PDA

View Full Version : NTL 2020 business modem - NAT / Firewalls


PHines
18-04-2005, 10:31
My first post, so I guess I should start by saying "hello!" But, I'm afraid this is not just a social call - I also have a problem that I hope someone can help me with (ain't that always the way :-)

I've been helping a friend who's uses the NTL Business Broadband service. He already had a business broadband 2020 modem directly connected to his PC. He wanted to share this connection with a 2nd PC, so we added a Netgear WGT634U wireless router.

So his setup is :

NTL Modem -> Netgear -> 2 PC's (one cabled, 1 wireless)

As expected, the PC's are allocated 192.168.1.x addresses by the Netgear DHCP server. But, I was surprised to see that the Netgear was assigned a 192.168.0.2 address, presumably by the NTL Modem. Have I got this correct - the 2020 modem contains a DHCP server ?

This setup works fine for web-browsing, email etc.

However, I'm also trying to setup some remote administration software called Radmin, which will allow me to remotely control his 2 PC's. I've installed Radmin on lots of other PC's for family/friends and, whilst it can be a bit fiddly to setup (opening the right ports etc.) I've always managed to get it working eventually - until now that is.

The Radmin software is installed on each of his 2 PC's and I have opened 2 ports in the Netgear firewall, forwarded to each PC. I have disabled the windows firewall on each PC. When I try and access either of his PC's from my office, using his external IP address, Radmin cannot connect. When I scan his external IP address, the 2 ports that I opened in the Netgrear Firewall are reported as 'closed.

Also, when I am working at his house and try and access the PC back in my office with Radmin, I cannot connect (this works from other locations so it's not a config problem at my end). I've never had this problem before.

So, after all that pre-amble, my questions are :

1) Does the NTL 2020 business modem contain a firewall ? (I'm assuming that is why I cannot access the ports that I opened in the Netgear firewall)

2) If so, is it possible to disable it (and rely on the Netgear firewall) or to open the Ports that I need in the NTL modem ?

3) Is it possible to 'switch-off' the DHCP server in the NTL modem, so that the Netgear sees the external IP address as it's 'WAN address' instead of 192.168.0.2 ? I suspect that this may be the cause of my problem with accessing my office PC from his.

Sorry for the long message; let me know if (as I suspect) I've not been very clear on any aspect.

/Pete

SMHarman
18-04-2005, 11:37
Lets start with what are the ports you are opening? Some ports (not many though) are blocked on the NTL network.

Then the next question is are you seeing the modem or router? With the transparant proxies etc you need to make sure you are trying to access the right IP address.

PHines
18-04-2005, 12:03
Hi, thanks for the reply

The ports are 1966 and 1967 (not standard ports, I know, but they work for other NTL users that I support via Radmin )

Good point re: the external IP address. I could not get it from the Netgear status page, so I used www.whatismyip.com - but I guess that would just give me the address of the web proxy ... ?

rdhw
18-04-2005, 12:28
the PC's are allocated 192.168.1.x addresses by the Netgear DHCP server. But, I was surprised to see that the Netgear was assigned a 192.168.0.2 address, presumably by the NTL Modem. Have I got this correct - the 2020 modem contains a DHCP server?The facts you present suggest that you have two levels of NAT routing taking place: one inside the 2020 (which appears to be a combined cable modem and router, so that businesses can attach multiple PCs), and one in the Netgear.

Double NAT layers are usually a bad idea, so you would do well to:
- either disable NAT on the 2020 and take a single public IP address from it (I have no idea whether this is possible);
- or dispense with the Netgear router, and plug everything into the NTL 2020 with the help of a switch.

If you stick with double-NAT, then any port-forward arrangements have to be duplicated in both the 2020 and the Netgear: the 2020 must port-forward to the Netgear, and the Netgear must port-forward to the PC.

rdhw
18-04-2005, 17:57
Here is additional information on the 2020, on a provisional basis.

To configure the 2020 via its web interface, point your web browser to:

http://192.168.0.1:64680/

Note the special port number. You should get a web page. Click Login. On the login panel, enter User name user and Password user: they both have to be lower case throughout.

Click tab GATEWAY.

On the left hand panel, you should now see "Advanced Gateway Setup" and an entry underneath "Forwarding" which when clicked will enable you to configure port-forwards in the right-hand panel.

This gives you all the facilities of a normal SOHO NAT router, so the Netgear is really surplus to requirements: just use the 2020 as your NAT router. For wireless, use a Wireless Access Point rather than a Wireless NAT Router.

PHines
18-04-2005, 18:48
Robin - many thanks for the info. I'm going over to his house tonight so I will try you suggestions then.
Thanks again,
Pete

PHines
19-04-2005, 11:42
Just to confirm, the web interface link does work for the 2020 modem (thanks Robin). I couldn't find a way to switch off NAT in the modem, although there is a staus page which states : 'Operating mode : NAT' or something similar. As well as the web interface port, the modem also lists a Telnet port (can't remember the number - sorry) but my attempts to Telnet to it failed.

I managed to solve my problems by setting up port forwarding in the Modem firewall as suggested (thanks again Robin) so as everything seems to be working with this dual-NAT config, I'll leave it alone for now.

/Pete