Port Forwarding question

My Network consists of an Actiontec 701G DSL modem/router, which in turn
connects by ethernet port to my Linksys Wireless Router. My computer
network accesses the Linksys Wireless router for Internet access.

I have a computer program which requires my network allow forwarding on
a couple ports. I have no problem setting the required ports in the
Linksys, but my QUESTION is what do I do in the DSL modem? It has a
similar port setup as the Linksys.... do I set up the ports to forward to
my computer DHCP assigned IP, or to the Linksys IP?

Also, how can I setup the ports to forward to ANY computer on my
network rather than one specific IP?

Thanks in advance for any help.


Ed



Ed

On Sat, 28 May 2005 18:42:21 GMT, Ed
<Huckleberry_REMOVE_@bigvalley.net> wrote:

> My Network consists of an Actiontec 701G DSL modem/router, which in turn
>connects by ethernet port to my Linksys Wireless Router. My computer
>network accesses the Linksys Wireless router for Internet access.
>
> I have a computer program which requires my network allow forwarding on
>a couple ports. I have no problem setting the required ports in the
>Linksys, but my QUESTION is what do I do in the DSL modem? It has a
>similar port setup as the Linksys.... do I set up the ports to forward to
>my computer DHCP assigned IP, or to the Linksys IP?

Oh-oh. You have two routers in series. One in the Actiontec. The
other in your unspecified model Linksys wireless something. I can see
why you have it arranged like this, but I have a suggestion. See
below.

You can make port forwarding work with this derangement. You just
have to do everything twice. For example, if your unspecified
computer program wants to forward port 666 to your desktop, you must:
1. Port forward in the ActionTec port 666 to the IP address of the
WAN side of the unspecified Linksys model wireless router.
2. Port forward in the unspecified Linksys router port 666 to the IP
address of your desktop.
3. Your desktop *MUST* have a static (fixed) IP address for this to
work. Similarly, the WAN side IP address of your unspecified Linksys
wireless router must have a static (fixed) IP address.

> Also, how can I setup the ports to forward to ANY computer on my
>network rather than one specific IP?

Look into "port triggering" in BOTH routers. Again, you will need to
setup port triggering in BOTH routers.

However, I would change everything to a more manageable setup.
There's no need for two routers. The Actiontec 701G seems to have no
way to disable the router section. So, you're stuck with using it. I
suggest you convert your unspecified model Linksys wireless router
into just an access point (no router). To do this:
1. Setup the IP address of the Linksys to be accessible but not
duplicated by the Actiontec. For example, if the Actiontec is
192.168.0.1, then the Linksys IP should be 192.168.0.2.
2. Disable the DHCP server in the Linksys.
3. Ignore the WAN port on the Linksys.
4. Connect a CAT5 cable between a LAN port on the Actiontec and a LAN
port on the Linksys. You may need to create a cross-over cable if the
built in switches are not auto-polarity sensing or do not have an
MDI/MXDI switch or port.

The Linksys is now just an access point. None of its router
configuration does anything because there's nothing connected to the
WAN port. All your port forwarding and port triggering are done in
the Actiontec.

An alternative to the above is to totally discard the Actiontec and do
everything in the Linksys. You will need to purchase a DSL modem.
About $15-$40 on eBay. That's what I would do. Incidentally, the
aforementioned complications is why I usually recommend a "component"
system consisting of separate modem, router, and wireless.
--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Ed <Huckleberry_REMOVE_@bigvalley.net> wrote in
news:Xns9664777F9E10spectrumhogstarbandn@207.106.9 3.175:

>
>
>
> My Network consists of an Actiontec 701G DSL modem/router, which in
> turn
> connects by ethernet port to my Linksys Wireless Router. My computer
> network accesses the Linksys Wireless router for Internet access.

Well in away your correct. But if thee 701G is a modem/router, then it's
701g that the Linksys router is using as the gateway and the machine using
the Linksys is using the 701G as the gateway to access the Internet.

>
> I have a computer program which requires my network allow
> forwarding on
> a couple ports. I have no problem setting the required ports in the
> Linksys, but my QUESTION is what do I do in the DSL modem?

