Avatar of snooflehammer
snooflehammerFlag for Australia asked on

Router will not pass traffic to particular IP/system

I'm trying to pass some traffic through a router to a coule of systems on a LAN, using a custom port translated to port 80.

On the LAN their are two telecoms systems that the vendor needs to get at via a web browser.

They are 192.168.1.11 & 192.168.1.12 respectively.

On the LAN, I can go to http://192.168.1.11 & http://192.168.1.12 and in both cases I get a login prompt, so I know they work.

In the router, a Netgear FVS336Gv2, I have set up two services called phonesys44381 & phonesys44382, because that's the port numbers the telecoms vendor wanted, & they are set to start & finish ports 44381 & 44382 respectively.

I've also set up two firewall rules, both translating to port 80, so the 44381 service is pointing to 192.168.1.11 & the 44382 service is pointing to 192.168.1.12.

If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44381, I get the logon prompt I expect.

If I point a web browser from outside the network at http://WAN.IP.Address.of.the.network:44382, I get "This webpage is not available" (Chrome). Same deal with other browsers.

Today I upgraded the firmware on the router, as it was very old, and it crashed, so I factory-reset it and sucesfully got it up to the latest version then reconfigured it from scratch. No dice. Either the router is not passing the traffic or the phone system is not accepting it, but the latter seems unlikely.

I've tried different custom external ports and I've tried just loading the one service & firewall rule for the problem child, and still it does not work.
Routers

Avatar of undefined
Last Comment
hypercube

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Craig Beck

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
snooflehammer

Very likely the correct answer. Waiting for the telco to give me local access to that box to check it out.
hypercube

It's not clear to me how things need to be set up, much less how things are set up.  Let's see:

You say you can use a browser to get to 192.168.1.11 and .12
That implies port 80 which isn't too surprising.
So, the devices at those addresses are listening on port 80 for http transactions it appears.

I would think that you would want to do port forwarding
from WAN Address:44381 to 192.168.1.11:80
from WAN Address:44382 to 192.168.1.12:80

With all this you should be getting access from the outside world just like you do from the LAN.

I'm not sure what "service" means in the context of that router.  Usually it's just port forwarding.

Does that help?
ASKER
snooflehammer

That is exactly what I have done. It's in the ost
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Qlemo

For a test,  you could swap the port forwarding targets, so you get to .12 using :44381.  If that still does not work, the box is suspected. Otherwise the firewall/router.
ASKER
snooflehammer

Have actually done that already. I believe it's the wrong gateway on the box but have not been granted access yet to check
Davis McCarn

When you access them from the lan, does it switch to HTTPS in the browser?  If it does, we'll have to figure out how to deal with port 443.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
snooflehammer

No. It's port 80. It's the gateway but I can't access the box as per above. Awaiting telco
hypercube

That's a good assessment re: the gateway address.
But, even though you can get the login prompts from the LAN, you can't log in to check it...
Craig Beck

The app is running on a webserver, Fred.  Can you login to EE's servers even though you can access the website that's sitting on them? ;)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
hypercube

???
snooflehammer has devices on the LAN with port forwarding set up to access them on port 80.
They are accessible from the LAN on port 80.
Whether they have the login information to go further is one of the issues - which may be normal and fine that they do not.

One of the device login pages is not accessible from the internet even though the port forwarding is set up.  And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong.  The other device works fine.

So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.
Craig Beck

You made it sound like snofflehammer was telling porkies by saying...
But, even though you can get the login prompts from the LAN, you can't log in to check it...

Yes, we know there is an app running on port 80 and that it is accessible from the LAN.  To access that address on the same subnet you don't need a gateway on the the webserver's OS in order to see it.

When we're trying to see the webserver's app from a remote subnet it needs to be able to send traffic via a router/firewall.  If that particular box doesn't have a gateway (or the incorrect one) we won't be able to see the webserver's app.
Craig Beck

One of the device login pages is not accessible from the internet even though the port forwarding is set up.  And, since port 80 access on the LAN *does* work to that point, it would appear that the gateway setting on one of the devices could be wrong.  The other device works fine.

So, yes I would expect to be able to reach the login page from outside if the port forwarding AND the gateway setting are both correct.

We've said this already, several times. :-)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
hypercube

We've said this already, several times. :-)
Perhaps so.  Sometimes more clearly than others no doubt.  :-)
I was simply confirming that they can't log into those particular devices because they don't have the login info.  Otherwise they could presumably see (and change) the gateway setting in each one.
ASKER
snooflehammer

I can confirm (again) that the vendor for those devices has, tardily, not provided login details, so I cannot prove the 99% likely theory that the gateway has a typo.

Please no further speculation
hypercube

Please no further speculation
???
Well, this isn't really speculation so here goes:

The vendor won't provide you with the login to "their" equipment.
It appears the vendor has put in a wrong setting.
Ask the vendor to change the gateway setting - because it isn't working.
(Better request than to ask them to "check it").
That's not at all an unreasonable request.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Craig Beck

Why was Fred's answer chosen when I'd already said it was a gateway issue in my very first comment?
ASKER
snooflehammer

That was my mistake, sorry. I meant to accept the first mention of the gateway. I don't think I can undo that
hypercube

craigbeck should get the points....
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.