Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: LANMonkey on August 05, 2016, 11:56:15 PM
-
For years now I have been serving a website from a basic DSL account. I recently switched to AT&T's Uverse service. They sent me their own gateway modem/router and I set up the firewall to pass website traffic (HTTP service) to my SME host server.
I have tested the website by trying to access the IP address alone, like ABC.DEF.GHI.JKL (with letters indicating the numbers of my IP address for purposes of this post). I can't get the website. I haven't yet changed the URL to point to that IP address. I can access the website using the LAN address, 192.168.etc.etc. I can also access the admin and webmail pages locally.
Shouldn't I be able to access the website using the IP address? What else could be going wrong? Is there perhaps a new dialog going on in the gateway that SME doesn't like? How could I troubleshoot what is going on?
-
From a workstation browser that is behind your sme server & firewall, go to
https://www.grc.com
& select to do a full port scan.
That should indicate whether ports are being blocked somewhere.
-
From a workstation browser that is behind your sme server & firewall, go to
https://www.grc.com
& select to do a full port scan.
That should indicate whether ports are being blocked somewhere.
Sounds like a good idea, but I don't see a link to anyplace to do a port scan. Could you provide a direct link?
-
You need to look harder, it's in small print
Click the ShieldsUp link
Try here
https://www.grc.com/x/ne.dll?bh0bkyd2
& then click proceed
There was a reason to start you at the beginning so you would read all about it etc.
-
Well, I did a scan of the first 1056 ports and all were in stealth mode except port 80 which was blocked. So I guess that is my problem.
I assume my solution is to change the port my HTTP server listens to and point my domain to that port. Pointing the domain to that port on my IP address doesn't sound too complicated. I think I recall seeing the option in DNS my service.
But I depend on the SME's server to run the server. How do I change the port so that my website can bypass the block without fouling my administrative sites?
-
I are some possible problem there:
- AT&T blocking the port 80, which with a quick internet research does not seems the case
- you did the port transfer wrongly, maube this helps : https://www.youtube.com/watch?v=8WhvC6M-Ivw
- you try to access your external Ip from inside the LAN, port forwarding only work from outside
mostly you do not have anything to do at the SME level, your problem is really to understand and configure the modem. you can use any entering port and forward it to the SME IP adress and port 80. But if you do not use port 80 on internet side, nobody but you will know how to access to your site.
Last thought, did you kept your SME as server gateway mode or did you convert it to server only ?
if the answer is the first, then you must be aware of the double NATing and that your two LANs ( SME LAN and ROUTER LAN should have different adressing)
-
LANMonkey
So now you have to determine where port 80 is blocked eg your ISP, or maybe your router (ie not forwarding the port correctly).
Please answer the queries posed by JPP.
Personally I would guess your ISP is blocking port 80 as they do not (or may not) allow web hosting. I suggest you ask your new ISP if they block ports & tell them about the port scan result.
-
I are some possible problem there:
- AT&T blocking the port 80, which with a quick internet research does not seems the case
I am not sure what you saw on the internet, but I did a Google search of "Does AT&T block port 80" and got many hits that suggest it does block port 80. That's my conviction at this point, that AT&T blocks port 80 outside my gateway.
- you did the port transfer wrongly, maybe this helps : https://www.youtube.com/watch?v=8WhvC6M-Ivw
I hadn't yet tried port forwarding, I only opened the firewall for that port and directed that traffic to the static local address of my SME server.
- you try to access your external Ip from inside the LAN, port forwarding only work from outside
As I said in my first post, I can access the website from inside the LAN using the local static address of the SME server.
mostly you do not have anything to do at the SME level, your problem is really to understand and configure the modem. you can use any entering port and forward it to the SME IP adress and port 80. But if you do not use port 80 on internet side, nobody but you will know how to access to your site.
Using your posted YouTube video, I did manage to set up something like an actual port forward from 8080 to 80, but I am still not getting the website using http://ABC.DEF.GHI.JKL:8080. When and if I can get this going, I can apply my DNS to use port 8080 for my URL.
