Public ip behind modem/router - setup

I have been reading this forum's topics thoroughly over the past few days - very helpful advice from some of the top posters.
However, I have a very basic question which is beginning to make me tear my hair out - how do I give the external NIC a public IP address that's completely visible over the internet but that will still allow communication with my router/modem.
Last week we decided to update our old G4 running OS X Server 10.3.8 to a brand new XServe. Our needs are very basic and the old server ran afp, nat, mail, firewall and vpn for a small workgroup of about 10 designers. Our ISP gave us a range of static public IP addresses of which we only used one for both our router address and mail (over smtp). ISP handles external DNS and sorted the MX records for this. A zoom modem/router was configured in half bridge mode to transparently send this IP address 83.xxx.89 to the OS X server via DHCP. Therefore external NIC was set up as DHCP and internal NIC was set up with local address 192.168.0.1. Because the 89 external address was also our mailgate address - mailgate.mydomain.com - our ISP could send down our mail, mobile users could log on via VPN, workers on the lan could browse the web and use afp etc. In other words, if worked perfectly for our small setup and was steady as a rock for about 3-4 years. I have noted comments about the lack of a hardware firewall - we are relying totally on Apple's firewall in OSX server but I am comfortable with this for my small workgroup.
When we came to install the XServe in a similar fashion the external NIC would only pick up the external public IP address for about two minutes. After this it would drop and pick up a self assigned IP address - obviously all connection to the internet would be lost and the primary address would become 192.168.0.1 because the internal NIC would move up in rank. After talking to Apple support for a literally a couple of hours they seemed to draw a blank but suggested that I must change the external NIC to manual to stop it being overridden. I must also set up LOM correctly. Fair enough, I'm willing to try this and have now got my ISP to send our mail down to a different mailgate - 83.xxx.90. Therefore we have one public IP for the router and another for the mailserver (that happens to be doing a few other services too). Domain names for these are mailgate.mydomain.com and mailgate2.mydomain.com - in fact the original address will still act as a mailserver with a slightly higher priority because I want the option of switching back to my G4 until all this is resolved and don't want two new setups on my hands! Once the Xserve is setup the old server will no longer function.
However, all the modems I have tried will only communicate with internal IP addresses on the LAN. Even the dmz instructions say I should configure with an internal IP address - is this correct? Turning off DHCP server and NAT on these devices doesn't seem to help either (I assumed this would be the answer but no). Can someone tell me where I am going wrong? I can't find anyone else asking about this so I can only assume that I have overlooked something really simple.
Ideally I would like to keep the new two address setup but I am quite happy to go back to the single setup with the router in half bridge mode if the Xserve will hang on to it reliably.
My set up is:
Router:
WAN static 83.xxx.89 subnet 255.255.255.248
LAN 192.168.1.1 subnet 255.255.255.0 (don't really understand where this fits in).
NAT off, DCHP off
Xserve
external NIC
WAN static 83.xxx.90 subnet 255.255.255.248, router 83.xxx.89 or 192.168.1.1 (tried both and tried matching both subnets)
internal NIC
LAN 192.168.0.1 subnet 255.255.255.0
LOM (guessing here a bit because manual is awful)
WAN static 83.xxx.91, subnet 255.255.255.248 (channel 1)
LAN 192.168.0.50, subnet 255.255.255.0
DNS on XServe will be setup up so that mailgate2.mydomain.com resolves to the internal 192.168.0.1 address. External DNS handled by ISP. Reading previous posts this seems correct.
Router/modems are Belkin F5D9630uk4 (hopeless, support tell me it won't take a static WAN address so it's going back), Voyager 205 (seems quite configurable but won't let anything through if NAT is disabled), Zoom X5 (older 4 year model currently working succesfully in half bridge mode for my older setup - however only new models will work in full bridge mode which could be what I am looking for??)
The realise the above modems/routers are more consumer models so I am willing to buy a more configurable expensive pro modem or router if this is what's needed. I stress though that I would like the Xserve to be acting as the firewall and NAT etc and don't really fancy having to have to forward loads of ports etc.
Thanks for taking the time to read this through, I thought more detail would be helpful. I am also prepared to employ a professional to set this up for me but they (Apple knowledgeable) are rather thin on the ground in Glos UK. We did get a company in four years ago to set up the old server and they gave up after three weeks (a friend and I managed to crack it the following weekend - probably just lucky!).
Any help would be really appreciated - what we're trying to do must be pretty common?
17 G4 Laptop   Mac OS X (10.4.8)  

Now solved - bought myself a more professional router that has more user features and all has become clear. Router is Draytek 2800 which seems like a good piece of kit. I think that there are various ways of achieving what I wanted to do (I suspected this all along) but I chose to set up a 'second public lan subnet' in Draytek speak. See here for more:
http://www.draytek.co.uk/support/kbvigor2ndsubnet.html
Thanks to those that posted.

