D7000 port forwarding

Gezzaroy · ‎2018-03-03

Hi,

I have a Netgear D7000 with firmware V1.0.1.64_1.0.1. I want to create a port forwarding to a web server on TCP port 80 at IP 192.168.0.22 (DHCP reservation). The rule looks like this: Service Name: HTTP - Service Type: TCP - External Starting Port 80-80 - Internal Starting Port: 80-80 - Server IP Address: 192.168.0.22. My external IP is 88.97.x.x. From my PC at work (so outside of my Netwgear network), when I type my external IP in a browser (88.97.x.x), the browser says "waiting for 192.168.0.22" and of course it times out. So the router is somehow not NATing properly. I can see NAT is enabled in Setup > Internet Setup. Anything else I should try?

Thanks

Gezzaroy

antinode · ‎2018-03-03

> You are not understanding what I'm saying about the W3 Validator.
> https://validator.w3.org/ The fact that if I put my WAN IP in there and
> I get the response "Sorry, the IP address 192.168.0.22 is not public"
> means that the problem is not just with my work PC. [...]

You're right. I got lost between network basics and HTTP. But I
still doubt that the router is causing the problem. My next hypothesis
would be that your web server is redirecting the client to a page using
its LAN IP address rather than the router's WAN IP address (about which
it may know nothing).

> If you want I'll PM my full IP and you can put it in the W3 Validator
> for yourself to see.

That might be educational. Wget output (which is what I'd look at)
might show in more detail exactly what's happening. My guess is that
you're getting back a (defective) redirect response from the web server
(which would show that the router's doing its job), but then the client
tries to follow the (defective) redirect, and fails there.

View solution in original post

antinode · ‎2018-03-03

> I have a Netgear D7000 with firmware V1.0.1.64_1.0.1. [...]

Thanks for the unusually clear and complete problem description.
My D7000 (V1.0.1.64_1.0.1) seems to be working as expected. I also have
a similar rule for port 443. Are you using "http://" (80) or "https://"
(443)? Can you talk to your web server from within the LAN at its LAN
address (192.168.0.22)? From within the LAN at your WAN (public)
address ("NAT lookback")?

> [...] From my PC at work (so outside of my Netwgear network), when I
> type my external IP in a browser (88.97.x.x), the browser says "waiting
> for 192.168.0.22" and of course it times out. [...]

Eh? How can your browser in the outside world know anything about a
home-LAN IP address like "192.168.0.22"? What are you using for DNS "at
work"? Is someone caching home-LAN data, and then using them when
you're elsewhere? Which browser? Try a different browser? Different
at-work computer?

Gezzaroy · ‎2018-03-03

Hi Antinode

I am using TCP port 80.

I can see the webserver LAN to LAN.

I can see the webserver LAN to WAN but if I type 88.97.x.x in the address bar the browser redirects to 192.168.0.22.

Eh? How can your browser in the outside world know anything about a
home-LAN IP address like "192.168.0.22"?

It must be the Netgear router that tells my browser at work to go to 192.168.0.22 (???)
I'm not using DNS; just IP for now.

It's not a problem with work computer/network because if I put my external IP in the W3 Validator I get "Sorry, the IP address 192.168.0.22 is not public".

FURRYe38 · ‎2018-03-03

I would post here as well or have this most moved since you have a modem/router model:

https://community.netgear.com/t5/DSL-Modems-Routers/bd-p/home-dsl-modems-routers

Gezzaroy · ‎2018-03-03

I did also post in DSL Modem/ router and it was marked as duplicate. It's still there though so someone might reply.

FURRYe38 · ‎2018-03-03

antinode · ‎2018-03-03

> It must be the Netgear router that tells my browser at work to go to
> 192.168.0.22 (???)

   I don't think so. I don't see how/why the router could/would be
fiddling with HTTP traffic that way. And, of course, I see no such
problem here.

> It's not a problem with work computer/network because if I put my
> external IP in the W3 Validator I get "Sorry, the IP address
> 192.168.0.22 is not public".

   I understand that "192.168.0.22" is a private address. The mystery
is how your web browser gets that address from anywhere. The fact that
"192.168.0.22" is a private address tells me nothing about your "work
computer/network".

> [...] Try a different browser? Different at-work computer?

   Still wondering. The other, related question is: Is your "my PC at
work" really a computer which you were using at home (on your home-LAN),
so that (something in) it might remember "192.168.0.22" when you take it
to work, or is it some full-time at-work computer which has never
visited your home-LAN?

   If you can find any browser/DNS cache which you can flush on your
(unspecified) "my PC at work", then I'd try that, too.

Gezzaroy · ‎2018-03-03

I don't think so. I don't see how/why the router could/would be
fiddling with HTTP traffic that way. And, of course, I see no such
problem here.

I think it's the NATing/port forwarding not working properly. The router receives a request for TPC port 80 on the WAN interface. With the port forwarding it knows to forward it to 192.168.0.22. But somehow the router messes up the response. If you run out of ideas I could use Wireshark to see where it goes wrong.

You are not understanding what I'm saying about the W3 Validator. https://validator.w3.org/ The fact that if I put my WAN IP in there and I get the response "Sorry, the IP address 192.168.0.22 is not public" means that the problem is not just with my work PC. It's doing it for every connection whether from my work PC or not. If you want I'll PM my full IP and you can put it in the W3 Validator for yourself to see.

antinode · ‎2018-03-03

> You are not understanding what I'm saying about the W3 Validator.
> https://validator.w3.org/ The fact that if I put my WAN IP in there and
> I get the response "Sorry, the IP address 192.168.0.22 is not public"
> means that the problem is not just with my work PC. [...]

You're right. I got lost between network basics and HTTP. But I
still doubt that the router is causing the problem. My next hypothesis
would be that your web server is redirecting the client to a page using
its LAN IP address rather than the router's WAN IP address (about which
it may know nothing).

> If you want I'll PM my full IP and you can put it in the W3 Validator
> for yourself to see.

That might be educational. Wget output (which is what I'd look at)
might show in more detail exactly what's happening. My guess is that
you're getting back a (defective) redirect response from the web server
(which would show that the router's doing its job), but then the client
tries to follow the (defective) redirect, and fails there.

Gezzaroy · ‎2018-03-04

Doh! OK, the website is WordPress and I had set the home URL to 192.168.0.22. So as you suspected, port forwarding was working correctly and the website was redirecting to that URL.

Thanks for your help.

antinode · ‎2018-03-04

> Doh! [...]

Thanks for the update. Glad to hear that you got it working. Yeah,
half the fun in solving any problem is determining exactly who is
complaining about what. Blame assignment is Job One, I always say.
"the router is somehow not NATing properly" was a big step in the wrong
direction. Interesting problem, though. I hadn't seen one like that
before.

D7000 port forwarding

D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding

Re: D7000 port forwarding