New TWC modem/router breaks network
Hi experts,
I will try to explain this as thoroughly, yet succinctly, as I can. Part of the problem is I have done so much to troubleshoot, it would be too confusing to list them all, but at least I should be able to give some answers to recommendations more quickly. So, I think it will be best to just give the issue.
I have a small network with a subnet of 192.168.1.x with the default gateway of the router being 192.168.1.1. It is a domain, with the server being an SBS 2008 with an IP of 192.168.1.100. All of the clients run Windows Firewall as well as an antimalware program. We do use Exchange Server for our email. I have Outlook email at home which maintains a constant connection to Exchange via RPC/HTTP. I am also able to RDP into all clients and the server within seconds. And, I can use RWA.
My Internet access is provided by Time Warner Cable (now Spectrum) and has been for ten years. I am not sure how long I had my previous modem and whether it was DOCSIS 2 or 3. But, it was a standalone modem, was able to handle five IPs easily and provide 15 down and 2 up as advertised. My public IP is a static IP address. I used to use a Pix510, but now have a Cisco RV042G router/firewall. So, it goes modem to router to switch to all computers on the LAN.
OK, so everything was working superbly. Then two nights in a row the speed was very slow. I probably should have ignored it. But, the other business next door uses the same cable company, and they said there's was slow. I should have checked to see what they meant by slow. So, I deduced it was TWC's line or something. So, I called TWC and they sent a tech out the next day. I should have waited until the following day as I was off when he came out. I have no idea what he did. My guess is he came out, found nothing wrong, noticed the archaic modem and switched it out.
That's when the fun began. I don't know about the experts, but I can't stand these combination modem/router/firewall/Wi-F
Anyway, he installs a Technicolor TC8715D modem. DOCSIS 3.0. The speeds are still 15 down and 2 up. Everything is working fine. Internet, the LAN, of course. VPN to the hospital. But, now I can send email, but I can't receive it. So, it appears that Port 25 is blocked. We have a company that spools any unsent email, so we didn't miss any. At home, my email doesn't work at all. Yellow exclamation point, etc. Can't send. Can't receive. And, RDP is a disaster, as in it doesn't work. Just tries to initiate and times out.
I accessed the modem and turned off the Wi-Fi and its firewall. This changed nothing. So, basically good speed, bad email. With remote problems from home.
So, I bridged the router. Instantly, we started getting email at the office, although still no email at home. But in bridged mode, the speed is gone. A web page may load in two minutes or maybe not at all. The modem/router's gateway is 192.168.0.1. Email at home works, but I still can't use RDP.
I do have a TWC technician coming out on Tuesday, but I don't have a lot of confidence he will fix things. I really just want my standalone, "dumb" modem. But, I upgraded to 60/5, so it probably wouldn't handle it. TWC also said that the standalones they provide won't handle five static IPs. That doesn't really sound correct.
I tried to port forward 25, but I don't think I did it correctly. And that still may mean RDP doesn't work. I don't think I have had to use port 3389 since SBS 2008. I believe 443 and 987 is open. I don't know why any port would be blocked in Bridged mode.
Finally, back when I had the Pix, I was able to Telnet into it. I did it quite often, so I remembered the rather interesting way of doing it. But, now I have completely forgot using the CMD prompt. Can you even use the CLI on the RV042G router?
Thanks.
Bert
I will try to explain this as thoroughly, yet succinctly, as I can. Part of the problem is I have done so much to troubleshoot, it would be too confusing to list them all, but at least I should be able to give some answers to recommendations more quickly. So, I think it will be best to just give the issue.
I have a small network with a subnet of 192.168.1.x with the default gateway of the router being 192.168.1.1. It is a domain, with the server being an SBS 2008 with an IP of 192.168.1.100. All of the clients run Windows Firewall as well as an antimalware program. We do use Exchange Server for our email. I have Outlook email at home which maintains a constant connection to Exchange via RPC/HTTP. I am also able to RDP into all clients and the server within seconds. And, I can use RWA.
My Internet access is provided by Time Warner Cable (now Spectrum) and has been for ten years. I am not sure how long I had my previous modem and whether it was DOCSIS 2 or 3. But, it was a standalone modem, was able to handle five IPs easily and provide 15 down and 2 up as advertised. My public IP is a static IP address. I used to use a Pix510, but now have a Cisco RV042G router/firewall. So, it goes modem to router to switch to all computers on the LAN.
OK, so everything was working superbly. Then two nights in a row the speed was very slow. I probably should have ignored it. But, the other business next door uses the same cable company, and they said there's was slow. I should have checked to see what they meant by slow. So, I deduced it was TWC's line or something. So, I called TWC and they sent a tech out the next day. I should have waited until the following day as I was off when he came out. I have no idea what he did. My guess is he came out, found nothing wrong, noticed the archaic modem and switched it out.
That's when the fun began. I don't know about the experts, but I can't stand these combination modem/router/firewall/Wi-F
Anyway, he installs a Technicolor TC8715D modem. DOCSIS 3.0. The speeds are still 15 down and 2 up. Everything is working fine. Internet, the LAN, of course. VPN to the hospital. But, now I can send email, but I can't receive it. So, it appears that Port 25 is blocked. We have a company that spools any unsent email, so we didn't miss any. At home, my email doesn't work at all. Yellow exclamation point, etc. Can't send. Can't receive. And, RDP is a disaster, as in it doesn't work. Just tries to initiate and times out.
I accessed the modem and turned off the Wi-Fi and its firewall. This changed nothing. So, basically good speed, bad email. With remote problems from home.
So, I bridged the router. Instantly, we started getting email at the office, although still no email at home. But in bridged mode, the speed is gone. A web page may load in two minutes or maybe not at all. The modem/router's gateway is 192.168.0.1. Email at home works, but I still can't use RDP.
I do have a TWC technician coming out on Tuesday, but I don't have a lot of confidence he will fix things. I really just want my standalone, "dumb" modem. But, I upgraded to 60/5, so it probably wouldn't handle it. TWC also said that the standalones they provide won't handle five static IPs. That doesn't really sound correct.
I tried to port forward 25, but I don't think I did it correctly. And that still may mean RDP doesn't work. I don't think I have had to use port 3389 since SBS 2008. I believe 443 and 987 is open. I don't know why any port would be blocked in Bridged mode.
Finally, back when I had the Pix, I was able to Telnet into it. I did it quite often, so I remembered the rather interesting way of doing it. But, now I have completely forgot using the CMD prompt. Can you even use the CLI on the RV042G router?
Thanks.
Bert
ASKER
Thanks Tom,
This is what I have. And, it is confusing since it always worked before. And, I agree it doesn't block in bridged. Just something wrong with connection to make Internet so slow I can't RDP from home and RPC/HTTP Outlook Exchange mail doesn't work.
So, the modem is in bridged mode. The public IP that shows in its config is 67.xxx.xxx.29 (I never know what IPs I should put in the comments, so bear with me if I am being stupid. The private side (default gateway of the modem is 192.168.0.1 as with pretty much all TWC modems. Because it is bridged, there is no Wi-Fi, firewall or NAT/router. So basically, like the old modem (a dumb box) with no protection from the Internet and simply converting cable to Ethernet.
My Cisco router/firewall is:
72.xxx.xxx.99 for its static WAN IP. (this is the public IP that everything has always gone to)
255.255.255.248
72.xxx.xxx.97 (default gateway address)
192.168.1.1 (gateway for LAN or LAN IP)
192.168.1.100 Server IP
24.92.226.11 DNS
All the routing is done by the Cisco. It routes 443, 987 and 25 to the server IP.
When modem/router is in router mode, the Internet is fast. VPN works. I can send email. But, I cannot receive it. Something with modem/router connected to Cisco router blocks incoming email on SMTP. So, I can do everything except after a day I have no email (obviously) lol. Then I have to change at night to Bridged so I can get my email back. (It is spooled online).
Now, when in Bridged mode (which is what I want, because I hate it being a router. I don't need another router. I don't need another firewall. In Bridged mode it will send and receive email. Port 25 somehow is open. Recall that 443 and 987 works in bridged and router model. So, in bridged I can get email, but it takes two to three minutes to load a web page.
I don't know if this modem has an issue with the various IPs. Or with a static IP on the public side of my router. But, somehow before, the modem was a plain modem and traffic came through the modem to the 72.xxx.xxx.99 IP.
Sorry, so confusing. I know I am not crazy, because when I Google this, hundreds upon hundreds have similar problems and cannot port forward, etc. They are rather technical, and they like me, cannot stand these modems. These combined modems are for homes and for those who want a router and a modem and Wi-Fi all in one. Small businesses with domains do not want an all-in-one solution. And, yes port forwarding can only be done with the modem in router mode. But, I should send a jpg, because the page where you do the port forwarding it is not straightforward.
This is what I have. And, it is confusing since it always worked before. And, I agree it doesn't block in bridged. Just something wrong with connection to make Internet so slow I can't RDP from home and RPC/HTTP Outlook Exchange mail doesn't work.
So, the modem is in bridged mode. The public IP that shows in its config is 67.xxx.xxx.29 (I never know what IPs I should put in the comments, so bear with me if I am being stupid. The private side (default gateway of the modem is 192.168.0.1 as with pretty much all TWC modems. Because it is bridged, there is no Wi-Fi, firewall or NAT/router. So basically, like the old modem (a dumb box) with no protection from the Internet and simply converting cable to Ethernet.
My Cisco router/firewall is:
72.xxx.xxx.99 for its static WAN IP. (this is the public IP that everything has always gone to)
255.255.255.248
72.xxx.xxx.97 (default gateway address)
192.168.1.1 (gateway for LAN or LAN IP)
192.168.1.100 Server IP
24.92.226.11 DNS
All the routing is done by the Cisco. It routes 443, 987 and 25 to the server IP.
When modem/router is in router mode, the Internet is fast. VPN works. I can send email. But, I cannot receive it. Something with modem/router connected to Cisco router blocks incoming email on SMTP. So, I can do everything except after a day I have no email (obviously) lol. Then I have to change at night to Bridged so I can get my email back. (It is spooled online).
Now, when in Bridged mode (which is what I want, because I hate it being a router. I don't need another router. I don't need another firewall. In Bridged mode it will send and receive email. Port 25 somehow is open. Recall that 443 and 987 works in bridged and router model. So, in bridged I can get email, but it takes two to three minutes to load a web page.
I don't know if this modem has an issue with the various IPs. Or with a static IP on the public side of my router. But, somehow before, the modem was a plain modem and traffic came through the modem to the 72.xxx.xxx.99 IP.
