This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
My setup is the Nighthawk R7960P sitting behind the AT&T provided all-in-one modem with the wi-fi turned off. The nighthawk is connected with its WAN to the LAN of the AT&T router. My reasoning for this is for QOS enabled on the nighthawk so I can game while others stream in the house.
The issue I am experiencing is that services that bind to specific ports are being blocked internally in the network. I have confirmed IP addresses multiple times. SSH was one that would not work from any machine to my raspberry pi. The other service is bonjour for our canon printer. Neither my macbook nor my windows desktop could connect to the printer. Additionally, I was receving a lot of packet loss while playing call of duty.
I have tried: - Rebooting all devices
- Reverting firmware on the nighthawk.
- Looking for blocked ports/services ( none found)
I got around this by taking out the nighthawk router and enabling wi-fi on the AT&T device. This resolved both issues.
Is there a setting on the nighthawk that I am missing causing these issues?
The effect you are fighting ref. your RasPi and the random access does very well indicate there are multiple devices with the same IP address ou your network (LAN and WLAN).
Leaving the names alone (no clue what Netgear is riding since they have added this attached device detection): Are the systems on the network with fixed IP addresses? If all devices are DHCP, has everything be cold booted, starting with the router? Check the view with each device coming back to the network, review each device config, ...
I've got gigabit speeds. I enabled QOS because I was getting latency issues (150ms+) while playing games when someone was streaming netflix or similar. Do you believe this would be caused by the double NAT?
If everything was connected to the 'inner' NAT, why would there be issues with SSH/Bounjour/etc.?
And the funny part is some routers will work fine on double nat's and others will cause nothing but issues. Its why we recommend getting that issue fixed first and then try the network out.
If everything was connected to the 'inner' NAT, why would there be issues with SSH/Bounjour/etc.?
For general Internet surfing or most home office VPN double NAT isn't an issue. For gaming, ideally the console(s) ideally must have UPnP PMP control on the public IP address and the port forwarding. controlling two NAT routers in a line does make it very difficult, as the consoles and games use sophisticated NAT mapping and alternate ports - and the config would require manual duplication to the outer NAT router pot forwarding.
Be aware the QoS part can only work reliably if the router is under control of all traffic. Just the "inner" router can't do much (or anything) in this context.
These to items are the show-stoppers for double-NAT and more.
I followed the steps in the link above to set the modem into passthrough mode (dynamic), added the nighthawk back in, and disabled QoS.
I am still unable ssh into my raspberry pi from my hardwired desktop nor my macbook through wireless. I confirmed the ip address on the raspberry pi. In addition, I cannot connect to my scanner same as before.
I'm unsure where else to check.
In addition, with this configuration I am getting much slower upload speeds. (70mbps compared to 600mbps+)
I would like to add some info. I set up a port forward for 22 and was able to successfully SSH into the raspberry pi through the external IP but not the internal (10.0.0.x)
Wouldn't that ruin the point of using the nighthawk? The devices are directly next to each other. If external connections work but internal don't, it seems like the nighthawk is blocking certain ports under the covers.
I would like to add that this has not always been the case. It is relatively recently that I've not been able to connect to the printer/raspberry pi. And it used to be intermittent where a restart would resolve the issue.
Depends on what you're using it for. If you're using armor/qos/parental controls/ then sure it would.
But if you're just using it for the wifi/ethernet connection, access point mode isn't going to change those.
I don't know much about the att router you have whether its solid/sketchy but its worth trying. If its passthrough is sketchy, it can cause issues on the internal network.
I am still unable ssh into my raspberry pi from my hardwired desktop nor my macbook through wireless. I confirmed the ip address on the raspberry pi. In addition, I cannot connect to my scanner same as before.
Everything what was on the other "outer" network before must be connected to the Netgear router Wifi and LAN only - the only device on between the ATT device and Netgear router WAN/Internet port can be the network cable. All devices the might have to be reconfigured to fit the new set-up.
The Netgear router LAN and wireless (not the guest one) is fully L2 transparent, and Bonjour or UPnP SSDP discovery does work - permitting both devices are on the same network and on the same subnet, also the communication works.
@schumaku wrote: Everything what was on the other "outer" network before must be connected to the Netgear router Wifi and LAN only - the only device on between the ATT device and Netgear router WAN/Internet port can be the network cable. All devices the might have to be reconfigured to fit the new set-up.
When switching from the netgear to the AT&T I unplugged the netgear entirely and then tested connectivity for the devices. The WiFi networks are the same so the devices will switch between as I switch the devices. When switching back to the netgear router, I am switching the AT&T device to passthrough mode and turn off wifi. I then have one cable from AT&T.LAN -> Netgear.WAN and everything is wired into the netgear or connected wirelessly.