Last thought, did you kept your SME as server gateway mode or did you convert it to server only ?
No, with the previous ISP, the SME server was not a gateway, it was inside the LAN.
So as it stands, I have tried applying forwarding in my AT&T Gateway and I still can't reach the website using http://ABC.DEF.GHI.JKL:8080
There are some peculiarities in my Gateway device. It sees my SME server as unknown000F1FE9A41D and if I try to disable the firewall for this device, I get an error, "It is not allowed to remove the firewall protection on the private device:unknown000F1FE9A41D." Also, I cannot select my static local IP address twice in the Firewall settings, only the device unknown000F1FE9A41D can be selected. I wonder if I remove the static IP address, I might see some changes.
-
I am not sure what you saw on the internet, but I did a Google search of "Does AT&T block port 80" and got many hits that suggest it does block port 80. That's my conviction at this point, that AT&T blocks port 80 outside my gateway.
the key word here is ***suggest***
I only saw people battleing with not knowing how to do a correct port forwarding and no post confirming that the provider DO enforce a blocking on some port and stating which... If you want to know and be sure, you only have to call them instead of assuming.
I hadn't yet tried port forwarding, I only opened the firewall for that port and directed that traffic to the static local address of my SME server.
As I said in my first post, I can access the website from inside the LAN using the local static address of the SME server.
Well you should have started there as deactivating firewall could mean a lot of different things and some are not what you want.
And yet you still are not answer the most important question from where are you trying to access your SME using the external ip adress of your connexion (with or without change of port).
Using your posted YouTube video, I did manage to set up something like an actual port forward from 8080 to 80, but I am still not getting the website using http://ABC.DEF.GHI.JKL:8080. When and if I can get this going, I can apply my DNS to use port 8080 for my URL.
Answer the previous question, and call your isp to know if they block port, you are putting the horses behind the cart.
No, with the previous ISP, the SME server was not a gateway, it was inside the LAN.
So as it stands, I have tried applying forwarding in my AT&T Gateway and I still can't reach the website using http://ABC.DEF.GHI.JKL:8080
Again from where ?
Because to answer again to your last question of your first post, no you are not supposed to access to your website using your isp provided ip, if you do this from inside your lan....
There are some peculiarities in my Gateway device. It sees my SME server as unknown000F1FE9A41D and if I try to disable the firewall for this device, I get an error, "It is not allowed to remove the firewall protection on the private device:unknown000F1FE9A41D." Also, I cannot select my static local IP address twice in the Firewall settings, only the device unknown000F1FE9A41D can be selected. I wonder if I remove the static IP address, I might see some changes.
I can only tell you to carrefully read the manual of your router, and again this is surelly not what you want to do.
-
the key word here is ***suggest***
I only saw people battleing with not knowing how to do a correct port forwarding and no post confirming that the provider DO enforce a blocking on some port and stating which... If you want to know and be sure, you only have to call them instead of assuming.
I have contacted support for Uverse and AT&T and support is not too good. I managed to get a direct answer to the question, "Please answer yes or no. Does AT&T block access to my website on my internet connection?" The answer was "No". But they would not actually articulate a response proclaiming whether or not it was possible to serve a website from my connection. Either they were dodging the subject or they did not know what I was talking about. I have contacted them three times with this issue so far and was passed around two to three times on each contact.
Well you should have started there as deactivating firewall could mean a lot of different things and some are not what you want.
I'm not sure what you mean by this.
And yet you still are not answer the most important question from where are you trying to access your SME using the external ip adress of your connexion (with or without change of port).
....
Again from where ?
Because to answer again to your last question of your first post, no you are not supposed to access to your website using your isp provided ip, if you do this from inside your lan....
