New problem solver
•
13 Messages
Pseudo Bridge Mode
My Netgear CG3000DCR is in bridge mode. I understand that this is not true bridge mode, but a pass thru mode.
What are the differences between the two? My remote users can not connect back to my server since switching to Comcast. All other Internet access works fine.
My concern is that the pseudo bridge mode is doing/blocking some internet traffic that is preventing my users from connecting.
Thanks.
Accepted Solution
VBSSP-RICH
Advocate
•
1.4K Messages
11 years ago
Hello awrych,
The only ports that Comcast intentionally blocks are these. I would recommend you try the followin:
1. Log into you Netgear 3000 , click on firewall and make sure your static IP firewall and smart-packet detection are both disabled.
2. Always make sure that your staticIP routable device application(s) port(s)s for incoming interconnect access are open. This could also be a MS OS security application setting, as well.
3. Lastly, there is a firewall, port configuration, true static IP managment link that should allow you to only open specific ports on your static IP routable device by address. Simply open the ports of your Static IP routable device application.
Hope this helps you out.
0
Accepted Solution
awrych
New problem solver
•
13 Messages
11 years ago
Hi,
1. These are checked.
2. Not sure what you mean by this. I have full internet access.
3. I do have ports open that are working for our SIP phone and email scanning service. I have opened the port I need for my email client to access the server remotely (the program that is not working).
Thanks for the help.
0
0
train_wreck
Gold Problem solver
•
610 Messages
11 years ago
Additionally, on the SMC (and I think on the Netgear as well) , under "Firewall" -> "Port Configuration" -> "True Static IP Port Management", there is a checkbox labeled "Disable all rules and allow all inbound traffic through" which should be checked.
0
awrych
New problem solver
•
13 Messages
11 years ago
The Netgear has the same setting. on mine it is checked, but greyed out. There are some other port forwarding settings that have the option to be disabled, I disabled all of them.
Thanks for the help.
0
0
VBSSP-RICH
Advocate
•
1.4K Messages
11 years ago
Hi awrych,
"The Netgear has the same setting. on mine it is checked, but greyed out. There are some other port forwarding settings that have the option to be disabled, I disabled all of them. "
Okay, let's try this in the Netgear 3000 : login, click firewall, uncheck the disable true static IP firewall, then click on port configuration and see if your true static IP port managment is now enabled. Now you should be able to go into here and ONLY open that port on your server.
0
0
VBSSP-RICH
Advocate
•
1.4K Messages
11 years ago
Hi again awrych,
1. These are checked.
Great, then this is not your issue.
2. Not sure what you mean by this. I have full internet access.
If you are using Windows 7 or especially 8, then there are appilcation security settings that must be set to allow external access.
3. I do have ports open that are working for our SIP phone and email scanning service.
Okay but this sounds like this is strictly intra-networking for you SIP phones and EFax.
4.) " I have opened the port I need for my email client to access the server remotely (the program that is not working)."
Is the port on your remote access device/computer opened ? Is the port now opened in the Netgear 3000 true static IP managment link specific to your server staticIP address? See above 2 for your application running on your server?
0
0
VBSSP-RICH
Advocate
•
1.4K Messages
11 years ago
Hi again train_wreck,
You are absolutley corerrect and thanks !
However, I always recommend for specific customer security purposes to only use the "block all ports with the following exceptions" drop-down menu item. Then the customer can ONLY open the specific ports of the application running on his StaticIP device that remote interconnect requires. This really maximizes the customer's security in that 2 fold : 1.) only ports on that app will be open and 2.) if customer wants to encrypt his remote access he could use the staticIP address:port no specifically so only authorized users would know this detail. This sure beats putting anything into the DMZ for sure....lol
0
0
awrych
New problem solver
•
13 Messages
11 years ago
Hi,
1. Cool
2. I have a Novell OES server behind a Netgear firewall attached to the Netgear 3000 from Comast.
3. These ports are open to specific IP addresses at my vendors.
4. I have never had to have a port open on the remote device. The remote device is a laptop. Before the switch to Comcast the laptops connected. I will have to check and see if the Windows firewall may be stopping the traffic. Did not consider that the laptop firewall may be causing the problem.
Thanks.
0
0
train_wreck
Gold Problem solver
•
610 Messages
11 years ago
sure. i was just trying to get all firewall stuff disabled for him, just so he could rule out any blocking within the cable modem's firewall.
personally I tend to prefer doing all my firewalling on my internal router instead of the modem, because I can get more granular methods of access control (firewalling by source/destination IP, subnet, protocol, port, bandwidth amount, rate limiting, etc etc) but to each his own. 🙂
0
0
awrych
New problem solver
•
13 Messages
11 years ago
HI,
I too run all my firewall settings on my firewall. I do not want the Netgear 3000 to do any firewalling. I have done as train_wreck suggests. I will give this new setting a try and see if my problem is solved.
Thanks.
0
0
awrych
New problem solver
•
13 Messages
11 years ago
Hi,
Update: I unchecked the static IP firewall under firewall settings. No other boxes are checked under Port Forwarding. Under True Static IP Port Management, that box is unchecked and I switched the drop down list to Open all ports.
Now everything works as needed. Going to do some more tests, but I think my problem may be solved.
Thanks for everyone's help.
0
0