The Netgear router LAN and wireless (not the guest one) is fully L2 transparent, and Bonjour or UPnP SSDP discovery does work - permitting both devices are on the same network and on the same subnet, also the communication works.
I am not using any guest networks. They are on the same subnet mask 255.255.255.0. Both devices are pointing to the default gateway 10.0.0.1. And both can ping google.com. But I still cannot ssh while using the netgear. Windows box IP: 10.0.0.10 Raspberry pi IP: 10.0.0.8
> I am still unable ssh into my raspberry pi from my hardwired desktop > nor my macbook through wireless. [...]
"unable" is not a useful problem description. It does not say what you did. It does not say what happened when you did it. As usual, showing actual actions (commands) with their actual results (error messages, LED indicators, ...) can be more helpful than vague descriptions or interpretations.
What, exactly, is connected to what, exactly? What are the IP addresses?
> [...] I confirmed the ip address on the raspberry pi. [...]
That tells me what, exactly?
> [...] In addition, I cannot connect to my scanner same as before.
Regarding "cannot", see "not a useful problem description [...]", above.
> [...] I set up a port forward for 22 [...]
Where? What was the whole port-forwarding rule?
> [...] and was able to successfully SSH into the raspberry pi through > the external IP but not the internal (10.0.0.x)
From where? How, exactly? Regarding "not [able]", see ""not a useful problem description [...]", above. "10.0.0.x" is the address of what, exactly?
> Wouldn't that ruin the point of using the nighthawk?
What _is_ "the point"? Why, exactly, are you adding the R7960P?
> [...] If external connections work but internal don't, [...]
Where, exactly, is "internal" when you have two routers?
> I am still unable ssh into my raspberry pi from my hardwired desktop > nor my macbook through wireless. [...]
"unable" is not a useful problem description. It does not say what you did. It does not say what happened when you did it. As usual, showing actual actions (commands) with their actual results (error messages, LED indicators, ...) can be more helpful than vague descriptions or interpretations.
What, exactly, is connected to what, exactly? What are the IP addresses?
From the attached devices table:
Gateway(netgear): 10.0.0.1 Windows 10 hardwire: 10.0.0.10 Raspberry Pi: 10.0.0.8
External IP: XXX.XXX.XXX.ABC
Internal example CMD run from Windows 10:
ssh pi@10.0.0.8
Response
ssh: connect to host 10.0.0.8 port 22: Connection timed out
External example:
ssh pi@XXX.XXX.XXX.ABC
I am able to get in using my external IP.
That tells me what, exactly?
> [...] In addition, I cannot connect to my scanner same as before.
Regarding "cannot", see "not a useful problem description [...]", above.
I am not doing anything active with the printer. To test connection, I open the Printers & Scanners tab and see if it is showing as connected or not. Additionally, I try and open the scanner on my mac. If I it shows disconnected on my Windows PC, the scanner has always failed to connect using the scanner utility. I am focused on the raspberry pi since I can run commands on it to identify any issues.
> [...] I set up a port forward for 22 [...]
Where? What was the whole port-forwarding rule?
I had attached a screenshot but the reply is getting blocked. Created a custom service forwarding rule for Made the following rules External Start Port= External End Port = Internal Start Port = Internal End Port = 22. Internal IP Address: 10.0.0.8 External Start Port= External End Port = Internal Start Port = Internal End Port = 8080. Internal IP Address: 10.0.0.8
> [...] and was able to successfully SSH into the raspberry pi through > the external IP but not the internal (10.0.0.x)
From where? How, exactly? Regarding "not [able]", see ""not a useful problem description [...]", above. "10.0.0.x" is the address of what, exactly?
SSH process was outlined above. For browser (explained below), I hit the URL:
10.0.0.8:8080
Then
XXX.XXX.XXX.ABC:8080
The internal IP address timed out while the external IP address served the webpage.
> Wouldn't that ruin the point of using the nighthawk?
What _is_ "the point"? Why, exactly, are you adding the R7960P?
I wanted the QoS and administration control mostly. We just moved so when I bought it, it was also for additional wi-fi range. It is now more central where that is not as important. It seems like it would just be for whichever has better WiFi I would want to use.
> [...] If external connections work but internal don't, [...]
Where, exactly, is "internal" when you have two routers? Inside the netgears subnet while the AT&T is set to passthrough.
I apologize if I missed questions, the formatting is getting hard to follow as the replies continue to grow.
------------------------------------------------------- To answer the other question.
I set up a simple python server on the raspberry pi to confirm that it was or wasn't just SSH.
python -m http.server 8080
I am able to access that while using the IP: XXX.XXX.XXX.ABC:8080 through chrome. I am unable to access while using 10.0.0.8:8080. Same as SSH.
