Forwarding issue with RVS4000 - Page 2

linuxmad1 · ‎10-17-2011

Hi everyone,

I am having a major issue with forward ports, let me start from the beginning. I have a RVS4000 witch is setup with vlans to two other switches and these are working great but i have a server on one vlan and the other machines on the other vlan. When i setup port forwarding on 53 and try to telnet to the bind server with my external ip it does not work but with my internally ip it works. I have tried port scanning my ip and it say 80 open even through i have not set the firewall to access port 80 and every port it tried was closed when i know i opened the port on the firewall ( but i do know that 80 is for web browsing ). I have tried my netgear FVS318 i originally had setup and it work fine. Is there something else i need to do has its been doing my head in and i have gone through all the settings and nothing makes a difference.

Many thanks

Paul

linuxmad1 · ‎10-19-2011

Hi,

Yes, but the ip only changes when turning off the modem for about 30min - 1hour due to the lease time, other wise i will have the same ip till turning the modem off. I have setup the same setup on a netgear fvs318 i have and it works fine. I have dns server running at home off a vps on my server which i setup and the domain namserver as been setup etc and when using nslookup the domain i brought it queries my dns server with my public home ip, which the dns server is working great now which was the original problem i started this thread with. My problem is that for some reason i can't access my domain/public ip from my home, anything outside i.e at work or from a friend testing it, it works.

But if externally i can access my domain/public ip and not internally, thats the bit thats confusing me!!.

Thanks

cadet alain · ‎10-19-2011

Hi,

all dynamic IP addresses have a lease and even if your modem is not turned off the ISP will assign you another IP when the lease has expired( the lease time depends of ISP policy).

Now your server is natted to a public IP but is it a static IP or a dynamic one provided by ISP? if second choice then how I said before if you want to get sure to contact your server you must do it by name ( not IP) because if when you try to contact it you have another IP assigned by ISP then it won't work but if you use DYNDNS it will work all time.

Now explain what you can do and not do exactly:

-contact server from the same subnet but with external IP ?

-contact server from same subnet but with FQDN? where is your DNS server located? how do you resolve the name?

-contact server from WAN with external IP?

-contact server frow WAN with FQDN ? how do you resolve the name?

Alain.

Don't forget to rate helpful posts.

linuxmad1 · ‎10-19-2011

Hi,

I completely understand that all dynamic ip has a lease time but apart from the ip which the RVS4000 got when i set it up, i have had the same ip for a fews years with the netgear i was using before. I have forwarded port 53 and 80 to the internal ip's of to the right vps's which are running that service. The problem is outside my network like i said at my friends house and at my work the apache test page appears when entering either FQDN or my public ip but when on any computer on my internal network i can not access the FQDN or public ip which should displays the apache test page like i said above but it displays "problem loading page". The werid thing is if the port 80 is disabled, when accessing my FQDN or ip i get the router login page up on port 80 and the remote management is not even enabled.

It pretty much comes down to i can not access my own public ip or FQDN from my network outside my network its find, which my old netgear fvs318 worked great. So i don't know whats happening with this?.

Thanks

cadet alain · ‎10-19-2011

hi,

ok so it's from inside that you can't access the service when it is port forwarded either by public IP or FQDN?

So by IP this is normal because on Cisco routers you can't do this without some tricks like nat on a stick or hairpinning.

By FQDN to be achievable you would need DNS doctoring which is a feature available on some Cisco routers and on ASA/Pix but it seems it isn't on this model.I don't think you can also do the trick I talked above on this model so I think you'll need another model like the serie 800 or revert to the netgear that was doing the trick.

for IP just type the private IP when you're in your network and it will work and for FQDN then put an entry in your hosts file pointing to private IP and it should work also.

Regards.

Alain.

Don't forget to rate helpful posts.

linuxmad1 · ‎10-19-2011

Hi,

I have come across something which maybe to do what you said, i have updated the routers firmware just in case it was that and when i tried it, it worked fine . Now as soon as i set vlans back up on the router, it stopped working which

suggests that the vlans are the cause in some sence.

Thanks for your help through its been great, sorry about not explaining things properly.