Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Port forwarding through second (bridged) router  (Read 20567 times)

0 Members and 1 Guest are viewing this topic.

Schop

  • Guest
Port forwarding through second (bridged) router
« on: June 13, 2008, 03:54:31 PM »
Earlier I had a working regular LAN Described below, but since the router has just two ethernet ports I installed a second router (hardware-configured and wired as bridge) to serve all our three PC's. Now I am trying to get the port forwarding to work..

The initial working setup:
WAN <-> Wannadoo Livebox <-> 3 PC's

Current setup, functional except for port forwarding:
WAN <-> Wannadoo Livebox <-> Buffalo Airstation (WHR-HP-G54) <-> 3PC's
(additionally: The Airstation has four LAN ports and one WAN port, in bridge config. the ethernet cable from the Livebox is connected to the 4rth LAN port and the PC's to the 1-3rd. It has a hardware switch to set it to either bridge mode or router mode, it's in bridge mode now)

I hope some of you awesome people can tell me how port forwarding works in this setup, I have tried the following:
- forward from the Livebox directly to the PC's IP, Airstation's routing turned off
- No forwarding on Livebox, Forwarding from Airstation to PC's IP
- Forwarded from Livebox to Airstation, forwarded from Airstation to PC's IP
- (probally dumb) forwarding to PC's IP from both the Livebox and Airstation

There is an awefull lot of information I can give about my network and hardware but most effective I guess if I wait until a helpful hand actually requires them. In The meantime, here's the link to the Airstation's product page:
Buffalo Airstation (WHR-HP-G54)

Just to get my mind straight it could be handy to link IP's with device names instead of name them individually: currently my network is configured with the following IP's

Livebox: 192.168.1.1
Airstation: 192.168.1.100
PC1: 192.168.1.10
PC2: 192.168.1.11
PC3: etc..
Wireless laptop (Allthough probably not important to mention): DHCP assigned

(edit)
I can provide setup pages (you know, just file>save page as) from the router and bridge at request.
(endedit)

===
Off topic allready:
(Yes, I am a bad person.. )

The firmware language of my Airstation is German and I can't find an English version it would accept, nor a built-in setting to change language. It's no big deal but slightly annoying. The firmware from the download page (see above link) wasn't accepted by the built-in update function, neither version 1.2 nor 1.40.

Any suggestions (or even solutions? ;) ) are, of course, appreciated a lot.

viking



    Adviser
  • miaow-miaow 2.0 for networks
  • Thanked: 1
    Re: Port forwarding through second (bridged) router
    « Reply #1 on: June 14, 2008, 02:58:07 AM »
    As I'm thinking now, you need only to forward from your "main" router (Livebox) to the IP's of computers.
    Easy question: have you tried with firewalls on computers disabled? (check to see if it is not a firewall problem)
    If you connect a computer directly to main router (Livebox), port forwarding works?


    You can't use only one router? The one with many ports (Airstation)?

    Schop

    • Guest
    Re: Port forwarding through second (bridged) router
    « Reply #2 on: June 14, 2008, 06:01:23 AM »
    Thanks for the response. I haven't tried the firewall yet, probally because I never like to disable firewalls :S
    anyway, I can't remember specifically allowing incoming connections to the IP of the bridge so that might be the/a problem.
    Also, a single router is extremely unfortunately not possible: our internet contract or whatever you call it states that it may only be used with one of their own, rented, routers. Which doesn't have enough ethernet ports. Using just the Airstation proves not to work, apart from it being just disallowed.

    There is by the way the possibility to st the Airstation to router mode and double route connections, it will increase latency but it might just work? :S

    I'll keep you updated.

    Schop

    • Guest
    Re: Port forwarding through second (bridged) router
    « Reply #3 on: June 14, 2008, 01:50:01 PM »
    Unfortunately it's not a firewall issue, or at least not a software firewall. Both routers have hardware firewalls but I didn't find out yet if the Airstation's is turned on. The livebox has a live firewall.

    I fear that this is going to need an expert on the subject, it's a horribly specific problem.. :S

    viking



      Adviser
    • miaow-miaow 2.0 for networks
    • Thanked: 1
      Re: Port forwarding through second (bridged) router
      « Reply #4 on: June 15, 2008, 07:06:11 AM »
      I asked a few questions :) You answered one.
      If you connect one computer directly to their router, port forwarding works?

      Another question: computers in LAN can ping each other? Do you have other firewalls  controlling the communications?
      What IPs can use for LAN the DHCP server on Airstation? (Am I speaking correct here?)  Can you change them? Can you choose to give IPs from 10.0.0.0/8, for example?
      I watched in the manual found here http://www.buffalo-technology.com/support/downloads/wireless-g-mimo-performance-broadband-router-and-access-point/, at the page 28/84 and there I see you can change the IPs.
      I think it is possible to use both routers as routers.

