Newbie: DSL modem + router: web server setup

T

tomromanul

Hello,


I use a Speedtouch 510 DSL modem and BEFSR41 4-port router (1.46
firmware). I have a fixed IP address from my ISP. Speedtouch

is a DHCP server and assigns 10.0.0.9 to the router (gateway
10.0.0.138). The router is also a DHCP server and assigns 192.168.1.x
addresses to my

computers. I can access the Internet on the 2 computers connected to
router.

I try to setup one of my computers (192.168.1.100) as a web server to
be visible from outside and I don't know how to do it.

This is what I tried:

1. If I type in browser the external address assigned by ISP, the
login page for Speedtouch comes up. I guess this is normal.

2. Router's Forwarding set to 192.168.1.100, port 80, tcp. Now when I
type in browser 10.0.0.9 I am taken to the web server.

When I type in browser 192.168.1.1 I am taken to router's setup page.


3. In Speedtouch I setup NAPT:
- inside address 10.0.0.9 (router's address). Port 80.
- outside address 0.0.0.0. . Port 80
Save All. When I type in browser the IP address given by ISP, I get
<The page cannot be displayed>.

3.a. Also tried to set 10.0.0.9 as Default Server, same result.

4. In router, DMZ Host, I set the address of the computer running the
web server.

5. When I type in browser 192.168.1.1 and 10.0.0.9 works like before.

6. If I type in browser the external address assigned by ISP, I get
again <The page cannot be displayed>.

7. When I type 10.0.0.9 it works like before, I am directed to the web
server.

8. Now, a surprise: When I type 192.168.1.1, I am directed to the web
server, instead of being directed to the router

setup!!! I verified this several times, it only happens after I try to
use the external address only. I don't understand

9. The only way to access again the router's setup page is to reset it
to the factory settings (by pressing the router's reset button for 30
seconds).


I use Win2k, sp4, IIS, latest IE.

Can anyone help me please? I don't know much about networks, but I can
follow a step-by-step procedure.

Thank you,
Tom
 
S

Steven L Umbach

Set your router to port forward port 80 TCP to the lan IP address of your web server.
There may already be a preconfigured service on your router to do this. Then when
users on the lan want to connect to your web server, they can enter the local lan IP
address for the web server and when users from the internet want to access it
[assuming that is what you want] they will need to enter the public IP address
assigned to you that would show as the "wan" IP address in your router. Note that you
probably will not be able to connect to your "wan" IP address for your web server
from your local lan.

Web servers exposed to the internet need to be "hardened" which involves at least
making sure that your computer is fully up to date for critical updates from Windows
Updates and that the IISlockdown tool has been run on your web server if it is IIS.
Using Microsoft Baseline Security Analyzer can help in securing your computers. ---
Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx
http://www.microsoft.com/downloads/...c0-bb30-47eb-9a61-fd755d23cdec&displaylang=en
http://www.microsoft.com/technet/security/prodtech/iis/default.mspx
 
P

Phillip Windell

I use a Speedtouch 510 DSL modem and BEFSR41 4-port router (1.46
firmware). I have a fixed IP address from my ISP. Speedtouch
is a DHCP server and assigns 10.0.0.9 to the router (gateway
10.0.0.138). The router is also a DHCP server and assigns 192.168.1.x
addresses to my computers.
I try to setup one of my computers (192.168.1.100) as a web server to
be visible from outside and I don't know how to do it.
Click to expand...

You will find it about impossible. Because you run two devices that are
both doing NAT you have created a Back-to-Back-DMZ between the Modem and the
Router. Eliminate one of the two devices.

If you keep the Router then you probably need to buy a *regular* DSL modem
to work with it. A regular DSL modem has *no* IP# at all and is not cocerned
with IP#s in any way.

If you keep the Modem instead, it may not be capable of doing the "Static
NAT" required to do what you wish.

The simplest way to go in a low budget "home-user" situation is to run a
Broadband router that has the "modem" and "switch" built into it, so the
phone line goes directly into the "modem" portion of the Device and the
Computers plug into the "switch" portion of the Device. The Device would
handle the Static-NAT all by itself.
 
T

tomromanul

Thanks Steven. As you indicated, it works when I don't access it from my local LAN!
Cheers,
Tom
 
P

Phillip Windell

Thanks Steven. As you indicated, it works when I don't access it from my
local LAN!
Click to expand...

Yes, the is the way it is supposed to be. It is the way Static-NAT works, it
cannot function when the source of the request is on the LAN side. It
creates a situation where the source and destination MAC address in the
packet are identical which causes it to fail.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Wi-Fi security? 7
Questions about sharing a DSL connection between two networks 6
Windows 2000 adv server and linksys router networking problem 3
Westell DSL / ADSL / ADSL2 Modem Router. Want it? 0
HELP: WINDOWS 2000 SERVER - CLIENT/SERVER NETWORK SETUP 2
Problems with port forwarding to IIS behind a router 8
Router Web Page Loading Slowly 1
What is the difference between "WAN" and "LAN" ports on a router 2

Top