Trying to set up at-home server but not able to set up IP forwarding

2

1

I'm having a bit of an issue trying to enable IP forwarding for my server.

Hardware:

  • Modem: Embarq 660 Series

  • Router: DI-624 D-Link

  • Computer: Vaio Windows

  • Server Software: Apache, MySQL, PHP

  • ISP: Centurylink

Here's the problem: Whenever I attempt to access the server via my external IP, I always wind up on this page (which is NOT my router):

screenshot

From this i'm assuming that either port 80 is being blocked and redirected to an ISP page, or hell is freezing over.

From what I see, it appears that the external IP is not leading to my router at all, and this has been the only snag thus far. I understand that the router config should not be accessible from the external IP, but shouldn't I at least get to the password box?

I attempted connecting to the external IP from outside my home network, and with different ports but I still see Server not responding. Whether that means not connected to server or actual server problems, beats me.

Any ideas on how to get this to work? I appreciate it.

Update: Here's some screenshots of stuff

NAT Screen (note: yes, apache is configured to accept port 81):

NAT Screenshot

Firewall Screen:

Firewall Screenshot

Router Screen (note: firewall automatically configured from my edits of virtual server):

Router Screenshot

Here's the screen that firefox has been giving me this whole time in attempt to connect:

Firefox Screenshot

HelpingHand

Posted 2013-06-04T13:51:34.617

Reputation: 351

Do you have a ZyXEL? Are you sure you're hitting the right IP address and not connecting to someone else's modem/router? – LilCodger – 2013-06-06T14:27:25.993

Yeah, its my external IP. No, if your thinking that I have a ZyXEL anything, nope. My router and modem are stated above. I'm guessing that ZyXEL is whatever my ISP (centurylink) uses with the external IP. – HelpingHand – 2013-06-06T15:14:26.963

are you using wireless? – Keltari – 2013-06-06T15:20:35.920

Nooo... I'm not that bad. Direct LAN. – HelpingHand – 2013-06-06T15:33:14.050

Answers

1

The screen you see is your Embarq 660R (which is a ZyXEL).

If you get the bad gateway error when connecting from the outside, that means that the Embarq is not configured to allow incoming connections (WAN-to-LAN).

What you'd need to do is set up a firewall rule redirecting WAN port 80 to the port 80 of your Vaio on the LAN side.

The issue here is that fiddling with the firewall might expose your machine and allow unauthorized third parties to gain access to it. Unless you know what you're doing, maybe it would be better to require a reconfiguration from CenturyLink, if they're available for such services.

Otherwise, from Advanced Setup (second menu item on the left) you can add a new WAN-to-LAN rule for HTTP service (or use Custom TCP Service, then enter a name of your choice, TCP (should be the default or even unchangeable), inbound port 80, and select ALLOW.

The packets are now allowed to enter your home and go nowhere. To make them go where you need to, you also have to add a NAT rule: inbound port 80, outbound host (the IP of your Vaio), outbound port 80, from the same firewall advanced setup menu.

Be careful to choose "WAN to LAN" since the "LAN to LAN" option should be the one that you use to access the configuration. If you mess with that, you're in trouble: see this post for details.

Also, check that the subnet of Embarq and your "internal" router is the same. If it is not, say if the inbound port of the Embarq has 192.168.2.1 and the router assigns your Vaio 192.168.4.20, you will have to input a NAT rule on the Embarq towards the "WAN" address of the internal router, and a NAT rule on the internal router to have your Vaio receive the connection:

Vaio (192.168.4.20) <--- (192.168.4.1) Router (192.168.2.2) <--- Embarq (192.168.2.1)

The Embarq must NAT its EXTERNAL (WAN) port 80 to LAN port 80 of 192.168.2.2 (router)
192.168.2.2 is what the router calls its WAN port, and it too must redirect that
connection towards its LAN client Vaio. Hence, two rules.

(You can use a different number than 80 for the router external and Embarq internal
 ports, so that: Internet (80) --> Embarq (8000) ---> 8000 (Router) --> 80 (Vaio);
 this has the advantage of not "risking" port 80 on the router, in case it is used
 for configuration).

At this point your Vaio should be reachable from the Internet. You can set up a dynamic DNS name using services like DynDNS or MyIP. Your computer is now potentially vulnerable to HTTP exploits, so have a care when configuring your Web application(s).

If I remember correctly, the ZyXEL should have two different "Save" options - one is "Apply Rule" and another is "Save Rule". My advice would be to note down what you do and use Apply, which - again if I remember right - does not save permanently changes. If things go awry, just power cycle the Embarq and it'll be as if nothing had happened. Once you're sure that things are working, repeat the configuration and this time use "Save".

