NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Anonymous_fan's avatar
Anonymous_fan
Aspirant
Aug 19, 2015
Solved

WNR2000v4 keeps changing internal ip address

Hi there,   Since a while I have a strange problem with my WNR2000v4. Every now and again the router changes the internal ip address of itself. The standard/default ip address is 192.168.1.1 but fo...
Troubleshooting
  • Anonymous_fan's avatar
    Anonymous_fan
    Aug 24, 2015

    Hi Andy,

     

    I have some more information on this subject from my ISP community. It is a rough translation with google translate, I hope you understand it.

     

    This seemingly "strange phenomenon" can be explained. What I can say at this stage is that both parties have no guilt here. This phenomenon stems from two requirements that a manufacturer must meet when NAT is used with the product. See https://tools.ietf.org/html/rfc4787#section-4.4 for details.

    Why you can see this at a modem reset is because the RF interface of the modem is not connected yet to the CMTS. As a result, the DHCP server of the modem itself is active until there is a connection to the CMTS. The WAN interface of your router detects a link down / up event and then try again to obtain an IP address. The WAN interface from your router will then receive a private IP from the modem of the same sequence which is then used your router at that time. The modem does not know that your router uses internally the same private IP range. This clearly presents a problem and configure your router responds correctly by itself with another private IP range. Why is the DHCP server of the modem active when there is no connection to the CMTS? Because you still can logon to the management interface of the modem.

    Manufacturers must implement one of the following two things to make it work.

    All traffic between internal / exterene clients correct translation and forwarding. This is difficult because you need a solution such as Session Traversal Utilities for NAT server. If the two clients are the same ISP who does double NAT, you are also dependent on the correct NAT hairpinning implementation of the ISP router.

    The second solution is automatically ensure that the internal and external IP ranges do not overlap / are identical.

    Manufacturers logically opt for the second easy solution. How can you solve this problem permanently? If your local network eg. 192.168.0.0 Class C network can be used eg. Set your router to use IP network 192.168.1.0.

Anonymous_fan's avatar
Anonymous_fan
Aspirant
Aug 20, 2015
nternetinstallatie
 

     

 
Accountnaam  (indien vereist)
Domeinnaam  (indien vereist)
IP-adres
Dynamisch opvragen bij Internet Provider
Statisch IP-adres gebruiken
IP-adres94.213.*.*
IP-subnetmasker255.255.254.0
IP-adres gateway94.213.182.1
Adres domeinnaamserver (DNS)
Automatisch opvragen bij Internet Provider
Deze DNS-servers gebruiken
Primaire DNS8.8.8.8
Secundaire DNS8.8.4.4
Derde DNS. . .
MAC-adres van de router
Standaard adres gebruiken
MAC-adres van de computer gebruiken
Dit MAC-adres gebruiken
Anonymous_fan's avatar
Anonymous_fan
Aspirant
Aug 20, 2015

This is the log of the netgear router:

 

