Router issue

southeastg

Hi Everyone,

Basically I have 5 sites that I need access to from the internet via eircom routers.

I have configured 3 of the sites , 2 were easy and one was a nightmare. So I know how to set things up.

The problem I'm having with the latest router is with access and port forwarding. I cannot access the router using its WAN IP address UNLESS I enable remote management. But does remote management allow port forwarding? Why cant I access the router using its public IP address it worked on the other 3 routers. Firewall is set to low, ive set up the port forwarding rules using port 1100, for no reason other than it worked on previous installs.

The device im connecting to is a monitoring tool which I can access locally using its local ip address through the router.

Is there an easier option. Thanks for any help

davo2001

In order for you to access the WAN IP from inside the same LAN the router needs to support NAT loopback. Weither or not this can be done is down to the router itself.

This can be added to all routers that run DDWRT

Bayberry

southeastg wrote: »

Basically I have 5 sites that I need access to from the internet via eircom routers.

The problem I'm having with the latest router is with access and port forwarding. I cannot access the router using its WAN IP address UNLESS I enable remote management.

Just to clarify - are you testing this from outside the LAN when you set it up, or are you on the LAN but trying to use the WAN address of that LAN? Not all routers allow you to access their WAN interface from the LAN side.

As a general rule, you don't want to leave remote management enabled on your router.

southeastg

Thanks guys ,

I set everything up on the LAN , local IP addresses all work no problem. I use my laptop to connect to the router using its local IP and I can then access the monitoring tool using a local IP address that I have assigned to it 192.168.1.110 . Once I set this up and made sure it works locally on the LAN. (the Lan consisting of nothing more than the router and the monitoring tool) Then I need to be able to access the router using its public IP address , which I have confirmed using whatsmyIpaddress web tool. So when I enter this public IP address on my iPhone using 3G network i should be able to access the routers log in page, but unless I enable remote management it will not display this. I think once I've sorted this the port forwarding will work.

southeastg

Is there any way I can map the public Wan IP address of the router to the private LAN monitoring tools IP address , nothing else will be using this router it's only use is for this monitoring tool

Bayberry

southeastg wrote: »

Is there any way I can map the public Wan IP address of the router to the private LAN monitoring tools IP address , nothing else will be using this router it's only use is for this monitoring tool

Yes, but frankly, if you have to ask how, I'd be reluctant to tell you. You'd be setting up the machine so that anyone anywhere in the world can access it, and any other services that are running on it, apart from the web interface that you're accessing, would be open to exploitation.

So it's not that I don't want to tell you how to expose your monitoring device to anyone who wants to hack it, it's that I don't want to be responsible for you setting your device up that way.

What router are you using?

southeastg

Bayberry wrote: »

Yes, but frankly, if you have to ask how, I'd be reluctant to tell you. You'd be setting up the machine so that anyone anywhere in the world can access it, and any other services that are running on it, apart from the web interface that you're accessing, would be open to exploitation.

So it's not that I don't want to tell you how to expose your monitoring device to anyone who wants to hack it, it's that I don't want to be responsible for you setting your device up that way.

What router are you using?

Eh ok thanks , the monitoring tool has its own sercurity, username and password . It's an eircom d1000, is there anyway to specify a few devices that can access the router? It would generally just be a couple of us accessing it via our iPhones ,

southeastg

Could it be possible that the ISP blocking the ports, bayberry I absolve you of any responsibility, even if you could pm me and let me know what I'd need to do thanks

Bayberry

southeastg wrote: »

Eh ok thanks , the monitoring tool has its own sercurity, username and password . It's an eircom d1000, is there anyway to specify a few devices that can access the router? It would generally just be a couple of us accessing it via our iPhones ,

A Username and password on a web interface doesn't mean that a device is secure, if you configure your router to allow access to ports other than the port that the web interface is on.

The NAT chapter in the documentation for your router documents two ways to send all traffic to your device, but I'd suggest going through the Port Frwarding section again. If your monitoring device is listening on port 80, and you can't change that, I'd suggest setting up a port forwarding rule to forward a higher port, such as 8080, to port 80, and do your test again - the modem might be eating traffic to port 80 itself.

http://broadbandsupport.eircom.net/download/zyxel/eircom_D1000.pdf

southeastg

Bayberry wrote: »

A Username and password on a web interface doesn't mean that a device is secure, if you configure your router to allow access to ports other than the port that the web interface is on.

The NAT chapter in the documentation for your router documents two ways to send all traffic to your device, but I'd suggest going through the Port Frwarding section again. If your monitoring device is listening on port 80, and you can't change that, I'd suggest setting up a port forwarding rule to forward a higher port, such as 8080, to port 80, and do your test again - the modem might be eating traffic to port 80 itself.

http://broadbandsupport.eircom.net/download/zyxel/eircom_D1000.pdf

Would that make 80 the external port and 8080 the internal one? Set the monitoring tool to listen on port 8080?

Bayberry

southeastg wrote: »

Would that make 80 the external port and 8080 the internal one? Set the monitoring tool to listen on port 8080?

No, the other way round - 8080 externally forwarded to 80 internally, but if you can set up the monitoring device to use a port other than 80, then you can use the same port internally and externally - just don't use 80.