I am sitting at a computer on the same LAN that hosts the SME server. I have never had any problems using the URL or IP address of my connection reaching the SME server routing through the internet. I can also ping the URL and get the IP connection address since I have changed the IP the URL points to. I have been able to use the connection IP address, the local LAN address and the internet DNS served URL to reach my website in the past. What other way can I test whether the site is functioning or not? I shouldn't have to go to a computer off my LAN to check to see if the website is working on the internet.
From a workstation browser that is behind your sme server & firewall, go to
https://www.grc.com
& select to do a full port scan.
That should indicate whether ports are being blocked somewhere.
Since I have opened up the firewall in my gateway to port 80 and I still see it blocked using ShieldsUp, shouldn't I be able to assume that port 80 is being blocked by AT&T?
I posted this problem here thinking that there was an issue with my SME server. Thanks to all for posting your suggestions. I will listen to any more whether it has anything to do with the SME server or not.
-
Hi LANMonkey,
If you try to access your site with a local browser, it is the SME server that will answer the request without going to any DNS. It will look into /etc/hosts and find your domain name in it.
Try to install TOR browser. The requested domain goes through to the external TOR proxy, not to your server.
There are some people in this forum who don't like TOR. You can install it in a virtual machine if you like then, destroy the VM.
I alway use TOR to check my server connection.
Michel-Andre
-
LANMonkey
I would phone your ISP again & ask for escalated support, that way you might get to talk to an engineer who actually knows what is going on.
The first level support personnel you have already spoken to are usually just reading from a scripted page, so cannot help if the question is out of scope.
Make sure you tell them about the port scan result ie that port 80 shows as blocked & ask if can they tell you where it is blocked, ie is it them ?
Re not accessing WANIP:8080, did you actually do a scan on other ports above port 1095, you have not yet proven whether port 8080 is open.
As pointed out to you (assuming 8080 is available), other Internet users will have to append 8080 to your URL to gain access, which may not be practical or desirable.
Worst case scenario is have you considered going back to your old ISP ?..... or one that supports all ports in & out.
No, with the previous ISP, the SME server was not a gateway, it was inside the LAN.
So do you mean the SME server is now is server only mode ?
-
....
So do you mean the SME server is now is server only mode ?
The SME server was in server only mode before and after the change in ISP.
Here is something peculiar.
I tested 8080 with ShieldsUp and found that is was closed. So, as a test I tried another arbitrary port 80AB. (Letters indicate some numbers.) First I scanned 80AB to see if was open. It was found to be in Stealth mode. So then I went to my gateway Firewall settings and opened port 80AB and pointed it to port 80 on my SME server. Then I went back to ShieldsUP and tested port 80AB and found that it is now closed. I did another test, I tested two arbitrary port numbers ABCD, EFGH with ShieldsUp and found them both to be in stealth mode. (The first actually went to some service.) Then I went to my gateway Firewall settings and opened ABCD and directed it to EFGH on my SME server.
I went back to ShieldsUp and again tested ABCD and now it is closed. For some reason, the act of opening a port is causing it to be closed to the internet.
One last test. With ShieldsUp I tested ABCX (Again the letters indicate numbers.) and also found this in stealth mode. I went into my gateway Firewall settings and opened port ABCX and directed to it port 80 on the workstation machine I am using now (It has no HTTP server). I went back to ShieldsUp and tested ABCX and now it is open!
So the problem is narrowed down to SME server. Is it a problem with SME internal settings? Or is it a gateway problem? I suspect the static IP address I have for SME could be the problem. I will fool around some more and report back.
Any ideas anyone?
-
Here is some more clues.
DURING ALL OF THE ABOVE TESTS, THE SME SERVER WAS SHUT DOWN, IT WAS NOT EVEN ON. When I do all the tests with 8080, 80AB, ABCD with SME on I still don't find anything open, it is in stealth mode and I still can't reach the website. I suspect that in the previous tests where I found the port closed SME was also shut down. :oops: :oops: :oops: :oops:
But I do see that the favicon I have for the website is showing up in the browser. So, I am reaching the host machine, but for some reason the website is not being served. It must be SME.