[admin login] from source 192.168.1.2, Thursday, August 20, 2015 10:00:52
[admin login] from source 192.168.1.2, Thursday, August 20, 2015 09:50:34
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 09:40:29
[DoS Attack: SYN/ACK Scan] from source: 59.26.71.187, port 25569, Thursday, August 20, 2015 09:17:04
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 09:14:07
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 09:09:32
[DoS Attack: TCP/UDP Chargen] from source: 74.82.47.29, port 44185, Thursday, August 20, 2015 09:05:27
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 08:42:10
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 08:40:11
[LAN access from remote] from 123.151.149.222:22204 to 192.168.1.10:80, Thursday, August 20, 2015 08:27:12
[LAN access from remote] from 46.172.71.251:57291 to 192.168.1.10:80, Thursday, August 20, 2015 08:19:17
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 08:09:55
[DHCP IP: 192.168.1.10] to MAC address e0:cb:ee:c0:6d:3b, Thursday, August 20, 2015 07:57:59
[LAN access from remote] from 115.231.222.14:3787 to 192.168.1.7:8080, Thursday, August 20, 2015 07:40:03
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 07:40:02
[DoS Attack: SYN/ACK Scan] from source: 5.196.120.46, port 7777, Thursday, August 20, 2015 07:27:14
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 07:10:12
[LAN access from remote] from 169.229.3.90:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:09:41
[LAN access from remote] from 77.247.181.162:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:08:21
[LAN access from remote] from 96.44.189.100:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:08:09
[LAN access from remote] from 96.47.226.20:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:08:09
[LAN access from remote] from 109.163.234.7:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:08:09
[LAN access from remote] from 141.212.121.192:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:08:09
[LAN access from remote] from 128.232.110.28:41590 to 192.168.1.10:80, Thursday, August 20, 2015 07:07:37
[DoS Attack: SYN/ACK Scan] from source: 5.196.120.46, port 7777, Thursday, August 20, 2015 06:57:41
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 06:40:11
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 06:26:15
[DHCP IP: 192.168.1.2] to MAC address 1c:6f:65:2d:f1:c6, Thursday, August 20, 2015 06:21:59
[LAN access from remote] from 61.231.7.125:3447 to 192.168.1.7:8080, Thursday, August 20, 2015 06:14:04
[LAN access from remote] from 61.231.7.125:12200 to 192.168.1.7:8080, Thursday, August 20, 2015 06:13:10
[LAN access from remote] from 115.231.222.14:3501 to 192.168.1.7:8080, Thursday, August 20, 2015 05:41:06
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 05:41:02
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 05:14:55
[LAN access from remote] from 115.231.222.14:4546 to 192.168.1.7:8080, Thursday, August 20, 2015 05:12:16
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 05:12:15
[LAN access from remote] from 115.231.222.14:4299 to 192.168.1.7:8080, Thursday, August 20, 2015 04:42:09
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 04:42:08
[DHCP IP: 192.168.1.10] to MAC address e0:cb:ee:c0:6d:3b, Thursday, August 20, 2015 04:38:50
[DoS Attack: SYN/ACK Scan] from source: 195.64.185.10, port 80, Thursday, August 20, 2015 04:22:08
[LAN access from remote] from 115.231.222.14:2626 to 192.168.1.7:8080, Thursday, August 20, 2015 04:12:21
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 04:12:21
[LAN access from remote] from 37.203.214.106:41239 to 192.168.1.10:80, Thursday, August 20, 2015 04:09:51
[DoS Attack: TCP/UDP Echo] from source: 185.82.203.159, port 45616, Thursday, August 20, 2015 04:03:08
[LAN access from remote] from 115.231.222.14:2085 to 192.168.1.7:8080, Thursday, August 20, 2015 03:42:05
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 03:42:05
[LAN access from remote] from 115.231.222.14:2028 to 192.168.1.7:8080, Thursday, August 20, 2015 03:12:08
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 03:12:00
[LAN access from remote] from 45.33.4.91:58004 to 192.168.1.10:80, Thursday, August 20, 2015 03:09:19
[LAN access from remote] from 115.231.222.14:1574 to 192.168.1.7:8080, Thursday, August 20, 2015 02:41:57
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 02:41:57
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 02:29:21
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 02:25:07
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 02:15:52
[LAN access from remote] from 115.231.222.14:1759 to 192.168.1.7:8080, Thursday, August 20, 2015 02:11:24
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 02:11:23
[DoS Attack: SYN/ACK Scan] from source: 195.64.185.10, port 80, Thursday, August 20, 2015 01:55:50
[LAN access from remote] from 115.231.222.14:1032 to 192.168.1.7:8080, Thursday, August 20, 2015 01:40:48
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 01:40:47