SSH does not require internet, I should be able to ssh inside the netgears network even without internet access. I can test that if that would provide any info.
> Whatever could prohibit ssh on a flat network[?] [...]
That's my question. You don't need the router for that, only a working network switch/hub. I suspect that we're missing some critical details. (Or you've found Netgear's worst firmware ever.)
> SSH does not require internet, [...]
Neither does HTTP.
> [...] I should be able to ssh inside the netgears network even without > internet access. I can test that if that would provide any info.
Unless you have some seriously strange routing, the presence of a router should not affect local traffic.
> From the attached devices table: [...] > > Gateway(netgear): 10.0.0.1
What is the address of its WAN/Internet interface? (ADVANCED > ADVANCED Home : Internet Port)
> Windows 10 hardwire: 10.0.0.10
That's the only active interface on the Windows system? (Other IP details?)
> Raspberry Pi: 10.0.0.8
That's the only active interface on the R-Pi? Which interface?
(Which R-Pi model?)
> External IP: XXX.XXX.XXX.ABC
That was worthless. If you're worried about revealing secrets, then the top half of the address, "a.b" out of "a.b.c.d", would satisfy most of my curiosity. Or, plug that address into the form at: https://whois.arin.net/ , and see if it is a public or private address.
> ssh pi@10.0.0.8 > ssh: connect to host 10.0.0.8 port 22: Connection timed out
Same command from the R-Pi itself?
> Attempting to include screenshots.
I can't (yet) see your pictures. In-line images must be approved by a moderator before others can see them. The time required varies. Attachments have no such limitation. Of course, attachments have their own one-per-message limitation.
> Whatever could prohibit ssh on a flat network[?] [...]
That's my question. You don't need the router for that, only a working network switch/hub. I suspect that we're missing some critical details. (Or you've found Netgear's worst firmware ever.)
I agree, I am probably missing something here. I took A+ many years ago, but most of it is just a faint memory at this point.
I did downgrade the firmware thinking the latest upgrade may have been the issue. That did not resolve anything.
> SSH does not require internet, [...]
Neither does HTTP.
> [...] I should be able to ssh inside the netgears network even without > internet access. I can test that if that would provide any info.
Unless you have some seriously strange routing, the presence of a router should not affect local traffic.
> From the attached devices table: [...] > > Gateway(netgear): 10.0.0.1
What is the address of its WAN/Internet interface? (ADVANCED > ADVANCED Home : Internet Port)
76.202.X.X
> Windows 10 hardwire: 10.0.0.10
That's the only active interface on the Windows system? (Other IP details?)
Correct, Wifi is disabled.
> Raspberry Pi: 10.0.0.8
That's the only active interface on the R-Pi? Which interface?
(Which R-Pi model?)
WLAN0, R-Pi 3b v1.2
> External IP: XXX.XXX.XXX.ABC
That was worthless. If you're worried about revealing secrets, then the top half of the address, "a.b" out of "a.b.c.d", would satisfy most of my curiosity. Or, plug that address into the form at: https://whois.arin.net/ , and see if it is a public or private address.
Included above. > ssh pi@10.0.0.8 > ssh: connect to host 10.0.0.8 port 22: Connection timed out
Same command from the R-Pi itself?
The pi can connect to itself at 127.0.0.1 and 10.0.0.8.
> Attempting to include screenshots.
I can't (yet) see your pictures. In-line images must be approved by a moderator before others can see them. The time required varies. Attachments have no such limitation. Of course, attachments have their own one-per-message limitation.
Let me know if there is anything specific that would be worth screenshotting. The screenshots I included were all just supplemental.
> The pi can connect to itself at 127.0.0.1 and 10.0.0.8.
That much, at least, makes sense.
> Ip Table.PNG
Those are address reservations. Are the devices (interfaces) actually at those addresses? ("ifconfig", "ipconfig", as appropriate?)
> [...] I am probably missing something here. [...]
Perhaps everyone is. I'd be tempted to shut everything down, configure a minimal set of LAN devices (freshly reset router, R-Pi, Windows system), and see if I could get the basic local stuff to work as expected. No exotic routes on anything, no address reservations, no Internet connection, just the basics. Then, if that works, start complicating things slowly, stepwise. Quit when it stops making sense.
After resetting the configuration, I am able to SSH and connecting to the printer. The only weird thing is that IP Allocation does not seem to be working anymore. I suppose that's not the end of the world though.
Also noticing the naming of the devices is being weird as well.
I just noticed that after adding the static IP Allocation for those two devices, it seems that there are multiple assigned the same IP? In addition, I can no longer SSH. Does that make sense? (I restarted the router after adding in those two rules).