-
Can you access your SME using its local IP on the LAN and serve the webpages using a browser ?
If yes then the problem is not SME.
port forwarding only work from the outside or wan side of a router. Again you can not hit your sme with externalIP:whateverport from inside your lan... This is simply a limitation of NAT, it is impossible to do , see this thread https://supportforums.cisco.com/discussion/11262681/nat-port-forward-doesnt-work-inside-lan as an example. As long as you do not understand this, you will not be able to go further.
If you want to test your connection port forwarding you will have to do this from outside with your phone connection ( not connected with wifi on your lan of course) or from elsewhere. All test you do from inside will fail and end up in a loop.
This will be the same with your domain name unless:
- your sme has the domain defined as local and act as dhcp for all your computer
- your router act as dhcp server for lan and is evolved to handle split dns and point the domain to your sme ( not probable)
- you defined your local sme ip as associated to your domain on all hosts files of all your computer
But again from inside you wiill be able to access to you sme with port 80 only for webserver, unless you also define in the sever manager a port forward 8080 to 80 on localhost, which is for the moment as useless as creating on your modem router the forward of 8080 to 80 fo the lan ip of your sme.
The only step you should try from now are:
- as told by Janet, contact your ISP to have the level 2 support so they will be able to answer technical question rather than having somebody reading a script.
- only do a port forward on your modem router from 80 to 80 direct to the LAN IP of your SME, Then go outside of your lan, and try to connect from outside to your internet ip on port 80 with sme on and its ip being the same as given in the router for port forwarding.
-
Can you access your SME using its local IP on the LAN and serve the webpages using a browser ?
If yes then the problem is not SME.
port forwarding only work from the outside or wan side of a router. Again you can not hit your sme with externalIP:whateverport from inside your lan... This is simply a limitation of NAT, it is impossible to do , see this thread https://supportforums.cisco.com/discussion/11262681/nat-port-forward-doesnt-work-inside-lan as an example. As long as you do not understand this, you will not be able to go further.
If you want to test your connection port forwarding you will have to do this from outside with your phone connection ( not connected with wifi on your lan of course) or from elsewhere. All test you do from inside will fail and end up in a loop.
I am no longer concerned about port forwarding from 80 from some other port, that is clearly not necessary. My ISP is not blocking port 80. Again, I have demonstrated that if I configure my gateway to open port 80 and direct it to my workstation on the LAN and test it with ShieldsUp, it is open. If I configure my gateway to open port 80 and direct it to SME server on the LAN, then ShieldsUp shows it to be in stealth mode -- not open. My ISP is not blocking port 80.
For years now, I have accessed my website hosted on my LAN from the internet using both the URL and my DSL IP connection address. When I switched to another ISP and hooked up the same SME server to the LAN, opened up the HTTP port 80 and directed it to that SME server, I can no longer do this. This is not right. Something has changed. If I ping my IP connection address, I get a prompt reply. If I test the port forwarding to SME it is not open. If I test port forwarding to some other machine on the LAN it is open.
This will be the same with your domain name unless:
- your sme has the domain defined as local and act as dhcp for all your computer
- your router act as dhcp server for lan and is evolved to handle split dns and point the domain to your sme ( not probable)
- you defined your local sme ip as associated to your domain on all hosts files of all your computer
I can't understand what you are saying here, but here is some related information. My SME server is using a static address. I thought I would try changing that so it would use an address served up by the AT&T gateway. I tried going into admin from command line and I don't see the option to use an address from another DHCP. Does such an option exist? My gateway seems to suffer some problems from not being able to use the static address in configuring the firewall. I can use it once, but can not edit it or add to it having done so the first time. It only identifies the static address with a device name that it assigns to it. I can't edit firewall settings with the static address or remove it, I can only clear all the settings with a reset and start over.
Also, in my SME Server Manager, Domains (Just one domain) is set with the URL I use to access it from the internet and the DNS is set to "interenet domain server", not locally resolved. This is the way I understand that different domains are directed to different iBays. I tried setting it to "locally resolved" to see if that would fix it, it didn't.