Sorry, so confusing. I know I am not crazy, because when I Google this, hundreds upon hundreds have similar problems and cannot port forward, etc. They are rather technical, and they like me, cannot stand these modems. These combined modems are for homes and for those who want a router and a modem and Wi-Fi all in one. Small businesses with domains do not want an all-in-one solution. And, yes port forwarding can only be done with the modem in router mode. But, I should send a jpg, because the page where you do the port forwarding it is not straightforward.
ASKER
A very good networking guy was helping me with this. He get frustrated, lol, because I am so stupid with networking. Anyway, I thought there were two conflicting issues. And, I am certain that my premise is wrong.
But, the default gateway of the Cisco I believe must be different than the default gateway of the modem. So, I felt good that it was because it was 0.x and 1.x. But, that makes them in different subnets. Do I need to make the default gateway of the modem something like 192.168.1.45?
But, the default gateway of the Cisco I believe must be different than the default gateway of the modem. So, I felt good that it was because it was 0.x and 1.x. But, that makes them in different subnets. Do I need to make the default gateway of the modem something like 192.168.1.45?
I've a couple of suggestions here.
While I'm not familiar with that particular modem/router, I've run into many others where I've used Bridged Mode. There is often a second setting (in addition to Bridged Mode) that needs to be set. It's something about allowing (forwarding?) all ports for true static IP and it needs to be enabled. Check your modem/router to see if it has such a setting. If my comment isn't clear enough let me know and I'll look up the actual text.
I agree that a standalone modem would be preferable. Will your provider allow you to install your own? They typically run around $50-60 which is cheap if it allows you to avoid these headaches.
While I'm not familiar with that particular modem/router, I've run into many others where I've used Bridged Mode. There is often a second setting (in addition to Bridged Mode) that needs to be set. It's something about allowing (forwarding?) all ports for true static IP and it needs to be enabled. Check your modem/router to see if it has such a setting. If my comment isn't clear enough let me know and I'll look up the actual text.
I agree that a standalone modem would be preferable. Will your provider allow you to install your own? They typically run around $50-60 which is cheap if it allows you to avoid these headaches.
You just said
So it's 2 different subnets.
Please confirm they're the same or create route tunneling between them
The private side (default gateway of the modem is 192.168.0.1 as with pretty much all TWC modemsand then
192.168.1.1 (gateway for LAN or LAN IP)
So it's 2 different subnets.
Please confirm they're the same or create route tunneling between them
ASKER
@CompProbSolv:
I will definitely check that. I have looked at a lot of things.
@Tom Yes, I did say that. And, here is where I am confused.
I was working with someone on this (not a 12 yo who plays GTA down the street -- but someone from here that is very, very good. I believe Genius or Sage in Networking and many things -- he is not working on this question, however, so no unfair advantage to him and this was prior -- don't want to get anyone in trouble with EE rules).
Anyway in the same email, he said:
Oh, 192.168.0.1 for modem and 192.168.1.1 for Cisco => that is good
But:
192.168.0.1 => 72.xxx.xxx.99 => 192.168.1.1 That's a problem. They are two different subnets. The Cisco can't talk to the modem.
I have already read (maybe incorrectly) that the two default gateways can't be the same.
So, it sounds like my friend is saying what you are saying. Two subnets. But, at the same time, he seems to indicate the gateways can't be the same. As I stated above, maybe they have to be the same subnets; both 192.168.1.x, but what he meant was they can't be the exact gateway, i.e. 192.168.1.1.
So, would Modem having 192.168.1.2 => 72.xxx.xxx.99 => 192.168.1.1 work?
SORRY FOR THE DELAY. I have to put in router mode to have Internet and be able to work. There is no way to work efficiently without good speeds. I can put up without email. Then at night, I change to bridged mode, because I don't need fast Internet connection. Then all the emails which were blocked by port 25 can dribble down from MXToolbox. Hey! I could continue like this forever! But, not an elegant solution, lol.
I will definitely check that. I have looked at a lot of things.
@Tom Yes, I did say that. And, here is where I am confused.
I was working with someone on this (not a 12 yo who plays GTA down the street -- but someone from here that is very, very good. I believe Genius or Sage in Networking and many things -- he is not working on this question, however, so no unfair advantage to him and this was prior -- don't want to get anyone in trouble with EE rules).
Anyway in the same email, he said:
Oh, 192.168.0.1 for modem and 192.168.1.1 for Cisco => that is good
But:
192.168.0.1 => 72.xxx.xxx.99 => 192.168.1.1 That's a problem. They are two different subnets. The Cisco can't talk to the modem.
I have already read (maybe incorrectly) that the two default gateways can't be the same.
So, it sounds like my friend is saying what you are saying. Two subnets. But, at the same time, he seems to indicate the gateways can't be the same. As I stated above, maybe they have to be the same subnets; both 192.168.1.x, but what he meant was they can't be the exact gateway, i.e. 192.168.1.1.
So, would Modem having 192.168.1.2 => 72.xxx.xxx.99 => 192.168.1.1 work?
SORRY FOR THE DELAY. I have to put in router mode to have Internet and be able to work. There is no way to work efficiently without good speeds. I can put up without email. Then at night, I change to bridged mode, because I don't need fast Internet connection. Then all the emails which were blocked by port 25 can dribble down from MXToolbox. Hey! I could continue like this forever! But, not an elegant solution, lol.
ASKER
So, currently I am working and have fast Internet in router mode. But, I won't get your email notifications. But, I check here constantly by refreshing.
Thanks, thanks, thanks to both of you.
Thanks, thanks, thanks to both of you.
re: 192.168.0.x vs. 192.168.1.x
"The private side (default gateway of the modem is 192.168.0.1 as with pretty much all TWC modems." Are you really referring to the default gateway of the modem/router and not its LAN address (which will be used as the default gateway for devices connected TO the modem/router)? If so, then it should be set to the 72.xxx.xxx.97 address.
My experience with bridged modem/routers is that they still have a LAN address that you use to manage them, but they should be on a different subnet than the LAN you are actually using. For example:
72.x.x.x - bridged modem/router - 192.168.0.1 (only used for modem/router management) - router (WAN IP is on 72.x.x.x, LAN IP is 192.168.1.1)
If you want to change settings on the modem/router, you'd connect directly to it with a 192.168.0.x device (or use its DHCP if enabled). If you want to use the LAN you'd connect after the router with a 192.168.1.x device (or use DHCP).
This reinforces the point of how a standalone modem is easier to deal with!
"The private side (default gateway of the modem is 192.168.0.1 as with pretty much all TWC modems." Are you really referring to the default gateway of the modem/router and not its LAN address (which will be used as the default gateway for devices connected TO the modem/router)? If so, then it should be set to the 72.xxx.xxx.97 address.
My experience with bridged modem/routers is that they still have a LAN address that you use to manage them, but they should be on a different subnet than the LAN you are actually using. For example:
72.x.x.x - bridged modem/router - 192.168.0.1 (only used for modem/router management) - router (WAN IP is on 72.x.x.x, LAN IP is 192.168.1.1)
If you want to change settings on the modem/router, you'd connect directly to it with a 192.168.0.x device (or use its DHCP if enabled). If you want to use the LAN you'd connect after the router with a 192.168.1.x device (or use DHCP).
This reinforces the point of how a standalone modem is easier to deal with!
ASKER
Brilliant! My friend (not sure if I should use his name on here as he is an expert) always gets frustrated with me, because I should understand networking better. Usually, he just helps by saying DNS, DNS! So, I understand a default gateway. But, where I get confused is (if you took the modem out of play -- made it a standalone modem), here is how I set up the Cisco (this one and the Pix-510 -- loved those things). I set the public IP as 72....99 and the default gateway as 72.....97. It seemed to automatically have a private side default gateway of 192.168.1.1. At least that is how I log into it. The is how I log into it currectly. My understanding is to log into it I have to be on the same subnet. I have an 8 IP subnet range, and I can use 5. I basically use the two.
I have never understood why it needed the 72.....97 and the 192.....1 default gateways, unless the x.97 was a default gateway from the public side.
I apologize for writing a novel when I could probably say this in two sentences. You just have to be very clear as to why I use 72....99 as my public IP and 72.xxxx.97 at a default gateway and use 72.....99 on the Cisco as my static IP. Or is the public IP of the modem/router given out by Time-Warner?
So, it almost seems that instead of having my Cisco router doing all the routing and NAT and the modem just giving me Ethernet broadband via modulate/demodulate, I am behind two routers and NAT, making ports have to be open twice.
It's frustrating because when I called TWC, they said they have standalone modems, but they can't handle 5 IPs. My other one did, but it was old and probably DOCSIS 2. I have never skimped on equipment, although my Cisco router now is not as good as ASAs. But, would gladly pay $300 for a commercial non-router modem. I don't need a modem/router/firewall/NAT/
By the way, when I used to print a config of the PIX, I was instructed to mask the IPs, etc. Is it important to not put my actual IP address on here? I mean everyone with my domain name can figure it out.
I have never understood why it needed the 72.....97 and the 192.....1 default gateways, unless the x.97 was a default gateway from the public side.
I apologize for writing a novel when I could probably say this in two sentences. You just have to be very clear as to why I use 72....99 as my public IP and 72.xxxx.97 at a default gateway and use 72.....99 on the Cisco as my static IP. Or is the public IP of the modem/router given out by Time-Warner?
So, it almost seems that instead of having my Cisco router doing all the routing and NAT and the modem just giving me Ethernet broadband via modulate/demodulate, I am behind two routers and NAT, making ports have to be open twice.
It's frustrating because when I called TWC, they said they have standalone modems, but they can't handle 5 IPs. My other one did, but it was old and probably DOCSIS 2. I have never skimped on equipment, although my Cisco router now is not as good as ASAs. But, would gladly pay $300 for a commercial non-router modem. I don't need a modem/router/firewall/NAT/
By the way, when I used to print a config of the PIX, I was instructed to mask the IPs, etc. Is it important to not put my actual IP address on here? I mean everyone with my domain name can figure it out.
A few comments.....
I think you are misusing the term "Default Gateway".
Let's imagine a simple network with an external address of 123.123.123.5 that connects to the ISP whose router has an address exposed to the internet that is 123.123.123.6. The internal network on the LAN is a 192.168.1.x subnet and the modem/router (m/r) has a LAN address of 192.168.1.1.
The m/r's default gateway is 123.123.123.6. The m/r's WAN IP address is 123.123.123.5, the m/r's LAN address is 192.168.1.1.
