LinuxMCE Forums

General => Users => Topic started by: skerit on January 31, 2008, 09:56:07 am

Title: Newtork problems (Ports and all)
Post by: skerit on January 31, 2008, 09:56:07 am
Hello again,

I've set up my temporary hybrid (it's only a celeron 2,66 ghz in a very old case). It's connected to my real router, but I can't connect all the devices to the hybrid directly. I still wish to use my real router as an access point, and I even want to connect some other devices to it.

Now, this all kind of works, my computer is getting an IP address from the hybrid, but then I stumbled on to a real problem: I can't open my ports!

I tried opening a port in the real router, and I even disabled the firewall on the hybrid, but I just can't get through...
Title: Re: Newtork problems (Ports and all)
Post by: Zaerc on January 31, 2008, 04:19:55 pm
web-admin >  Advanced > Network > Firewall rules, Rule Type: port forward
Title: Re: Newtork problems (Ports and all)
Post by: jgaffney on January 31, 2008, 05:07:56 pm
Or maybe your core is running DHCP messing things up.  Also check
web-admin >  Advanced > Network > Settings (I think??)

Make sure you don't have a duplicate IP as it will assign two different IP's by default.
Title: Re: Newtork problems (Ports and all)
Post by: skerit on January 31, 2008, 08:02:16 pm
Hmm, I have turned the firewall on the hybrid off, but that didn't help. I also can't completely turn the firewall of my real router off, but I *can* put a computer into a "DMZ" (Demilitarized zone, haha) I've tried this on my hybrid *and* on my computer, but still no luck ...

And, errr, I do have multiple ip's actually:

I'm using a static ip as my "external network card eth0" (the one from the real router, as I turned that DHCP-server off) and that IP address is the same one as on my internal network card...
Title: Re: Newtork problems (Ports and all)
Post by: grepico on January 31, 2008, 11:12:16 pm
Hmm, I have turned the firewall on the hybrid off, but that didn't help. I also can't completely turn the firewall of my real router off, but I *can* put a computer into a "DMZ" (Demilitarized zone, haha) I've tried this on my hybrid *and* on my computer, but still no luck ...

And, errr, I do have multiple ip's actually:

I'm using a static ip as my "external network card eth0" (the one from the real router, as I turned that DHCP-server off) and that IP address is the same one as on my internal network card...

Finally, somewhere I can contribute!!

If you're running through a hardware router your configuration should be something like this:

Router WAN IP (Internet), will be a public address like 206.13.31.11 either static (given to you by your ISP that never changes) or dynamic (WAN setting in the router will be set to DHCP and the number may change).

Router LAN IP (Your internal network): This will be a private address chosen by you (The default for most routers is something like 192.168.1.254.

Your Core/Hybrid External address can be either statically assigned by you or dynamically assigned by your router.  In either case the number has to be on the 192.168.1.XXX subnet (or whatever the LAN IP subnet is on your router)

The Core/Hybrid Internal address will have to be on a DIFFERENT subnet as your router/core external interface.  i.e. if your router is on 192.168.1.xxx then your Core internal address can be on 192.168.80.xxx (which is the default), anything other than 192.168.1.xxx.

Example of working configuration:
Router WAN:  206.13.31.11
Router LAN:   192.168.1.254

Core External: 192.168.1.1
Core Internal:  192.168.80.1

Example of Non-Working Configuration:
Router WAN:  206.13.31.11
Router LAN:   192.168.1.254

Core External: 192.168.1.1
Core Internal:  192.168.1.2

The Core's Internal and External interfaces have to be on different subnets or it will not function correctly.

IMPORTANT NOTE:
If you want to continue to use your router as a DHCP server then the Core/Hybrid and your MD's have to be on different PHYSICAL network than your router.  Meaning the router plugs into the external interface on your Core only and can NOT be plugged into a switch that other computers/MD's will be plugged into.  All of your computers/MD's will plug into a switch that the Core/Hybrid INTERNAL interface is plugged into.  This configuration works well for instances when you have (like I do) a computer network that is unrelated to the Media network and you wish to keep them separate.

Now, for opening ports.

You have to do it in two places.  For this example I'm going to use 192.168.1.1 as your Core/Hybrid External address and 192.168.80.1 as your Core/Hybrid Internal address.

In your router you go to Port Forwarding or Applications and Gaming, whatever your router calls it and forward whatever port you want to 192.168.1.1 (The Core external address).

Then on the core you setup a port forward for the same port to the address of the MD or computer you want, for instance 192.168.80.50

So traffic for say port 22 comes in from the internet to your router, the router will forward that to the Core, then the core forwards to the client.

One caveat is that the Core dynamically assigns IP addresses to the MD's so the number could change, particularly if you leave the MD off for a while.  I don't know what the default lease time is for the Core's DHCP server, but it's usually something like 3 days.  If the IP of the MD does change then you will have to change the destination address in the Core to point to the new address of the MD.  No changes will need to be made to the router.

I hope this helped, I'll monitor this thread so if you have any questions post em here and I'll be happy to answer.