      Schop

      • Guest
      Re: Port forwarding through second (bridged) router
      « Reply #5 on: June 15, 2008, 07:15:06 AM »
      Sorry I started answering before I properly read the rest :S
      Port forwarding works properly indeed when attached to just one router (livebox)
      And luckily, we can even get to each other's windows file shares. None of our firewalls control anything except allowing or denying access neither do the hardware ones. But turning the (software) firewalls off doesn't help..

      viking



        Adviser
      • miaow-miaow 2.0 for networks
      • Thanked: 1
        Re: Port forwarding through second (bridged) router
        « Reply #6 on: June 15, 2008, 07:16:12 AM »
        I modified my previous post.

        Schop

        • Guest
        Re: Port forwarding through second (bridged) router
        « Reply #7 on: June 15, 2008, 05:55:55 PM »
        Slightly confusing.. sorry

        The IP's can be changed at will but I don't know if the IP range can be too. There is a setting for subnet mask which as far as I know does just that, but never touched that yet. I'll try to and keep you updated. (Judging from the manual page 28 I just read I guess I can change it all to whatever I wish, but if the Livebox will support it... :S )
        It is by the way indeed possible to use both devices as router. But, again, my doubts with the livebox.

        Also, I prefer not to use the DHCP, or, at least manually assign my desktops an IP to make them easily acessable through static IP's.

        viking



          Adviser
        • miaow-miaow 2.0 for networks
        • Thanked: 1
          Re: Port forwarding through second (bridged) router
          « Reply #8 on: June 16, 2008, 03:10:16 AM »
          You can change the DHCP pool. The subnet mask does not bother you if it provides in your local network enough IPs. You have to do that only on the Airstation.
          Question: how well do you understand the IP networks? Your last post confuses me too - I had an opinion, that you have some knowledge about IP networks, and in the last post you changed my opinion.

          If you use port forwarding it is safer to use static IPs, so the "server" computer won't change it's IP.

          Schop

          • Guest
          Re: Port forwarding through second (bridged) router
          « Reply #9 on: June 16, 2008, 06:34:31 AM »
          I do understand networking enough.. I guess. If I don't understand something you say I'll just ask, but that isn't needed so far.
           Right now everything in the network has the same (192.168.1.x) range which should be good. And the DHCP has allways been turned on except for the three static computers.

          You can change the DHCP pool. ... You have to do that only on the Airstation.
          Could you explain why? I can't somehow relate the issue to the airstation's DHCP pool :S

          viking



            Adviser
          • miaow-miaow 2.0 for networks
          • Thanked: 1
            Re: Port forwarding through second (bridged) router
            « Reply #10 on: June 16, 2008, 04:40:11 PM »
            If you would use the devices as routers, than you will have to change the settings on Airstation. I mean the IP for it's "LAN" and the DHCP pool settings. He will receive IP to it's WAN port from the Livebox or you will set up a static IP so it will be in the same class as the IP of the LAN port from the Livebox. But, for Airstation "LAN" settings you will have to choose a different IP class. If Airstation WAN IP and Livebox LAN IP are from 192.168.0 class, then Airstation LAN IP will have to be from another class, 192.168.x, where x should be something else than 0, or from 172.0.x to 172.16.x, or 10.0.x to 10.y.z, your choice for this one. I'm apologizing for complicating without reason my answer, I hope I'm not troubling, it's just the basic of giving IPs from the reserved addresses (reserved for this purpose). I'm apologizing for my previous post, now I re-read that one and I see I post it with ambiguities, I did not mentioned that you have to change the DHCP pool for Airstation only in the case you will use both devices as routers.

            Please tell us if you find a solution to your problem. It's something that should not be a problem, but it seems to be, and so maybe you will find a suitable solution for the situation (so when I will encounter the same situation I will know a solving method).
            « Last Edit: June 16, 2008, 04:54:32 PM by viking »

            Schop

            • Guest
            Re: Port forwarding through second (bridged) router
            « Reply #11 on: June 16, 2008, 06:44:56 PM »
            I sort of get it now. Thing to mention though is that currently the livebox is connected to the airstation's LAN port, not the WAN. I thought that way everything could use the same range. Anyway, it doesn't work so I am going to try what you advise:
            Both routers set as router and the livebox connected to the Airstation's WAN. For the ease of remembering I'll set the Airstation to an A network so that all but the livebox will be 10.0.0.x (the livebox will remain 192.168.1.1)

            Still, how "should" the port forwarding work when I have the setup described above?
            I guess the Livebox should forward anything to the airstation and the Airstation does the final forwarding to the PC's. But that's just a thought.

