Router will not pass traffic to particular IP/system
I'm trying to pass some traffic through a router to a coule of systems on a LAN, using a custom port translated to port 80.
On the LAN their are two telecoms systems that the vendor needs to get at via a web browser.
They are 192.168.1.11 & 192.168.1.12 respectively.
On the LAN, I can go to http://192.168.1.11 & http://192.168.1.12 and in both cases I get a login prompt, so I know they work.
In the router, a Netgear FVS336Gv2, I have set up two services called phonesys44381 & phonesys44382, because that's the port numbers the telecoms vendor wanted, & they are set to start & finish ports 44381 & 44382 respectively.
I've also set up two firewall rules, both translating to port 80, so the 44381 service is pointing to 192.168.1.11 & the 44382 service is pointing to 192.168.1.12.
If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44381, I get the logon prompt I expect.
If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44382, I get "This webpage is not available" (Chrome). Same deal with other browsers.
Today I upgraded the firmware on the router, as it was very old, and it crashed, so I factory-reset it and sucesfully got it up to the latest version then reconfigured it from scratch. No dice. Either the router is not passing the traffic or the phone system is not accepting it, but the latter seems unlikely.
I've tried different custom external ports and I've tried just loading the one service & firewall rule for the problem child, and still it does not work.
On the LAN their are two telecoms systems that the vendor needs to get at via a web browser.
They are 192.168.1.11 & 192.168.1.12 respectively.
On the LAN, I can go to http://192.168.1.11 & http://192.168.1.12 and in both cases I get a login prompt, so I know they work.
In the router, a Netgear FVS336Gv2, I have set up two services called phonesys44381 & phonesys44382, because that's the port numbers the telecoms vendor wanted, & they are set to start & finish ports 44381 & 44382 respectively.
I've also set up two firewall rules, both translating to port 80, so the 44381 service is pointing to 192.168.1.11 & the 44382 service is pointing to 192.168.1.12.
If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44381, I get the logon prompt I expect.
If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44382, I get "This webpage is not available" (Chrome). Same deal with other browsers.
Today I upgraded the firmware on the router, as it was very old, and it crashed, so I factory-reset it and sucesfully got it up to the latest version then reconfigured it from scratch. No dice. Either the router is not passing the traffic or the phone system is not accepting it, but the latter seems unlikely.
I've tried different custom external ports and I've tried just loading the one service & firewall rule for the problem child, and still it does not work.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's not clear to me how things need to be set up, much less how things are set up. Let's see:
You say you can use a browser to get to 192.168.1.11 and .12
That implies port 80 which isn't too surprising.
So, the devices at those addresses are listening on port 80 for http transactions it appears.
I would think that you would want to do port forwarding
from WAN Address:44381 to 192.168.1.11:80
from WAN Address:44382 to 192.168.1.12:80
With all this you should be getting access from the outside world just like you do from the LAN.
I'm not sure what "service" means in the context of that router. Usually it's just port forwarding.
Does that help?
You say you can use a browser to get to 192.168.1.11 and .12
That implies port 80 which isn't too surprising.
So, the devices at those addresses are listening on port 80 for http transactions it appears.
I would think that you would want to do port forwarding
from WAN Address:44381 to 192.168.1.11:80
from WAN Address:44382 to 192.168.1.12:80
With all this you should be getting access from the outside world just like you do from the LAN.
I'm not sure what "service" means in the context of that router. Usually it's just port forwarding.
Does that help?
ASKER
That is exactly what I have done. It's in the ost
For a test, you could swap the port forwarding targets, so you get to .12 using :44381. If that still does not work, the box is suspected. Otherwise the firewall/router.
ASKER
Have actually done that already. I believe it's the wrong gateway on the box but have not been granted access yet to check
When you access them from the lan, does it switch to HTTPS in the browser? If it does, we'll have to figure out how to deal with port 443.
ASKER
No. It's port 80. It's the gateway but I can't access the box as per above. Awaiting telco
That's a good assessment re: the gateway address.
But, even though you can get the login prompts from the LAN, you can't log in to check it...
But, even though you can get the login prompts from the LAN, you can't log in to check it...
The app is running on a webserver, Fred. Can you login to EE's servers even though you can access the website that's sitting on them? ;)
???
snooflehammer has devices on the LAN with port forwarding set up to access them on port 80.
They are accessible from the LAN on port 80.
Whether they have the login information to go further is one of the issues - which may be normal and fine that they do not.
One of the device login pages is not accessible from the internet even though the port forwarding is set up. And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong. The other device works fine.
So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.
snooflehammer has devices on the LAN with port forwarding set up to access them on port 80.
They are accessible from the LAN on port 80.
Whether they have the login information to go further is one of the issues - which may be normal and fine that they do not.
One of the device login pages is not accessible from the internet even though the port forwarding is set up. And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong. The other device works fine.
So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.
You made it sound like snofflehammer was telling porkies by saying...
Yes, we know there is an app running on port 80 and that it is accessible from the LAN. To access that address on the same subnet you don't need a gateway on the the webserver's OS in order to see it.
When we're trying to see the webserver's app from a remote subnet it needs to be able to send traffic via a router/firewall. If that particular box doesn't have a gateway (or the incorrect one) we won't be able to see the webserver's app.
But, even though you can get the login prompts from the LAN, you can't log in to check it...
Yes, we know there is an app running on port 80 and that it is accessible from the LAN. To access that address on the same subnet you don't need a gateway on the the webserver's OS in order to see it.
When we're trying to see the webserver's app from a remote subnet it needs to be able to send traffic via a router/firewall. If that particular box doesn't have a gateway (or the incorrect one) we won't be able to see the webserver's app.
One of the device login pages is not accessible from the internet even though the port forwarding is set up. And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong. The other device works fine.
So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.
We've said this already, several times. :-)
We've said this already, several times. :-)Perhaps so. Sometimes more clearly than others no doubt. :-)
I was simply confirming that they can't log into those particular devices because they don't have the login info. Otherwise they could presumably see (and change) the gateway setting in each one.
ASKER
I can confirm (again) that the vendor for those devices has, tardily, not provided login details, so I cannot prove the 99% likely theory that the gateway has a typo.
Please no further speculation
Please no further speculation
Please no further speculation???
Well, this isn't really speculation so here goes:
The vendor won't provide you with the login to "their" equipment.
It appears the vendor has put in a wrong setting.
Ask the vendor to change the gateway setting - because it isn't working.
(Better request than to ask them to "check it").
That's not at all an unreasonable request.
Why was Fred's answer chosen when I'd already said it was a gateway issue in my very first comment?
ASKER
That was my mistake, sorry. I meant to accept the first mention of the gateway. I don't think I can undo that
craigbeck should get the points....
ASKER