Actiontec DSL Modem/Router Trouble


Albert Lawson
 

Does anyone have experience with using the Actiontec GT701-WG with
IRLP...???

I'm trying to help another ham setup IRLP and we can't seem to
get inbound packets through to the linux box. Outbound works
just fine and in fact the node shows up on the irlp status
page as idle. (node 3089)

Nothing inbound seems to work....ping, ssh, telnet, ftp.

We're using static ip configuration, the linux box IP is
set as the DMZ host, and we've even tried specific port
routing (22 for ssh, 14525 - 14527 tcp and 2079 - 2093 udp
and still nothing.

Any help would be aprecciated..!!!!

Thanks es 73's

Albert/WB7AWL


Tony Langdon (ATC) <tlangdon@...>
 

Does anyone have experience with using the Actiontec GT701-WG with
IRLP...???

I'm trying to help another ham setup IRLP and we can't seem
to get inbound packets through to the linux box. Outbound
works just fine and in fact the node shows up on the irlp
status page as idle. (node 3089)

Nothing inbound seems to work....ping, ssh, telnet, ftp.

We're using static ip configuration, the linux box IP is
set as the DMZ host, and we've even tried specific port
routing (22 for ssh, 14525 - 14527 tcp and 2079 - 2093 udp
and still nothing.

Any help would be aprecciated..!!!!
DMZ should work. A couple of queries:

1. What is your external IP address?
2. Are you sure the ISP is not blocking ports?


Albert Lawson
 

--- In irlp@yahoogroups.com, "Tony Langdon (ATC)" <tlangdon@a...>
wrote:
Does anyone have experience with using the Actiontec GT701-WG
with
IRLP...???

I'm trying to help another ham setup IRLP and we can't seem
to get inbound packets through to the linux box. Outbound
works just fine and in fact the node shows up on the irlp
status page as idle. (node 3089)

Nothing inbound seems to work....ping, ssh, telnet, ftp.

We're using static ip configuration, the linux box IP is
set as the DMZ host, and we've even tried specific port
routing (22 for ssh, 14525 - 14527 tcp and 2079 - 2093 udp
and still nothing.

Any help would be aprecciated..!!!!
DMZ should work. A couple of queries:

1. What is your external IP address?
2. Are you sure the ISP is not blocking ports?
65.102.32.34

And no...we don't if they are. I can't traceroute
or ping back to him from my IP. But he does indicate
that he sees increased modem activity when I do try to
ping. That makes me think the problem is at the modem.
By the way, his ISP is Qwest DSL if anyone has info on
whether or not they block ports.

73's

Albert


Albert Lawson
 

--- In irlp@yahoogroups.com, "Tony Langdon (ATC)" <tlangdon@a...>
wrote:
And no...we don't if they are. I can't traceroute
or ping back to him from my IP. But he does indicate
that he sees increased modem activity when I do try to
ping. That makes me think the problem is at the modem.
By the way, his ISP is Qwest DSL if anyone has info on
whether or not they block ports.
I'm starting to wonder if NAT is turned on in the router, though if
it
wasn't, they would be seeing strange packets from your private LAN.

Can you access the Internet? Fire up a Windows box and start
surfing. :)

Yes...he has access to outside world. He can surf from windoze ;)

And NAT is turned on......

73's

Albert


Tony Langdon (ATC) <tlangdon@...>
 

And no...we don't if they are. I can't traceroute
or ping back to him from my IP. But he does indicate
that he sees increased modem activity when I do try to
ping. That makes me think the problem is at the modem.
By the way, his ISP is Qwest DSL if anyone has info on
whether or not they block ports.
I'm starting to wonder if NAT is turned on in the router, though if it
wasn't, they would be seeing strange packets from your private LAN.

Can you access the Internet? Fire up a Windows box and start surfing. :)


Tony Langdon (ATC) <tlangdon@...>
 

Yes...he has access to outside world. He can surf from windoze ;)

And NAT is turned on......
OK, there's a couple of obvious bases covered..


