Can't access public static IP internally only externally (LOOPBACK)
alexkss
Enthusiast - Level 2

Router: M14124WR ActonTec

OS: MAC

My company just started using FIOS small business (w/static IPs). We run exclusively on MACs.

We have 3 computers that we use as servers 2 are for private use and 1 is used as a public server (links for streaming audio to various clients and staff)

The public server we can access internally only via 192.186.1.x via Apple Filing Protocol (afp://) however we can't access the public static IP which is 108.27.234.xx internally. There is no problem accessing the public static IP externally. However we do need access to the public Static IP internally as well because we share music files both internally/externally and would like to fix this issue. 

Here are the current settings for the Static NAT for 108.27.234.xx in the FIREWALL SETTINGS

Local Host: xxxx

Public IP Address: 108.27.234.xx

WAN Connection Type: All Broadband Services

Enable Port Forwarding For Static NAT (checked)

Protocol

Name / Ports / Action

HTTP - Web ServerTCPAny -> 80
FTP - File TransferTCPAny -> 21
HTTPS - Secured Web Server

TCP Any -> 443
Ping - ICMP Echo Request ICMP Echo Request
Remote Desktop TCPAny -> 3389

UDP Any -> 3389

Could someone please shed some light on this. Thanks,

1 Solution

Correct answers
Re: Can't access public static IP internally only externally (LOOPBACK)
Hubrisnxs
Legend

I was curious since you said that "it didn't work" and that you were going to buy a new router, so I used actiontec's contact us email support (it's free if you do that, but you can't call them directly - go figure) 

anyways here is their reply in case you want to give it a shot.   I pretty much just copied and pasted your first post here, to describe the problem.  


Resolution:

=========================
Your setup and configuration are unique, so you need to follow these instructions to correctly configure the MI424 and to open or forward the ports to your server.
To program multiple static IP Addresses to your router WAN port, follow these instructions.
Log into the router. Click on My Network\on the left click Network Connections.
Select the type of broadband connection Verizon installed from the ONT to the router WAN port.
Click Settings at the page bottom.
Scroll down to Internet Protocol and click the drop down. Select the Use the Following IP Address option.
Enter your FIRST IP Address of your block. Enter the subnet mask and gateway IP Address.
Scroll down a little further and enter the primary and secondary DNS servers Verizon provided with your block. Click Apply
Now, click on New IP Address at the page bottom.
Enter your next public IP Address and subnet mask. Click Apply. Ignore the error message and apply anyway. The subnet mask Verizon uses is NOT correct for a block but they use it anyway. The router will correctly apply the IP Address to the WAN port.
Continue clicking the New IP Address until all of your public IP Addresses are assigned to the routers WAN Port. Have someone outside of your LAN network ping each IP Address. All of your public IP Addresses should respond to a ping request. If any IP Address does NOT respond to a ping, the IP Address may not be provisioned for service and you cannot use that IP Address.
Once your IP Addresses are entered and tested, then follow these instructions to forward the ports to any internal private IP Addresses servers using STATIC NAT.
To open ports in the MI424 with multiple public IP Addresses follow these instructions.
First, make sure all of your public IP Addresses have been mapped to your WAN port and that they all respond to a ping request from the Internet.
Any IP Address that does NOT respond to a ping is not provisioned at Verizon and would be useless for an Internet service connection.
Once the IP Addresses are all mapped and respond to a ping request, click on Firewall Settings.
Click Yes
On the left, click on STATIC NAT. Click the red ADD
Enter the IP of the computer you wish to forward the connection too from the Internet, or click the drop down arrow and select the computer\network devices name from the list.
Type in which of your PUBLIC IP Addresses you want the connection coming in on.
Leave the WAN Connection setting set to All Broadband Devices.
Check the box Enable Port Forwarding for Static NAT
A PROTOCOL box appears.
Click the drop down. There are many pre-programmed services under SHOW BASIC SERVICES. Most basic server ports are listed here. WEB\EMAIL\Etc
Select SHOW ALL SERVICES and there are many more pre-programmed entries.
If the ports you need are not one of the many pre-programmed entries, select SPECIFY PROTOCOL
Click the red ADD that appears.
In the EDIT SERVICE screen, give your program or application a name.
Click the red ADD SERVER PORTS.
Set your protocol to TCP
Two fields appear, SOURCE and DESTINATION. NEVER touch the SOURCE port, always leave this set to ANY.
DESTINATION is the computer you're opening the ports too, select SINGLE or RANGE and enter your port or ports. Click APPLY.
The EDIT SERVICE SCREEN reappears. Again, click the red ADD SERVER PORTS. Set PROTOCOL to UDP
Again, leave SOURCE port alone or set to ANY
Set DESTINATION to SINGLE or RANGE and enter your port or ports.
Click APPLY.
Check the EDIT SERVICE SCREEN. You should have a TCP and a UDP entry for ever port or range of ports you're attempting to open. Once your ports are all mapped, click the APPLY button at the bottom of every page until the STATIC NAT page reappears.
All of your ports should show here and they should show as ACTIVE in GREEN under status.
Your ports for that public IP to the private LAN device are now open.
=========================

