Equipment (Modems,Gateways)
Back to Top

DPC3939B + RV325 still cannot figure out forwarding

SOLVED
Highlighted
Latitude42
Frequent Contributor

DPC3939B + RV325 still cannot figure out forwarding

Continuing a question I started elsewhere under "Wifi" this week (and thank you for advice I received there).

 

I figured out most, but not all,  things to do for Static IP + 3939B + RV325 VPN device. My LAN-side devices connected to RV325 now have outbound connectivity to Internet. I am still trying to port-forward from Internet to a Linux server that is on the RV325. I am just not getting succeeding. Desired ports on the Linux server are, for now, are SSH (22) and HTTP 80, from Internet.

 

My static IP from comcast is x.y.z.114.

 

So, after a lot of surfing around I finally determined that the RV325 WAN-side connection parameters are:

 

IP Address:                  x.y.z..113

Default Gateway:        x.y.z.114

Subnet:                        255.255.255.252

 

This finally got my LAN side clients on the RV325 outbound access to Internet. I'm still not able to port-forward from Internet to my Linux box which is connected to the RV325 with static IP of 192.168.1.4

 

Here is what is just alluding me completely. So, I am trying to set up this port forwarding to Linux with RV325 in the middle. Since the 3939B is in pseudo-bridge mode (by this I mean true bridge not enabled but bridging intended),  DHCP is turned off on the 3939B. So I can't reserve an IP address for the RV325 on the LAN-facing side of 3939B.  When I try to set up port-forwarding on the 3939B, how am I supposed to declare the address of the RV325? I tried to say x.y.z.113, but that wasn't allowed because the LAN-facing address space on the 3939B is 192.168.1.1/24.

 

 

Accepted Solution

Re: DPC3939B + RV325 still cannot figure out forwarding

Yes, train_wreck has that thought triggering charisma, huh? Man Wink

 

Always remember that there are 3 elements to a static IP : 1.) Routable , 2.) Gateway and 3.) subnet mask. Whenever you configure any networking interface for static IP, these three elements must always be entered correctly. Also, it is also goo practice to enter the primary and secondary DNS addresses.

 

Just wanted to provide comments  on your following inputs:

"

  1. Even though 3939B is not in bridge mode, once in service it will BEHAVE like it is in bridge mode. Therefore, to reach your services from Internet use the VPN device static IP address (not the cable  gateway static IP address)

For any static IP routable address device, it is always necessary to insure that whatever application ports you need opened are in fact opened. You can do this within the DPC by loggin, then clicking on advanced, unchecking Disable all FW static IP Ports, then making sure that Block All Ports With The Following Exceptions is selected, click the Add Button then enter in the AppName, public port, private port, both, routable_static_IP_address. I alway recommend this method because it provides the more secure means to have ONLY the Ports open that you need.

 

2. As for bridge mode, forget about it. All that advice from other threads  that you cannot use it is correct. It won't work.

 

Absolutely correct ! You cannot use static IPs when ANY modem is is True Bridge Mode. It is always good practice to disable the DPC LAN server, especially if you are using the RSV325 inherent DHCP to avoid and routing conflicts. Some customer do not want to give you their DPC wifi, which is fine, so in this case you would need to disable your RSV325 DHCP server and let the DPC dole out the dynamic IP addresses.

 

3. Don't even worry about how 3939B will find the VPN device. That will take care of itself.

 

Again absolutely correct !

 

4. You still need to set up port forwarding on the 3939B, and the target addresses you provide are the LAN-side addresses.

 

Having some trouble getting my head arounf this comment, so could you further explaion what you mean?

Hope this helps you out.

 

 " 

 

 

 

 

View solution in context
Trusted Forum Contributor

Re: DPC3939B + RV325 still cannot figure out forwarding

Can you try disabling the firewall on the DPC3939B by going to the "Firewall" page and selecting "Disable firewall for True Static subnet". Then, make sure that you have properly forwarded TCP port 22 on the RV325 to the internal IP address of the Linux machine.

Latitude42
Frequent Contributor

Re: DPC3939B + RV325 still cannot figure out forwarding

I solved it earlier today. The hint in the previous reply helped restore sanity and success came a few minutes later.

 

I was disoriented.

 

When I log onto the 3939B web console the IP address shows as  x.y.z.114 (this was done by Comcast support remotely when I signed up for one static IP). I set the address of the RV325 to x.y.z.113 which was the other address in the email from comcast and I also set the subnet mask to 255.255.252.

 

I though that from the Outside World the addrss to use is x.y.z.114. Nope. It is x.y.z.113.

 

As you suggested, the port forwarding rules set-up on 3939B should refer to the 192.168.1.x style address of the target device connected to RV325.

 

Thank you. Up and running.

 

The rules that help seem to be

 

  1. Even though 3939B is not in bridge mode, once in service it will BEHAVE like it is in bridge mode. Therefore, to reach your services from Internet use the VPN device static IP address (not the cable  gateway static IP address)
  2. As for bridge mode, forget about it. All that advice from other threads  that you cannot use it is correct. It won't work.
  3. Don't even worry about how 3939B will find the VPN device. That will take care of itself.
  4. You still need to set up port forwarding on the 3939B, and the target addresses you provide are the LAN-side addresses.

 

 

Trusted Forum Contributor

Re: DPC3939B + RV325 still cannot figure out forwarding

Yes, train_wreck has that thought triggering charisma, huh? Man Wink

 

Always remember that there are 3 elements to a static IP : 1.) Routable , 2.) Gateway and 3.) subnet mask. Whenever you configure any networking interface for static IP, these three elements must always be entered correctly. Also, it is also goo practice to enter the primary and secondary DNS addresses.

 

Just wanted to provide comments  on your following inputs:

"

  1. Even though 3939B is not in bridge mode, once in service it will BEHAVE like it is in bridge mode. Therefore, to reach your services from Internet use the VPN device static IP address (not the cable  gateway static IP address)

For any static IP routable address device, it is always necessary to insure that whatever application ports you need opened are in fact opened. You can do this within the DPC by loggin, then clicking on advanced, unchecking Disable all FW static IP Ports, then making sure that Block All Ports With The Following Exceptions is selected, click the Add Button then enter in the AppName, public port, private port, both, routable_static_IP_address. I alway recommend this method because it provides the more secure means to have ONLY the Ports open that you need.

 

2. As for bridge mode, forget about it. All that advice from other threads  that you cannot use it is correct. It won't work.

 

Absolutely correct ! You cannot use static IPs when ANY modem is is True Bridge Mode. It is always good practice to disable the DPC LAN server, especially if you are using the RSV325 inherent DHCP to avoid and routing conflicts. Some customer do not want to give you their DPC wifi, which is fine, so in this case you would need to disable your RSV325 DHCP server and let the DPC dole out the dynamic IP addresses.

 

3. Don't even worry about how 3939B will find the VPN device. That will take care of itself.

 

Again absolutely correct !

 

4. You still need to set up port forwarding on the 3939B, and the target addresses you provide are the LAN-side addresses.

 

Having some trouble getting my head arounf this comment, so could you further explaion what you mean?

Hope this helps you out.

 

 " 

 

 

 

 

Labels
Discussion stats
  • 3 replies
  • 2298 views
  • 0 kudos
  • 3 in conversation