Similar Messages

  • Help needed with Wireless ADSL2+Modem Router setup

    I have a iMac 1GHz PowerPC G4 running 10.3.9 with all of the latest software updates and have just purchased a Netgear DG834G. I am currently using an USB modem and now need wireless internet access for remote working via an IBM Thinkpad.
    I have tried to follow the Netgear manual but to no avail. Unfortunately, my ISP was unwilling to help with setup as they didn't supply the router! Typical! Anyway they gave me some settings which might as well be in a foreign language ....
    Virtual Path Identifier VPI = 0
    Virtual Channel Indentifier (VCI) parameters = 38
    ISP Domain Name Server (DNS) Addresses apparently will be automatic
    Fixed or Static IP Address is automatic
    Protocol = PPOA - is this correct?
    Encapsulation =VCMUX
    Any advice and screenshots would be greatly appreciated as I am absolutely stuck.
    iMac 15 G4   Mac OS X (10.3.9)   Lacie Triple D2 160GB + 5G 30gb iPod

    Fixed - told myself to RTFM!

  • Somewhat Frightening Message after Changing Modem / Router Hardware

    Yesterday, I changed my DSL Modem/Router to be a DSL Modem only, and added a different router by using its WAN port.
    This essentially shut off control of the original modem/router, and moved it to the new router.
    Now, we have 4 computers connected via ethernet cables, and none on Wireless. All are turned off, except my partner's Windows XP machine, which, suddenly today has a new message at the bottom left of his Login Window:
    (Red Button) "Turn off Bills Modem Mods"
    Who/Where did this come from? My computer's name is "Bill Lastname" ...
    All computers are set to use TCP/IP Using Automatic DCHP selection of local IP Address and other parameters.
    Some kind of Hacker prank, or am I just having a little paranoia attack? All other computers are Macs running OS X.
    Mac Plus, Performa 6116, PPC 8500 G4/450, 9500 G3/500, QS 2@1GHz   Mac OS X (10.3.9)  

    Not being a Windows user, I didn't realize I had inadvertantly input "Bills Modem Mods" to create a new account on the HP ... testing the new modem/router setup ... so that's why it started to appear as an option at the bottom of his signin window ...
    Silly me ... didn't remember doing this ... so it startled me to think someone was hacking my partners computer ...
    PTSD and Halloween approaching ...
    Mac Plus, Performa 6116, PPC 8500 G4/450, 9500 G3/500, QS 2@1GHz Mac OS X (10.3.9)

  • Airport Express & Netgear DG834G 54Mbps Wireless ADSL Modem Router

    Could you offer any advice as to whether an Airport Express could be used as a range extender for an existing Netgear DG834G 54Mbps Wireless ADSL Modem Router setup as I really like the idea of Airtunes and sharing a USB printer. I gather that it is possible to use an Airport Express to extend the range of an Airport Extreme basestation setup but have not been successful in finding any info regarding the Netgear.
    Any info gratefully received !
    G5 Dual 2.3Ghz   Mac OS X (10.4.6)  

    mac-junkie, Welcome to the discussion area!
    No it can not be used as a range extender.
    But you can still use it for music and printer support. See KB 302153, AirPort Express: How to join an existing wireless network in client mode.