Well, I'll assume that the 701G has a DHCP sever and is giving a DHCP IP
the Linksys router. Maybe you should configure the Linksys router to be a
wire/wireless AP switch and set the Linksys (now a switch) Device IP to use
a static IP(s) on the 701G router, along with the subnet mask being the
same on the two devices. A static IP is any IP on the 701 that is not
controlled by its DHCP IP server on the 701G. Most routers have a built in
switch.

http://www.homenethelp.com/web/expla...d-switches.asp

You can do like what's being done in the links to connect two Linksys
routers together. The principles are the same in connecting routers no
matter what brand name wire or wireless.

http://tinyurl.com/9nvq7
http://tinyurl.com/5sjf3

> It has a
> similar port setup as the Linksys.... do I set up the ports to
> forward to my computer DHCP assigned IP, or to the Linksys IP?
>
> Also, how can I setup the ports to forward to ANY computer on my
> network rather than one specific IP?
>

When using port forwading, the computer's NIC should be confifgured to use
to the gatway router's static IP and NOT a DHCP IP.

http://homepages.ius.edu/rwisman/b438/Html/hw8.htm

When it's taking about the Server NIC in the link is as close as I could
get as an example of how to set the NIC on the computer to use on of the
router's static IP(s).

IP = a static IP on the gateway router
subnet = the subnet that should match between the two routers
gateway = the IP of the gateway router.

You can determine that part as to what is the gateway IP will be if you
connect the machine and let it *obtain an IP* for the DHCP IP server and
then do the manual config.

Preferred and Alt DSN IP(s) should point to the IP(s) the gateway router is
pointing to and should be displayed on a router Admin screen.

The port forwarding should be done at the gateway router the one that's
connected to the modem or has the modem in your case and point to the
IP/machine that needs the ports forwarded.

You should look up port forwarding and port triggering and find out what
they mean. You can use Google or Dogpile.com

HTH

Duane

Jeff, ( and Duane )

Both of you guys have been extremely helpful in your replys.
Thanks! Though both of you indicate I'd be better off changing my
Linksys (WRT54G by-the way) to merely an access point, I would like to
keep things as they are, if possible. One reason is because I believe
the Firewall in the Linksys is superior... I have the latest HyperWRT on
my Linksys, BTW. Let me know if my assumption if incorrect on this.

I believe Jeff's comments indicated my error in my port forwarding
setup. I didn't have the DSL modem port forwarding to the Linksys WAN
IP. I will correct this later today and see if things work for my
program.

This is just a quick reply on my problem for now. When I make my
change later, I'll provide feedback. Thanks guys.

Ed

================================================== =====================




Jeff Liebermann <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> On Sat, 28 May 2005 18:42:21 GMT, Ed
> <Huckleberry_REMOVE_@bigvalley.net> wrote:
>
>> My Network consists of an Actiontec 701G DSL modem/router, which in
>> turn
>>connects by ethernet port to my Linksys Wireless Router. My computer
>>network accesses the Linksys Wireless router for Internet access.
>>
>> I have a computer program which requires my network allow
>> forwarding on
>>a couple ports. I have no problem setting the required ports in the
>>Linksys, but my QUESTION is what do I do in the DSL modem? It has a
>>similar port setup as the Linksys.... do I set up the ports to
>>forward to my computer DHCP assigned IP, or to the Linksys IP?
>
> Oh-oh. You have two routers in series. One in the Actiontec. The
> other in your unspecified model Linksys wireless something. I can see
> why you have it arranged like this, but I have a suggestion. See
> below.
>
> You can make port forwarding work with this derangement. You just
> have to do everything twice. For example, if your unspecified
> computer program wants to forward port 666 to your desktop, you must:
> 1. Port forward in the ActionTec port 666 to the IP address of the
> WAN side of the unspecified Linksys model wireless router.
> 2. Port forward in the unspecified Linksys router port 666 to the IP
> address of your desktop.
> 3. Your desktop *MUST* have a static (fixed) IP address for this to
> work. Similarly, the WAN side IP address of your unspecified Linksys
> wireless router must have a static (fixed) IP address.
>
>> Also, how can I setup the ports to forward to ANY computer on my
>>network rather than one specific IP?
>
> Look into "port triggering" in BOTH routers. Again, you will need to
> setup port triggering in BOTH routers.
>
> However, I would change everything to a more manageable setup.
> There's no need for two routers. The Actiontec 701G seems to have no
> way to disable the router section. So, you're stuck with using it. I
> suggest you convert your unspecified model Linksys wireless router
> into just an access point (no router). To do this:
> 1. Setup the IP address of the Linksys to be accessible but not
> duplicated by the Actiontec. For example, if the Actiontec is
> 192.168.0.1, then the Linksys IP should be 192.168.0.2.
> 2. Disable the DHCP server in the Linksys.
> 3. Ignore the WAN port on the Linksys.
> 4. Connect a CAT5 cable between a LAN port on the Actiontec and a LAN
> port on the Linksys. You may need to create a cross-over cable if the
> built in switches are not auto-polarity sensing or do not have an
> MDI/MXDI switch or port.
>
> The Linksys is now just an access point. None of its router
> configuration does anything because there's nothing connected to the
> WAN port. All your port forwarding and port triggering are done in
> the Actiontec.
>
> An alternative to the above is to totally discard the Actiontec and do
> everything in the Linksys. You will need to purchase a DSL modem.
> About $15-$40 on eBay. That's what I would do. Incidentally, the
> aforementioned complications is why I usually recommend a "component"
> system consisting of separate modem, router, and wireless.

