Re: 801.11n routers
stnickt
Enthusiast - Level 2

so i think that worked..here are the headers i get back from both idserve and the website you provided

I tried to access from work and was able to get to:

Server website - http://IPADDRESS

Lynksys Router - http://IPADDRESS:8181

I wasnt able to access my Verizon Router Management (on port 8080) and the verizon router doesnt allow me to specify a different port (only 80 and 8080) and 80 is designated to the server site. But i dont exactly need that.

Thanks for all of your help..i would have never figured this out

ID Serve:
Initiating server query ...
Looking up IP address for domain:
server
The IP address for the domain is:
10.10.1.101
Connecting to the server on standard HTTP port:
80
[Connected]
Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 11 Nov 2009 03:51:40 GMT
Accept-Ranges: bytes
ETag: "f0e7df468262ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Wed, 11 Nov 2009 04:01:35 GMT
Connection: close
Content-Length: 58
Query complete.
 
 
 
http://network-tools.com/default.asp?prog=httphead&host=IPADDRESS
Header are:
HTTP/1.1 200 OK
Content-Type: text/html
ETag: "f0e7df468262ca1:0"
X-Powered-By: ASP.NET
Content-Length: 58
Last-Modified: Wed, 11 Nov 2009 03:51:40 GMT

0 Likes
Re: 801.11n routers
dslr595148
Community Leader
Community Leader

One more test just to be sure.

#1 In the router stop forwarding to the web server or temporary stop the server.

#2 Then check the header from the outside.

#3 If that fails as I suspect it will, in the router forward the ports to the web server (or if you temporary stopped the server, restart it).

#4 That company who made that router where you type in the public IP and got access to the router - instead of the web server on your computer - is techically breaking the rules. Remote control of the router is turned off, but yet you can get access to the router using the public IP.

IF you check the headers from the outside after in the router stop forwarding to the web server or temporary stop the server, then the router really does have remote access in the router turned on - and it does not honor your settings. Then you must find out why, and how to fix that. A possible answer to how to fix that, upgrade the firmware.

0 Likes
Re: 801.11n routers
viafax999
Community Leader
Community Leader

@stnickt wrote:

http to server (NOT working) - when i access the http from outside the network (my home) it automatically goes into the verizon router remote management on port 80 (and 8080). I would like to keep remote management on 8080, but have port 80 directed to my server (this i cannot accomplish)

That's a little scary!!  It sounds like you are allowing incoming WAN access to web management for remote admin - You should turn that off or at least change the default password and userid.

Your'e actually better to not run static NAT as the double NAT provided by your verizon router and your own router also gives you another layer of security.

With static nat turned off all you have to do is to access port forwarding and add a new entry either for http protocol, or user defined protocol using port 80, and set the destination to be the ip address of the web server in your network.  If you still have the second router inside the Verizon router then set it to a static ip on the verizon routers network e.g 192.168.1.254, then set the port forwarding above to forward port 80 to 192.168.1.254.  On your own router add a port forwarding rule for port 80 to go to your web server.  personally I would set the web server to use a non standard port as that to cuts down a lot on garbage probing

Typically you would then use something like DYNDNS to set up the forwarding via them to your web server name:your port number.

If you really want to remotely manage you verizon router you would be better off to add port forwarding for user defined protocol, call it RDP, and use port 3389.  Set the destination to be a machine inside your network that is turned on, maybe the web server?

Then run MSTSC on your remote machine and enter the ip address of the verizon router - this will give you a Remote Desktop on the machine inside your network, remember to turn on Allow Remote Access and set which users are allowed to access remotely.  You can run MSTSC /Console if you want to access the console of the machine and you can also use a non standard port for access - google RDP and non standard port.

Even more security can be provided by doing the above and also incorporating a network enabled APC masterSwitch Plus into your internal network that would allow you to remotely power on and off the machine that you would use for remote access.


