For various reasons, I have a slightly strange network setup at home, where I have two PCs and a laptop connected (wirelessly) to a BenQ AWL700 router (which I will refer to as the "router") which, in turn, is connected to a cheapo (wired) ADSL modem, which also functions as a router (although I wil refer to this as the "modem").

I am trying to forward a few ports, but for the sake of working out how to do this with (effectively) two layers of firewalls, I'll use port 6881 (for Azureus) as an example.

Currently, I have my router's IP (10.0.0.8) in the modem's DMZ. My intention was that this would effectively disable the modem's firewall so I could just forward ports through the router and everything would be hunky-dory. However, this doesn't appear to be working.

I have forwarded port 6881 in both Windows firewall (should I have this on when I have a router?) and the router, but no luck, according to Azureus's config wizard.

The config for the router has the following fields to forward a port:
Type (TCP/UDP - Azureus needs TCP in this instance); Service name (I assume I can type whatever I like here); Port number; Server IP; Server port number. What should I be putting in these fields? I've tried several different things, but nothing seems to work.

FYI, I am doing this all from my laptop, which has a fixed local IP of 192.168.1.4.

Before someone flames me, I've read the "Best of Networking" sticky, and I can't find anything applicable to my situation.

Hope you can help,
scouselad.

There should be a way to enter the setup for the modem, and disable the firewall in it, thus giving you a plain DSL modem. Maybe removing that firewall and allowing your router to control everything will help you get the conection made.

That's exactly what I've done. I put the router's external IP in the modem's DMZ, thereby effectively disabling the modem's firewall.

scouselad

well, yes and no. There should be a definetive way to disable the modems firewall, besides using the DMZ. Also, just as a heads up, if this is a residential DSL service (it sounds like it is) and you are trying to use port 80, in most cases, it can't be used. Most residential ISP connections automatically have port 80 blocked.

I have a similar setup. I have qwest DSL and they gave me an Internet Gateway with custom firmware. I have a wireless router that I am using as a switch and wireless access point.

I am only set to forward ports to one PC. It is not possible to access my systems because Qwest stealths my IP address on the net. They have it set up so it is not possible to hit their subscribers IP address from the Internet. The only way around this is to buy/lease a static IP and get setup as a business would be.

You may have a similar problem.

Originally posted by r8500
Most residential ISP connections automatically have port 80 blocked.

What do you mean?
I'm not trying to use port 80 for anything, I'm not running HTTP servers or anything, I just want to forward some ports (6881 for example).

scouselad

Originally posted by rraehal
....

Qwest stealths my IP address on the net. They have it set up so it is not possible to hit their subscribers IP address from the Internet. The only way around this is to buy/lease a static IP and get setup as a business would be.

You may have a similar problem.

Your ISP may prevent you for accomplishing what you want. Call them to see if what you are doing is possible.

Ping raehal.dyndns.org and see what happens. That is my real internet address but it can not be accessed except by qwest or inside my network.

Originally posted by rraehal
...Qwest stealths my IP address on the net. They have it set up so it is not possible to hit their subscribers IP address from the Internet. The only way around this is to buy/lease a static IP and get setup as a business would be.

You may have a similar problem.

Do you know if ADSL providers in the UK (where I am) do this? I am with Nildram, but I haven't heard of anything like what you describe with qwest happening this side of the pond.

scouselad

I am not sure if it is the same in the UK, but I assume it would be. The reason is that home users often do not know how to protect themselves. ISP's must also pay for bandwidth. By stealthing the IP, the ISP protects their users and also prevents unneccesary bandwidth use from home users. It saves money. They aklso do not need to spend many extra hours of support to fix end users own mistakes.

Well, in the UK most people with ADSL have dynamic IP, so surely there's no point in stealthing when each user's IP changes every few hours? I know there's no way I could run a server from this connection because my IP is different every time the modem reconnects, but I have been able to (for example) play Starcraft online before, just by forwarding the correct port in the router config, but port testers still show the port as closed...

scouselad

Effectively you are using two NATs. Which is usually a Bad idea.

The best (as mentioned above) would be to set the Modem/Router Combo to function as a Modem only.

Other vise set your second Router to work as a Switch with an Access Point.

Link to: Using a Wireless Cable/DSL Router as a Switch with an Access Point] (http://www.ezlan.net/router_AP.html)

:sun;

Thanks cat5e.
Which router do you mean when you say "the second router"? The "inside" one or the "outside" one? i.e. the one I called the "router" above or the one I called the "modem" above

Thanks,
scouselad

I have a dynamic IP as well. It is not that they are stealthing each IP, but that there network prevents acces. I am not sure if it is two NATs like mentioned above or if it is my NAT router then a static route.

Basically it works like this:

Internet -> Qwest Router Blocks Incoming Traffic -> Qwest LAN where DSL users sit -> My Router (NAT).

A reverse address lookup indicates that my IP leased using DHCP from qwest is a real internet address. It is not reserved for internal lan such as 192.168.x.x