NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Port Forwarding for Netgear Router R6700v2 is timing out/not working
I have a R6700v2 router that I was trying to setup to allow port forwarding for ssh access to my home Mac. My home Mac is accepting ssh (port 22) locally. I confirmed this by running 'ssh username@lo...
> Different... interesting
Even worse than interesting. Fill in your actual address, if you
want, but the result will be the same:https://whois.arin.net/rest/net/NET-10-0-0-0-1
> [...] Is this where my problem lies?
No, it's not a DNS problem. Welcome to carrier-grade NAT. From the
outside world, your router appears to be at "184.170.x.y", but your
router is really at "10.238.u.v", which is a private address, used by
your ISP. Your ISP is doing its own NAT, to let it use "184.170.x.y" (a
real public address) for multiple customers.Because any "10.r.s.t" address is considered private, any router in
the outside world will discard any message which is addressed to your
router at "10.238.u.v".
This NAT is the same thing as the NAT on your router, which lets
multiple devices on your LAN share the one IP address assigned to your
router, except that your ISP is doing it, and it's out of your control.
So, anything you read about "double NAT" applies to you, except that
your outer router is controlled by your ISP.Sadly, that also means that port forwarding (like what you want to
do) must be configured on the ISP's NAT router (as well as yours, I'd
guess, but I've never tried that).The only solutions I know are: 1) to ask your ISP for a real public
address, or 2) to use a tunneling service like the one mentioned in
another recent thread (near the end):
> What is your public IP address? ("a.b" of "a.b.c.d" would be
enough for me.) What is the WAN/Internet IP address of your router?
ADVANCED > ADVANCED Home: Internet Port : Internet IP Address. Same or
different?
Different... interesting
Public: 184.170 (a.b)
Netgear Internet IP Address: 10.238 (a.b)
I can ssh using the Netgear Internet IP Address... but when I change my No-IP Dynamic DNS to that address it times out... so I'm quite confused by that. Would this mean netgears integration with no-ip dynamic dns not work in this scenario since it would be reverting to the public IP and not the Netgear Internet IP Address? Is this where my problem lies?
External Port 22, Once I get the port forwarding working 100%, I was going to change it. I hadn't changed it to make troubleshooting a little bit easier, but I appreciate the valuable information.
I appreciate all the help, and if there's anything I can do to give more information, please do let me know.
> Different... interesting
Even worse than interesting. Fill in your actual address, if you
want, but the result will be the same:
https://whois.arin.net/rest/net/NET-10-0-0-0-1
> [...] Is this where my problem lies?
No, it's not a DNS problem. Welcome to carrier-grade NAT. From the
outside world, your router appears to be at "184.170.x.y", but your
router is really at "10.238.u.v", which is a private address, used by
your ISP. Your ISP is doing its own NAT, to let it use "184.170.x.y" (a
real public address) for multiple customers.
Because any "10.r.s.t" address is considered private, any router in
the outside world will discard any message which is addressed to your
router at "10.238.u.v".
This NAT is the same thing as the NAT on your router, which lets
multiple devices on your LAN share the one IP address assigned to your
router, except that your ISP is doing it, and it's out of your control.
So, anything you read about "double NAT" applies to you, except that
your outer router is controlled by your ISP.
Sadly, that also means that port forwarding (like what you want to
do) must be configured on the ISP's NAT router (as well as yours, I'd
guess, but I've never tried that).
The only solutions I know are: 1) to ask your ISP for a real public
address, or 2) to use a tunneling service like the one mentioned in
another recent thread (near the end):
antinode wrote:The only solutions I know are: 1) to ask your ISP for a real public
address, or 2) to use a tunneling service like the one mentioned in
another recent thread (near the end):https://community.netgear.com/t5/x/x/m-p/1748431
1. Well, I guess I'll just ask my ISP, but I am happy I don't have to buy a new router!
2. I have used ngrok before for development, but I'll look into it as well.
I greatly appreciate your help!