Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NAT in a modem+router network


  • Please log in to reply
10 replies to this topic

#1 Niava

Niava

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 10 February 2016 - 11:04 AM

Hello,

 

first of all the functionality i am aiming for: accessing a web-interface (with a local IP running on a RaspberryPi) from the internet, from any computer on the world.

My network is looking like that: Modem (fritzbox 7412, 192.168.178.1) -----> Router (TP-Link TL-WR841ND with DD-WRT v24-sp2, 192.168.1.1) -----> Raspberry Pi (192.168.1.10)

Also take a look to the attached picture.

 

I already tried some port forwarding settings in the TP-Link router but without success. I guess i will have problems because of the modem+router setup.

Please help me to find a solution.

 

Thank You!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:51 AM

Posted 10 February 2016 - 11:43 AM

Hi Niava,

 

Is your modem configured as a transparent bridge or is it the gateway device configured with your public IP address?



#3 Niava

Niava
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 10 February 2016 - 12:39 PM

Thank you for the reply Packetanalyzer,

 

i dont think i really understand what you mean by "transparent bridge". I have only very basic networking knowledge.

The modem is connecting to the ISP. The router is not connecting to the ISP at all. It is just used for wirening multiple computers and WiFi.



#4 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:51 AM

Posted 10 February 2016 - 01:08 PM

If you login to your router and look at the Internet status page, what are the first two octets of your public IP (WAN) address?

 

For an IP address that looks like 192.168.0.1, each group is an octet. So 192 is the first octet, 168 is the second octet, 0 is the third octet, and 1 is the fourth octet.

 

Please reply just with the first two octets of your public IP address.

 

Thanks,

 

packetanalyzer



#5 Niava

Niava
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 10 February 2016 - 06:29 PM

I hope this is the right screenshot.

 

 

Attached Files



#6 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:51 AM

Posted 10 February 2016 - 06:53 PM

Hi Nivia that is exactly what I needed.

 

So your modem is the gateway device which means that it is the one that is configured with the public IP address.

 

Here is where your data goes when you try to reach your Raspberry Pi from the Internet:

 

Internet -> Fritzbox (Public IP) -> Fritzbox (Private IP 192.168.178.1) -> Router (WAN IP 192.168.178.21) -> Router (LAN IP 192.168.1.1) -> Raspberry Pi (Private IP 192.168.1.10)

 

Usually the public IP address is assigned to the WAN interface on your Router. In your case you will need to do port forwarding twice. This technique is called double NATing. It is not the recommended implementation. Generally, it is considered better to place the web server (Rapsberry Pi) either in a demilitarized zone (DMZ) which with your network would be between your Fritzbox and your Router or to have a 1:1 NAT on the WAN interface of your gateway device which with your network would be the Fritzbox for the web traffic so any web traffic going to the Public IP address of your Fritzbox would be translated to port 80 of your Raspberrry Pi.

 

Assuming you don't want to make network design changes here is what you need to do to access your Raspberry Pi from the Internet. :)

 

On your Fritzbox you need to forward the desired ports (HTTP is TCP 80, HTTPS is TCP 443) so any requests for HTTP or HTTPS servers going to your Public IP address are forwarded to the WAN port of your Router.

 

For our purposes we will assume your Public IP address is 1.2.3.4 (It is not, you will need to get this on your own. If you don't know your public IP address go to http://www.ipchicken.com).

 

1.2.3.4 port forward TCP 80 to 192.168.78.21 on TCP 80

1.2.3.4 port forward TCP 443 to 192.168.78.21 on TCP 443

 

Then you need to login to your router and add the second set of port forward instructions.

 

The rules are below:

 

192.168.78.21 port forward TCP 80 to 192.168.1.1 on TCP 80

192.168.78.21 port forward TCP 443 to 192.168.1.1 on TCP 443

 

Again the port numbers 80 and 443 may be different. You will need to change the instructions to open whichever ports you need to access on your Raspberry Pi.

 

The next question is do you have a dynamic IP address or a static IP address. If your Public IP address is static then there is not a problem, but if your Public IP address is dynamic then you will want to consider creating an account with a dynamic DNS service provider so that if your ISP changes your Public IP address your Fritzbox or some other computer in your network can notify your dynamic DNS service provider that your public IP address changed. If your Public IP address changes and your hostname (the web address you are using to access your Raspberry Pi from the Internet) will not reach you network anymore until you manually update your DNS records.

 

Once that is completed you should be all set. Please let me know if you have any questions.

 

Thank you,

 

packetanalyzer


Edited by packetanalyzer, 10 February 2016 - 06:54 PM.


#7 Niava

Niava
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 11 February 2016 - 03:00 PM

Packetanalyzer!

 

Im extremly gratefull for your detailed reply.

As far as i have followed your advices there is still no success in sight. Take a look at the screenshots.

The web interface is still reachable within the home network from any device connected to it. But not from the outside.

The local IP that is leading to my RPi is 192.168.1.117:8080.

 

Greetings

Niava

Attached Files



#8 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:51 AM

Posted 11 February 2016 - 04:42 PM

What you have is correct, but doing some research about port forwarding on DD-WRT shows that some people have had some problems.

 

Let's try these fixes.

 

Please only try one at a time and after each change test to see if you are able to reach your Raspberry Pi from the Internet.

 

  1. On your Fritz!Box in Port forwarding change each entry from an computer zu an IP address :) The IP address 192.168.178.21 assigned to the WAN port of your router should be a static IP assignment.
  2. On your router change the source net to 0.0.0.0
  3.  Make sure any firewalls on your Raspberry Pi allow requests to port 80, 443, and 8080

 

To test, please make sure that you are testing from an external connection. Some routers do not like traffic from the LAN going out and coming back in (hairpin NAT rule) so try to access your web site on the Raspberry Pi by your Fritz!Box Public IP address in your phone. If the web site opens then it works!

 

Thanks,

 

packetanalyzer



#9 Niava

Niava
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 12 February 2016 - 06:52 AM

Hey Packetanalyzer!

 

I guess there is no need in going through theese steps.

Now, with some help from my local friends, we have flashed the fritzbox modem. The DD-WRT router is now excluded.

With only one device only th TCP 80 and 8080 is required to get it working.

 

Regardless of my success im astonished about how you supported me Awesome.

 

Greetings

Niava



#10 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:51 AM

Posted 12 February 2016 - 08:42 AM

Single NAT will almost always be more successful than double NAT. If you decide you want to figure out what caused the problem, please feel free to continue the steps I provided and I will be happy to help you troubleshoot.

 

You are welcome! That is why we are all here!

 

packetanalyzer



#11 technonymous

technonymous

  • Members
  • 2,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 13 February 2016 - 02:24 PM

It's not working because you have (device-1) 192.168.178.1 & (device-2) 192.168.1.1 They are on different networks based off the third octet. In order for this to work you need setup a static route on both devices.

 

Something like..

 

[Device 1]

192.168.178.1 255.255.255.0 192.168.1.1

 

[Device 2]

0.0.0.0.0 255.255.255.0 0.0.0.0






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users