
 
heliosthesungodAuthor Commented:
Comcast did. Because of the /30 netmask, you actually get 2 IPs (this is how they were explaining it--I can't pretend to know the reasons behind it). The modem always has the higher .206 IP, while devices connecting to it are lower (we have one static, so it's .205, but apparently if we had more, it'd keep going down).

I tried setting up the Linksys with the .206 IP (I didn't initially believe that it needed to be .205) and it didn't work either and of the 5 people I've talked to at Comcast so far, they've all said it needs to be .205.

No idea why it's supposed to be like that.
0
 
n2fcCommented:
You say you have the Linksys connected via one of the hub (lan) ports...

Did you try connecting it to the modem from its WAN port?
Seems to me you need to try it that way...
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
n2fcCommented:
Another possibility is to just DMZ the Linksys from the SMC8014 and let it "take on" the .206 address if you really don't need 2 static IP's...

In the SMC setup there should be an option to DMZ it back to the Linksys...
0
 
richardsk-octjamaicaCommented:
Give the Linksys router the *.*.*.206/30 IP address assigned to the comcast CPE (Customer Premises Equipment) as your comcast CPE is not a router nor a modem, its is really just a interactive bridge thus there should be no IP conflicts. Record all the current parameters such as Gateway, Subnet DNS, etc that were given to your Linksys router and assign them statically with the only differnce being the IP address which should now be *.*.*.206/30 netmask which should work out to be 255.255.255.252
0
 
heliosthesungodAuthor Commented:
@richardsk-octjamaica
Currently under the WAN settings on the Linksys, the gateway is x.x.x.206. Should I leave that the same and make the IP 206 as well? Or should the gateway be something else?

I tried switching the Linksys over to .206 and left the gateway as it was (.206 as well). When accessing from inside the network, going to the .206 address in a browser still pulls up the modem, as does telnet.

I can ping the address from outside, but I was able to do that before (for the .206 address). I can't access it with a browser or telnet. What is the best way to test a connection to the router?
0
 
heliosthesungodAuthor Commented:
Oh, also, I believe the SMC8014 (the Comcast equipment) is a both a router and a modem. It can (and has in the past for us) function totally on its own--it has 4 ports, assigns IPs with DHCP, has a software firewall, port forwarding, etc. All the stuff a typical router would have. I don't know if that helps, but wanted to mention that.
0
 
heliosthesungodAuthor Commented:
@n2fc
Everything goes down if I connect via the WAN port--I lose internet behind the Linksys entirely.

The SMC does have a DMZ option and you select an IP from a list of "connected computers" to forward everything to, but the router doesn't show up on the list. Would I turn DHCP back on for the SMC? Or would I change the static IP in the Linksys to something other than my .206 address?

Also, how would setting the DMZ up affect OpenVPN? Or would that not be an issue?
0
 
heliosthesungodAuthor Commented:
Figured it out! The x.x.x.205 ip address and the 255.255.255.252 gateway needed to be set as the WAN address *AND* the LAN address. I'm connecting to the VPN externally. Still stuff to figure out from here, but this issue is resolved. Thanks so much for your suggestions and help!!
0
 
heliosthesungodAuthor Commented:
The experts got me on the right track, but the change in my comment is what ultimately ended up fixing the problem.
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now