If this solution did not resolve your issue please submit a new incident.
http://support.actiontec.com/email_support/support_form.php

View solution in original post

Re: Can't access public static IP internally only externally
dslr595148
Community Leader
Community Leader

While I don't know how to fix the issue in the router, I can at least tell you what the issue is.

This might give to you a clue on how to fix it OR how to put pressure on someone else who can fix it ( Verizon to release a firmware update ).

It is a loop back issue.

As to what it could be in more detail...

#1 Router supports loopback but that feature is turned off ?

#2 Router supports loopback but the feature is being blocked / filtered by the router ?

#3 OR the router does not support loopback ?

Points to Title/Location: portforward.com -> forum -> Knowledge Base -> router does not have loopback support

Direct URL: http://boards.portforward.com/viewtopic.php?f=6&t=109

Re: Can't access public static IP internally only externally
alexkss
Enthusiast - Level 2

Well by the looks of things FIOS does not allow loopback and blocks port 80 which allows us to act like a server which totally sucks. 

I tried editing the computer(server) HOSTS file to no avail. This really sucks for us because we need to have this access up and running ASAP are there any other alternatives?

Re: Can't access public static IP internally only externally
Hubrisnxs
Legend

Upgrade to static IP and use your own Router that supports reverse NAT.   All ports are open on static (to tell you the truth, I haven't seen Verizon block port 80 on residential accounts in YEARS either)

 So I would test port 80 to see if it's really closed - if it is, call Verizon Back and have them work with their Tier II to open it.

The REAL probem is more than likely, HARDWARE, and that you're router simply doesn't support Reverse NAT.  Go to actiontec's homepage, and use their "contact us" to email your question to tech support,  there may be a simple setting that you're missing.    The feature is called reverse NAT - Click on the link and follow the instructions and you can test the reverse NAT functionality.  go down to the step 1-4 to do the testing

0 Likes
Re: Can't access public static IP internally only externally
Hubrisnxs
Legend

That's an awesome work around spacedebrisdslr595148.   Kudos Sir.   

0 Likes
Re: Can't access public static IP internally only externally
dslr595148
Community Leader
Community Leader

@Hubrisnxs wrote:

That's an awesome work around spacedebris.   Kudos Sir.   




Thank you. 🙂 but I am not spacedebris.

Re: Can't access public static IP internally only externally
alexkss
Enthusiast - Level 2

Thanks guys for your help on this. I'm just going to buy a new router that supports loopback/reverse NAT.

Re: Can't access public static IP internally only externally
Hubrisnxs
Legend

@dslr595148 wrote:

@Hubrisnxs wrote:

That's an awesome work around spacedebris.   Kudos Sir.   




Thank you. 🙂 but I am not spacedebris.



LOL.   Sorry,  I should refrain from posting until I've had my 2nd cup of coffee.     I'll edit that post. "post-haste!" 

