networking problem, hopefully there is a fix pt 2

[Ephinum]

Just now, Alex Atkin UK said:

Ooops, I meant numbers not digits, lol, as in xxx.xxx but it does sound like that might be public.

 

If you remove the Rukus entirely and put everything behind the router, does the Internet work there?

I apologise Alex,

I hadn't realised you were already trying to help on this issue. I do have a meeting to prep for so if you would like to continue with your guidance I will of course step aside.

Ξphinum

[Alex Atkin UK]

5 minutes ago, nolukjustskil said:

yeah ill be able to... and i have all basic cables.... so to give more information. there is 1 in port (coax cable) for the modem, 1 output (ethernet) and that goes into the ruckus access point. the ruckus has 4 outputs, output 1 is going to the belkin (thats what tech support told me to do) output 2 to main computer, output 3 to mrs. work computer. from belkin, 1 ethernet into server computer

No wonder you're confused, that's a batshit configuration.

 

If all you want is a server on the public Internet and their modem still gives your other clients CG-NAT IP addresses, you don't even need a router, the static IP can be configured on the server directly - just make sure the firewall is working on it.

 

Alternatively like I said, putting everything behind the router without the Rukus in the mix would be simpler.  However, depending on your broadband speed it might not be up to pushing the full speed in that configuration.

[nolukjustskil]

Just now, Ephinum said:

I apologise Alex,

I hadn't realised you were already trying to help on this issue. I do have a meeting to prep for so if you would like to continue with your guidance I will of course step aside.

Ξphinum

thanks a bunch for your help. hope your meeting goes well!

[nolukjustskil]

Just now, Alex Atkin UK said:

No wonder you're confused, that's a batshit configuration.

 

If all you want is a server on the public Internet and their modem still gives your other clients CG-NAT IP addresses, you don't even need a router, the static IP can be configured on the server directly - just make sure the firewall is working on it.

even if i use the static ip, the ports need to forwarded for it to work on a sever correct? also i have 0 access to anything with the ruckus, all i can do is plug in and unplug things. 

[nolukjustskil]

15 minutes ago, Alex Atkin UK said:

No wonder you're confused, that's a batshit configuration.

 

If all you want is a server on the public Internet and their modem still gives your other clients CG-NAT IP addresses, you don't even need a router, the static IP can be configured on the server directly - just make sure the firewall is working on it.

 

Alternatively like I said, putting everything behind the router without the Rukus in the mix would be simpler.  However, depending on your broadband speed it might not be up to pushing the full speed in that configuration.

yeah, if i could remove the ruckus and just use the belkin i would... but i cant. idk if they have it set up so the ruckus must be after the modem or what, but the ruckus has to be after the modem or internet doesnt work.

[Alex Atkin UK]

18 minutes ago, nolukjustskil said:

even if i use the static ip, the ports need to forwarded for it to work on a sever correct? also i have 0 access to anything with the ruckus, all i can do is plug in and unplug things. 

Ah that could explain a thing or two, basically it seems they've given you two connections.  A static public IP on port 1, and the normal NAT service on the other ports.

 

Either way no, the port with the static IP should be completely open to the Internet.  Port forwarding is only needed when you are sharing a single public IP address across a NAT (eg via a router), if the server has the public IP address directly - its on the Internet directly - so no port forwarding to deal with.  But, as its on the Internet directly its more exposed to attack as EVERY port is open unless told otherwise by the firewall configuration on that server.

[Ephinum]

Just now, Alex Atkin UK said:

Ah that could explain a thing or two, basically it seems they've given you two connections.  A static public IP on port 1, and the normal NAT service on the other ports.

 

Either way no, the port with the static IP should be completely open to the Internet.  Port forwarding is only needed when you are sharing a single public IP address across a NAT (eg via a router), if the server has the public IP address directly - its on the Internet directly - so no port forwarding to deal with.  But, as its on the Internet directly its more exposed to attack as EVERY port is open unless told otherwise by the firewall configuration on that server.