But again from inside you wiill be able to access to you sme with port 80 only for webserver, unless you also define in the sever manager a port forward 8080 to 80 on localhost, which is for the moment as useless as creating on your modem router the forward of 8080 to 80 fo the lan ip of your sme.
The only step you should try from now are:
- as told by Janet, contact your ISP to have the level 2 support so they will be able to answer technical question rather than having somebody reading a script.
- only do a port forward on your modem router from 80 to 80 direct to the LAN IP of your SME, Then go outside of your lan, and try to connect from outside to your internet ip on port 80 with sme on and its ip being the same as given in the router for port forwarding.
None of that is necessary, my ISP is not blocking HTTP port 80.
-
Lanmonkey
You need to tell us real IPs, real URLs, actual config settings for your sme server, actual settings for your modem/router/firewall.
Also output of
config show masq
Edit
Also show output of
config show httpd-e-smith
config show wan
config show DomainName
config show ExternalIP
config show ExternalInterface
config show InternalInterface
config show LocalIP
config show SystemMode
-
Lanmonkey
You need to tell us real IPs, real URLs, actual config settings for your sme server, actual settings for your modem/router/firewall.
I need instructions on how to do that, unless that is what the below instructions are ...
Also output of
config show masq
Edit
Also show output of
config show httpd-e-smith
config show wan
config show DomainName
config show ExternalIP
config show ExternalInterface
config show InternalInterface
config show LocalIP
config show SystemMode
config show masq
masq=service
DenylogTarget=drop
Logging=most
Stealth=no
Trace=disabled
pptp=yes
status=enabled
config show httpd-e-smith
httpd-e-smith=service
SSLv2=enabled
SSLv3=disabled
TCPPort=80
access=public
status=enabled
config show wan
wan=service
status=disabled
config show DomainName
DomainName=ictytranscripts.org
config show ExternalIP
(No response, returns command prompt.)
config show ExternalInterface
ExternalInterface=interface
Configuration=disabled
Driver=e1000
Gateway=
IPAddress=76.191.171.74
Name=none
Netmask=255.255.255.0
IPAddress=76.191.171.74 This must be an error. This is very much like the IP connection address of my old ISP. My notes show 76.191.171.84 as being the old address at my DNS that my URL pointed to. My connection IP address is now completely different.
config show InternalInterface
InternalInterface=interface
Broadcast=192.168.1.255
Configuration=static
Driver=e1000
IPAddress=192.168.1.11
NICBondingOptions=miimon=200 mode=active-backup
Name=eth0
Netmask=255.255.255.0
Network=192.168.1.0
config show LocalIP
LocalIP=192.168.1.11
config show SystemMode
SystemMode=serveronly
-
....
... My SME server is using a static address. I thought I would try changing that so it would use an address served up by the AT&T gateway. I tried going into admin from command line and I don't see the option to use an address from another DHCP. Does such an option exist? My gateway seems to suffer some problems from not being able to use the static address in configuring the firewall. I can use it once, but can not edit it or add to it having done so the first time. It only identifies the static address with a device name that it assigns to it. I can't edit firewall settings with the static address or remove it, I can only clear all the settings with a reset and start over.
....
An update on this observation. I tried changing the IP address on my LAN workstation to static and opened HTTP port 80 to this machine and ShieldsUp shows it open. So the static address of SME server is not the problem.
-
Lanmonkey
You need to tell us real IPs, real URLs, actual config settings for your sme server, actual settings for your modem/router/firewall.
simple, what is the IP you use to connect to your router from your LAN. This will give us the IP of the gatway.
when you are connected to the interface, go to the setting where you can see informaiton on DHCP for the LAN
we need the netmask and /or the IP range for DHCP.
you real URL, well if you do not know it we can not help you on how to find it :D
eventually you current external IP for us to check your domain resolve to it and not to another IP. This should be shown somewhere on your router on an external status or something like that, alternatively you can seak it from an external website by searching on your favorite search engine "what is my ip".
this would be good start.
also add the output of this command from your SME:
config show GatewayIP
-
simple, what is the IP you use to connect to your router from your LAN. This will give us the IP of the gateway.