  • RA VPN into ASA5505 behind C871 Router with one public IP address

    Hello,
    I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
    PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
    The  public IP address is assigned to the outside interface of the C871. The  C871 forwards incoming traffic UDP 500, 4500, and esp to the outside  interface of the ASA that has a private IP address. The PC1 can  establish a secure tunnel to the ASA. However, it is not able to ping or  access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets  to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand  removing C871 and just use ASA makes VPN much simpler and easier, but I  like to understand why it is not working with the current setup and  learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
    version 15.0
    no service pad
    service timestamps debug datetime msec localtime
    service timestamps log datetime msec localtime
    service password-encryption
    hostname router
    boot-start-marker
    boot-end-marker
    enable password 7 xxxx
    aaa new-model
    aaa session-id common
    clock timezone UTC -8
    clock summer-time PDT recurring
    dot11 syslog
    ip source-route
    ip dhcp excluded-address 192.168.2.1
    ip dhcp excluded-address 192.168.2.2
    ip dhcp pool dhcp-vlan2
       network 192.168.2.0 255.255.255.0
       default-router 192.168.2.1
    ip cef
    ip domain name xxxx.local
    no ipv6 cef
    multilink bundle-name authenticated
    password encryption aes
    username xxxx password 7 xxxx
    ip ssh version 2
    interface FastEthernet0
    switchport mode trunk
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    description WAN Interface
    ip address 1.1.1.2 255.255.255.252
    ip access-group wna-in in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    no cdp enable
    interface Vlan1
    no ip address
    interface Vlan2
    description LAN-192.168.2
    ip address 192.168.2.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    interface Vlan10
    description router-asa
    ip address 10.10.10.1 255.255.255.252
    ip nat inside
    ip virtual-reassembly
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    ip nat inside source list nat-pat interface FastEthernet4 overload
    ip nat inside source static 10.10.10.1 interface FastEthernet4
    ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
    ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
    ip nat inside source static esp 10.10.10.2 interface FastEthernet4
    ip route 0.0.0.0 0.0.0.0 1.1.1.1
    ip route 10.10.10.0 255.255.255.252 10.10.10.2
    ip route 192.168.2.0 255.255.255.0 10.10.10.2
    ip access-list standard ssh
    permit 0.0.0.0 255.255.255.0 log
    permit any log
    ip access-list extended nat-pat
    deny   ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
    permit ip 192.168.2.0 0.0.0.255 any
    ip access-list extended wan-in
    deny   ip 192.168.0.0 0.0.255.255 any
    deny   ip 172.16.0.0 0.15.255.255 any
    deny   ip 10.0.0.0 0.255.255.255 any
    deny   ip 127.0.0.0 0.255.255.255 any
    deny   ip 169.255.0.0 0.0.255.255 any
    deny   ip 255.0.0.0 0.255.255.255 any
    deny   ip 224.0.0.0 31.255.255.255 any
    deny   ip host 0.0.0.0 any
    deny   icmp any any fragments log
    permit tcp any any established
    permit icmp any any net-unreachable
    permit udp any any eq isakmp
    permit udp any any eq non500-isakmp
    permit esp any any
    permit icmp any any host-unreachable
    permit icmp any any port-unreachable
    permit icmp any any packet-too-big
    permit icmp any any administratively-prohibited
    permit icmp any any source-quench
    permit icmp any any ttl-exceeded
    permit icmp any any echo-reply
    deny   ip any any log
    control-plane
    line con 0
    exec-timeout 0 0
    logging synchronous
    no modem enable
    line aux 0
    line vty 0 4
    access-class ssh in
    exec-timeout 5 0
    logging synchronous
    transport input ssh
    scheduler max-task-time 5000
    end
    ASA:
    ASA Version 9.1(2)
    hostname asa
    domain-name xxxx.local
    enable password xxxx encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd xxxx encrypted
    names
    ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
    interface Ethernet0/0
    switchport trunk allowed vlan 2,10
    switchport mode trunk
    interface Ethernet0/1
    switchport access vlan 2
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    shutdown
    interface Vlan1
    no nameif
    no security-level
    no ip address
    interface Vlan2
    nameif inside
    security-level 100
    ip address 192.168.2.2 255.255.255.0
    interface Vlan10
    nameif outside
    security-level 0
    ip address 10.10.10.2 255.255.255.252
    ftp mode passive
    clock timezone UTC -8
    clock summer-time PDT recurring
    dns server-group DefaultDNS
    domain-name xxxx.local
    object network vlan2-mapped
    subnet 192.168.2.0 255.255.255.0
    object network vlan2-real
    subnet 192.168.2.0 255.255.255.0
    object network vpn-192.168.100.0
    subnet 192.168.100.0 255.255.255.224
    object network lan-192.168.2.0
    subnet 192.168.2.0 255.255.255.0
    access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
    access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
    object network vlan2-real
    nat (inside,outside) static vlan2-mapped
    route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication http console LOCAL
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    http 10.10.10.1 255.255.255.255 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpool policy
    crypto ikev1 enable outside
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh 192.168.2.0 255.255.255.0 inside
    ssh 10.10.10.1 255.255.255.255 outside
    ssh timeout 20
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    anyconnect-essentials
    group-policy vpn internal
    group-policy vpn attributes
    dns-server value 8.8.8.8 8.8.4.4
    vpn-tunnel-protocol ikev1
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value vpn-split
    default-domain value xxxx.local
    username xxxx password xxxx encrypted privilege 15
    tunnel-group vpn type remote-access
    tunnel-group vpn general-attributes
    address-pool vpn-pool
    default-group-policy vpn
    tunnel-group vpn ipsec-attributes
    ikev1 pre-shared-key xxxx
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
    : end

    Hi,
    I think, that you want control all outbound traffic from the LAN to the outside by ASA.
    I suggest some modifications as shown below.
    C871:
    interface Vlan2
    description LAN-192.168.2
    ip address 192.168.2.2 255.255.255.0
    no ip nat inside
    no ip proxy-arp
    ip virtual-reassembly
    ip access-list extended nat-pat
    no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
    no permit ip 192.168.2.0 0.0.0.255 any
    deny ip 192.168.2.0 0.0.0.255 any
    permit ip 10.10.10.0 0.0.0.255 any
    ASA 5505:
    interface Vlan2
    nameif inside
    security-level 100
    ip address 192.168.2.1 255.255.255.0
    Try them out and response.
    Best regards,
    MB

  • How to set up TimeCapsule (4th) to create own private (wired) network behind Airport Express (5th) that is set up to join existing wifi-network of fritz adsl modem/router?

    I work in an office building with free Wifi to connect to the Internet. I want to be able to use this internetconnection, but at the same time I want to shield of my own wired network.
    I've made the following configuration:
    - fritz adsl modem / router
    - Airport Extreme (5th gen) set up to join existing wireless network (green light, works)
    - Lan-cable from lan-port AE to wan-port TC (4th gen)
    - Lan-cable from TC to Mac
    - Lan-cable from TC to Printer
    When I set my TC (network-settings) in bridge-mode everything works fine, but my Mac and Printer get an IP-address from the fritz modem / router and are visible to others.
    I tried to set TC in NAT/DHCP-mode, but then I get the error message that I should set a static IP-adress for TC. When I set TC in DHCP-mode, it looses connection to the AE. I'm not sure what to do now. Does anyone know how to set up my TC and create my own private network and still be able to get on the internet?

