Help needed Port forwarding: Eir F2000 modem/router bridged to Billion router

FlexMcMurphy

Hello,

I want to run a web server on my raspberry pi. To get to it from outside my home network I need to forward some ports... 80 and 443.

I have Fibre to the Cabinet from Eir with an F2000 modem/router. I figured out it doesn't do port forwarding so resurrected my old Billion 7800N modem/router and bridged the Eir F2000 to the Billion. So now I can get internet and Wifi from the Billion provided by the Eir F2000.

I am trying to do the port forwarding on the Billion router now but failing. I think it is set up correctly but when I go to this website or this website to check if the ports are open to the outside world it says they ain't.

Attached are two screen shots of the port forwarding config on my Billion. The internal ip address is the raspberry pi which I can ping from my laptop but I don't think that makes any difference to whether the ports are accessible from the net.

I tried restarting both the F2000 and the Billion. I know the bridge is working because now I connect to the wifi connection name from the Billion and there is no wifi signal/network coming from the F2000 anymore. In the Billion port forwarding set up I tried changing the protocol to TCP, UDP and TCP/UDP.

Could anyone help me? Is the Eir modem still somehow blocking the port forwarding or am I setting it up wrong on the Billion?

Thank you,

Flex

ED E

FlexMcMurphy wrote: »

I figured out it doesn't do port forwarding

FlexMcMurphy

Not sure what you mean there ED E?

The Eir F2000 doesn't seem to do port forwarding of ports 80 and 443. But I'm hoping that by bridging the F2000 to a separate non-Eir(com) router that this second router can do the port forwarding for me.

Anyone had any success with this or can help me with my set up?

Cheers,

Flex

ED E

Excluding two ports (4 in fact IIRC) isn't the same as not doing any PF at all.

Disabling remote mangement should resolve this, its come up before and Im pretty sure that releases the ports.

If the F2000 is indeed bridged, as opposed to being in double NAT, then there shouldn't be any remote management ports reserved.

The high horse brigade

Does the Billion have an Ethernet Wan port if it's a modem?

FlexMcMurphy

I'm really struggling with this..

I've got a network cable joining a regular LAN port on the Eir F2000 to the ethernet WAN (EWAN) port of the Billion router. I've got the F2000 in Bridged mode so its DHCP is turned off. PPPoE is set up on the Billion.

So my understanding is the F2000 supplies internet to the Billion which is now the DHCP server and any port management should be done on the Billion.

How do I know if they are bridged or in double NAT?

I was unable to disable remote management on the F2000. When I go in to Maintain > Device Management (actually I tried all categories) there is no option to disable remote management.

I notice the two devices have different netmasks... the F2000 is 255.255.255.0 and the Billion is 255.255.255.255. The F2000 has a fixed IP address I gave it (192.168.1.253) and the Billion ip address is the same as what appears when I go to whatsmyip.com. I am getting internet from the Billion wifi connection. So this leads me to believe that I am set up correctly.

I also tried port forwarding ports other than 80 and 443 but whatever I try a visit to yougetsignal always tells me the ports are closed.

The pics in my post above shows what I am doing on the Billion to try to open/port forward the ports. I don't understand why they don't open then.

Any idea what I am doing wrong??

Flex

ED E

Your link is setup correctly, if PPPoE is started from the Billion it holds the address itself, the F2000 should have no impact.


Is there a firewall setting that could be overriding the forwards? Are you sure the device is actually listening (you cant test an open port with nothing on the other end).

ED E

Really, dump the billion, no 5Ghz is a bit naff for VDSL.

FlexMcMurphy

Hello,

Thank you for your help.

All Network security on the F2000 is disabled... firewall, dmz and uPnP too.
Router Advertisement (RA) is enabled on the F2000.

I'm only using the Billion because it was lying around. I bought it good few years ago to replace an old Eircom 802.11 b/g router. This Billion did Port forwarding for me before when it was setup as a standalone modem/router.

I might get an Asus DSL AC68U which seems to be the best modem/router replacement for the F2000 though it's an ugly and ageing yoke.

I tried disabling the firewall on my laptop but no difference.
The firewall on the Billion is not configured at all.
I've got dynamic DNS sync working from the Billion with my no-ip domain name.
I also tried forwarding non standard ports like: 8080 and 49152 but they show as closed as well when I use the yougetsignal site.

I did a hard reset/reboot of the Billion. If I do that to the F2000 it will go back to router mode or so is my understanding.

I'm trying to set up letsencrypt on a Raspberry Pi so a type of DropBox application (NextCloudPi) can get an SSL certificate from the letsencrypt server. It fails with error message: "The server could not connect to the client to verify the domain --- Connection refused". Since my dynamic domain name is paired up with my public ip correctly I'm assuming that the error here is that Port 80 and 443 are not open on my router. In the Billion port forwarding rule I am forwarding them to internal Port 80 and 443 and to the IP address of the Pi.

How else would I make the device "listen"? I could install Apache and have it running I guess that would be another way to have an application listening on port 80?

Because this Billion did port forwarding for me before it feels like the F2000 is still exerting some user management type control over the ports.

But then I barely know what I talking about... I'm stumped!

Any suggestions gratefully appreciated !

Flex

ED E

Install and run an FTP server on the Pi. Make sure it works from your laptop.

Once thats done, forward that port on the billion and use the yougetsignal site or other to test that its now showing open.

Johnboy1951

For simple (insecure) testing I would use Simple HTTP Server

cd to a directory of choice and issue the following command with the port number of your choice

python -m SimpleHTTPServer <Port Number>

You should then be able to access the directory and sub-directory contents using a browser.

If the chosen port is open you should be able to get to the directory using your
external IP-address:<port number>

I use grc.com ShieldsUp to check my ports when required.

ED E

+1 for Shields Up.

FlexMcMurphy

Well I got it working with many thanks to you Gentlemen!

Basically I had done everything right... in terms of bridging the F2000 to the Billion router and setting up the port forwarding on the Billion.... but as ED E pointed out:

"Are you sure the device is actually listening (you cant test an open port with nothing on the other end)."

So I took the advice of Johnboy1951 and used SimpleHTTPServer (which is really handy!) to make the files in a folder on the pi accessible from a web-browser... in this way I could confirm whatever port I used with SimpleHTTPServer was indeed open.

So I've got an SSL Cert now via LetsEncrypt to make https work properly on my NextCloudPi installation.

Cheers,

Flex