This is 192.168.1.254
when you are connected to the interface, go to the setting where you can see informaiton on DHCP for the LAN
we need the netmask and /or the IP range for DHCP.
From my router/gateway
Router/Gateway Address 192.168.1.254
Subnet Mask 255.255.255.0
Private Network DHCP Info
Range 192.168.1.64 – 192.168.1.253
Allocated 1
Remaining 189
Timeout 1440 minutes
you real URL, well if you do not know it we can not help you on how to find it :D
What is a "real" URL? Of course my website has a URL, is that what you mean? That would be www.ictytranscripts.org.
eventually you current external IP for us to check your domain resolve to it and not to another IP. This should be shown somewhere on your router on an external status or something like that, alternatively you can seak it from an external website by searching on your favorite search engine "what is my ip".
this would be good start.
Current Internet Connection
Type Value
IP Address 172.5.251.147
Subnet Mask 255.255.252.0
Default Gateway 172.5.248.1
Primary DNS 68.94.156.8
Secondary DNS 68.94.157.8
also add the output of this command from your SME:
config show GatewayIP
GatewayIP=192.168.1.1
-
Still tinkering ...
I went into admin and tested internet access and the system failed. I am also trying to update the system and I am getting "Couldn't resolve host ... " errors for the mirrors. I have also tried pinging my IP connection address and Yahoo and get "Destination Host Unreachable".
So my SME server has no internet access. However I can ping my LAN workstation machine from the SME server command line. And obviously, I can get into the server manager and the rest, so LAN communication is possible.
-
GatewayIP=192.168.1.1
So that's what's wrong. It should be 192.168.1.254.
-
So that's what's wrong. It should be 192.168.1.254.
Odd, but in all the years I have used this server in different configurations, server only and gateway, and with different modem routers, I have never had cause to change this address.
OK, some dramatic improvements. ShieldsUp shows HTTP port 80 is now open and my SME server has internet access.
But, I still can't reach my website. It is now 4:30 PM where I am at and I will tackle this again tomorrow.
-
Odd, but in all the years I have used this server in different configurations, server only and gateway, and with different modem routers, I have never had cause to change this address.
I think it would be a good idea for you to find a good tutorial on the basics of IP networking. If you don't have an understanding of what the default gateway address means then you will have a lot of trouble diagnosing connectivity issues.
If you have never changed the GatewayIP address, it is because your router has always been configured to use 192.168.1.1 as its LAN address.
-
Another clue ...
In my LAN workstation, I am running Windows 10. I installed Microsoft's HTTP server, IIS, and was able to bring up the basic webpage using HTTP://localhost and HTTP://192.168.X.X with the X's representing the workstation address numbers. The firewall on the workstation is open to HTTP.
But despite pointing the gateway/modem's port forwarder to the workstation machine, I was not able to bring up the basic webpage from the internet.
So based on this, I have to go back and blame the gateway/modem. I don't think it is SME at all.
Is there perhaps some setting in my gateway/modem that I am missing? Otherwise I'm back to AT&T.
-
IPAddress=76.191.171.74 This must be an error.
You can ignore that. Your system is in serveronly mode, and the ExternalInterface record has Configuration->disabled.
-
I have finally made some progress.
There is three settings in my gateway/modem for the firewall. You can choose pinholes for individual applications, you can have complete protections, or you can open up everything in what they call the DMZPlus mode.
I tried this with my workstation with the IIS server on it and found that it now can be reached from the internet. Success! The problem is that it requires the computer to use the DHCP to get an IP address and SME does not appear to have this option. It's very strange, the DHCP assigns my IP connection address to the ethernet connection.