Where you are mixing up terms is when you call the m/r's LAN address its "default gateway". It is A default gateway, but only when referring to clients. That is, a workstation on the LAN will have 192.168.1.1 as the default gateway. I'm not tying to nitpick here because I think this is part of what is confusing things.
As a second point, I don't understand TWC saying that their modems won' handle 5 IPs. A true modem doesn't HAVE an IP address; it is just a MOdulater/DEModulator. I suspect that he problem here is that TWC (as with most ISPs) calls a modem/router a modem.
What is the physical connection from TWC to you? Is it a coax cable? If so, then I'd look at Docsis 3.0 modems, such as this from Amazon for $40:
https://www.amazon.com/NETGEAR-340Mbps-XFINITY-Cablevision-CM400-1AZNAS/dp/B0111MRLES/ref=sr_1_2?ie=UTF8&qid=1482785725&sr=8-2&keywords=docsis
I'd ask TWC first about compatibility, but you may have difficulty getting a straight answer from them. I'd take the risk (check Amazon's return policy) and order the modem.
If your Arris at home is a modem only, I'd give it a try. If it works, buy another standalone modem and simplify your life.
I think you are misusing the term "Default Gateway".
Let's imagine a simple network with an external address of 123.123.123.5 that connects to the ISP whose router has an address exposed to the internet that is 123.123.123.6. The internal network on the LAN is a 192.168.1.x subnet and the modem/router (m/r) has a LAN address of 192.168.1.1.
The m/r's default gateway is 123.123.123.6. The m/r's WAN IP address is 123.123.123.5, the m/r's LAN address is 192.168.1.1.
Where you are mixing up terms is when you call the m/r's LAN address its "default gateway". It is A default gateway, but only when referring to clients. That is, a workstation on the LAN will have 192.168.1.1 as the default gateway. I'm not tying to nitpick here because I think this is part of what is confusing things.
As a second point, I don't understand TWC saying that their modems won' handle 5 IPs. A true modem doesn't HAVE an IP address; it is just a MOdulater/DEModulator. I suspect that he problem here is that TWC (as with most ISPs) calls a modem/router a modem.
What is the physical connection from TWC to you? Is it a coax cable? If so, then I'd look at Docsis 3.0 modems, such as this from Amazon for $40:
https://www.amazon.com/NETGEAR-340Mbps-XFINITY-Cablevision-CM400-1AZNAS/dp/B0111MRLES/ref=sr_1_2?ie=UTF8&qid=1482785725&sr=8-2&keywords=docsis
I'd ask TWC first about compatibility, but you may have difficulty getting a straight answer from them. I'd take the risk (check Amazon's return policy) and order the modem.
If your Arris at home is a modem only, I'd give it a try. If it works, buy another standalone modem and simplify your life.
ASKER
Thanks for the explanation. Still a little confused by the default gateway, but I will think of it as LAN address on modem :-) -- I agree with asking ISP. It is a shame that with the amount of money I pay monthly for business Internet, that I have to be scared of them. "No, it will not be supported, etc." I also agree about getting my own modem. And, I am OK with paying $200 and throwing it away if it doesn't work. My home modem is also a coffee maker. I say that in jest. It is modem/router/wireless but I just removed my wireless modem and let it do the work connecting directly to the computer. After all, that is what ISPs think everyone is going to do. I doubt they even know the word domain. Yes, it is cable with coaxial connection.
The picture above seems to show what my local LAN's config is. If so, it shows the subnet as 192.168.0.1, which it definitely is not. I am rather certain DHCP is not currently on in the modem and definitely shouldn't be on in bridged mode. I wonder what it shows in bridged mode.
Thank you for hanging in there. I don't know who is stupider. TWC or I.
Here are some generic networking comments that may help clarify your confusion. Please excuse if I'm going over what you already know.
Let's say your workstation has an IP address of 192.168.1.5 with a netmask of 255.255.255.0 and a default gateway of 192.168.1.1 (your router). You want to communicate with your server at 192.168.1.100. Your workstation will send a packet with 192.168.1.100 NIC in the header. Your switch will know to send it out the port to which the server is connected. (This is more likely done by MAC address, but we'll leave that out for now.)
Now let's say that you want to communicate with google.com at 172.217.3.174 (ignore how we knew the IP address; that's likely DNS). Your computer looks at its IP address and subnet mask and determines that you are on a 192.168.1.x subnet. The address for google.com is NOT on that subnet, so your computer can't send the packet directly to google.com. Instead, it addresses the packet to google.com and then wraps it inside a container that is addressed to the default gateway at 192.168.1.1. When the gateway receives the packet it looks inside and recognizes that it's not really for the gateway. It re-wraps it in a container that is addressed to the default gateway for the router, which is the router at your ISP. The process starts the same where the ISP's router looks at the packet, sees that it has a different internal destination, and passes it along appropriately.
The basic idea on your LAN is that if you are sending a packet to a destination on your subnet (determined by your IP address and subnet) then you send it directly. If not, you add something to send it to the default gateway (your router) who will send it along to its default gateway (at your ISP).
Of course, it can get much more complicated with VLANs, multiple subnets, etc. but this covers a basic configuration.
"I am behind two routers": sort of..... I'm not knowledgeable of the exact details, but I think I have this correct as learned from experience.
The part that is confusing here is the use of a modem/router in bridged mode. It is almost the same as a simple modem. If you have it configured correctly and treat it as a modem, then it does act like one. Specifically, if your router points to 72.x.x.97 as the default gateway and has a WAN address of 72.x.x.99, then packets will be delivered to the m/r with a wrapper addressed to 72.x.x.97 and will pass through the m/r as if it were just a modem. Here's where it gets tricky.... If you connect to the m/r directly while on the 192.168.0.1 then it WON'T act as if it is bridged and you'll see the LAN side of the router in the m/r.
As far as DNS goes, just think of it as one of the ways to translate names (such as google.com) into IP addresses (such as 172.217.3.174). If you're only using IP or MAC addresses, you really don't care much about names and therefore DNS is not an issue.
Let's say your workstation has an IP address of 192.168.1.5 with a netmask of 255.255.255.0 and a default gateway of 192.168.1.1 (your router). You want to communicate with your server at 192.168.1.100. Your workstation will send a packet with 192.168.1.100 NIC in the header. Your switch will know to send it out the port to which the server is connected. (This is more likely done by MAC address, but we'll leave that out for now.)
Now let's say that you want to communicate with google.com at 172.217.3.174 (ignore how we knew the IP address; that's likely DNS). Your computer looks at its IP address and subnet mask and determines that you are on a 192.168.1.x subnet. The address for google.com is NOT on that subnet, so your computer can't send the packet directly to google.com. Instead, it addresses the packet to google.com and then wraps it inside a container that is addressed to the default gateway at 192.168.1.1. When the gateway receives the packet it looks inside and recognizes that it's not really for the gateway. It re-wraps it in a container that is addressed to the default gateway for the router, which is the router at your ISP. The process starts the same where the ISP's router looks at the packet, sees that it has a different internal destination, and passes it along appropriately.
The basic idea on your LAN is that if you are sending a packet to a destination on your subnet (determined by your IP address and subnet) then you send it directly. If not, you add something to send it to the default gateway (your router) who will send it along to its default gateway (at your ISP).
Of course, it can get much more complicated with VLANs, multiple subnets, etc. but this covers a basic configuration.
"I am behind two routers": sort of..... I'm not knowledgeable of the exact details, but I think I have this correct as learned from experience.
The part that is confusing here is the use of a modem/router in bridged mode. It is almost the same as a simple modem. If you have it configured correctly and treat it as a modem, then it does act like one. Specifically, if your router points to 72.x.x.97 as the default gateway and has a WAN address of 72.x.x.99, then packets will be delivered to the m/r with a wrapper addressed to 72.x.x.97 and will pass through the m/r as if it were just a modem. Here's where it gets tricky.... If you connect to the m/r directly while on the 192.168.0.1 then it WON'T act as if it is bridged and you'll see the LAN side of the router in the m/r.
As far as DNS goes, just think of it as one of the ways to translate names (such as google.com) into IP addresses (such as 172.217.3.174). If you're only using IP or MAC addresses, you really don't care much about names and therefore DNS is not an issue.
ASKER
I think the setup is causing this:
In router mode, I can access the Internet as the client sends to the server and it forwards out to the server. This opens a port to receive the website. I can send an email as everything from the LAN can send out. But, almost all is blocked when sent to my network. I.E. port 25 isn't open. And, my email from home doesn't work as it can't access the server.
In bridged mode, it seems that port 25 is not blocked as it shouldn't be, because in bridged mode the modem should be a modem and do no NAT and routing and should not be able to block ports. Why Internet works but at 33.6 dial-up speeds is beyond me.
And, RDP will not work from home again due to not seeing the server.
If one telnets from an outside computer it appears that 443 and 987 are open but not 25 or 3389.
I don't think you need to spend much time on this comment as it will likely be more teaching than helping with the problem.
In router mode, I can access the Internet as the client sends to the server and it forwards out to the server. This opens a port to receive the website. I can send an email as everything from the LAN can send out. But, almost all is blocked when sent to my network. I.E. port 25 isn't open. And, my email from home doesn't work as it can't access the server.
In bridged mode, it seems that port 25 is not blocked as it shouldn't be, because in bridged mode the modem should be a modem and do no NAT and routing and should not be able to block ports. Why Internet works but at 33.6 dial-up speeds is beyond me.
And, RDP will not work from home again due to not seeing the server.
If one telnets from an outside computer it appears that 443 and 987 are open but not 25 or 3389.
I don't think you need to spend much time on this comment as it will likely be more teaching than helping with the problem.
"I will think of it as LAN address on modem" Nooooo!
First of all, not trying to nitpick, but be careful to use the terms modem, modem/router, and router appropriately. You'll be far ahead of the ISPs if you do!
Modems don't have IP addresses. Routers (and many other devices) do. The router side of your modem/router has a WAN IP address (that is connected through the modem side) and a LAN IP address (connected to the single LAN port or to the multiple LAN switch ports).
As I cited, it should cost you $40 for a modem for testing, not $200. My comment about using your home one was that I thought it was just a modem.
First of all, not trying to nitpick, but be careful to use the terms modem, modem/router, and router appropriately. You'll be far ahead of the ISPs if you do!
Modems don't have IP addresses. Routers (and many other devices) do. The router side of your modem/router has a WAN IP address (that is connected through the modem side) and a LAN IP address (connected to the single LAN port or to the multiple LAN switch ports).
As I cited, it should cost you $40 for a modem for testing, not $200. My comment about using your home one was that I thought it was just a modem.