0 Likes
Re: 801.11n routers
stnickt
Enthusiast - Level 2

When Verizon Router is off....i get TIMED OUT error

Below are the headers when server is off, and remote management on both routers is ON

FollowRedirects=False; Server requested redirection

Header are:

HTTP/1.0 302 Moved Temporarily
Content-Type: text/html
Set-Cookie: cookie_session_id_0=928402626; path=/;
Cache-Control: public
Pragma: cache
Expires: Thu, 12 Nov 2009 00:14:44 GMT
Date: Wed, 11 Nov 2009 23:44:44 GMT
Last-Modified: Sun, 25 Oct 2009 19:17:56 GMT
Accept-Ranges: bytes
Connection: close
Location: http://IPADDRESS:80/index.cgi?active%5fpage=9090&req%5fmode=0

If verizon remote management is on port 80..it connects. but if the server is on 80 goes to the server.

if verizon remote management in on port 8080...it does not connect (80 still goes to server just fine)

Linksys works either way on port 8181. Verizon doesnt allow for anything other than 80 or 8080, so i cant specify something else

I didnt keep any of the original login/passwords for either router (i created my own as well as WPA security for wireless). I have double nat set up, but i think it would be better to have nat set up on verizon to push through to the linksys and from there, only do port forward to the server (linksys is much easier to do port forwarding on than the verizon router)

0 Likes
Re: 801.11n routers
viafax999
Community Leader
Community Leader

Sorry, I'm not sure who you are replying to, you may want to try using Quote to differentiate.  I have no idea what the headers you are talking about refer to.

OR  if my simplistic approach to your problem confuses you, you can just tell me to go away.

0 Likes
Re: 801.11n routers
dslr595148
Community Leader
Community Leader

@stnickt wrote:

When Verizon Router is off....i get TIMED OUT error

Below are the headers when server is off, and remote management on both routers is ON

FollowRedirects=False; Server requested redirection

Header are:

HTTP/1.0 302 Moved Temporarily
Content-Type: text/html
Set-Cookie: cookie_session_id_0=928402626; path=/;
Cache-Control: public
Pragma: cache
Expires: Thu, 12 Nov 2009 00:14:44 GMT
Date: Wed, 11 Nov 2009 23:44:44 GMT
Last-Modified: Sun, 25 Oct 2009 19:17:56 GMT
Accept-Ranges: bytes
Connection: close
Location: http://IPADDRESS:80/index.cgi?active%5fpage=9090&req%5fmode=0

If verizon remote management is on port 80..it connects. but if the server is on 80 goes to the server.

if verizon remote management in on port 8080...it does not connect (80 still goes to server just fine)

Linksys works either way on port 8181. Verizon doesnt allow for anything other than 80 or 8080, so i cant specify something else

I didnt keep any of the original login/passwords for either router (i created my own as well as WPA security for wireless). I have double nat set up, but i think it would be better to have nat set up on verizon to push through to the linksys and from there, only do port forward to the server (linksys is much easier to do port forwarding on than the verizon router)


Ok.

#1 I point to http://www.dslreports.com/faq/16077

a) You can put the Verizon router into bridge mode.

b) You can put the Verizon router behind the Linksys.

c) You can DMZ in the Verizon router the Linksys.

d) You could replace the Verizon router with some sort of MoCa/NI device..

While at that DSLR FAQ they talk about the NIM-100, but in my thread at http://www.dslreports.com/forum/r23225235-NIM100-question

..They say you can get some other MoCA (NIM like) device.

#2 And there has got to be a way to turn off remote control in the router.

a) Show a screen shot from the router where remote management in the Verizon router is.

Please if you edit the screen shot, only hide the public IP.

b) I have to wonder if they (Verizon) routers use JavaScript to hide certain menu(s). For example, as addressed in

http://www.dslreports.com/forum/r23215089-Time-Warner-Cable-Exposes-65000-Routers-to-Remote-Attacks

^

0 Likes