Title: Re: Newtork problems (Ports and all)
Post by: skerit on January 31, 2008, 11:41:03 pm
Thanks for the help, and I'm afraid I'm going to give you a bit of a headache :P

You said "The Core/Hybrid Internal address will have to be on a DIFFERENT subnet as your router/core external interface. " but that's just what I do not want ...

One half of the house is going to be connected to the hybrid through a switch (I ordered today, together with lots of other stuff, including a new cpu, motherboard, 3D card, case, ... I just wanted to throw that in somewhere :)) but the other half will HAVE to be connected to the real router (as will all the wifi stuff) and I don't want them to be on different subnets because there are a few MDs among them..

I *kind of* succeeded at this, but it's still rather flaky...

Here are the network settings:
EXTERNAL_IFACE     eth0
EXTERNAL_IP    192.168.0.2
EXTERNAL_NETMASK    255.255.255.0
EXTERNAL_DHCP    0
INTERNAL_IFACE    eth0:0
INTERNAL_MAC    00:16:17:73:7C:01
INTERNAL_IP    192.168.0.2
INTERNAL_NETMASK    255.255.255.0
GATEWAY    192.168.0.1
DNS1    192.168.0.1
DNS2    192.168.0.1

192.168.0.1 is the real router and now they're both on the same subnet...
Title: Re: Newtork problems (Ports and all)
Post by: grepico on January 31, 2008, 11:47:59 pm
The reason you can't have the Core's Internal interface on the same subnet as the Router is because you can't have two DHCP Servers on the same physical network and you can't have the same subnet on two different ethernet interfaces (How would the computer know which interface to send traffic to?)

Do you only have one Ethernet card in the Core box?
Title: Re: Newtork problems (Ports and all)
Post by: Thingie on January 31, 2008, 11:58:47 pm

One half of the house is going to be connected to the hybrid through a switch (I ordered today, together with lots of other stuff, including a new cpu, motherboard, 3D card, case, ... I just wanted to throw that in somewhere :)) but the other half will HAVE to be connected to the real router (as will all the wifi stuff) and I don't want them to be on different subnets because there are a few MDs among them..


Can you pls explain why you would use this setup. Just to understand better what you want to do.

Thingie
Title: Re: Newtork problems (Ports and all)
Post by: skerit on February 01, 2008, 12:05:31 am
Ok, it's quite a messy post (thread even) so I'll try to sum it up :P

I'm not interested in running 2 DHCPs! I actually want the router to JUST give the core internet access and send out a wifi signal... (So, in some way, this *router* should more act like a switch, a switch which provides access to the internet)

I want to do this because there are some MDs & orbiters that I can not connect to my core directly, they're too far apart to lay in another cable, so I want to connect them to the router instead.
Title: Re: Newtork problems (Ports and all)
Post by: rrambo on February 01, 2008, 04:27:18 pm
Ok, it's quite a messy post (thread even) so I'll try to sum it up :P

I'm not interested in running 2 DHCPs! I actually want the router to JUST give the core internet access and send out a wifi signal... (So, in some way, this *router* should more act like a switch, a switch which provides access to the internet)

I want to do this because there are some MDs & orbiters that I can not connect to my core directly, they're too far apart to lay in another cable, so I want to connect them to the router instead.

you do realize that they can connect to your router through a wire or wifi and still get dhcp from the core?
Title: Re: Newtork problems (Ports and all)
Post by: hari on February 01, 2008, 04:32:13 pm
i think what he wants is the following:

core:
single nic configuration
eth0 - 192.168.80.1 as internal interface, running the dhcp for 80.x, connected to wrt switchport
eth0:1 - 192.168.1.2 static external ip of the core, gateway to 192.168.1.1

wrt:
dhcp deactivated
static local ip address 192.168.1.1

so he can use the switch/wlan and internet routing functions of the wrt and let the core handle local dhcp.

best regards,
Hari
Title: Re: Newtork problems (Ports and all)
Post by: skerit on February 03, 2008, 03:14:12 am
Errr, almost!

They're actually both on the same subnet... So, the router is on 192.168.1.1 and the core is on 192.168.1.2

But the main problem - my damn ports- still remain! I can't open them!

The firewall on the core is completely off, but I can't do the same for the router (ay, proprietary firmware, gotta love it) I can only grant 1 "DMZ" status, I've tried to give it to my computer, 192.168.1.3, but that didn't work. I also tried to give it to the core but *nothing*...