"But, almost all is blocked when sent to my network. I.E. port 25 isn't open. And, my email from home doesn't work as it can't access the server."
I'm not entirely clear on what you are saying, but I think I can steer you in the right direction.
When used as a modem/router, by default that device will block ALL incoming traffic unless it is invited by someone behind it. When you open a page on the internet, for example, the router allows a reply because you asked for it.
On the other hand, if you are trying to access your network from a different location, home for example, you are sending packets that haven't been requested or "invited". They will be blocked. This is basic security.
If you want to allow those in, you'll have to set up port forwarding on the m/r to allow them through to the WAN port on the other router. It can work, but is clumsy and more difficult to maintain then using just one router. You should find that such port forwarding is already set up on your Cisco.
As far as port 25 goes, be aware that it is very common for ISPs to block that. Most mail servers have an alternate address that you can use. That's not your issue here, but could be some day.
The symptom that is confusing me is why your system is slow when the m/r is in bridged mode. As a test, try this:
Put the m/r in bridged mode
Access the m/r locally as 192.168.0.1
Change its LAN port to 10.1.2.1
Test internet speed from the LAN side of your Cisco
"If one telnets from an outside computer it appears that 443 and 987 are open but not 25 or 3389." Is this when the m/r is in bridged mode? If so, I'll bet that the Cisco doesn't have those ports forwarded. Look up all of what is being forwarded on the Cisco.
I'm not entirely clear on what you are saying, but I think I can steer you in the right direction.
When used as a modem/router, by default that device will block ALL incoming traffic unless it is invited by someone behind it. When you open a page on the internet, for example, the router allows a reply because you asked for it.
On the other hand, if you are trying to access your network from a different location, home for example, you are sending packets that haven't been requested or "invited". They will be blocked. This is basic security.
If you want to allow those in, you'll have to set up port forwarding on the m/r to allow them through to the WAN port on the other router. It can work, but is clumsy and more difficult to maintain then using just one router. You should find that such port forwarding is already set up on your Cisco.
As far as port 25 goes, be aware that it is very common for ISPs to block that. Most mail servers have an alternate address that you can use. That's not your issue here, but could be some day.
The symptom that is confusing me is why your system is slow when the m/r is in bridged mode. As a test, try this:
Put the m/r in bridged mode
Access the m/r locally as 192.168.0.1
Change its LAN port to 10.1.2.1
Test internet speed from the LAN side of your Cisco
"If one telnets from an outside computer it appears that 443 and 987 are open but not 25 or 3389." Is this when the m/r is in bridged mode? If so, I'll bet that the Cisco doesn't have those ports forwarded. Look up all of what is being forwarded on the Cisco.
"The picture above seems to show what my local LAN's config is. If so, it shows the subnet as 192.168.0.1, which it definitely is not."
What has you concluding that? To test, do the following:
Set up a PC with an IP address of 192.168.0.5/255.255.255.0
Connect it to the LAN side of the m/r
Ping 192.168.0.1
Do you get a reply?
"I am rather certain DHCP is not currently on in the modem and definitely shouldn't be on in bridged mode. I wonder what it shows in bridged mode."
The screenshot you provided agrees. It says "DHCPv4 Server: Disabled".
What has you concluding that? To test, do the following:
Set up a PC with an IP address of 192.168.0.5/255.255.255.0
Connect it to the LAN side of the m/r
Ping 192.168.0.1
Do you get a reply?
"I am rather certain DHCP is not currently on in the modem and definitely shouldn't be on in bridged mode. I wonder what it shows in bridged mode."
The screenshot you provided agrees. It says "DHCPv4 Server: Disabled".
ASKER
Sorry, I wrote all this and our comments crossed.
Thanks. I pretty much understood what you said, and I had a good idea of 50% of it already. I may be over confident, but with the expert I have known for 15 years, the one thing I understand is Domain Name Server. If I ping yahoo.com in a command prompt, it will show me its IP. One part I am confused about is the DNS addresses in the NIC which are the IP addresses of the ISP. I am a little confused, because you stated, it sends to the default gateway in a wrapper. I thought it sent to the server who has the IP addresses of the ISP in its forwarders. I suppose the server then does all of the rest that you talk about. I know when my server is down, I cannot access the Internet, but I can if I put those same forwarder addresses in the DNS of the NIC, it can go directly.
I think the way my friend explains it in a broad sense is that the computer is dumb and only knows two things. IP addresses on the LAN. And, the default gateway. So, if the computer has a packet to send, it looks at the IP and says, "I don't know where this goes, I guess I will send it to the default gateway. Maybe it will know." The default gateway says, "I don't know what to do with this, I will send it to my default gateway. And, so on until some server (probably your ISP) knows and does name resolution. Of course, if you put yahoo.com's IP directly in the browser, it will go there.
I am getting smarter now, but still consider me someone you have to walk through. From everything you have said and from the modem saying I have an IP address of 0.x, it seems as though everything is due to a subnet issue. I know that when I look at port forwarding, you can choose the port, i.e. port 25, but it only allows you to send to a 0.x subnet. The address offered is 192.168.0. ____, with everything in bold greyed out. It is saying we know you have this subnet, so you can't change it. Since I don't want to change my LAN subnet to 0.x, I would rather change the default gateway on the modem to 1.x. Or find the setting you talked about earlier.
Thanks. I pretty much understood what you said, and I had a good idea of 50% of it already. I may be over confident, but with the expert I have known for 15 years, the one thing I understand is Domain Name Server. If I ping yahoo.com in a command prompt, it will show me its IP. One part I am confused about is the DNS addresses in the NIC which are the IP addresses of the ISP. I am a little confused, because you stated, it sends to the default gateway in a wrapper. I thought it sent to the server who has the IP addresses of the ISP in its forwarders. I suppose the server then does all of the rest that you talk about. I know when my server is down, I cannot access the Internet, but I can if I put those same forwarder addresses in the DNS of the NIC, it can go directly.
I think the way my friend explains it in a broad sense is that the computer is dumb and only knows two things. IP addresses on the LAN. And, the default gateway. So, if the computer has a packet to send, it looks at the IP and says, "I don't know where this goes, I guess I will send it to the default gateway. Maybe it will know." The default gateway says, "I don't know what to do with this, I will send it to my default gateway. And, so on until some server (probably your ISP) knows and does name resolution. Of course, if you put yahoo.com's IP directly in the browser, it will go there.
I am getting smarter now, but still consider me someone you have to walk through. From everything you have said and from the modem saying I have an IP address of 0.x, it seems as though everything is due to a subnet issue. I know that when I look at port forwarding, you can choose the port, i.e. port 25, but it only allows you to send to a 0.x subnet. The address offered is 192.168.0. ____, with everything in bold greyed out. It is saying we know you have this subnet, so you can't change it. Since I don't want to change my LAN subnet to 0.x, I would rather change the default gateway on the modem to 1.x. Or find the setting you talked about earlier.
ASKER
You are incredibly fast. Slow down just a little, lol. I have to respond to your two comments. I mean this as a compliment. It says I am Level 1. :-( I think I am at least a Level 2, lol. Especially after your lectures. Again, meant as a compliment.
"I know when my server is down, I cannot access the Internet" Not exactly correct. You likely can't access the internet by name but can by IP address. I know, it still means you don't have a practical use of the internet, but the difference is crucial when troubleshooting.
As an example, when the server is down, try pinging 4.2.2.2 (which is on the internet). It will work. Ping google.com and you'll likely not be able to resolve the name. You CAN get to the internet, just not in a way that you'll find practical. The key is that this test separates connectivity issues from DNS issues.
"the computer is dumb and only knows two things. IP addresses on the LAN": not exactly correct, but probably good enough. It knows whether or not an IP address is on the subnet, not if a device actually exists at that address. That may be the same as what your friend said. Another way to put it is that your computer knows what is on its subnet (based on IP address and subnet mask) and what is not.
"I thought it sent to the server who has the IP addresses of the ISP in its forwarders.": very close! That is where DNS requests get sent, not packets in general. If I want to know the IP address of google.com (and don't already know it), it gets sent to the primary DNS setting on my computer. This is typically one of three places: a local DNS server (such as your SBS), your router, or a DNS server on the internet (either at your ISP or elsewhere).
If you try to send a packet to google.com, your computer realizes it doesn't know the IP address and makes a DNS request. Once it has an IP address, then it sends the packet addressed to that IP address and wrapped up to go to your default gateway. You don't ever send to anything outside your subnet. Instead, you address it to where you want it to go and then package it to be sent to your default gateway which is on your subnet.
"Of course, if you put yahoo.com's IP directly in the browser, it will go there.": yes, but after it has done a DNS request to resolve the name (if it doesn't already have the address from a recent check).
"Since I don't want to change my LAN subnet to 0.x, I would rather change the default gateway on the modem to 1.x.": again, try to use modem, modem/router, and router as appropriate. It will make some of this easier to understand.
You only need to do port forwarding on the m/r when it is used as a router (i.e. not in bridged mode), which you really want to avoid. If you were using it as modem and router (again, not advised) then the WAN address on your Cisco would be on the 192.168.0.x subnet and that would be the destination of your port forwarding. In fact, you could just forward all ports to that address. Not recommended, but can be made to work.
As an example, when the server is down, try pinging 4.2.2.2 (which is on the internet). It will work. Ping google.com and you'll likely not be able to resolve the name. You CAN get to the internet, just not in a way that you'll find practical. The key is that this test separates connectivity issues from DNS issues.
"the computer is dumb and only knows two things. IP addresses on the LAN": not exactly correct, but probably good enough. It knows whether or not an IP address is on the subnet, not if a device actually exists at that address. That may be the same as what your friend said. Another way to put it is that your computer knows what is on its subnet (based on IP address and subnet mask) and what is not.
"I thought it sent to the server who has the IP addresses of the ISP in its forwarders.": very close! That is where DNS requests get sent, not packets in general. If I want to know the IP address of google.com (and don't already know it), it gets sent to the primary DNS setting on my computer. This is typically one of three places: a local DNS server (such as your SBS), your router, or a DNS server on the internet (either at your ISP or elsewhere).
If you try to send a packet to google.com, your computer realizes it doesn't know the IP address and makes a DNS request. Once it has an IP address, then it sends the packet addressed to that IP address and wrapped up to go to your default gateway. You don't ever send to anything outside your subnet. Instead, you address it to where you want it to go and then package it to be sent to your default gateway which is on your subnet.
"Of course, if you put yahoo.com's IP directly in the browser, it will go there.": yes, but after it has done a DNS request to resolve the name (if it doesn't already have the address from a recent check).