0 Likes
Re: Can't access public static IP internally only externally (LOOPBACK)
Hubrisnxs
Legend

I was curious since you said that "it didn't work" and that you were going to buy a new router, so I used actiontec's contact us email support (it's free if you do that, but you can't call them directly - go figure) 

anyways here is their reply in case you want to give it a shot.   I pretty much just copied and pasted your first post here, to describe the problem.  


Resolution:

=========================
Your setup and configuration are unique, so you need to follow these instructions to correctly configure the MI424 and to open or forward the ports to your server.
To program multiple static IP Addresses to your router WAN port, follow these instructions.
Log into the router. Click on My Network\on the left click Network Connections.
Select the type of broadband connection Verizon installed from the ONT to the router WAN port.
Click Settings at the page bottom.
Scroll down to Internet Protocol and click the drop down. Select the Use the Following IP Address option.
Enter your FIRST IP Address of your block. Enter the subnet mask and gateway IP Address.
Scroll down a little further and enter the primary and secondary DNS servers Verizon provided with your block. Click Apply
Now, click on New IP Address at the page bottom.
Enter your next public IP Address and subnet mask. Click Apply. Ignore the error message and apply anyway. The subnet mask Verizon uses is NOT correct for a block but they use it anyway. The router will correctly apply the IP Address to the WAN port.
Continue clicking the New IP Address until all of your public IP Addresses are assigned to the routers WAN Port. Have someone outside of your LAN network ping each IP Address. All of your public IP Addresses should respond to a ping request. If any IP Address does NOT respond to a ping, the IP Address may not be provisioned for service and you cannot use that IP Address.
Once your IP Addresses are entered and tested, then follow these instructions to forward the ports to any internal private IP Addresses servers using STATIC NAT.
To open ports in the MI424 with multiple public IP Addresses follow these instructions.
First, make sure all of your public IP Addresses have been mapped to your WAN port and that they all respond to a ping request from the Internet.
Any IP Address that does NOT respond to a ping is not provisioned at Verizon and would be useless for an Internet service connection.
Once the IP Addresses are all mapped and respond to a ping request, click on Firewall Settings.
Click Yes
On the left, click on STATIC NAT. Click the red ADD
Enter the IP of the computer you wish to forward the connection too from the Internet, or click the drop down arrow and select the computer\network devices name from the list.
Type in which of your PUBLIC IP Addresses you want the connection coming in on.
Leave the WAN Connection setting set to All Broadband Devices.
Check the box Enable Port Forwarding for Static NAT
A PROTOCOL box appears.
Click the drop down. There are many pre-programmed services under SHOW BASIC SERVICES. Most basic server ports are listed here. WEB\EMAIL\Etc
Select SHOW ALL SERVICES and there are many more pre-programmed entries.
If the ports you need are not one of the many pre-programmed entries, select SPECIFY PROTOCOL
Click the red ADD that appears.
In the EDIT SERVICE screen, give your program or application a name.
Click the red ADD SERVER PORTS.
Set your protocol to TCP
Two fields appear, SOURCE and DESTINATION. NEVER touch the SOURCE port, always leave this set to ANY.
DESTINATION is the computer you're opening the ports too, select SINGLE or RANGE and enter your port or ports. Click APPLY.
The EDIT SERVICE SCREEN reappears. Again, click the red ADD SERVER PORTS. Set PROTOCOL to UDP
Again, leave SOURCE port alone or set to ANY
Set DESTINATION to SINGLE or RANGE and enter your port or ports.
Click APPLY.
Check the EDIT SERVICE SCREEN. You should have a TCP and a UDP entry for ever port or range of ports you're attempting to open. Once your ports are all mapped, click the APPLY button at the bottom of every page until the STATIC NAT page reappears.
All of your ports should show here and they should show as ACTIVE in GREEN under status.
Your ports for that public IP to the private LAN device are now open.
=========================

If this solution did not resolve your issue please submit a new incident.
http://support.actiontec.com/email_support/support_form.php

Re: Can't access public static IP internally only externally (LOOPBACK)
alexkss
Enthusiast - Level 2

OMG after a whole week of trying to figure it out. Loopback finally works now!

Big thanks to Hubrisnxs for going out of your way to contact ActionTec on this matter! I really appreciate that a lot!!!