Ed <Huckleberry_REMOVE_@bigvalley.net> wrote in
news:Xns9664917FBD7BBspectrumhogstarbandn@207.106. 93.175:

>
> Jeff, ( and Duane )
>
> Both of you guys have been extremely helpful in your replys.
> Thanks! Though both of you indicate I'd be better off changing my
> Linksys (WRT54G by-the way) to merely an access point, I would like
> to keep things as they are, if possible. One reason is because I
> believe the Firewall in the Linksys is superior... I have the latest
> HyperWRT on my Linksys, BTW. Let me know if my assumption if
> incorrect on this.
>

Well, a NAT router and both are NAT routers for home usage do not have a
FW as far as I am concerned. Maybe, the 54g has SPI and the 701G doesn't.
They have FW like features but are not running true FW software in the
traditional sense that meets the specs in the link for *What does a FW
do?*.

http://www.vicomsoft.com/knowledge/r...irewalls1.html

An appliance running true FW software will meet the specs in the link
above and some high end NAT routers come very close to a FW appliance.

Both of them meet the specs for a NAT (no FW) router.

http://www.homenethelp.com/web/explain/about-NAT.asp

The NAT router is good enough for home protection until you start doing
high risk things like *port forwarding*.

Some users of a NAT router will supplement the NAT router with a PFW
solution or some other packet filtering software at the machine level
that can stop outbound by port, protocol and IP, since most NAT routers
cannot do it.

Maybe running them in series will help, but I learned not to trust a NAT
router, especially one for home usage and in particular a wireless one.
;-)

Duane

On Sat, 28 May 2005 21:18:12 GMT, Ed
<Huckleberry_REMOVE_@bigvalley.net> wrote:

>I would like to
>keep things as they are, if possible. One reason is because I believe
>the Firewall in the Linksys is superior... I have the latest HyperWRT on
>my Linksys, BTW. Let me know if my assumption if incorrect on this.

Assumption, the mother of all screwups.

Think about what you are trying to protect and protect from.
If you're worried about getting attacked from the internet, by evil
and diabolical agents of the dark side(tm), like me, then piling on of
the firewalls and will improve your security. You can even do tricky
things with two firewalls, such as creating a DMZ or possibly a "honey
pot" to attract the bad guys in between the routers. Whatever level
of overkill you find necessary.

However (insert drum roll), no amount of NAT firewall protection will
do anything for protecting you against a rogue web site, full of
spyware, trojans, and software bombs. Your web browser goes right
though the firewalls, downloads the malware, installs, and your
security is now totally blown. Say goodby to some key files and
anything you type (i.e. credit card numbers).

Similarly (yet another drum roll), since your wireless LAN is on
inside of your two firewalls, attacks via the wireless will not go
through either router. Once your encryption keys are known, your
desktops are exposed.

In my never humble opinion, dumping the first router, replacing the
DSL modem, and doing everything in the Linksys WRT54G router, is good
enough protection, and offers the benifits of simplicity.