"Since I don't want to change my LAN subnet to 0.x, I would rather change the default gateway on the modem to 1.x.": again, try to use modem, modem/router, and router as appropriate. It will make some of this easier to understand.
You only need to do port forwarding on the m/r when it is used as a router (i.e. not in bridged mode), which you really want to avoid. If you were using it as modem and router (again, not advised) then the WAN address on your Cisco would be on the 192.168.0.x subnet and that would be the destination of your port forwarding. In fact, you could just forward all ports to that address. Not recommended, but can be made to work.
Take your time and don't worry about your words. I'm quite thick-skinned here and don't take much personally! Well.. not the negative stuff, that is.
ASKER
Let me try the changing the default. I wish you had this modem physically at your place, so you could see where the settings are. It's funny, because after about 20 emails, he said, "You really need someone on site to look at this." He is actually at a disadvantage, because he has my network and Cisco settings memorized. Except it has been a while, so he has them memorized incorrectly.
The main thing I am worried about is that when he says someone on site, he is not referring to a TWC tech, who is supposed to come out tomorrow. The techs know how to test incoming wire connections and set up the modems. But, it sort of stops there. Most are not well versed in everything you are talking about nor are they going to want to take the time to do it. Nor do I really want them to.
I almost feel other than switching out a modem to a standalone modem, I am not sure if I really want them coming out yet. What do you think?
The main thing I am worried about is that when he says someone on site, he is not referring to a TWC tech, who is supposed to come out tomorrow. The techs know how to test incoming wire connections and set up the modems. But, it sort of stops there. Most are not well versed in everything you are talking about nor are they going to want to take the time to do it. Nor do I really want them to.
I almost feel other than switching out a modem to a standalone modem, I am not sure if I really want them coming out yet. What do you think?
ASKER
1. Sorry, I was saying the same thing. I meant, by default, ALL incoming traffic is blocked. So, given port 25 isn't open, I cannot receive email from others. And, I cannot send email from Gmail. One thing I should be sure of is we are talking apples and apples on the ports. Is a port being open the same thing as being forwarded. I know if my sending to a web address allows it to be invited in means the port is open. Maybe not the same thing as forwarded. Should know this info, because it did not need to be changed in the router by forwarding.
2. "If you want to allow those in, you'll have to set up port forwarding on the m/r..." I definitely have tried this even though clumsy, but port forwarding while it looks easy will not allow because there is a place to be the address to forward to, and it defaults to 192.168.0.x. The first three octets can NOT be changed. They are greyed out. So you have TCP port 25 to port 25. The rule gets enabled, but doesn't work because I can't send it to the server. Also, when you choose any service besides AIM or FTP using 'other' you have to type it in a field. It is called the service field. I type in SMTP, Email, 25, etc. The only one that it will allow is 25. One would think you would name it SMTP.
Yes, the port forwarding is set up on the Cisco. Which is why I wish this were a standalone modem as you do.
3. 25 and 3389 is not open. You would break even on your bet, lol. My three rules are for 443, 987 and 25. 3389 is not open. It is dangerous to open port 3389, I believe, due to hackers knowing it is a common port. You can change it. I believe when I used SBS 2003, I had to open 3389 or a different port for RDP, but I thing with SBS 2008, the terminal gateway or RDS -- not sure if Microsoft changed the name yet -- handles RDP transport.
4. "Change its LAN port to 10.1.2.1. I hope I can change it. The GUI is fairly straightforward, but allowing basic settings are not that easy or not available. I will test.
5. I can't remember. I believe in m/r, as I can't receive email in m/r mode, but I can in bridged.
6. "What makes me conclude that?" I concluded that because the picture shows Local Network: Connected. Then it says IPv4: 192.168.0.1. I think now that Local IP Network refers to the m/r. Sorry.
2. "If you want to allow those in, you'll have to set up port forwarding on the m/r..." I definitely have tried this even though clumsy, but port forwarding while it looks easy will not allow because there is a place to be the address to forward to, and it defaults to 192.168.0.x. The first three octets can NOT be changed. They are greyed out. So you have TCP port 25 to port 25. The rule gets enabled, but doesn't work because I can't send it to the server. Also, when you choose any service besides AIM or FTP using 'other' you have to type it in a field. It is called the service field. I type in SMTP, Email, 25, etc. The only one that it will allow is 25. One would think you would name it SMTP.
Yes, the port forwarding is set up on the Cisco. Which is why I wish this were a standalone modem as you do.
3. 25 and 3389 is not open. You would break even on your bet, lol. My three rules are for 443, 987 and 25. 3389 is not open. It is dangerous to open port 3389, I believe, due to hackers knowing it is a common port. You can change it. I believe when I used SBS 2003, I had to open 3389 or a different port for RDP, but I thing with SBS 2008, the terminal gateway or RDS -- not sure if Microsoft changed the name yet -- handles RDP transport.
4. "Change its LAN port to 10.1.2.1. I hope I can change it. The GUI is fairly straightforward, but allowing basic settings are not that easy or not available. I will test.
5. I can't remember. I believe in m/r, as I can't receive email in m/r mode, but I can in bridged.
6. "What makes me conclude that?" I concluded that because the picture shows Local Network: Connected. Then it says IPv4: 192.168.0.1. I think now that Local IP Network refers to the m/r. Sorry.
If you have something that will allow you to limp by in the meantime, I'd order another modem and not let them come out. Unless you think you'll get a tech who really knows how to set up their modem/routers with a second router, it will likely be a waste of time.
As far as not being able to be on site, as long as you have internet access, most of us can get into a computer at your site (with your permission and effort) to look at things. (Think Remote Desktop, LogMeIn, TeamViewer, etc.)
As far as not being able to be on site, as long as you have internet access, most of us can get into a computer at your site (with your permission and effort) to look at things. (Think Remote Desktop, LogMeIn, TeamViewer, etc.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well you will probably have some time off. I tried the 10.1.2.1 and no internet connection. I then changed it back, but I am so used to using 1.1, I put in 192.168.1.1. Bad idea. Tried connecting with that ip and, of course, got the Cisco. I tried a direct connection, which not a great idea since firewall is off in modem. I have A/V and Windows firewall. But it didn't connect using 192.168.1.1. Do I need to go to factory settings. I guess if I connect directly just to connect to modem and not troubleshoot, I could disconnect the coax.
"I tried the 10.1.2.1 and no internet connection" from which device with what IP address settings connected where?
"Tried connecting with that ip and, of course, got the Cisco": yes, that is expected if you are connected to the LAN side of the Cisco.
"I tried a direct connection, which not a great idea since firewall is off in modem. I have A/V and Windows firewall. But it didn't connect using 192.168.1.1": what were your IP settings on the workstation when you tried this? To check what is active do:
start
run
cmd
ipconfig
I'll bet that you don't have what you need.
While connected directly to the m/r LAN side, go to Control Panel, Network and Network Settings or Network and Sharing Center, Change Adapter Settings, double-click on your adapter, Properties, Internet Procol (TCP/IP), Properties, set the IP address to 192.168.1.5 and mask to 255.255.255.0. (some clicks may be different depending on Windows version). Save all of it and then see if you can ping 192.168.1.1 and if you can browse to it.
"Tried connecting with that ip and, of course, got the Cisco": yes, that is expected if you are connected to the LAN side of the Cisco.
"I tried a direct connection, which not a great idea since firewall is off in modem. I have A/V and Windows firewall. But it didn't connect using 192.168.1.1": what were your IP settings on the workstation when you tried this? To check what is active do:
start
run
cmd
ipconfig
I'll bet that you don't have what you need.
While connected directly to the m/r LAN side, go to Control Panel, Network and Network Settings or Network and Sharing Center, Change Adapter Settings, double-click on your adapter, Properties, Internet Procol (TCP/IP), Properties, set the IP address to 192.168.1.5 and mask to 255.255.255.0. (some clicks may be different depending on Windows version). Save all of it and then see if you can ping 192.168.1.1 and if you can browse to it.
ASKER
Yes, I knew. Thought about changing the IP of the Cisco for a second, but thought otherwise first. Don't want to break that.
Just to help: I can do quite a few commands. Definitely the ipconfig and ipconfig /all (but it's probably easier to just assume I know nothing)
Definitely know how to check NIC settings. Been doing that since Windows 95. Again, understood.
Settings were:
192.168.1.15
255.255.255.0
192.168.1.1
Probably not worth doing now. I did a factory reset and rebooted the Cisco. It seems to be running in bridged. But, that wouldn't make sense. Factory = m/r. And, bridged gives you 30 to 90 second webpage loads. You do get email.
Currently, I am getting email and Internet. Internet is slow, but loading in about 15 seconds.
But, if factory reset, should be 192.168.0.1.
I wonder if when it returns to factory settings (it states, "this will remove any changes you made") which would make sense. I wonder if they consider changes, turning off wireless, this and that, but consider changing the LAN address as almost hard coded. I wonder if it is still 192.168.1.1? Wonder if I should test that. Or would it simply not work if it were that IP?
Just to help: I can do quite a few commands. Definitely the ipconfig and ipconfig /all (but it's probably easier to just assume I know nothing)
Definitely know how to check NIC settings. Been doing that since Windows 95. Again, understood.
Settings were:
192.168.1.15
255.255.255.0
192.168.1.1
Probably not worth doing now. I did a factory reset and rebooted the Cisco. It seems to be running in bridged. But, that wouldn't make sense. Factory = m/r. And, bridged gives you 30 to 90 second webpage loads. You do get email.
Currently, I am getting email and Internet. Internet is slow, but loading in about 15 seconds.
But, if factory reset, should be 192.168.0.1.
I wonder if when it returns to factory settings (it states, "this will remove any changes you made") which would make sense. I wonder if they consider changes, turning off wireless, this and that, but consider changing the LAN address as almost hard coded. I wonder if it is still 192.168.1.1? Wonder if I should test that. Or would it simply not work if it were that IP?
ASKER
It's basically weird. Before the change to factory default m/r did not give 192.168.0.1. While the Internet is slower in m/r, it does has email and RDP.
But, the wireless isn't working. So, I don't think the factory default worked. Maybe Time-Warner can do a factory reset. I know they can supposedly reboot it.
Sorry for screwing up the troubleshooting.
But, the wireless isn't working. So, I don't think the factory default worked. Maybe Time-Warner can do a factory reset. I know they can supposedly reboot it.
Sorry for screwing up the troubleshooting.
When you say that the settings were 192.168.1.15, on which device and to what was it connected? Such details can make ALL the difference when troubleshooting.