Ross J
 

I had to go to a cable modem ISP for many reasons but the main was MSN my
DSL ISP provider made it impossible due to their provided DSL modem
settings. I'm not sure here but it may be your ISP give them a call and
ask if you have a public accessible IP address. Good Luck

Ross KC7RJK 3543

----- Original Message -----
From: "Tony Langdon (ATC)" <tlangdon@atctraining.com.au>
To: <irlp@yahoogroups.com>
Sent: Tuesday, September 07, 2004 10:48 PM
Subject: RE: [irlp] Re: Actiontec DSL Modem/Router Trouble


Yes...he has access to outside world. He can surf from windoze ;)

And NAT is turned on......
OK, there's a couple of obvious bases covered..



--- IRLP-Owners YahooGroups List ---
Yahoo! Groups Links





Gary McDuffie, Sr. <mcduffie@...>
 

On Wed, 8 Sep 2004 00:48:35 -0700, Ross wrote:

I had to go to a cable modem ISP for many reasons but the main was MSN my
DSL ISP provider made it impossible due to their provided DSL modem
settings. I'm not sure here but it may be your ISP give them a call and
ask if you have a public accessible IP address. Good Luck
I'm assuming everyone knows that you need to have the modem in 'bridging
mode'. The modem needs to pass the IP address from the ISP to the
router so that NAT takes place there and NOT in the modem. The commands
are sometime available online (modem manufacturer), and your provider
usually needs to make the change. An outsider should be able to ping
the outside address as seen on your router's status page. Once you are
done testing, you should then turn off the ability to ping. Just
another part of being transparent to the hackers.

Sorry if this is old news, but it sounded like something that might need
to be included here.

Gary - AGØN

--
IRLP node 3055
ag0n at arrl dot net
http colon//garymcduffie dot com


Jeff Tong <brcomm@...>
 

I had a similar problem with my Actiontec and Quest, and it amazingly
disappeared after I called Quest and asked them if they were blocking ports
and explained the symptoms. They said they weren't, but about an hour later,
with no other changes on my part, I was able to access the application I
needed to. I don't know if they unblocked ports or modified my modem
settings from their end, but it magically started working.

Jeff
AA7GK
Node 3692


Tony Langdon, VK3JED <vk3jed@...>
 

At 11:35 PM 8/09/2004, you wrote:

I had a similar problem with my Actiontec and Quest, and it amazingly
disappeared after I called Quest and asked them if they were blocking ports
and explained the symptoms. They said they weren't, but about an hour later,
with no other changes on my part, I was able to access the application I
needed to. I don't know if they unblocked ports or modified my modem
settings from their end, but it magically started working.
Things that make you go hrmmmmmmmmmmm... Perhaps they could smell the scent
of a customer getting ready to leave? ;-)

73 de VK3JED
http://vkradio.com


Nate Duehr <nate@...>
 

Gary McDuffie, Sr. wrote:

On Wed, 8 Sep 2004 00:48:35 -0700, Ross wrote:


I had to go to a cable modem ISP for many reasons but the main was MSN my
DSL ISP provider made it impossible due to their provided DSL modem
settings. I'm not sure here but it may be your ISP give them a call and
ask if you have a public accessible IP address. Good Luck
I'm assuming everyone knows that you need to have the modem in 'bridging
mode'. The modem needs to pass the IP address from the ISP to the
router so that NAT takes place there and NOT in the modem. The commands
are sometime available online (modem manufacturer), and your provider
usually needs to make the change. An outsider should be able to ping
the outside address as seen on your router's status page. Once you are
done testing, you should then turn off the ability to ping. Just
another part of being transparent to the hackers.

Sorry if this is old news, but it sounded like something that might need
to be included here.

Gary - AG�N
Unfortunately it's not this simple, making this statement not really true.

Some ISP's route fully usable Internet addresses to your router at your location and in this case, you do not need to use a bridged mode or anything like that. A real IP that's routed is a real IP... as long as they're not blocking incoming connections with a stateful firewall, ACL's in their edge routers, etc.