Maybe good options to suggest would be things like setting up a dynamic DNS, VPN , Proxy to accomplish the port forwarding element that noluk is looking for?

There's more than one way to crack an egg.

[Alex Atkin UK]

12 minutes ago, Ephinum said:

Maybe good options to suggest would be things like setting up a dynamic DNS, VPN , Proxy to accomplish the port forwarding element that noluk is looking for?

There's more than one way to crack an egg.

They said people can find the server fine, so all that is working.  The problem seems to be that its broken everything else.

 

Now the easiest solution here is to just put the whole network on the router and pretend the Ruku doesn't exist, and probably what I would advise for simplicity.  But then you have the problem that the router might not be powerful enough for that, so figuring how if it behaves without the router (which would be more efficient for the server) is potentially useful.

[Ephinum]

Just now, Alex Atkin UK said:

They said people can find the server fine, so all that is working.  The problem seems to be that its broken everything else.

 

Now the easiest solution here is to just put the whole network on the router, and probably what I would advise.  But then you have the problem that the router might now be powerful enough for that, so figuring how if it behaves differently without the router at all is potentially useful.

Having started from scratch with noluk and figuring out the various elements of the network it's become evident there is double NAT going on, which explains it all. Sadly I have papers to read for a meeting so have said i will contact noluk later to resolve the issue. That said if others can assist so he doesn't have to wait around for me that would great. Though I would suggest understanding the current topology of the network is key.

[Alex Atkin UK]

7 minutes ago, Ephinum said:

Having started from scratch with noluk and figuring out the various elements of the network it's become evident there is double NAT going on, which explains it all. Sadly I have papers to read for a meeting so have said i will contact noluk later to resolve the issue. That said if others can assist so he doesn't have to wait around for me that would great. Though I would suggest understanding the current topology of the network is key.

Pretty sure they have no-NAT on port 1 of the Rukus, maybe double-NAT on the other ports, but that shouldn't be a big deal.

 

Putting everything on the router would of course get rid of the double-NAT, plus they could access the server from its LAN IP then improving local performance.

 

48 minutes ago, nolukjustskil said:

yeah, if i could remove the ruckus and just use the belkin i would... but i cant. idk if they have it set up so the ruckus must be after the modem or what, but the ruckus has to be after the modem or internet doesnt work.

Yes it sounds like your ISP is using the modem and Rukus in the same way most would just use a single gateway.  Its a bit odd, but not as obscure as I first thought as that does make things more flexible for them if need to swap out the modem for a faster model later.

 

At this point I'd just test putting everything on the router, leave just the router plugged into the Ruku, see how that works.

[nolukjustskil]

9 minutes ago, Alex Atkin UK said:

Pretty sure they have no-NAT on port 1 of the Rukus, maybe double-NAT on the other ports, but that shouldn't be a big deal.

 

Putting everything on the router would of course get rid of the double-NAT, plus they could access the server from its LAN IP then improving local performance.

 

Yes it sounds like your ISP is using the modem and Rukus in the same way most would just use a single gateway.  Its a bit odd, but not as obscure as I first thought as that does make things more flexible for them if need to swap out the modem for a faster model later.

 

At this point I'd just test putting everything on the router, leave just the router plugged into the Ruku, see how that works.

ok... so im an idiot.... when i read the email sent by the ISP network tech, he said to plug into port 4... and i plugged into port 1.... so yeah.... everything is working fine now, i have to have the belkin router in order for the server to be seen by everyone... but thats fine... everything works correctly and im happy

[Ephinum]

2 minutes ago, nolukjustskil said:

ok... so im an idiot.... when i read the email sent by the ISP network tech, he said to plug into port 4... and i plugged into port 1.... so yeah.... everything is working fine now, i have to have the belkin router in order for the server to be seen by everyone... but thats fine... everything works correctly and im happy

Nicely done Alex.