    Hajenius wrote:
    Is there a better alternative? I'd rather not want to reset my TC every day.
    You are using free internet.. so there is a price to pay.. that is convenience and non-ideal network setup.
    The better alternative is to pay for your own connection. Then you are completely free of the possibility of others in the bullding seeing your connection. (as long as you secure the wireless).
    But I think you are probably over worrying about public wifi.. if it is setup right.. ask the building admins.. it should be setup so each user cannot see another users connection. This is typical for most wifi setup and simply means you can see internet connection but nobody else on the connection. ie other wireless users.
    Having a router with NAT makes it then more secure again and allows clients on your own network to interact with each other. But you can setup wireless to the free wifi for every client.. (depending on how many IP you are allowed).. and run a secondary network without internet access. This is easy for desktop etc where you have a wireless and a wired connection but less convenient for mobile devices.. unless you use a cloud connection and each client can link and share via that.
    Have I made the explanation worse??
    Think of it this way.. if you had 3 laptops.. all 3 could connect to the internet from the building wifi.. but they cannot talk to each other or share resources in local office. You can put resources out in the cloud, that can be shared.. but that adds traffic and most free services are not fast.
    Now you can also plug all three into Time Capsule by ethernet.. and share local resources. Files, printers backup etc. This network is not connected to the internet at all. Each laptop has internet via free wifi and local connection.
    For devices like iphones that have no ethernet or other method.. you could use local wireless and public wireless.. but in turns.. still the only advantage is less issues with double NAT.. if that causes problems.. then this is an alternative.

  • How to use Airport Extreme to create a second wireless network with different IP addresses behind an existing modem/router?

    Hi,
    I have an existing modem/router from my ISP that does DHCP and NAT with base IP 192.168.1.1 distributed in the wireless network. I use this wireless network for our private devices. I could turn off the DHCP server in this first router, but there isn't a separate setting to turn off NAT.
    I want to connect my Airport Extreme (4th gen) to this existing router to create a separate wireless network for visiting guests, where IP addresses of 10.0.0.0 etc. are used. So I do not want to use the Airport Extreme in bridge mode, as I would like to keep the devices on the first network 'invisible' for those on the second network. (P.S. when connected in bridge mode, the Airport works well and can distribute a network with a different name from the first. It's just that I would feel more comfortable about our privacy if the Airport were to distribute a different IP range. False security, maybe?)
    I've tried doing this by 'Sharing a public IP address' in Airport Utility's Internet tab, leaving TCP/IP's setting to 'via DHCP', setting DHCP addresses to start with 10.0.0.2 up to 200 with all else blank, and not using a standard host nor NAT-PMP in the NAT tab.
    When I do this the Airport complains of a 'double NAT issue'. Internet connectivity seems to be OK, but when switching between the two networks on my Mac I get complaints about my IP address being in use by another device intermittently.
    Can anyone help in how to get the 'double NAT issue' resolved?
    Thanks!

    So if someone is connected to the modem/router network they will be able to see the HD I will have put in to the AirPort Extreme?
    As I said above.....since the modem/router and AirPort are bridged, devices on the modem/router wireless will be able to "see" devices on the AirPort wireless, and vice versa.....
    If they can see the HD connected to the AirPort Extreme, will they be able to access it
    Yes, unless you plan to password protect the drive connected to the AirPort Extreme.
    or will they still need the password needed to get onto the AirPort Extreme network?
    The modem/router and AirPort Extreme are bridged. They are on the same network. All devices are on the same network when the modem/router and AirPort are bridged. Not sure how else that I can say this.
    Also, because it is bridged, I shouldn't have any problems accessing the HD I will have connected to the AirPort Extreme from an external location?
    Accessing devices from a remote location is never easy....and a topic for a different post/discussion. If you have a "static" Internet IP address from your provider, and have all the details on how to forward ports on your modem/router, you are off to a good start.
    Apparently there is some addressing issues because devices can be seen as "Double IP" because the modem/router would have allocated IP's as well as the AirPort allocating IP's thus making connections slower until resolved
    When you "bridge", all IP addresses are issued by one device. There will be no conflicts on the network, since they are bridged.
    Once again, in very simple terms, you have two doors (access points) that open into the same room (network).  One "door" is the modem/router and the other "door" is the AirPort Extreme. They are on the same network....("room") because they are bridged.

  • Setup Modem/Router and AirPort Extreme running DHCP, NAT

    I have a basic modem/router from my ISP which didn't always work very well, so upon suggestion instead of upgrading to a new one I purchased an airport express to use with the modem, since we mostly use apple devices at home.
    The idea is to use the old modem/router strictly as a modem and use AirPort Express for everything else (routing & access point).
    However I need some technical info to set this up, since I not very familiar with networking.
    This is what I understand: In my old modem/router, I need to turn off wireless (it will be connected to the airport via Ethernet cable) and DHCP and NAT (if I can figure this out) as well as the firewall. After that, I should connect the airport to create a new wifi network and have it run DHCP & NAT (which will also provide firewall services)
    Does this sound right?
    Also, the Airport product page mentions that it can also run/provide the following: PPPoE, VPN Passthrough (IPSec, PPTP, and L2TP), DNS Proxy, SNMP, IPv6. Sorry if it sounds ignorant, but do I need to bother with any of this? Specifically PPPoE, which sounds like a modem function.
    Again, since we're talking about a crappy modem here, the idea is to let the Airport do most of the work, and leave the least up to it.
    Thanks in advance.

