We help IT Professionals succeed at work.

Router will not pass traffic to particular IP/system

snooflehammer
on
136 Views
Last Modified: 2016-01-04
I'm trying to pass some traffic through a router to a coule of systems on a LAN, using a custom port translated to port 80.

On the LAN their are two telecoms systems that the vendor needs to get at via a web browser.

They are 192.168.1.11 & 192.168.1.12 respectively.

On the LAN, I can go to http://192.168.1.11 & http://192.168.1.12 and in both cases I get a login prompt, so I know they work.

In the router, a Netgear FVS336Gv2, I have set up two services called phonesys44381 & phonesys44382, because that's the port numbers the telecoms vendor wanted, & they are set to start & finish ports 44381 & 44382 respectively.

I've also set up two firewall rules, both translating to port 80, so the 44381 service is pointing to 192.168.1.11 & the 44382 service is pointing to 192.168.1.12.

If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44381, I get the logon prompt I expect.

If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44382, I get "This webpage is not available" (Chrome). Same deal with other browsers.

Today I upgraded the firmware on the router, as it was very old, and it crashed, so I factory-reset it and sucesfully got it up to the latest version then reconfigured it from scratch. No dice. Either the router is not passing the traffic or the phone system is not accepting it, but the latter seems unlikely.

I've tried different custom external ports and I've tried just loading the one service & firewall rule for the problem child, and still it does not work.
Comment
Watch Question

Network Architect
CERTIFIED EXPERT
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Very likely the correct answer. Waiting for the telco to give me local access to that box to check it out.
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
It's not clear to me how things need to be set up, much less how things are set up.  Let's see:

You say you can use a browser to get to 192.168.1.11 and .12
That implies port 80 which isn't too surprising.
So, the devices at those addresses are listening on port 80 for http transactions it appears.

I would think that you would want to do port forwarding
from WAN Address:44381 to 192.168.1.11:80
from WAN Address:44382 to 192.168.1.12:80

With all this you should be getting access from the outside world just like you do from the LAN.

I'm not sure what "service" means in the context of that router.  Usually it's just port forwarding.

Does that help?

Author

Commented:
That is exactly what I have done. It's in the ost
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
For a test,  you could swap the port forwarding targets, so you get to .12 using :44381.  If that still does not work, the box is suspected. Otherwise the firewall/router.

Author

Commented:
Have actually done that already. I believe it's the wrong gateway on the box but have not been granted access yet to check
CERTIFIED EXPERT

Commented:
When you access them from the lan, does it switch to HTTPS in the browser?  If it does, we'll have to figure out how to deal with port 443.

Author

Commented:
No. It's port 80. It's the gateway but I can't access the box as per above. Awaiting telco
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
That's a good assessment re: the gateway address.
But, even though you can get the login prompts from the LAN, you can't log in to check it...
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
The app is running on a webserver, Fred.  Can you login to EE's servers even though you can access the website that's sitting on them? ;)
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
???
snooflehammer has devices on the LAN with port forwarding set up to access them on port 80.
They are accessible from the LAN on port 80.
Whether they have the login information to go further is one of the issues - which may be normal and fine that they do not.

One of the device login pages is not accessible from the internet even though the port forwarding is set up.  And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong.  The other device works fine.

So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
You made it sound like snofflehammer was telling porkies by saying...
But, even though you can get the login prompts from the LAN, you can't log in to check it...

Yes, we know there is an app running on port 80 and that it is accessible from the LAN.  To access that address on the same subnet you don't need a gateway on the the webserver's OS in order to see it.

When we're trying to see the webserver's app from a remote subnet it needs to be able to send traffic via a router/firewall.  If that particular box doesn't have a gateway (or the incorrect one) we won't be able to see the webserver's app.
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
One of the device login pages is not accessible from the internet even though the port forwarding is set up.  And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong.  The other device works fine.

So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.

We've said this already, several times. :-)
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
We've said this already, several times. :-)
Perhaps so.  Sometimes more clearly than others no doubt.  :-)
I was simply confirming that they can't log into those particular devices because they don't have the login info.  Otherwise they could presumably see (and change) the gateway setting in each one.

Author

Commented:
I can confirm (again) that the vendor for those devices has, tardily, not provided login details, so I cannot prove the 99% likely theory that the gateway has a typo.

Please no further speculation
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
Please no further speculation
???
Well, this isn't really speculation so here goes:

The vendor won't provide you with the login to "their" equipment.
It appears the vendor has put in a wrong setting.
Ask the vendor to change the gateway setting - because it isn't working.
(Better request than to ask them to "check it").
That's not at all an unreasonable request.
some oneNetwork Architect
CERTIFIED EXPERT
Top Expert 2014

Commented:
Why was Fred's answer chosen when I'd already said it was a gateway issue in my very first comment?

Author

Commented:
That was my mistake, sorry. I meant to accept the first mention of the gateway. I don't think I can undo that
Fred MarshallPrincipal
CERTIFIED EXPERT

Commented:
craigbeck should get the points....

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.