[LAN access from remote] from 89.248.160.196:21188 to 192.168.1.10:80, Thursday, August 20, 2015 01:26:21
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Thursday, August 20, 2015 01:12:06
[LAN access from remote] from 115.231.222.14:3678 to 192.168.1.7:8080, Thursday, August 20, 2015 01:10:19
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 01:10:18
[DoS Attack: SYN/ACK Scan] from source: 181.114.18.22, port 25, Thursday, August 20, 2015 00:59:54
[LAN access from remote] from 115.231.222.14:2985 to 192.168.1.7:8080, Thursday, August 20, 2015 00:40:21
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 00:40:21
[DoS Attack: SYN/ACK Scan] from source: 198.50.130.178, port 6023, Thursday, August 20, 2015 00:29:24
[DoS Attack: SYN/ACK Scan] from source: 80.7.186.25, port 80, Thursday, August 20, 2015 00:14:44
[LAN access from remote] from 115.231.222.14:3518 to 192.168.1.7:8080, Thursday, August 20, 2015 00:10:36
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Thursday, August 20, 2015 00:10:36
[LAN access from remote] from 115.231.222.14:2852 to 192.168.1.7:8080, Wednesday, August 19, 2015 23:41:19
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 23:41:18
[DHCP IP: 192.168.1.7] to MAC address 08:00:27:08:ff:ab, Wednesday, August 19, 2015 23:38:21
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 23:11:10
[DoS Attack: SYN/ACK Scan] from source: 195.64.185.10, port 80, Wednesday, August 19, 2015 22:40:09
[LAN access from remote] from 115.231.222.14:4435 to 192.168.1.7:8080, Wednesday, August 19, 2015 22:39:53
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 22:39:53
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Wednesday, August 19, 2015 22:12:11
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 22:10:23
[LAN access from remote] from 36.229.233.209:2549 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:51:02
[LAN access from remote] from 36.229.233.209:12200 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:49:54
[LAN access from remote] from 115.231.222.14:3102 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:40:58
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:40:57
[LAN access from remote] from 222.186.21.48:4885 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:31:18
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Wednesday, August 19, 2015 21:14:05
[LAN access from remote] from 115.231.222.14:2524 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:11:58
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 21:11:54
[DoS Attack: RST Scan] from source: 37.59.30.114, port 80, Wednesday, August 19, 2015 21:10:43
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Wednesday, August 19, 2015 20:42:09
[LAN access from remote] from 115.231.222.14:4655 to 192.168.1.7:8080, Wednesday, August 19, 2015 20:41:24
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 20:41:24
[DoS Attack: RST Scan] from source: 216.110.245.16, port 1256, Wednesday, August 19, 2015 20:40:06
[LAN access from remote] from 46.172.71.251:53263 to 192.168.1.10:80, Wednesday, August 19, 2015 20:35:33
[DHCP IP: 192.168.1.8] to MAC address 00:26:9e:c1:20:11, Wednesday, August 19, 2015 20:28:23
[Time synchronized with NTP server] Wednesday, August 19, 2015 20:17:44
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 20:10:35
[LAN access from remote] from 199.203.59.118:32951 to 192.168.1.10:80, Wednesday, August 19, 2015 20:06:28
[LAN access from remote] from 115.231.222.14:2160 to 192.168.1.7:8080, Wednesday, August 19, 2015 19:38:58
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 19:38:57
[DoS Attack: SYN/ACK Scan] from source: 195.64.185.10, port 80, Wednesday, August 19, 2015 19:09:47
[LAN access from remote] from 115.231.222.14:4698 to 192.168.1.7:8080, Wednesday, August 19, 2015 19:08:40
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 19:08:40
[DHCP IP: 192.168.1.2] to MAC address 1c:6f:65:2d:f1:c6, Wednesday, August 19, 2015 18:44:04
[LAN access from remote] from 115.231.222.14:4463 to 192.168.1.7:8080, Wednesday, August 19, 2015 18:39:11
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 18:39:11
[DHCP IP: 192.168.1.9] to MAC address dc:d3:21:09:fb:4d, Wednesday, August 19, 2015 18:26:13
[DoS Attack: RST Scan] from source: 221.186.120.130, port 56901, Wednesday, August 19, 2015 18:16:29
[LAN access from remote] from 115.231.222.14:1469 to 192.168.1.7:8080, Wednesday, August 19, 2015 18:08:42
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 18:08:42
[LAN access from remote] from 88.202.224.162:35581 to 192.168.1.10:80, Wednesday, August 19, 2015 18:00:25
[DoS Attack: SYN/ACK Scan] from source: 188.165.200.195, port 19505, Wednesday, August 19, 2015 17:52:19
[LAN access from remote] from 37.203.214.106:45280 to 192.168.1.10:80, Wednesday, August 19, 2015 17:46:04
[LAN access from remote] from 115.231.222.14:2562 to 192.168.1.7:8080, Wednesday, August 19, 2015 17:37:54
[LAN access from remote] from 115.231.222.14:64316 to 192.168.1.7:8080, Wednesday, August 19, 2015 17:37:54

Part 2 is in the next message