    I found the answer in an Amazon review:
    1. Auto-Configure the modem with your ISP by directly connecting the modem to your computer. Follow the instructions given in the booklet/user manual/ISP letter to enter the PPPoE username & password.
    2. After configuration is complete, confirm that you are connected to the internet.
    3. Click 'Advanced Setup' on the Main Menu.
    4. Turn off DHCP Server on the 'DHCP Settings' page. Click Apply.
    5. Go to 'WAN IP Address' page and click Yes on the warning. Select RFC 1483 Transparent Bridging. Click Apply.
    6. The Internet light on the modem will turn off and always remain off in bridged mode.
    7. Remove cable from computer and plug into WAN port of your Router.
    8. In your router settings enter the PPPoE username & password. Follow instructions in your router's user manual to enable DHCP on your router.
    You should now be connected to the Internet using your modem & router in bridged mode.

  • Set up a proper live and local DNS behind a router

    Hello dear friends,
    I'm new to Snow Leopard Server and also i'm quite inexperienced in setting up DNS. We bought a Mac Pro for out small company along with Snow Leopard Server to become independent from our ISP, for some specific services like web hosting, mail and to bring up new services like Address book server, iCal server, FTP, Mobile access etc...
    So for me to do that i have to set up our own DNS first. We already bought our domain name (crisconsult.ro) and since then the site has been hosted on our ISP and then aliased to Apple. We also have our own (fix) public IP 80.86.123.116.
    Having installed SL Server and set-up, behind an Airport extreme router, the server was unable to pick up our name server which is ns.crisconsult.ro. Since the router is the first in the network, the server became second with a local IP 10.0.1.2. This is the same IP that the server automatically set up for DNS, BUT if i keep this ip on our name server (ns) i feel it's not good since:
    host ns.crisconsult.ro returns
    ns.crisconsult.ro has address 10.0.1.2
    and host 80.86.123.116 returns
    116.123.86.80.in-addr.arpa domain name pointer ns.crisconsult.ro.
    As i understand there should be our public IP (80.86.123.116), BUT all the tutorials on the net regarding setting up DNS in Leopard Server point that at DNS one should put the machine's own local IP and have the machine look at itself as DNS in network settings.
    So? Is there a local DNS and a public DNS to set up? What gives?
    I could really appreciate some help in configuring DNS, along to some good and real examples of DNS servers configured behind a router.
    Thanks,
    Andrei

    Andrei,
    I too, would love nothing more than to be able to use DNS on my 10.4, 10.5 & 10.6 servers. Unfortunately, the only way I have found to effectively wield a somewhat complete level of control over the bind DNS included with the server, is to abandon all usage of the Server Admin DNS control in favor of something like webmin. The good news is, webmin gives you a host of other features that I (sadly) don't expect to see within the Apple Server GUI any time soon.
    Bad news, is that the 'best practice' way of setting up a stable, functional DNS on a Mac Server seems to be: clean install, webmin install, and never, ever use the apple DNS interface. Similar rule applies to web server.
    I like to think the measure of a good admin is the ability to fix the problem(s) without having to reinstall completely. However, I can say from much experience and extensive googling, that what you are trying to do is a game of hopscotch in a minefield. You should be VERY familiar with the installation and setup process once you have your box configured the way you want it.
    Hopefully one day Apple will decide to take the bull by the horns and address teh fact that DNS is an integral part of a sever set up these days and provide us users with some of that Apple think-outside-the-box-so-you-dont-have-to product that they have been so well known for. I can't say whether they're in too much of a hurry deploying video iPods or super-duper mice that the server product that you and I would love to see work efectively simply doesn't.
    Sorry to get on a rant, I just want to save you some time that I lost figgerin' on this vexing enigma. I can use citations for my assertions if need be.
    -Chance

  • WRT160N v3: Cannot connect to router setup web page with current Firefox or IE

    Every time I try to connect to the admin page of my router, I get "The connection to the server was reset while the page was loading."  This happens with FIrefox 11, and started when I upgraded to 8 or 9.  A machine running FF 3.6 does not exhibit this problem; I get right in.  What IE 9 says is "Internet Explorer cannot display the webpage" (after complaining about the expired certificate).
    I ran Wireshark to see if I could learn anything, but all I could figure out was this:
    https handshake was OK.
    First TLS packet is received by router, which then immediately issues a reset and ends the connection.  I don't know why.
    Has anyone seen this? or have I got a screwed up configuration (or router)?
    Solved!
    Go to Solution.