"I did a factory reset and rebooted the Cisco. It seems to be running in bridged. "
I know.. I'm picky.. but there is a reason. Don't say "It seems...." as that is a conclusion; report what you observed and THEN your conclusion. I don't think that there is a bridged mode for the Cisco. I keep telling my clients that I'm going to ban pronouns!
"But, if factory reset, should be 192.168.0.1. " What "should be 192..."? Such details are critical.
If you did a factory reset of the m/r, try to connect to it directly. Specifically, set up your workstation with a 192.168.0.5 address and see if you can get your internet browser to point to 192.168.0.1. That should be the web interface to the m/r. If that works, change the LAN IP of the m/r to 192.168.1.1, get rid of the Cisco, and connect everything through the LAN port(s) on the m/r. Disable DHCP (I'm assuming that you're doing that on the SBS) and set up whatever port forwarding you need on the m/r. That should get you working.
Which device do you want to use to provide wireless services? If it is the m/r then you have to configure it correctly. If it is the Cisco, then we'll have to take a different approach.
In general, if you want to use the Cisco, get a modem and not a modem/router!
"I did a factory reset and rebooted the Cisco. It seems to be running in bridged. "
I know.. I'm picky.. but there is a reason. Don't say "It seems...." as that is a conclusion; report what you observed and THEN your conclusion. I don't think that there is a bridged mode for the Cisco. I keep telling my clients that I'm going to ban pronouns!
"But, if factory reset, should be 192.168.0.1. " What "should be 192..."? Such details are critical.
If you did a factory reset of the m/r, try to connect to it directly. Specifically, set up your workstation with a 192.168.0.5 address and see if you can get your internet browser to point to 192.168.0.1. That should be the web interface to the m/r. If that works, change the LAN IP of the m/r to 192.168.1.1, get rid of the Cisco, and connect everything through the LAN port(s) on the m/r. Disable DHCP (I'm assuming that you're doing that on the SBS) and set up whatever port forwarding you need on the m/r. That should get you working.
Which device do you want to use to provide wireless services? If it is the m/r then you have to configure it correctly. If it is the Cisco, then we'll have to take a different approach.
In general, if you want to use the Cisco, get a modem and not a modem/router!
ASKER
Lots of good stuff there. I (wait that's a pronoun); Bert (3rd person) -- totally kidding. I completely get what you say. Makes sense.
I had connected from a client computer on the domain with IP of 192.168.1.15, subnet 255.255.255.0, and default gateway of 192.168.1.1. Connected to the modem in bridged mode and then in m/r mode. I connected each time directly using just the patch panel, thereby removing the Cisco from the equation. I will give results tomorrow.
The factory default was made on the m/r, not the Cisco. I did this because I changed its LAN IP to 192.168.1.1 therefore I couldn't access the modem. As an aside, I would never change the Cisco to factory defaults unless absolutely necessary. I also would have a difficult time using just their m/r as my router. I just can't stop using the Cisco or a Mikrotek (sp?)
I will get back to you tomorrow as I am using my phone and out is taking too long, and I am not at the office.
Thanks
I had connected from a client computer on the domain with IP of 192.168.1.15, subnet 255.255.255.0, and default gateway of 192.168.1.1. Connected to the modem in bridged mode and then in m/r mode. I connected each time directly using just the patch panel, thereby removing the Cisco from the equation. I will give results tomorrow.
The factory default was made on the m/r, not the Cisco. I did this because I changed its LAN IP to 192.168.1.1 therefore I couldn't access the modem. As an aside, I would never change the Cisco to factory defaults unless absolutely necessary. I also would have a difficult time using just their m/r as my router. I just can't stop using the Cisco or a Mikrotek (sp?)
I will get back to you tomorrow as I am using my phone and out is taking too long, and I am not at the office.
Thanks
My comment about using just the m/r was more diagnostic than anything else. Truth is, if you got that working with the right LAN IP and then did the proper port forwarding, it would likely do what you need. I'd start there, get back up and running, and then replace it with a standalone modem and the Cisco.
One advantage of this approach is that if you DO get it working with the m/r and then replace it, you have a backup. You'll have to keep track of any new port forwarding (or triggering if you ever use that) on the Cisco to apply back on the m/r if you have to ever use the m/r again.
I need a better term... "non-specific pronouns"? "I" is clear, "it" is generally not as commonly used.
One advantage of this approach is that if you DO get it working with the m/r and then replace it, you have a backup. You'll have to keep track of any new port forwarding (or triggering if you ever use that) on the Cisco to apply back on the m/r if you have to ever use the m/r again.
I need a better term... "non-specific pronouns"? "I" is clear, "it" is generally not as commonly used.
ASKER
Thanks. I just about canceled the TWC person today, because I was having so much fun doing this troubleshooting. In fact, I brought my cable modem from home (after making a backup) to see if my home modem worked at work. I looked all over for a way to bridge it, but I could not find a place to bridge my home modem. Then I got to advanced, and the page said basic advance, which is an oxymoron, and more advanced. I chose more advanced after basic did not give the option. So, I clicked on more advanced and was brought to a screen with a field for "Password of the day." Wow. Obviously, the techs would know the password of the day. They probably have a password for either each day of the week or each day of the month, especially since the password doesn't need to be very difficult. My guess is it is there to keep people like me from changing to bridged mode or changing the LAN IP. But, I would never do that, lol.
I spoke with the tech, and I told him I changed my work modem to bridged. He stated I wasn't supposed to. I don't think he was ready for my reply. I basically told him that this had been going on for a week, and I am leasing the modem, and I will access it any time I want. Or, I could buy it. He said, "Well I have to tell his supervisor, but it's no big deal." After talking about the modem for five minutes, I think he was aware that I knew what I was doing. Although, I didn't. I am sure they don't want you changing things since it makes for work orders like these and probably can cause issues with the businesses equipment. But, I see why they have that rule, and I am sure they will end up with a password of that day on these modems.
Anyway, we could have troubleshot it forever. There was an issue with a "node" on the outside, and there were similar issues in the same area. When he called me in the morning (he was supposed to come in the afternoon), he said he would be right over. So, it made sense to let him stop by. He was extremely nice and very good. He stated the node was fixed yesterday, and the modem was faulty.
He put a much better modem in and did a few other things, and it is now working perfectly. We are now getting speeds of 70 down and 6 up.
I will go through this thread and try to pick out which post to make the Best Solution and which were Assisted.
I spoke with the tech, and I told him I changed my work modem to bridged. He stated I wasn't supposed to. I don't think he was ready for my reply. I basically told him that this had been going on for a week, and I am leasing the modem, and I will access it any time I want. Or, I could buy it. He said, "Well I have to tell his supervisor, but it's no big deal." After talking about the modem for five minutes, I think he was aware that I knew what I was doing. Although, I didn't. I am sure they don't want you changing things since it makes for work orders like these and probably can cause issues with the businesses equipment. But, I see why they have that rule, and I am sure they will end up with a password of that day on these modems.
Anyway, we could have troubleshot it forever. There was an issue with a "node" on the outside, and there were similar issues in the same area. When he called me in the morning (he was supposed to come in the afternoon), he said he would be right over. So, it made sense to let him stop by. He was extremely nice and very good. He stated the node was fixed yesterday, and the modem was faulty.
He put a much better modem in and did a few other things, and it is now working perfectly. We are now getting speeds of 70 down and 6 up.
I will go through this thread and try to pick out which post to make the Best Solution and which were Assisted.
ASKER
Why does it say two people have posted on your question when it has been only one? My assumption is that they count me as well. I would think that the site would have the capability of realizing the posts which come from the author and those that don't. It is no big deal, but if it said that three people had posted on your question (or comments), I would want to know that. I suppose if it said one, it would be more helpful. Generally, I just go by email notifications, but in this situation with my email problems, I relied mostly on the site notifications.
I apologize with being so verbose with my comments. It is a problem I have. I guess I just want to express everything that is in my head.
I apologize with being so verbose with my comments. It is a problem I have. I guess I just want to express everything that is in my head.
I'm the last person to complain about people being appropriately verbose here!
Glad to hear it was resolved. I would recommend going back through my explanations and sort them out. You should find that this stuff isn't nearly as magical or confusing as it appears once you understand the basics.
Glad to hear it was resolved. I would recommend going back through my explanations and sort them out. You should find that this stuff isn't nearly as magical or confusing as it appears once you understand the basics.
ASKER
Your explanations were crystal clear. In fact I will bookmark this one. I am not quite sure about your suggestion. Is it related to organizing them so I learn and retain more? Or for the points.
Your help and dedication and putting up with me were invaluable and very much appreciated. On one hand you could write 50 comments of troubleshooting and teaching basics, and then the answer be that the cable from the street was cut (obviously not given the connection to the modem). Just an example. I would never then say, well you didn't really solve the problem. You deserve 5000 points times 4.
Also, your explaining to me about the pronouns was an eye opener. I can see that even though I may say, "Well, I need to change the IP on the modem," and then two hours later stating I changed the IP, that if you don't know whether I meant the Cisco or the m/r or even the computer I was on.
I remember there was one question with about five experts helping. And, they would each give a troubleshooting step with something I should report back with. Sometimes it would be 24 hours between comments, and in the meantime, I would have changed the m/r to defaults or something else that no one had asked for. Which was confusing and sort of changed the order of the troubleshooting. Wow, one of the experts who was very good with SBS here (and wasn't even commenting, just following the question), just lit into me about it. Looking back, he was right, but wow.
Your help and dedication and putting up with me were invaluable and very much appreciated. On one hand you could write 50 comments of troubleshooting and teaching basics, and then the answer be that the cable from the street was cut (obviously not given the connection to the modem). Just an example. I would never then say, well you didn't really solve the problem. You deserve 5000 points times 4.
Also, your explaining to me about the pronouns was an eye opener. I can see that even though I may say, "Well, I need to change the IP on the modem," and then two hours later stating I changed the IP, that if you don't know whether I meant the Cisco or the m/r or even the computer I was on.
I remember there was one question with about five experts helping. And, they would each give a troubleshooting step with something I should report back with. Sometimes it would be 24 hours between comments, and in the meantime, I would have changed the m/r to defaults or something else that no one had asked for. Which was confusing and sort of changed the order of the troubleshooting. Wow, one of the experts who was very good with SBS here (and wasn't even commenting, just following the question), just lit into me about it. Looking back, he was right, but wow.
I believe that the standard for points is to award them for what got you to the solution, not for effort.
My suggestion to re-read was strictly to point you to something that may be of help to you in the future. One of my bad habits (here and with clients) is to try to help people to be independent where appropriate. I'd rather show you how to get to the solution than to just give you the solution if I think that you'll run into something close to it in the future.