            Then, the last question for today (almost 3 AM but *censored*) :
            Is it possible and/or necessary to give the Airstation a C range WAN IP and a different, A range LAN IP?

            Ignore the last thing if it confuses you, I'll try it all out tomorrow and keep you updated. In the best case it works like a charm. Worst case would be no difference and no clue on what next :P

            viking



              Adviser
            • miaow-miaow 2.0 for networks
            • Thanked: 1
              Re: Port forwarding through second (bridged) router
              « Reply #12 on: June 17, 2008, 03:32:22 AM »

              Both routers set as router and the livebox connected to the Airstation's WAN. For the ease of remembering I'll set the Airstation to an A network so that all but the livebox will be 10.0.0.x (the livebox will remain 192.168.1.1)
              livebox LAN port and Airstation WAN port will have to have IPs in the same network. (You are right).

              Still, how "should" the port forwarding work when I have the setup described above?
              I guess the Livebox should forward anything to the airstation and the Airstation does the final forwarding to the PC's. But that's just a thought.
              It's correct, Livebox forward to Airstation and Airstation forwards to PCs.


              Then, the last question for today (almost 3 AM but h**l) :
              Is it possible and/or necessary to give the Airstation a C range WAN IP and a different, A range LAN IP?
              You don't have to change the class (A, B, C). You can, but you don't have to. As example, the Livebox LAN port has the IP 192.168.1.1 . Airstation is connected through WAN port to the LAN port of Livebox. WAN IP for Airstation will have to be from the 192.168.1 network. But the IPs for the computers that connect to LAN ports of the Airstation will have to be from another network, 192.168.2 for example, or 192.168.3. And the LAN IP for Airstation will have to be from the same network as the computers. Anything but 192.168.1, which is the IP for the "WAN".
              It is possible to use other class, not only the C class. So the LAN IPs for the computers and for Airstation LAN port will be in the same network. (But you know those things. I'm only speaking the obvious here for persons who don't play with IP subnetting usually).

              Note: In my previous post I said a stupid thing. The private range for the B class is 172.16 - 172.31. I'm sorry for my mistake.

              Schop

              • Guest
              Re: Port forwarding through second (bridged) router
              « Reply #13 on: June 17, 2008, 06:54:37 PM »
              (Note: any IP used is 192.168.x.x, therefore I will only write .x.x)

              I've been trying out some stuff but it seems to come down to my Airstation and Livebox not communicating as soon as I use different IP ranges for the Airstation LAN and WAN. If everything is in .1.x it works as usual, but if I use .11.x for the "inner LAN" I have to set the Airstation's WAN port to the .11.x range as well. Otherwise I cannot access the Livebox nor the internet.
              Probably the above isn't quite clear so here three little diagrams, the first two work. the third doesn't:

              Working: Live (.1.1) - Airs WAN (.1.1  )-Airs LAN (.1.1  ) - PC (1.2  )
              Working: Live (.1.1) - Airs WAN (.11.1)-Airs LAN (.11.1) - PC (11.2)
              No connection further than the Airstation:
                          Live (.1.1) - Airs WAN (.1.1  )-Airs LAN (.11.1) - PC (11.2)

              I figured the Airstation has trouble with his schizophrenia ;)

              Also interesting is that the Airstation wasn't even accessible at all with the address 10.0.0.1 :s
              Set my PC to automatically get an IP assigned and IPConfig /renew 'd to no avail. (Yes, the DHCP server was active) BUT!!! I could see the Livebox ánd had a working internet!

              For some reason I am starting to think that IP's and ranges won't solve the problem :(

              viking



                Adviser
              • miaow-miaow 2.0 for networks
              • Thanked: 1
                Re: Port forwarding through second (bridged) router
                « Reply #14 on: June 18, 2008, 08:36:57 AM »
                Working: Live (.1.1) - Airs WAN (.1.1  )-Airs LAN (.1.1  ) - PC (1.2  )
                Working: Live (.1.1) - Airs WAN (.11.1)-Airs LAN (.11.1) - PC (11.2)

                Did you set up both devices as routers in these 2 scenarios? Because if Airstation was set up as a bridge, it is correct your explanation. If Airstation was set up as a router, then it is completely impossible what are you telling.
                Note: in the line live .1.1 - airs wan .1.1 - I think you made a mistake, I think Airstation had a different IP.
                Note 2: the second line: live .1.1 - airs wan .11.1   : in this case communication is impossible. Yet you are saying they were communicating...