    castor wrote:
    "The connection has timed out", seems to affect servers at MozilllaZine, for Firefox on Windows...
    I'm not sure what this has to do with my problem; my difficulty is only in trying to talk to the router configuration page.  Everything else works just fine.
    ~~ Tools > Options
    ~~ Advanced (tab) -> Network (tab) > "Setting"
    ~~ (X) Auto-detect proxy setting for this network
    I have "use system proxy settings".  Since this is a home network and I'm not using a software proxy on my machine, I know there is nothing between me and the router.
    Second, let me know if you have enabled 'https' in the router management page. What is the IP address on the computer when connected to the router. To check the IP address that you are getting from the Router... You can check the IP address in the following manner:
    # Click on Start -> All Programs -> Accessories -> Command Prompt.
    # A black pop up box should come up, type: "ipconfig /all" …
    This is not going the right direction, but to satisfy your curiosity:
       IPv4 Address. . . . . . . . . . . : 10.244.122.142(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.244.122.1
       DHCP Server . . . . . . . . . . . : 10.244.122.1
    These are correct. (Since my telco DSL has me behind its own NAT router and has assigned my modem address 192.168.1.2, so I could not use Cisco/Linksys's manufacturer default address settings.)
    There check the IP address and Default Gateway under LAN….  
    If it provides the valid IP address then try to connect the router to a different computer and then try to open the router setup page...
    I have a linux virtual host (thanks to VMware) now running Firefox 5, and it can talk to the router setup page just fine, once I accept and save the invalid certificate the router presents, at https://10.244.122.1.  So I conclude the problem is to do with the later version of Firefox (currently 11, but I had this problem with 10 and maybe with 8 and 9).

  • Help needed - tunnel from behind ADSL router

    I have a situation in which I require to set-up IPSec tunnel in between two 1841 routers. This is normally two minutes job, in this case however one of the routers sits on a private LAN behind ADSL router (at the moment there is no reasonable way to get around it).
    Thus:
    1841-1 <-> WAN <-> ADSL Router <-> 1841-2
    1841-1
    FE0/1 Private LAN 172.16.1.1
    FE0/0 Public IP
    |
    WAN
    |
    ADSL Router
    Public IP
    NAT
    Private LAN1 192.168.0.1
    |
    1841-2
    FE0/0 LAN1 IP 192.168.0.1
    FE0/1 LAN2 IP 172.16.0.1
    172.16.1.0-172.16.0.0 require to communicate over the IPSec tunnel.
    Could you please advice me on 1) what is the most practical way to set this up with out loosing sanity; and 2) Could you maybe point me to some documentation that deals with this specific scenario?
    Thanks.

    '1841-2' does not have public IP (it "fakes" to have one).
    IPsec tunnel is fully working now.
    In the process though I have learned that it depends on what ADSL modem you are using to get this working.
    Check out http://kb.juniper.net/KB4715 for example (this is the one I got working).
    You can thus give your Cisco router a private IP behind ADSL router and then follow the steps from the knowledge base article above on ADSL modem (if you have same type available).
    In addition then, on your Cisco router - you require to add loopback 0 interface and give it public IP of your ADSL router (yes - your adsl router WAN interface and loopback interface on your Cisco router have now the same public IP).
    As the last step, on your Cisco router, change tunnel interface: source interface loopback 0 and destination your remote gateway.
    I am going to try different modems, many models can actually do this, but the documentation is often unimpressive.
    It is possible that there are better ways to do this, if so, please let me know.
    If you wish to have more details about the set-up, let me know.
    Thanks.

  • RV180 behind DSL-ROUTER can't connect with QuickVPN

    Hello,
    I want to ask if is possible to configure the RV180 behind my DSL Router to connect using QuickVPN. First I tried to connect to the PPTP server and worked fine, but when I tried to connect using QickVPN, seems to connect but when the client says "verifying network" after a while appears the message "network not responding..."
    In my DSL-Router forwared this ports: UDP: 500,4500,443,60443 - TCP: 443,60443 (i don't know if tcp ports are needed but I opened for testing) and allowed protocol ESP (comes with the rule to allow IPSEC-L2TP)
    Thanks!

    Hello Siva,
    From where I have to test reachabilty? From the computer where I have installed the QuickVPN client I can reach de WAN interface of the DSL-Router, which is doing NAT and forwarding the ports I said to the WAN interface of my RV180. The network betwwen DSL and RV180 is using private ips.
    The schema is:
    Internet ---- (public ip) dsl router (192.168.1.1) ---- (192.168.1.50)RV180(10.0.0.1) ----- my network 10.0.0.0/24
    In the document you posted is explained:
    "Your Cisco router must have a direct public IP address for QuickVPN to work, please check under the status tab and your internet connection type and make sure it has a public IP address and it is not behind another router. This issue is more common with DSL connections; if you are behind another router/modem you should request your ISP to turn it into bridge mode so our router can be the border router between your LAN and your ISP."
    It's my configuration. I will look how to turn my DSL router into a bridge. Thanks.