Incidentally (no drum roll this time), my definition of security is
based upon logging and monitoring. It's one thing to build up layer
and layer of security. It's another to be sure that they're working.
Think intrusion detection, traffic monitoring, and logging.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

> Think about what you are trying to protect and protect from.
> If you're worried about getting attacked from the internet, by evil
> and diabolical agents of the dark side(tm), like me, then piling on of
> the firewalls and will improve your security. You can even do tricky
> things with two firewalls, such as creating a DMZ or possibly a "honey
> pot" to attract the bad guys in between the routers. Whatever level
> of overkill you find necessary.


No, Jeff, I am not using both routers because I think two in series is
better. I'm using the Linksys because I believe it has the best
protection features, (SPI for one - the Actiontec doesnt' I think). In
fact, I have the Firewall turned off in the Actiontec DSL modem, just to
avoid more confusion. I just like the flexibility of the Linksys router
and wireless access over the Actiontec. Since the Linksys doesn't do
DSL, I have to use the Actiontec. I will consider the suggestion you or
Duane made about just buying a basic DSL modem, but I hate to spend the
money when the Actiontec works well in that regard... plus it is the unit
provided by Qwest and makes Tech Support easier in that regard.

Still haven't implemented your previous suggestions as I have spend
the greater part of my afternoon putting in a #&^%$! dog door. More
later.


Thanks

Ed

"Ed" <Huckleberry_REMOVE_@bigvalley.net> wrote in message
news:Xns9664777F9E10spectrumhogstarbandn@207.106.9 3.175...
>
>
>
> My Network consists of an Actiontec 701G DSL modem/router, which
in turn
> connects by ethernet port to my Linksys Wireless Router. My
computer
> network accesses the Linksys Wireless router for Internet access.
>
> I have a computer program which requires my network allow
forwarding on
> a couple ports. I have no problem setting the required ports in the
> Linksys, but my QUESTION is what do I do in the DSL modem? It has a
> similar port setup as the Linksys.... do I set up the ports to
forward to
> my computer DHCP assigned IP, or to the Linksys IP?
>
> Also, how can I setup the ports to forward to ANY computer on my
> network rather than one specific IP?
>
> Thanks in advance for any help.
>
>
> Ed

I had a similar situation with a Westel modem/router and a netgear
router. The easy solution
for me was to run the Westel in bridge mode. A factory reset is what
put the westel in
bridge mode (which actually just wipes out the ip configuration). Not
sure about the
actiontec but it may be able to run in bridge mode too.

>
> However, I would change everything to a more manageable setup.
> There's no need for two routers. The Actiontec 701G seems to have no
> way to disable the router section. So, you're stuck with using it.

That's what I came up with, too.

> I suggest you convert your unspecified model Linksys wireless router
> into just an access point (no router).

BTW, the Linksys is a WRT54G running HyperWRT 2.1b1

To do this:
> 1. Setup the IP address of the Linksys to be accessible but not
> duplicated by the Actiontec. For example, if the Actiontec is
> 192.168.0.1, then the Linksys IP should be 192.168.0.2.

Believe I already have this. The Actiontec default is 192.168.0.1
and the Linksys default is 192.168.1.1


> 2. Disable the DHCP server in the Linksys.

Question on this: Who do you "disable" the DHCP other than changing
it to Static IP? Or is static IP what I want on it then?

> 3. Ignore the WAN port on the Linksys.
> 4. Connect a CAT5 cable between a LAN port on the Actiontec and a LAN
> port on the Linksys. You may need to create a cross-over cable if the
> built in switches are not auto-polarity sensing or do not have an
> MDI/MXDI switch or port.
> The Linksys is now just an access point. None of its router
> configuration does anything because there's nothing connected to the
> WAN port. All your port forwarding and port triggering are done in
> the Actiontec.

So, given what I already have setup up, the only real change I need
do is move the Actiontec cable going to my Linksys WAN port over to a
Linksys LAN port, and disable DHCP in the Linksys?

>
> An alternative to the above is to totally discard the Actiontec and do
> everything in the Linksys. You will need to purchase a DSL modem.
> About $15-$40 on eBay. That's what I would do. Incidentally, the
> aforementioned complications is why I usually recommend a "component"
> system consisting of separate modem, router, and wireless.

I like that idea and will start looking for a cheap DSL modem.
Meantime I will try the above changes. Thanks.

Ed

>
> Question on this: Who do you "disable" the DHCP other than changing
it to Static IP? Or is static IP what I want on it then?

Should have been HOW, not "Who"

Ed