As far as pronouns go, I was only half joking. All too often the rules of grammar aren't followed and it isn't at all clear to what "it" refers. That can make troubleshooting very difficult, to say the least!
"I need to change the IP on the modem": you weren't paying attention! Modems don't have IP addresses!
As far as response time here goes, I understand both sides of it. There are times I post a question and have to set the project aside to get to more pressing things. My bigger issue is when the poster never responds to direct questions whose answers are fairly critical.
My suggestion to re-read was strictly to point you to something that may be of help to you in the future. One of my bad habits (here and with clients) is to try to help people to be independent where appropriate. I'd rather show you how to get to the solution than to just give you the solution if I think that you'll run into something close to it in the future.
As far as pronouns go, I was only half joking. All too often the rules of grammar aren't followed and it isn't at all clear to what "it" refers. That can make troubleshooting very difficult, to say the least!
"I need to change the IP on the modem": you weren't paying attention! Modems don't have IP addresses!
As far as response time here goes, I understand both sides of it. There are times I post a question and have to set the project aside to get to more pressing things. My bigger issue is when the poster never responds to direct questions whose answers are fairly critical.
ASKER
Well, at least I stated "m/r" the options, lol
So the new modem/router is the Arris DG1670A. It is much more functional and powerful than the old one. I did take a peek but didn't even consider changing anything. But, at least I made a backup of the settings of the m/r.
Finally, I am using the office modem in router and firewall mode. It is working. I am getting 72 down and 6 up. Sure, I could bridge it, but why tempt fate as this point.
So the new modem/router is the Arris DG1670A. It is much more functional and powerful than the old one. I did take a peek but didn't even consider changing anything. But, at least I made a backup of the settings of the m/r.
Finally, I am using the office modem in router and firewall mode. It is working. I am getting 72 down and 6 up. Sure, I could bridge it, but why tempt fate as this point.
I agree about not tempting fate, but realize that you'll have to set up port forwarding in the Arris m/r similar to what you have in the Cisco (assuming you are still using that). With the Arris, the destination IP of the forwarding will be the WAN IP of the Cisco. Or.... you can leave off the Cisco altogether.
ASKER
Ok, so now I am confused. However the m/r is set up and connecting to the Cisco, it is working. I will check the ports. I am receiving your notification emails. Would that indicate that SMTP (25) is open? I can reach and send money to my bank, Key Bank without an issue. SharePoint can be accessed from home. I am able to reach the RWA portal on SBS 2008 from home and log in to Exchange, SharePoint and all desktops.
When I do a port scan of the Cisco router, the only ports that are open and not stealthed are 25, 443 and 987. 443 will allow RDP and now 3389 is not needed nor should it be opened.
When I do a port scan of the Cisco router, the only ports that are open and not stealthed are 25, 443 and 987. 443 will allow RDP and now 3389 is not needed nor should it be opened.
I'm lost as to where you are receiving emails or where the email server is. Is the SBS2008 the email server?
"We have a company that spools any unsent email": I'm not understanding this. If I send email to your office account (let's call the domain bert2005.com) and THE email server for your domain is your SBS2008 box, then there are only servers involved: mine and yours. If yours is offline (port blocked or whatever) then it is up to my server to decide what to do about it. It can give up right away (uncommon in my experience) or send me a notice that there was a problem and that it will keep trying for a while (very common IME). After some period of time (hours to days is typical) my server will give up and send me a message telling me so.
If you are sending an email to me and it is blocked by your ISP, it is up to your email server to decide what to do about it.
The key here is to understand how you have things configured. Start with the m/r. What is the external IP address, Default Gateway, and netmask? What is the LAN IP and netmask? Same questions for the Cisco. Then, what port forwarding or other "clever" things are going on in both boxes?
This should make a lot more sense when you have all of that sorted out. It should be safe to publish any of that here other than your m/r external IP address and Default Gateway. You can leave out the second and third octets (as you did above) and we'll be pretty clueless as to the real address yet still have the info we need.
"We have a company that spools any unsent email": I'm not understanding this. If I send email to your office account (let's call the domain bert2005.com) and THE email server for your domain is your SBS2008 box, then there are only servers involved: mine and yours. If yours is offline (port blocked or whatever) then it is up to my server to decide what to do about it. It can give up right away (uncommon in my experience) or send me a notice that there was a problem and that it will keep trying for a while (very common IME). After some period of time (hours to days is typical) my server will give up and send me a message telling me so.
If you are sending an email to me and it is blocked by your ISP, it is up to your email server to decide what to do about it.
The key here is to understand how you have things configured. Start with the m/r. What is the external IP address, Default Gateway, and netmask? What is the LAN IP and netmask? Same questions for the Cisco. Then, what port forwarding or other "clever" things are going on in both boxes?
This should make a lot more sense when you have all of that sorted out. It should be safe to publish any of that here other than your m/r external IP address and Default Gateway. You can leave out the second and third octets (as you did above) and we'll be pretty clueless as to the real address yet still have the info we need.
ASKER
OK, yes my Exchange Server is on my SBS server, and my email used to be directed to my Cisco and then the server via the addresses listed in my MX records. I had four of them. So, if you sent email to me it would go to my domain host and then be sent via SMTP to the Cisco and then the server.
As a physician, my emails are very important to me, and I get quite a few a day. I get quite a few on the weekend as well. Way back for reasons I can't remember, my server went down around four times in six months. Long story. But, once it was a four day weekend, and all of that email bounced back. We lost a lot of email.
So, we went with a company, which I am sure you have heard called MXToolbox. It was inexpensive and very helpful. The MX records then pointed at MXToolbox where it was then immediately forwarded to email server. It served two purposes. One, 30 days of email was stored there and two they insured that we never lost any email. Their servers would ping our servers every minute. When they were unable to ping the server, they would hold that email as usual, but it would be tagged as email that was never sent. As soon as you get your connection back, all of the emails they stored would float down to my server.
It has now become a little pricier, and since Office365 will basically be free, we are going to switch over.
As far as your other requests, those will be easy. I have looked at them quite a few times. I am a little tired right now, though. The Arris has three modes. Bridged, Routed without NAT, and Routed with NAT. It is currently set to Routed without NAT. I have also looked, and there is nothing listed in port forwarding on the m/r and there is nothing listed in port triggering on the m/r. The best I can tell is somehow all traffic is routed to the WAN IP of my Cisco. The Cisco router does have three ports forwarded to the SBS server. 25, 443 and 987.
As a physician, my emails are very important to me, and I get quite a few a day. I get quite a few on the weekend as well. Way back for reasons I can't remember, my server went down around four times in six months. Long story. But, once it was a four day weekend, and all of that email bounced back. We lost a lot of email.
So, we went with a company, which I am sure you have heard called MXToolbox. It was inexpensive and very helpful. The MX records then pointed at MXToolbox where it was then immediately forwarded to email server. It served two purposes. One, 30 days of email was stored there and two they insured that we never lost any email. Their servers would ping our servers every minute. When they were unable to ping the server, they would hold that email as usual, but it would be tagged as email that was never sent. As soon as you get your connection back, all of the emails they stored would float down to my server.
It has now become a little pricier, and since Office365 will basically be free, we are going to switch over.
As far as your other requests, those will be easy. I have looked at them quite a few times. I am a little tired right now, though. The Arris has three modes. Bridged, Routed without NAT, and Routed with NAT. It is currently set to Routed without NAT. I have also looked, and there is nothing listed in port forwarding on the m/r and there is nothing listed in port triggering on the m/r. The best I can tell is somehow all traffic is routed to the WAN IP of my Cisco. The Cisco router does have three ports forwarded to the SBS server. 25, 443 and 987.
OK... you've keyed on something out of my scope. I've not dealt with "routed without NAT". I can speculate on what it is doing but that would only confuse matters further and you don't need that! This setting is likely what is allowing packets to pass through to the Cisco without having any forwarding set up on the m/r.
This appears to have a reasonable explanation, though I've not gone through it in detail:
http://superuser.com/questions/1006520/use-case-for-routedwithnat-vs-bridged-vs-routedwithoutnat-in-a-home-networ
In any case, I'd still try for either of two scenarios: a simple modem and your Cisco or just the Arris.
This appears to have a reasonable explanation, though I've not gone through it in detail:
http://superuser.com/questions/1006520/use-case-for-routedwithnat-vs-bridged-vs-routedwithoutnat-in-a-home-networ
In any case, I'd still try for either of two scenarios: a simple modem and your Cisco or just the Arris.
ASKER
Well the author of the question in the link you provided seemed to make somewhat of a point that router A was in Enable DNS Relay, which my modem/router is.
It does seem confusing. For one thing the expert in the article mixes up Router A with Router B, I am not sure just at the end or the entire time. He does state to just reverse them. I will also say they break your pronoun rule multiple times.
It also appears as though the only reason the author wants Router B is to provide wireless. In that case he should just get one-size-fits all and use the one router for wireless. Kinda like removing the Cisco.
On my Arris modem/router, it does show a clear place to port forward and nothing is forwarded. The Arris modem/router also states there are two devices connected to it.
One question I have is let's say the modem/router is forwarding those three ports. Who would have forwarded them? The cable tech. How would he know I use SMTP mail? Maybe he asked me. Businesses do many times. Home modem/routers may have port 25 blocked by default. But, he would not know I needed 987. He probably doesn't even know what SharePoint is.
I know you are both helping, because you want to help, but I think part of you wants to figure this out. I am certainly not asking or requesting, but if you feel you can figure out what you need to know, feel happy to remote in and look at the config of both the Cisco router and the Arris modem/router.
It does seem confusing. For one thing the expert in the article mixes up Router A with Router B, I am not sure just at the end or the entire time. He does state to just reverse them. I will also say they break your pronoun rule multiple times.
It also appears as though the only reason the author wants Router B is to provide wireless. In that case he should just get one-size-fits all and use the one router for wireless. Kinda like removing the Cisco.
On my Arris modem/router, it does show a clear place to port forward and nothing is forwarded. The Arris modem/router also states there are two devices connected to it.
One question I have is let's say the modem/router is forwarding those three ports. Who would have forwarded them? The cable tech. How would he know I use SMTP mail? Maybe he asked me. Businesses do many times. Home modem/routers may have port 25 blocked by default. But, he would not know I needed 987. He probably doesn't even know what SharePoint is.
I know you are both helping, because you want to help, but I think part of you wants to figure this out. I am certainly not asking or requesting, but if you feel you can figure out what you need to know, feel happy to remote in and look at the config of both the Cisco router and the Arris modem/router.
