Skip to content
WaltRiceJr's profile

Visitor

 • 

5 Messages

Thursday, March 16th, 2017 9:00 AM

After FW update, can't access static IPs from internal network

Our DPC3941B did a SW update last night, and now we cannot access the static IP addresses from our internal network (192.168.1.x). 

 

screenshot-192.168.1.1 2017-03-16 12-04-17.png

 

We are not using the Advanced > NAT settings. The servers are configured with two network cards, one with an internal address, one with an external address. They can be accessed from outside this network just fine. And until this morning, we could access them from the internal network just fine.

 

 

 

I called Comcast, and the rep told me this never should have worked, but that is ridiculous. Been working fine for months.

 

Can we roll back the FW? Get a fix? How can we make this work? It's kind of pointless to be able to host your own web servers -- and not be able to access them from your own network.

Accepted Solution

Visitor

 • 

5 Messages

8 years ago

So the Comcast tech who was supposed to come today never came. C'est la vie.

 

Meanwhile, I installed a new EdgeRouter X, and set up the 5 statics on the WAN interface and mapped them to the appropriate servers via NAT.

 

In this particular setup, I lose one of my static IPs, because the router itself needs an IP. And since we can't do Bridge Mode with static IPs on these Comcast modems, it can't use the IP assigned to the Comcast gateway.

 

Loopback NAT was relatively easy to configure on the ER-X, and works very well. 

 

From my perspective, problem solved. But you probably want to figure out what you broke in the firmware. 

Official Employee

 • 

869 Messages

8 years ago

Hello WaltRiceJr,

 

It looks like the firmware turned NAT off. See if you can access it now that it's turned back on. 

Official Employee

 • 

869 Messages

8 years ago

NAT has been turned back on and firewall has been set to allow all traffic. 

Visitor

 • 

5 Messages

8 years ago

NAT was turned off before! This isn't the problem. I'm using true static IPs on my servers, and posted the screenshot to show you that I am NOT using NAT. Your change broke my outside access, thank you very much. It might have worked, but you didn't change the firewall to allow any ports through. Firewall is disabled for the static IP subnet.

Visitor

 • 

5 Messages

8 years ago

Well, you disabled NAT, rather than enabling it. But that's ok, because it still isn't the solution. Stop mucking with that NAT page.

 

From the internal 192.168.1.x network, I need to be able to ping 96.83.202.193. And access websites at that address.

 

THIS WILL NOT WORK WITH NAT. I already knew this. Knew it from the beginning. Your router doesn't do NAT loopback.

 

But it did work with the static IP subnet, without NAT enabled, until this morning.

Visitor

 • 

5 Messages

8 years ago

And NAT is not the solution anyway, because your routers (stupidly) don't support NAT loopback. So the only way this worked before, and the only way it will work now, is with the servers configured on the static subnet. 

New Member

 • 

3 Messages

8 years ago

Yes, we have been having the same problem after the FW update.  In other words, the static ip's (sip) we were using on two devices just stopped working after the FW update.  But, when we use the gateway staitc ip and use port forwarding to one of the previously mentioned devices, the device started working again as it did before the FW update.  So, we know that something in the FW update has created a problem with the other sip's - since the gateway ip with port forward works - we were using and tech support team cannot come up with a solution that will fix the problem.  Any thoughts on why the FW will not allow tha sip's to pass through traffic appropriately?  I read that the NAT was turned off????  When we used our block of static ip's we used NAT to tell the modem to direct the SIP to an internal lan ip associated with a device (no need to forward any ports with a static ip).  Any help would be much appreciated at this point.  Thanks again

New Member

 • 

3 Messages

8 years ago

In addition ,when you go back to use a static ip, with nat to an internal ip, and you check if a port particular port is open (all ports should be open - using static ip with nat) , it shows the port is closed.  But, again, if the gateway static is used, and port forwardingused - no nat in thisscanrio - all works.  Gateway is not letting traffic through the other static ip's. 

New Member

 • 

3 Messages

8 years ago

and it looks as if the subnet mask being picked up by the device now is 255.255.255.252, (or 1 static IP) which would mean that the only static available to us on the modem is most likely the one gateway static that is give to the gateway - hence that is why it would work when we switched to the gateway static after the firmware update took down all of the add'l static ips we had.  there is something wrong with the gateway (has wrong subnet, static ports closed....) ... Can someone help here?