New Contributor
•
3 Messages
Port Forwarding with router behind comcast supplied gateway
I need some help. I have a comcast gateway TG862G I also have a netgear R6300. I called comcast support to put my gateway in bridge mode because I want to be able to control my network through my netgear and port forward etc. What am i doing wrong? I need to open port 500 on my netgear (and it is open) but I can't see it its blocked somehow. Does my comcast gateway need to be in true bridge mode to do this? Please help me! I am so lost.
Accepted Solution
tmittelstaedt
Problem solver
•
326 Messages
10 years ago
You can't run a typical IPSec VPN through a translator, that's just a property of IPSec VPNs. Forwarding 500 isn't going to do anything.
Some manufacturers have modified their VPN concentrators and have special clients that basically warp the IPSec VPN spec to allow this to work.
A far better VPN protocol to use if the VPN must pass through a translator is an SSL VPN protocol.
Typically with IPSec VPNs you use the router/translator as the VPN origination/endpoint.
It is also kind of pointless to do any port forwarding when you don't have a static IP address, as your router IP is going to be changing periodically and whatever on the Internet is supposed to be accessing whatever it is you want to have accessed won't know what the new IP is.
What are you trying to use BEHIND your router that needs port 500 forwarded?
0
0
train_wreck
Gold Problem solver
•
610 Messages
10 years ago
In general, yes you'll want to have your COmcast gateway in "true bridge mode", which makes it act like a standard cable modem. To check whether it's properly bridged, look on your Netgear router at the "WAN address". If the numbers look something like "10.1.10.10", (or 10.1.10.x, where x is 2-254) then the Comcast gateway is NOT in bridge mode.
As well, are you trying to forward port 500 to an internal machine on your LAN? If so, make sure that on the port forwarding page, the port number is 500 (you may see 2 options for an "external" and "internal" port, if you do then set them both to 500), and make sure the IP address listed in the port forwarding rule truly does match whatever machine's IP address on your LAN that your trying to forward traffic to.
BTW, port 500 (at least with the UDP protocol) happens to be normally used for IPsec VPNs; is this what you're trying to do? If so, you'll need to make sure that "IPsec Pass-Through)" is enabled on the Netgear as well.
0
0
train_wreck
Gold Problem solver
•
610 Messages
10 years ago
Nah, i run numerous IPsec VPN endpoints on dynamic addresses. Most modern IPsec clients support contacting the other endpoints via DNS, and this combined with a dynamic DNS-capable registrar solves this quite well. In my experience Comcast changes customer dynamic v4 addys very infrequently (ive kept the same addresses for years at a time)
0
0
finchmusic2520
New Contributor
•
3 Messages
10 years ago
Hi-
Thanks guys for the replies. Much apprciated as this is really killing me. Let me go into a little more depth to make this easier.
I'm running a Mac server and want to be able to use the VPN functionality. I used to have an apple airport and all port forwarding rules, etc were turned on with one click. Anyway here's my setup:
Mac server at ip address: 192.168.1.5 (static ip)
Netgear R6300 on same ip range 192.168.1.1
Comcast Gateway in full bridge mode (I made sure that netgear is getting a public routable ip address)
Question on this though: The comcast gateway shows a different wan ip then the netgear not sure if that means anything?
Anyway i need to forward a bunch of ports but none of them seem to be open when i check on different sites (i.e. canyouseeme.org it says connection refused).
I googled more about ip sec pass through and most people said with the r6300 if you click respond to ping on internet port that should take care of that.
Not sure what else I'm doing wrong here? Any ideas guys?
0
0
train_wreck
Gold Problem solver
•
610 Messages
10 years ago
Well, as tmittlestaedt said implementing an IPsec VPN behind a firewall can be tricky, particularly on such a consumer-level device as your Netgear R6300. As stated, an SSL-based VPN would be more worth checking out. I will go ahead and recommend OpenVPN http://openvpn.net . It runs on practically every platform, can use pre-shared keys or an X509 PKI, and works perfectly behind firewalls; it uses one port, UDP 1194. It's also a bit more "standardized" than IPsec-based VPNs, as the server and client are both the same program, and behave nearly identically on every platform, something that CANNOT be said for IPsec servers/clients. In my experience, OpenVPN is MUCH easier to setup/manage than the various implementations of IPsec.
BTW the Comcast gateway having a different WAN address is normal; your router gets a WAN routeable address for your traffic, and the Comcast gateway gets an address so that Comcast reps can remotely login & manage the device.
0
finchmusic2520
New Contributor
•
3 Messages
10 years ago
Thanks so much I'll check out open VPN I'm trying to learn a few things so was trying to learn how to set up an apple server and all of its services but haven't had much luck. Thanks for all of your help and answering all of my questions.
I was able to get port 1723 to open but port 500 will not open? Weird.
Thanks again!
Joe
0
0