If I remember incorrectly (as I often do), check out the Configuration Backup and Restore functions, so that you'll be able to undo any modifications. The same goes for the internal router, of course.

Testing

To check things out you can use an online service. The last hop ought to be your modem. You can also try and see whether there's network activity on the modem when you try to connect from the outside, and nothing else is running. Then, a packet from the outside on port 82 (which is not NATted) should elicit a blink from the modem and nothing from the router; a connection to port 81 should elicit a blink from the LEDs of both devices.

Finally, verify that the Vaio is not firewalled and inbound connections to port 81 are indeed allowed (this can probably be done if you have either hairpinning NAT on the modem/router, or, much better, another device that can be connected to the router together with the Vaio).

LSerni

Posted 2013-06-04T13:51:34.617

Reputation: 7 306

I did not have the modem NAT set to the router, but to the computer directly. I changed this just now, but no change in results: server not responding. Whether that means the server is actually not responding, or it just can't connect to the server, I don't know. Take a look at the screenshots I just uploaded. – HelpingHand – 2013-06-06T22:11:39.063

They seem to work; just to be on the safe side, use TCP protocol instead of "Both" (UDP is useless to you in any case). Also try running tracert -d <your public IP address> from the cellphone connection. You only need to blot out your public IP: the 192.168.. addresses are meaningless in any case. A useful test would be to use hping in SYN-traceroute-mode from a Linux box: it might well be that your ISP supplies an additional firewall. Check out the "Bad Gateway" HTML source page (HTML comments, headers with Firebug etc.) to see whether you can see who it is that answers that way. – LSerni – 2013-06-07T08:56:56.930

I tried changing router connection mode to only TCP, but, same result. I have a ping app on my phone: Scany, and I will attempt to ping and traceroute the external IP on cell connection with that. I can't easily do a linux command for my cell connection since my phone is an iPhone. I uploaded the firefox screenshot that i'm getting when attempting to connect to the external IP. Take a look at it. – HelpingHand – 2013-06-07T16:48:37.597

I believe you can tether an external computer with your iPhone as WiFi router. That ought to allow this kind of testing. Editing answer anyway... – LSerni – 2013-06-07T18:10:46.787

Yeah, I think i'll try the easier step first: using a service. – HelpingHand – 2013-06-07T19:10:00.490

Alright, so I port scanned the external IP on the cell connection with my app, and it says that the only two ports open are 1. port 53 (DNS) and 2. port 161 (SNMP). That might give you some clues as to what's not happening here. Any ideas? – HelpingHand – 2013-06-08T14:52:04.690

Try powering off the ZyXEL modem and repeating. If those ports result closed, then there's something fishy in the ZyXEL configuration itself, possibly the WAN firewall settings. But if you see them still open... then you are not seeing the ZyXEL at all -- there's some fast footwork being done by CenturyLink. – LSerni – 2013-06-08T15:54:48.517

I'll say fishy. Okay. So I turned off my modem, and decided to take a look at what ports were open on the external IP from cell connection. The only port was 80 (HTTP). Seeing this, I typed the external IP into the browser, and it gave me the 502 bad gateway message. I then turned back on the modem, and port scanned it. 80 53 and 161 were the ones open. Upon entering it on the browser, I got back to the modem config page (WITHOUT PASSWORD!). Any clues to this one? – HelpingHand – 2013-06-08T16:23:50.550

From the outside? Without password? I'd say the modem configuration has to be reviewed. Moreover, how can port 80 be open on a powered off device? I begin to think that CenturyLink is using some sort of gateway to restrict Web servicing to those customers willing to shell an extra, and I'd ask them -- after checking the small print on the DSL contract :-) – LSerni – 2013-06-08T20:43:16.273

Yup, sounds like that's it to me. If you get ANY ideas on what i'm doing wrong or what will fix it, please let me know here. I need this to work as soon as possible. – HelpingHand – 2013-06-08T20:46:08.347

let us continue this discussion in chat

– LSerni – 2013-06-08T20:47:09.927

Don't know if you're notified when you receive a message in our chat page, sooo... consider this a notification. Thanks for all of your help! – HelpingHand – 2013-06-10T18:15:03.127

Because of your research effort, and the quality instructions that you have given me over the past few days, as well as your persistence with my question (it takes a special person to get the answers that I have received from you, and the fact that you stayed with my question, Good Job!), I have awarded YOU the bounty for my question! Use it well! (Techie007 does not get it, because he completely abandoned my comments, and worse, upvoted his own question somehow /unless he has people who go around upvoting his posts/) – HelpingHand – 2013-06-12T15:40:50.950

Chatroom notification. Take a look at it. – HelpingHand – 2013-06-13T14:34:34.203

2

Looks like you are hitting the Web management page of your ISP-supplied modem/router (does it say ZyXEL on it?).