  • TC behind modem with DMZ

    I have a new modem/router from my ISP which does not let me change the DNS anymore. As I do not want the standard DNS provided by the ISP and I do not want to set the required DNS on each connected device I thought to use the TC as the router instead of keep running it in "bridged mode". The modem allows me to set a DMZ to a defined machine, port forwarding or the use of DYNDNS. To make the situation a bit more complicated one of the devices, an IP TV set top box needs to be connected directly to the modem due to IMPG issues.
    I have been selecting DMZ:
    Then I gave the TC the static IP 192.168.1.10 and the required DNS:
    And selected a range of IP addresses:
    I can only select DHCP only. As soon as I try to set DHCP and NAT, I get an error message:
    The setup does work but I am really not sure what kind of implications this has. Is the modem still providing NAT? Is my network now open and unprotected?
    Thank you very much for some insight and suggestions.

    The setup does work but I am really not sure what kind of implications this has. Is the modem still providing NAT? Is my network now open and unprotected?
    Yes, the modem is still the router.
    This is in fact the best setup.. what you are doing is using the TC as a secondary DHCP server. There is no need to even use DMZ.. it does not block in any way packets from internet.
    Your network is not open.. it is behind a NAT router same as it was.
    I use exactly the same setup to provide DNS alternatives to my clients.. same as what you are doing.

  • QuickVPN - RV110W behind DSL Router

    Hi all,
    I have a Cisco RV110W behind an Actiontek V1000H DSL router supplied by my ISP.
    I'd like to be able to make use of the Cisco QuickVPN client. According to my ISP placing the Actiontek into bridge mode cannot be done.
    On the Actiontek I have forwarded the following ports to my RV110W's address:
    60443/tcp
    4500/udp
    500/udp
    On the RV110W I have ensured that remote management is enabled (on port 60443).
    When attempting to connect with the client (using port 60443) - I get this far:
    2012/01/30 11:16:21 [STATUS]OS Version: Windows 7
    2012/01/30 11:16:21 [STATUS]Windows Firewall Domain Profile Settings: ON
    2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
    2012/01/30 11:16:21 [STATUS]Windows Firewall Private Profile Settings: ON
    2012/01/30 11:16:21 [STATUS]One network interface detected with IP address 192.168.245.164
    2012/01/30 11:16:21 [STATUS]Connecting...
    2012/01/30 11:16:22 [DEBUG]Input VPN Server Address = xx.xx.xx.xx
    2012/01/30 11:16:22 [STATUS]Connecting to remote gateway with IP address: xx.xx.xx.xx
    2012/01/30 11:16:22 [WARNING]Server's certificate doesn't exist on your local computer.
    2012/01/30 11:16:23 [WARNING]Remote gateway wasn't reached...
    2012/01/30 11:16:23 [WARNING]Failed to connect.
    2012/01/30 11:16:23 [WARNING]Failed to connect!
    Any suggestions? Is this configuration even possible?
    Thanks!

    Hi, Rudi & Craig
    I just tested another diffrent way, which way as Craig's book did, I set
    Master's IP is DSL Router inside IP which same as "PUBLIC" Network Card's
    IP address (10.0.0.101) when setting the MASTER's configuration in
    iManager, it still working fine. Then it will be the best way if the ISP
    change my static Public IP.
    BTW, Craig, when you have chance, can you memtion this on your web site or
    in your book (when you have new version book), BM38SP5 got a bug, the
    vpn.jar cannot set Non-BM VPN Slave (I used Linksys router for Slave
    server), I called Novell support engineer, he said Novell knew this error,
    I have to use the vpn.jar which in BM38SP4_IR5 to setup Non-BM VPN Salve.
    But there is another problem, the vpn.jar which in BM38SP4_IR5 cannot set
    MASTER VPN server. The only way to do the job is install BM38SP5, setup
    MASTER VPN server, setup C2S VPN, then copy the vpn.jar which in
    BM38SP4_IR5 in, to setup Non-BM VPN Salve. I hope you can understand my
    poor Engish.
    James
    > Rudolf Thilo wrote:
    > Hello James.
    >> In Craig's book, there is a sample
    >> for VPN Slave Server behind DSL router.
    >> But I don't know I can setup Master VPN
    >> server behind DSL router or not.
    > It works, starting with BM3.8. IIRC Craig has an example
    > in his book? You will need to specify the DSL router's
    > (static!!) public IP address as the MASTER's public IP
    > when setting um the MASTER's configuration.
    > Regards, Rudi.