                After you made the modifications to Airstation (IPs, IP pools for DHCP, acting as router and not as bridge), you restarted it?


                No connection further than the Airstation:
                            Live (.1.1) - Airs WAN (.1.1  )-Airs LAN (.11.1) - PC (11.2)

                Here you have a mistake. The IP for Live and Airs wan port HAVE TO be different. I mean Live has 192.168.1.1, Airstation WAN port has 192.168.1.x, where x is something between 2 and 254 (it depends on subnet mask his value). For example you can have a valid Ip addressing like:
                Live (.1.1) - Airs WAN (.1.2) - Airs LAN (.11.1)-PC (.11.x)  where x greater or equal to 2, x is different for each device attached to your LAN network.

                Schop

                • Guest
                Re: Port forwarding through second (bridged) router
                « Reply #15 on: June 18, 2008, 09:32:38 AM »
                Sorry, in the first two cases the Airstation was still bridged, the third example was as a router.

                No connection further than the Airstation:
                            Live (.1.1) - Airs WAN (.1.1  )-Airs LAN (.11.1) - PC (11.2)

                Here you have a mistake. The IP for Live and Airs wan port HAVE to be different.

                Indeed, just a stupid mistake. It was kinda late when i tried (just before the post)
                I'll try again with .2 for the Airstation. Further than that though there are no mistakes: I double checked and those first two situations from my last post are correctly described. (In bridged mode, that is.)

                (edit)
                Just tried again, the mistake was just in my writing. The Airstation WAN wás in fact set to .1.2 and didn't work as described.

                viking



                  Adviser
                • miaow-miaow 2.0 for networks
                • Thanked: 1
                  Re: Port forwarding through second (bridged) router
                  « Reply #16 on: June 19, 2008, 03:15:18 AM »
                  If you set up both devices as routers, can you ping the Livebox? What is the output? (TTL, I'm interested in TTL value mostly).
                  If Airstation is set in bridge mode, what is the response of the Livebox to ping?

                  Schop

                  • Guest
                  Re: Port forwarding through second (bridged) router
                  « Reply #17 on: June 19, 2008, 06:44:44 AM »
                  Both in router mode gives the following PING results:
                  Livebox: 1ms, TTL=253
                  Airstation: >1ms, TTL=64

                  Results are exactly the same on every try.

                  What bothers me is that when I tried Google, the TTL is lower than that of the livebox: 243 ???

                  viking



                    Adviser
                  • miaow-miaow 2.0 for networks
                  • Thanked: 1
                    Re: Port forwarding through second (bridged) router
                    « Reply #18 on: June 19, 2008, 07:54:17 AM »
                    The TTL becomes smaller with every hop (router/gateway) the icmp signal passes.

                    I don't understand why Livebox replies with TTL 253 (it should be 254) and Airstation with 64 (it should be 255)...
                    If you connect a computer directly to Livebox, what TTL do you obtain from ping to Livebox?

                    Schop

                    • Guest
                    Re: Port forwarding through second (bridged) router
                    « Reply #19 on: June 19, 2008, 09:11:37 AM »
                    I was just reading a bit about TTL ( didn't know what it was at first) on Wikipedia but.. As I understand it should start out as 255 (at the PC or at the first hop?) and become one less with each hop as you say. What I do not understand is that it decreases all the way to 64 just to the Livebox, I would expect 253 (or 254?) according to what little I just read. You state it should be 255 at the Livebox which I also don't get :S
                    Sorry, this is sorta off-topic but I'm just eager to learn  :)

                    viking



                      Adviser
                    • miaow-miaow 2.0 for networks
                    • Thanked: 1
                      Re: Port forwarding through second (bridged) router
                      « Reply #20 on: June 21, 2008, 02:42:25 AM »
                      I have to read about TTL, I don't know how to advice you in this moment.

                      I understand now the 64 value: it is the default value your Airstation router will respond.
                      I don't think that the TTL [LE] is the problem [/LE] in your situation (I don't think the TTL is the problem for your case). I don't understand though that 253, it should be 254.
                      « Last Edit: June 21, 2008, 08:58:17 AM by viking »

                      Schop

                      • Guest
                      Re: Port forwarding through second (bridged) router
                      « Reply #21 on: June 21, 2008, 05:55:58 AM »
                      The 253 might be because the Airstation is so sophisticated it appears like two hops to the package..
                      Just thinking loud though.
                      Weird thing, that TTL. Wikipedia said it was measured in seconds, stored in hex and displayed in decimal... or something like that. Really weird thing to me but never mind.