When you are trying to access your web server by the external IP address, are you doing it from inside or outside of the LAN?

If you're doing it from inside then your, or your ISP's, router may not know how to translate/route your external IP address back into your LAN (it's hairpin routing, which many home-grade NAT routers don't support). Instead it redirects you to port 80 on the ZyXEL, which lets you right in (without a password) probably because you are hitting it from what it considers its LAN-side, which your ISP has left enabled for some reason. :)

Things to try:

  1. Try testing it from outside your LAN/house.
  2. Try using a different port (say 8888) to set it all up (forwards, and web server) and see if you can get that working. If you can, then you know it's the web management using port 80 that's your problem spot.

Ƭᴇcʜιᴇ007

Posted 2013-06-04T13:51:34.617

Reputation: 103 763

Wow! Thanks a lot man! I didn't really think about being on the LAN while accessing. I'll try your methods... – HelpingHand – 2013-06-04T14:18:16.577

When attempting to access public IP from a cellular connection (the only other connection that I have at hand), I get an error message: `Response Error.

Technical description: 502 Bad Gateway - Response Error, a bad response was received from another proxy server or the destination origin server.`. Got any clues? – HelpingHand – 2013-06-04T14:59:52.657

Neither of what you said fixed it. Does anyone have any ideas?? – HelpingHand – 2013-06-04T19:17:39.353

0

Are you using wireless? If so, disable wireless and used a wired connection. I bet you are hitting someone elses wireless router.

Keltari

Posted 2013-06-04T13:51:34.617

Reputation: 57 019

Using wireless to go to the External IP, or to host the website? – HelpingHand – 2013-06-06T15:34:17.633

How could that be if the IP i'm connecting to is what appears as my external IP on Google and other services? – HelpingHand – 2013-06-06T15:43:49.507

0

If this problem continues, you can just forward port XXXX on the external side to point to 80 on the internal side, and then type the port number after the IP to connect, ex. 123.123.123.123:XXXX

This is only as a last resort if no other methods work.

Wolfizen

Posted 2013-06-04T13:51:34.617

Reputation: 1 122

I have tried that already (unless you actually mean for me to port the letters XXXX). Read question once more. Thanks for the attempt anyway. – HelpingHand – 2013-06-06T15:36:14.923

0

By the way, this page (from Centurylink) has some interesting information about your Embarq 660 Modem and how to arrange WAN to LAN incoming connection.

Looks like ZyXEL is what you should see when connecting. And since you mentioned you have a router, and a modem, accessing you "External IP" means connecting to your modem first before even routed further deeper into your LAN (or beyond your modem).

Why your modem is not asking you for username/password, I have no idea, but probably a good idea to change the password for it.

To check if the modem do belong to you, see if you can find the username that the modem uses to connect / authenticate to CenturyLink. If the username is yours, then there you go. If it is not yours... are you sure you're connecting to the correct external IP?

Hope this helps.

Darius

Posted 2013-06-04T13:51:34.617

Reputation: 4 817

Thanks for the link. I followed the steps contained in that page, but i'm still getting the server not responding message. Any ideas? – HelpingHand – 2013-06-07T16:37:09.790

0

Alright guys, so I got it to work. All I needed was a good explanation of DMZ. Anyway, here were the steps to getting my server up and running.

  1. Have your Apache, PHP, and MYSQL ready.

  2. Make sure your server is running.

  3. Enter your router's config page (mine was 192.168.0.1) and configure it to DMZ the internal IP of the server.

  4. Enter a browser on your server and type the IP range of your modem (Ex. 192.168.2.1, nothing, 192.168.2.2, and so on...) Once you access your server page, jot down the IP that you used to access the page.

  5. Enter your modem's config page (mine was 192.168.2.1) and configure NAT to forward port 80 (or whatever port you choose to be sent to the server) to the IP address found just now.

  6. Configure your modem's firewall to accept packets from WAN to LAN.

  7. Get to a network outside your house (like a cell connection) and try going to your external IP. If you get to the server page, then, hallelujah. Otherwise, it might be your ISP (mine worked fine, Centurylink)

And that's what I did, thanks for all the help everybody. Especially Isrni, you gave me terrific instructions.

Good day to you all, Happy Independence Day. (If you're in the US)

HelpingHand

Posted 2013-06-04T13:51:34.617

Reputation: 351

Asked: 2013-06-04T13:51:34.617

Viewed: 1 295 times

Active: 2013-06-21T20:09:42.137