My lack of experience and knowledge about routed-without-NAT discourages me from wanting to take a look at your configuration.
"In that case he should just get one-size-fits all and use the one router for wireless": not really. One can add an Access Point or a wireless router configured to work like an Access Point. It doesn't really complicate things much at all.
" Who would have forwarded them?": I wouldn't concern myself too much about how you got to where you are. I'd focus on where you are and where you need to be. Once you have access to the system locked down, THEN I'd be concerned about changes that occur without your knowledge.
Lastly.... I've got to repeat what I think is the better end goal: one modem and one router, whether in the same box or not. A standalone modem is inexpensive and could be used with the Cisco. Alternatively, put the m/r in the routed-with-NAT mode, set up forwarding, and get rid of the Cisco. What is the Cisco doing for you that the Arris m/r won't?
"In that case he should just get one-size-fits all and use the one router for wireless": not really. One can add an Access Point or a wireless router configured to work like an Access Point. It doesn't really complicate things much at all.
" Who would have forwarded them?": I wouldn't concern myself too much about how you got to where you are. I'd focus on where you are and where you need to be. Once you have access to the system locked down, THEN I'd be concerned about changes that occur without your knowledge.
Lastly.... I've got to repeat what I think is the better end goal: one modem and one router, whether in the same box or not. A standalone modem is inexpensive and could be used with the Cisco. Alternatively, put the m/r in the routed-with-NAT mode, set up forwarding, and get rid of the Cisco. What is the Cisco doing for you that the Arris m/r won't?
ASKER
Hi. I will respond to those comments and questions in a moment. First, you said you with thick-skinned (completely opposite of me by the way, but I would like to offer some constructive criticism. Or, maybe look at it more like how the author of the questions views recommendation and comments by the expert. If it doesn't help you, it will certainly help you to understand why you get responses from the author in the way that you do. Please don't misunderstand. Your help and determination to help resolve this has been unbelievable. And, I have found some posts that I can accept and reward you points.
I do not wish to write anything here (not that it is horrible), I just think it would be inappropriate to do so. I could not find an email, so I thought I could use the message feature on your profile? To be clear, not to talk about the question just other stuff. I am asking here first, because I want to make sure the message feature is confidential and/or can be deleted.
I do not wish to write anything here (not that it is horrible), I just think it would be inappropriate to do so. I could not find an email, so I thought I could use the message feature on your profile? To be clear, not to talk about the question just other stuff. I am asking here first, because I want to make sure the message feature is confidential and/or can be deleted.
Alright, so from what I gather in the large number of comments....
Is your Time Warner account business or residential? I ask this specifically because I know some cable companies do NOT allow you to have a standalone modem on a business account (namely Comcast, who force you to take one of their business gateways), while others like Cox will let you have a standalone modem and have multiple public IP addresses without issue. But also, business accounts tend to give far more flexibility. (This would most likely clear up your email problem)
Is your Time Warner account business or residential? I ask this specifically because I know some cable companies do NOT allow you to have a standalone modem on a business account (namely Comcast, who force you to take one of their business gateways), while others like Cox will let you have a standalone modem and have multiple public IP addresses without issue. But also, business accounts tend to give far more flexibility. (This would most likely clear up your email problem)
ASKER
Thanks masnrock,
Yes, it is a business account, And, we do pay $30.00 per month for the static IPs. I believe, but I could be wrong that the main reason we need a static IP since we don't have a web server is the hospital requires it when setting up our connection to the patient portal via their VPN. I don't think it is an always on connectionl
You are right about the large number of comments! We started with SBS 2003 ten years ago almost to the day and used Exchange. We had the same domain name, the same IPs, the same WAN IP on our router although it was a PIX-501 at the time. We have never missed one email unless the server or Exchange server was down. The first time we ever missed an email was when TWC replaced what they said was a faulty modem even though they also said that multiple nodes in the area were either faulty or completely down.
With the modem we have for almost ten years, we could do everything: Internet, receive and send email. Had they just told me on the phone they were having problems with their nodes which explained our slow Internet 5% of the day, the Internet would have been fixed and this question would never have been created.
They fixed the node and decided (possibly likely given the age of original router) to replace the modem (I have no idea if it were a m or m/r now without calling them) with a Technicolor MediaAccess TC8715D. THAT MODEM or its CONFIGURATION is what broke everything. That modem was the beginning of a two mode nightmare.
TC8715D in modem/router mode: Internet speed working rather well. Certainly well enough to do all business work. Email: You could send but you could NOT receive. That is a problem when I and most of my staff receive 30 to 60 emails per day mostly pertaining to patient stuff and other business pertaining to our medical practice.
TC8715D in bridged mode: Internet so slow, you couldn't even open Google. It would eventually open, but other sites such as www.cdc.gov (Centers for Disease Control) -- we have to have that, would time out, because it couldn't load everything in time. But, strangely enough email was perfect.
Hence the modem/router during the day and changing to bridged mode at night to get our archived and new email by morning.
Arris (best one they make) modem in modem/router mode WITHOUT NAT was installed. Instantly, we had Internet and Email and VPN connection as well as RDC. Not only that, we went from 15 down and 2 up to 70 down and 6 up. (We decided to take them up on their offer of lowering thee price and increasing the speed.
What made the thread continue was the fact that our LAN is behind the Cisco in router/firewall/NAT mode with three ports forwarded:
443, 25 and 987. That is in.
As CompProbSolv and two other IT Network Techs ask: How does anything from the outside make it to the LAN with the Cisco in between in if those ports are not open.
Yes, it is a business account, And, we do pay $30.00 per month for the static IPs. I believe, but I could be wrong that the main reason we need a static IP since we don't have a web server is the hospital requires it when setting up our connection to the patient portal via their VPN. I don't think it is an always on connectionl
You are right about the large number of comments! We started with SBS 2003 ten years ago almost to the day and used Exchange. We had the same domain name, the same IPs, the same WAN IP on our router although it was a PIX-501 at the time. We have never missed one email unless the server or Exchange server was down. The first time we ever missed an email was when TWC replaced what they said was a faulty modem even though they also said that multiple nodes in the area were either faulty or completely down.
With the modem we have for almost ten years, we could do everything: Internet, receive and send email. Had they just told me on the phone they were having problems with their nodes which explained our slow Internet 5% of the day, the Internet would have been fixed and this question would never have been created.
They fixed the node and decided (possibly likely given the age of original router) to replace the modem (I have no idea if it were a m or m/r now without calling them) with a Technicolor MediaAccess TC8715D. THAT MODEM or its CONFIGURATION is what broke everything. That modem was the beginning of a two mode nightmare.
TC8715D in modem/router mode: Internet speed working rather well. Certainly well enough to do all business work. Email: You could send but you could NOT receive. That is a problem when I and most of my staff receive 30 to 60 emails per day mostly pertaining to patient stuff and other business pertaining to our medical practice.
TC8715D in bridged mode: Internet so slow, you couldn't even open Google. It would eventually open, but other sites such as www.cdc.gov (Centers for Disease Control) -- we have to have that, would time out, because it couldn't load everything in time. But, strangely enough email was perfect.
Hence the modem/router during the day and changing to bridged mode at night to get our archived and new email by morning.
Arris (best one they make) modem in modem/router mode WITHOUT NAT was installed. Instantly, we had Internet and Email and VPN connection as well as RDC. Not only that, we went from 15 down and 2 up to 70 down and 6 up. (We decided to take them up on their offer of lowering thee price and increasing the speed.
What made the thread continue was the fact that our LAN is behind the Cisco in router/firewall/NAT mode with three ports forwarded:
443, 25 and 987. That is in.
As CompProbSolv and two other IT Network Techs ask: How does anything from the outside make it to the LAN with the Cisco in between in if those ports are not open.
"How does anything from the outside make it to the LAN with the Cisco in between in if those ports are not open."
The key here (I suspect) is that the Arris is in the routed-without-NAT mode.
The key here (I suspect) is that the Arris is in the routed-without-NAT mode.
ASKER
Well it definitely is in without NAT mode. I know this is a stupid question, but how can those ports on the m/r are not open. I don't see how they could be, which is why I made that comment a few back. (Don't ask, that will be addressed in my message to you).
I also thought that NAT allowed a packet(s) send from a client computer with a subnet of 192.168.1.31 and a default gateway of 192.168.1.1 with the usual subnet mask 255.255.255.0 to have the information of the site wrapped with it and it would be sent to the default gateway (not the LAN IP), and the default gateway (72.45.161.97) would send it knowing the information since the public Internet has no idea my LAN side exists. But, coming back I thought it would most likely come through the open port to the gateway of the Cisco and it would have remembered which computer requested it given it was saved in the table. Do you need NAT both ways?
I also thought that NAT allowed a packet(s) send from a client computer with a subnet of 192.168.1.31 and a default gateway of 192.168.1.1 with the usual subnet mask 255.255.255.0 to have the information of the site wrapped with it and it would be sent to the default gateway (not the LAN IP), and the default gateway (72.45.161.97) would send it knowing the information since the public Internet has no idea my LAN side exists. But, coming back I thought it would most likely come through the open port to the gateway of the Cisco and it would have remembered which computer requested it given it was saved in the table. Do you need NAT both ways?
ASKER
There were so many helpful comments here. Not only impossible to pick the best, even more impossible to select out all the assists. So, I will leave the question as is. I think all who read it will benefit. And, they will need to have dinner prepared before.
ASKER
I will forward on my thoughts. Maybe we or I add on as things develop. But, I felt that it was just getting more convoluted while open. If that makes sense.
ASKER
@masnrock
Thank you for that. And, thank you for your input.
Thank you for that. And, thank you for your input.
Bert, no ptoblem. Hopefully you're able to get everything sorted.
So If you do this then Your External IP address will show on your firewall if you have one between your modem and Server. If not then your server will get External IP. If you don't have 2 NIC on server this is very dangerous situation because You will be open to the internet.
If you have router between Modem and server then remember that on WAN interface you need to put your External IP and on WAN 192.168.1.1 as your gateway.
All firewall rules must be re-designed since your WAN IP is different now.
Also if they changed your External IP make sure you have apropriate changes in your external DNS record (MX and A and SPF)
If you try to use telnet ten try this
telnet
open "Your server external IP from MX" 25
Helo
"If you will get response from your server you can go to next command
mail from:yoursenderemai@server
rcpt to:yourinternalemaiadress@
DATA
try to put some text
ENTER
(DOT) .
Dot is End of transmission
You'll see if server accepted email or not.
I hope this will help