Adding virtual servers also doesn't work (port forwarders) I'm at a complete loss...
Title: Re: Newtork problems (Ports and all)
Post by: teedge77 on February 03, 2008, 03:31:41 am
why do you need to open ports? no offense but i think you are extremely confused about what you need to do and i think it has nothing to do with ports. do you have anything connected to your wan port? can you give a diagram of your network with as many specifics as you can? what does your internet connect directly to? the router? if you have everything connected to that router then you shouldnt need to open any ports or put anything in a dmz. if you have that router connected to anything else that does routing then you need to have them on separate subnets. if you have everything connected to your router on the 192.168.1.X and something on another router using 192.168.1.X then they wont talk to each other. let us know more about your set up.
Title: Re: Newtork problems (Ports and all)
Post by: skerit on February 03, 2008, 12:26:35 pm
You misunderstand, I'm not confused at all, I need those open ports for all my local services, running on my regular computer. (SSH, FTP, ports for azureus)

Anyhow, I've decided to set up a static IP for all my regular computers and let all the lmce devices get it from the core's dhcp server...
Title: Re: Newtork problems (Ports and all)
Post by: teedge77 on February 03, 2008, 04:27:44 pm
then i guess i misunderstood your setup. there shouldnt be any reason for you to open ports on a router that routes between itself and nothing else. did you get it working?
Title: Re: Newtork problems (Ports and all)
Post by: colinjones on February 03, 2008, 11:02:14 pm
Skerit

You have said that your core is setup with internal and external on the same subnet. So the core's DHCP server also needs to be giving out IP addresses on that same subnet.

Therefore, nothing needs to "go through" the core to get to your "internal" machines as they are effectively simultaneously on both the internal and external subnets. This means that your so-called internal machines are perfectly routeable from your physical broadband router - the reason you are having problems is because you are trying to force your traffic from the broadband router to the core and then back to your internal network - but the internal network is the same subnet as your external network, so it isn't possible to route that way (or at least it would be complex to set up, using route metrics).

But more importantly, there is no point in doing this anyway. If you are trying to get external traffic to a machine that is on your "internal" network (eg you are trying to publish a web site), just set up a NAT on your router directly to the machine's IP address. It doesn't matter that the core thinks that this is "internal" they are all actually on the same switching domain and subnet, so the traffic will go directly from your broadband router to the machine. The only problem you will have is that the address is dynamic from the core, but you would have this problem even if you were sending the traffic through your core. On the upside, once LMCE has assigned an IP address to your machine, it will pretty much stay the same indefinitely as it recognises the machine by its MAC address and assigns the same one every time.

Having internal and external on the same subnet and effectively using the same NIC does work with LMCE (I had it running for a while in a single NIC installation) but I think you will find it confusing, and LMCE certainly does - it discovers itself via the DHCP pnp process and presents its own internal HDD as a remote network share to you (called DCEROUTER) you just need to tell it to ignore that server.

You would find it much more straight forward to set it up as 2 separate physical networks with the correct separate subnets, and then just buy a wireless AP for the internal network to get around your cabling issue.

BTW - when in the "correct" (as designed) config, you will need you firewall turned on in many situations as most broadband routers cannot NAT (port forward, virtual server, and a number of other names!) to remote subnets. So you need to NAT/port-forward to the external IP address of the Core, then set up a port-forward rule on the Core to send the traffic to the backend - this works very well and is easy to set up. If you were just routing (ie not NATting/port-forwarding from the Internet) then Linux will happily do this on its own, without the firewall function. But if you do leave the firewall on, the you will have to create a normal firewall rule instead, to allow the traffic through.

What traffic are you actually trying to get through??
Title: Re: Newtork problems (Ports and all)
Post by: teddydov on May 23, 2008, 05:08:22 pm
Hello all,
I see this post was left alone for a while and I want to know if the issue was ever solved.

I have the same problem - trying to use Azureus and having NAT issues.

I have a single router going to my Core/hybrid and all the computers are in the internal Network (the core).

I tried using port forwarding, turning off the firewalls (on Both), DMZ ETC. and nothing seems to work.

If this issue was solved I would love to know how. if not, I would love to know what I can do to solve it.

Just to be clear:
My router is on  192.168.1.1 - feeding in my internet connection.
I have disabled the DHCP on the router
The core has a Static IP address from the Router 
All the computers (and other hardware) get their IP address from the Core, meaning the computer has a 192.168.80.* Ip address.

Any help would be greatly appreciated

-Dov
Title: Re: Newtork problems (Ports and all)
Post by: colinjones on May 24, 2008, 01:46:39 am
No idea if it was fixed, but...

1. You don't need to turn off your DHCP on your broadband router, this will not interfere with your internal LMCE network (whether or not your core firewall is on, as DHCP is an ethernet broadcast, so cannot pass into your LMCE network) - it doesn't need to be on, its up to you. If you want other devices on your external network it would be easier if it is on, but if you are comfortable just assigning a static IP to the core external NIC, then that is fine too.

2. I believe that most broadband routers have difficulty NAT'ing to remote subnets - meaning that you can NAT to an address on your 192.168.1.0/24 network, but probably not all the way through to your 192.168.80.0/24 network.

3. To get around this you need to have the core firewall turned on so that it can port forward for you. Then setup the broadband router to NAT your torrent port (pick a random one above 1024) to your core's external IP address (the static one you assigned).

4. Now in the core's web admin, go to the firewall config and configure a TCP port_forward rule from the port you chose above to the IP address of the torrent client on your internal network.

5. Set up Azureus to use that port and use the check NAT option to test it.. voila!

BTW - apparently 0710 now has upnp client and server - not sure exactly what it does, but if it intelligently mediates the upnp between the two subnets and creates upnp rules then all this would become unnecessary! Someone else will have to advise on that....