In the case of ISP's that use RFC1918 address space then yeah, if they'll give you a bridged connection to something that has a non RFC1918 space that will make things work.

Basically, what I'm saying here is that it's "more complex" than meets the eye... and of course, this is why even the smallest of ISPs employ a number of router folks. The best anyone can do is either look at their setup with a lot of routing experience and say "ah-ha... I see how my carrier does it!"... or they can call them on the phone and explain what they're trying to do and see if it's possible. In most cases, it is, because customers demand it. ISP's that don't route things correctly to RFC1918 space via NAT are rare, but in cases where they've done it, it has usually been done for a business reason. (i.e. Fully routable "business" connections vs. NAT'ed "residential" connections at different price levels, etc.)

Nate WY0X


Albert Lawson
 

--- In irlp@yahoogroups.com, Nate Duehr <nate@n...> wrote:
Gary McDuffie, Sr. wrote:

On Wed, 8 Sep 2004 00:48:35 -0700, Ross wrote:



I had to go to a cable modem ISP for many reasons but the main
was MSN my
DSL ISP provider made it impossible due to their provided DSL
modem
settings. I'm not sure here but it may be your ISP give them a
call and
ask if you have a public accessible IP address. Good Luck

I'm assuming everyone knows that you need to have the modem
in 'bridging
mode'. The modem needs to pass the IP address from the ISP to the
router so that NAT takes place there and NOT in the modem. The
commands
are sometime available online (modem manufacturer), and your
provider
usually needs to make the change. An outsider should be able to
ping
the outside address as seen on your router's status page. Once
you are
done testing, you should then turn off the ability to ping. Just
another part of being transparent to the hackers.

Sorry if this is old news, but it sounded like something that
might need
to be included here.

Gary - AGØN

Unfortunately it's not this simple, making this statement not
really true.

Some ISP's route fully usable Internet addresses to your router at
your
location and in this case, you do not need to use a bridged mode or
anything like that. A real IP that's routed is a real IP... as
long as
they're not blocking incoming connections with a stateful firewall,
ACL's in their edge routers, etc.

In the case of ISP's that use RFC1918 address space then yeah, if
they'll give you a bridged connection to something that has a non
RFC1918 space that will make things work.

Basically, what I'm saying here is that it's "more complex" than
meets
the eye... and of course, this is why even the smallest of ISPs
employ a
number of router folks. The best anyone can do is either look at
their
setup with a lot of routing experience and say "ah-ha... I see how
my
carrier does it!"... or they can call them on the phone and explain
what
they're trying to do and see if it's possible. In most cases, it
is,
because customers demand it. ISP's that don't route things
correctly to
RFC1918 space via NAT are rare, but in cases where they've done it,
it
has usually been done for a business reason. (i.e. Fully routable
"business" connections vs. NAT'ed "residential" connections at
different
price levels, etc.)

Nate WY0X
Both answers make sense...and I guess the first thing to
do is call Qwest and ask what they know about the problem.

If I understand what I've been able to read so far on
"bridged mode"....this also means a router would be needed
that is capable of logging onto the DSL account and requesting
the IP number using PPoA. (the modem uses PPoA) There is
a router available but it has PPoE not PPoA....can someone
explain the difference and would PPoE work as a substitute..???

73's

Albert


Jim WW4M <ww4m@...>
 

--- In irlp@yahoogroups.com, "Albert" <wb7awl@c...> wrote:
If I understand what I've been able to read so far on
"bridged mode"....this also means a router would be needed
that is capable of logging onto the DSL account and requesting
the IP number using PPoA. (the modem uses PPoA) There is
a router available but it has PPoE not PPoA....can someone
explain the difference and would PPoE work as a substitute..???
If I remember correctly, when I signed up for DSL I couldn't get my
port forwarding working correctly. My ISP said they weren't blocking
any ports. It turned out that my DSL modem was configured as a
bridge, which was incompatible with anything requiring port
forwarding. I had to exchange it for one configured as a modem and
they gave me instructions for setting it up to use PPPoE. After that
it worked just fine.

Jim WW4M