  • SOLVED: Dropped connections with Time Capsule and cable modem/router

    I've been dealing with random dropped connections for quite a while and I thought that it would be useful to share what I've found.
    I was having a very puzzling problem where my internet connection would drop randomly on wireless devices. On my laptop, webpages would suddenly become unresponsive for a minute or two, Mail would have connection problems and complain, etc...but incredibly randomly and definitely not repeatable or in any pattern that I noticed.
    I also have 2 Nest thermostats in the house which connect via wi-fi. I noticed that they would randomly show Offline very often when viewed from a webpage or iPhone app, but the Nest front panels showed that they were connected with a strong signal.
    As I said, the dropped connections were very sporadic. Most of the time, everything worked, but every once in a while...bam.
    I worked with the level 3 tech support guys at Nest for over a week to figure out what was going on. We went through settings on my router and Time Capsule and everything seemed proper and okay. I even replaced the Nests with new ones but still had the same problem. We were all completely stumped.
    Yesterday, my laptop dropped it's connection at the same time my wife's laptop dropped hers. At this point, I wondered if something was wrong with the Time Capsule or maybe my internet provider.
    I called AppleCare to see if they could help with debugging the problem. They passed me up to a senior wi-fi tech and he asked me many questions about the configuration of my network. My home network looked like this yesterday (see crappy diagram below)
                                                         Motorola Cable modem/router
                                                                                 |
                                                           Netgear multiport switch
                                                          |          |         |         |          |
                                                         hardwired Macs,            TimeCapsule (bridge mode)
                                                         laser printers,                   |   |   |   |   |
                                                          Apple TVs                       laptops, Nest, iphones
    This configuration seemed correct to me. The Time Capsule in bridge mode would mean that the cable modem/router would be handling DHCP so all the devices would be on the same network and I could print from a laptop to one of my printers and the laptops could connect to the hardwired Macs, etc..
    The AppleCare technician said he thought that bridge mode was the problem. He mentioned that there was a known issue that in this configuration, the IP addresses could get lost between the cable modem/router and the Time Capsule. He said it would be best if the Time Capsule was in DHCP/NAT mode and the first device before the switch, this way the Time Capsule was the only device passing out IP addresses.
    So I repatched my network like this:
                                                       Motorola Cable modem/router
                                                                                 |
                                                       TimeCapsule (DHCP/NAT mode)
                                                                |                                       |   |   |   |   |
                                        Netgear multipart switch                      laptops, Nest, iphones
                                             |         |         |        |
                                               hardwired Macs,           
                                                 laser printers,                 
                                                   Apple TVs                     
    I can tell you that in the past 24 hours, I haven't seen anything lose a connection. Not even the Nests which seemed be on and off all the time. And, in this configuration, all the devices are on the same network and able to speak to each other.
    I hope that helps someone.

    So you're saying that Bridge Mode not functioning properly is a well known issue?
    Not to me.. I have not had issues with the TC in bridge. And it is my prefered setup. I think it is better as a wireless AP and network hard disk than a router any day of the week.. but there are other ways to skin the cat if it is proving unreliable. I am at the moment using a wireless bridge from the Gen4 TC to a Gen4 AE upstairs for TV internet streaming.. it started off very reliable.. but of late I guess I need to reboot it every few days. And it has required a full reset two or three times.. although I probably need to take some of the blame for those. I am not over worried.. i do not believe in wireless bridges except for the most interim of arrangements.. it will be wired in ethernet ASAP.
    Wireless should always be used in a way that respects its status as voodoo.. not stable technology. NOT SCIENCE.. it is more a bag of beads and rattles.
    Is there a way to change the cable modem/router to avoid the double NAT problem?
    The answer to this may depend on your ISP. Did they provide the modem? If so they may lock it down so you have no control. But normally a Motorola cable modem will not have a bridge mode as such but will have a method of turning off NAT.. (and wireless).. this amounts to the same thing.
    Once you turn off NAT.. you need to power cycle the modem so the TC gets the public IP in router mode. The power cycle time might be 5min or 20min or overnight.. it again depends on your ISP.. but you need to stop the modem capturing the public IP so it can be passed to the modem.
    Depending on where you are in the world.. US is most concentration of cable network.. you can go out and buy your own modem. Pick one on your ISP list and steer clear of SB.. at least with the apple routers they are problematic.
    It also can be a case that the cable modem is SB model and therefore more problematic. Sorry I have forgotten the recommendation for what to buy. There are a number of posts here about it but search is terrible now. (or I am too old to figure it out). I will get Bob to poke his nose in and tell you what works for him.

Maybe you are looking for

  • What's Happened To Mountain Lion??

    I've had to completely re-build my i-Mac after a  download of OS 9 Mavericks destroyed my system. (As many people are reporting, see all the 'one-star' reviews on the Mavericks page at Apple). I re-installed 10.6. Snow Leopard - for which I had the d

  • Oracle9i Host and Text_IO Command Issues

    We are currently attempting to migrate from Forms6i to Oracle9i Forms. I understand that the current Host and Text_IO commands execute on the application server tier and NOT on the client. To counter the Host command issue the migration documentation

  • Web Gallery - thumbnails link to the wrong photos

    anyone else got this issue? Ive uploaded various galleries, and it seems .mac is a bit confused. See, I have many photos in iPhoto that are titled e.g. CIMG09878. That was never a problem. Now though on the net, in the web gallery, if I click on one

  • Unable to convert sender service IP_testScenario to an ALE logical system

    i have a IDOC -> BPM--->File    scenario, the BPM is named as IP_testScenario when IDOC is sent from R3 to BPM, in the MONI i can also see a Acknowledgement message saying <SAP:Category>XIAdapter</SAP:Category>   <SAP:Code area="IDOC_ADAPTER">ATTRIBU

  • Impossible to quit editing a note *without* saving

    I just realised that when editing a note, there's no way to undo the changes done, i.e. the changes are always saved, no matter how you quit the Notes application. Even if you just press the Exit button, the changes are saved, which is actually a nic