I'm having a bit of an issue trying to enable IP forwarding for my server.
Hardware:
Modem: Embarq 660 Series
Router: DI-624 D-Link
Computer: Vaio Windows
Server Software: Apache, MySQL, PHP
ISP: Centurylink
Here's the problem: Whenever I attempt to access the server via my external IP, I always wind up on this page (which is NOT my router):
From this i'm assuming that either port 80 is being blocked and redirected to an ISP page, or hell is freezing over.
From what I see, it appears that the external IP is not leading to my router at all, and this has been the only snag thus far. I understand that the router config should not be accessible from the external IP, but shouldn't I at least get to the password box?
I attempted connecting to the external IP from outside my home network, and with different ports but I still see Server not responding. Whether that means not connected to server or actual server problems, beats me.
Any ideas on how to get this to work? I appreciate it.
Update: Here's some screenshots of stuff
NAT Screen (note: yes, apache is configured to accept port 81):
Firewall Screen:
Router Screen (note: firewall automatically configured from my edits of virtual server):
Here's the screen that firefox has been giving me this whole time in attempt to connect:
Answer
The screen you see is your Embarq 660R (which is a ZyXEL).
If you get the bad gateway error when connecting from the outside, that means that the Embarq is not configured to allow incoming connections (WAN-to-LAN).
What you'd need to do is set up a firewall rule redirecting WAN port 80 to the port 80 of your Vaio on the LAN side.
The issue here is that fiddling with the firewall might expose your machine and allow unauthorized third parties to gain access to it. Unless you know what you're doing, maybe it would be better to require a reconfiguration from CenturyLink, if they're available for such services.
Otherwise, from Advanced Setup (second menu item on the left) you can add a new WAN-to-LAN rule for HTTP service (or use Custom TCP Service, then enter a name of your choice, TCP (should be the default or even unchangeable), inbound port 80, and select ALLOW.
The packets are now allowed to enter your home and go nowhere. To make them go where you need to, you also have to add a NAT rule: inbound port 80, outbound host (the IP of your Vaio), outbound port 80, from the same firewall advanced setup menu.
Be careful to choose "WAN to LAN" since the "LAN to LAN" option should be the one that you use to access the configuration. If you mess with that, you're in trouble: see this post for details.
Also, check that the subnet of Embarq and your "internal" router is the same. If it is not, say if the inbound port of the Embarq has 192.168.2.1 and the router assigns your Vaio 192.168.4.20, you will have to input a NAT rule on the Embarq towards the "WAN" address of the internal router, and a NAT rule on the internal router to have your Vaio receive the connection:
Vaio (192.168.4.20) <--- (192.168.4.1) Router (192.168.2.2) <--- Embarq (192.168.2.1)
The Embarq must NAT its EXTERNAL (WAN) port 80 to LAN port 80 of 192.168.2.2 (router)
192.168.2.2 is what the router calls its WAN port, and it too must redirect that
connection towards its LAN client Vaio. Hence, two rules.
(You can use a different number than 80 for the router external and Embarq internal
ports, so that: Internet (80) --> Embarq (8000) ---> 8000 (Router) --> 80 (Vaio);
this has the advantage of not "risking" port 80 on the router, in case it is used
for configuration).
At this point your Vaio should be reachable from the Internet. You can set up a dynamic DNS name using services like DynDNS or MyIP. Your computer is now potentially vulnerable to HTTP exploits, so have a care when configuring your Web application(s).
If I remember correctly, the ZyXEL should have two different "Save" options - one is "Apply Rule" and another is "Save Rule". My advice would be to note down what you do and use Apply, which - again if I remember right - does not save permanently changes. If things go awry, just power cycle the Embarq and it'll be as if nothing had happened. Once you're sure that things are working, repeat the configuration and this time use "Save".
If I remember incorrectly (as I often do), check out the Configuration Backup and Restore functions, so that you'll be able to undo any modifications. The same goes for the internal router, of course.
To check things out you can use an online service. The last hop ought to be your modem. You can also try and see whether there's network activity on the modem when you try to connect from the outside, and nothing else is running. Then, a packet from the outside on port 82 (which is not NATted) should elicit a blink from the modem and nothing from the router; a connection to port 81 should elicit a blink from the LEDs of both devices.
Finally, verify that the Vaio is not firewalled and inbound connections to port 81 are indeed allowed (this can probably be done if you have either hairpinning NAT on the modem/router, or, much better, another device that can be connected to the router together with the Vaio).
No comments:
Post a Comment