If anyone has a fix for this, I'd appreciate it, but this is another subject. I'll do some hunting on the subject and start a new thread about it if I don't find a solution.
-
Hi LANMonkey
- At the server console, login with admin.
- Choose #2 Configure this server.
- At the 9th screen, choose #2 Use DHCP (send ethernet address as client identifier).
- Leave the other screen as is.
- The server will restart and all will be OK.
- Login as root and execute the command: ifconfig
You should see you addresses, local and external.
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Configuring_Your_External_Ethernet_Adapter
Hope for the best,
Michel-André
-
Hi LANMonkey,
I forgot, shut down your station as it might use your IP already.
Michel-André
-
Hi LANMonkey
- At the server console, login with admin.
- Choose #2 Configure this server.
- At the 9th screen, choose #2 Use DHCP (send ethernet address as client identifier).
- Leave the other screen as is.
- The server will restart and all will be OK.
- Login as root and execute the command: ifconfig
You should see you addresses, local and external.
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Configuring_Your_External_Ethernet_Adapter
Hope for the best,
Michel-André
Yes, thank you, I'm ready to try that. The problem is that I have only one NIC for the computer on the motherboard, and it takes a low profile NIC, it's an old Dell small footprint desktop.
If it is not possible to get SME to use DHCP for a single NIC, I'm going to try daisy chaining another router to the modem/gateway and putting that in the DMZPlus mode. Then I'll put the SME on the second router and forward HTTP to SME there. That may hold me until I get a second NIC.
-
Please do not use sme as a gateway unless you really plan yo get ride of all your function of the router.
You seem do understand nothing to lan and NAT. You are just asking for us how to do the solution you decided was to use where it is not the good solution for your initial problem. You are not seeking the information to actually inderstand what you are doing.
You will create more difficulty for you to understand what is happening by using sme as gateway inside a lan
For instance you will not be able to access file shares directly unless you connect your computer on sme lan side.
Then you will need to use two set of local ips in different subnet. If you do not fully understand what it means, and the consequence then stop this way.
Your router is able to handle fixed ip. Just enter it in search box under the list of device to create pinholes
-
Finally, some success.
I hooked up an old Netgear WNDR3400 router to the AT&T gateway using the Netgear internet port, reset the Netgear to factory defaults and put both my workstation and SME on the Netgear router. All by itself, the Netgear gave me another subnet and right away I had internet access from the Netgear subnet via the AT&T gateway.
The Netgear was recognized as a device in the AT&T gateway and I put the Netgear device in DMZPlus mode. I port forwarded HTTP port 80 to the new static address for my SME server and finally, I can reach my website from the internet.
In summary, the problem remains that I should be able to just plug in the SME in the AT&T router and port forward to SME's static IP address, but for some reason the AT&T router will not let me do that. I might be able to do port forward to that using its DMZPlus mode, but I cannot have SME use DHCP with only one NIC which restricts you to Server Mode Only.
The only solution was to displace the problem into a subnet created by adding another router to the AT&T router and forwarding to that using DMZPlus applied to the added router.
-
HI LANMonkey,
Glad you had success.
Can you give the model number of the original router, the one connected to the internet?
Michel-André
-
HI LANMonkey,
Glad you had success.
Can you give the model number of the original router, the one connected to the internet?
Michel-André
It is a modem/router made by Arris and distributed by AT&T, model 5268AC.
Here is a PDF data sheet on the unit:
https://www.arris.com/globalassets/resources/data-sheets/5268ac.pdf
It is no longer supported by Arris and support from AT&T is not useful.
-
Hi LANMonkey,
From Jean-Philippe Pialasse:
Your router is able to handle fixed ip. Just enter it in search box under the list of device to create pinholes
I would follow his advice. This guy has a lot of experience.
Then your real success wil be at: page 22-23
http://www.dslreports.com/r0/download/2267100~5694a5d84811c1255c4f12556de77ead/5268AC%20Manual.pdf
Michel-André