Setting up 'Virtual Servers' or 'Port Forwarding' isn't really difficult. However it took me a lot of time and effort to figure out what to do! You have to make a hole in the firewall. By default the firewall is erected between the router and the modem. The modem communicates with the ISP (to the WAN) and the router (to the LAN). The Port Forwarding occurs on the router. Therefore, if the modem is handling the communications to the WAN, you cannot get anything to work!
To over come this, you should put the modem into 'Bridge' mode and get the router to run PPPoE and manage the WAN communications. Now you're in good shape.
There are several other matters you should consider.
Discussion with "tinfoil"
I said:I'm wanting put a port on one of my machines outside the firewall so that I can access a server from anywhere. The Modem and the Router seem to be in a conspiracy to prevent this. The modem's got a 250 page manual - gosh it can do a lot of things, most of which stop the network, then I have to reset it and get it configured again. Very tedious.
I think I simply want the modem to forward all incoming stuff to the router and use the router's port filtering or DMZ, to get the whole thing to work.
Any of our buddies around here know how to do this? I believe this is quite popular with gamers on the internet.
The equipment has been working for 2 or 3 years. My ISP is Earthlink/DSL. I have a ZyXEL P660R-61 Modem. A Belkin F5D7231-4 Wireless Router (with Virtual Servers = port forwarding). It's been working fine for years with the modem doing PPPoE and the router in 'Dynamic' mode to support the network. Switching on Virtual Services (or DMZ) is ineffective. And my conclusion is the modem firewall is blocking.
I put the Modem into Bridge mode and the router into PPPoE. It logs on fine and the connection to the internet works on the home network machines.
However the 'Virtual Servers' (holes in the firewall) still don't work. I can't get DMZ to work either, although I'm uncomfortable with that because of the security implications.
And "tinfoil" said:
You should set your PC to have a static IP address. DMZ isn't ideal.You should set your PC to have a static IP address. DMZ isn't ideal.
And I said:I've got it working! It's always been working, but I wasn't testing it correctly.. All the machines have static IP addresses on the LAN. Earthlink assign a dynamic WAN address to the PPPoE client (on the router or modem) to forward to the correct machine on the LAN.
When I'm on the LAN, I can't address the servers with their WAN address, probably because the NAT is only applied to external sockets. Eureka! I've been using the port scanner at http://www.t1shopper.com/tools/port-scanner/ and of course he really is on the WAN. Crumbs, I can be really stupid (nothing new). I thought I'd eliminated that possibility several days ago.
So if I do:
% curl http://clanmills.homedns.orgfrom the LAN, this goes to the router (correct). However on a real external internet connection, the NAT will route it to the virtual server 192.168.2.105:80. To use that server from the LAN, I have to use:
% curl http://192.168.2.105or more conveniently using its alias in /etc/hosts For example:
% curl http://stridersor whatever the machine's called locally.
Thanks very much for patient encouragement - you've kept me dogging to the bottom of this. I'm thrilled. Thank you very much.
I'm very happy to accept comments, feedback and suggestions for any of my articles. I'm always happy to hear you - especially if you have constructive suggestions. And I'm particularily pleased if you can let me know about corrections.