Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
6370 posts

Uber Geek
+1 received by user: 320

Trusted
Subscriber

  Reply # 2062596 25-Jul-2018 21:32
Send private message

Hi, so via pppoe 2D are giving you an IP address, they are then routing another /30 subnet to the IP address that you have just gained via pppoe. So now any traffic forwarding to any of the IP addresses in that /30 will be forwarded to your router, which can then be routed on to that network which is now connected to your router.

 

The notes provided by Fritz (thanks to Spyware) essentially tell you how to add another network to your router (ie the new /30) which will now be routable.

 

As with any IP network, a subnet has an ID or subnet ip, and an broadcast IP, neither of which you can use for hosts in your network, hence you have two left, one will be assiged to the router as the subnets gateway, and the other for your use.

 

As you can see its not very efficient to hack up lots of /30 subnets. 

 

Edit: Personally I dont like the way this done, it is a bit clumsy, in that respect I refer to the way the Fritz has implemented it, as now the server is not accessible from within the network, there are other ways to have done this, but maybe not with the abilities or lack of presented by the Fritz

 

Cyril




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062639 25-Jul-2018 21:55
Send private message

Simple scenario - I have a single static Public IP that I run my home network behind - all works well...

I was in need of a second static Public IP coming in on the same fibre connection that was able to give me

Static IP A for network
and
Static IP B for standalone computer

Approached 2D who said no problem, well provide you with one. No further info except the connection arrived via email that said

" Hi Chris,

Apologies on the late response.
We have allocated 202.xxx.xxx.36/30 to your account as per your request.
You can use 202.xxx.xxx.37 and 202.xxx.xxx.38. And your existing static ip 203.xx.xxx.xxx will also work.

The extra $10.00 will reflect on your next invoice.
If you have any issues please get in touch with us on 0800 022 022."

So, in setting up I couldn't work out what the default gateway was - so I called the 022 number and was told I couldn't be given the default gateway as it was a security issue..wtf...after much discussion and being told I couldn't speak to someone who could answer the questions I tried to work it out myself. In short I was told 'it should work' I said but there are no instructions! Given I was told by the email and the person on the phone that I had two 'usable' IP addresses I figured that the gateway must be .36

I was to learn otherwise, as per above.

As it appears, I only have one additional usable IP address so that has to go directly to my standalone computer (or another router, perhaps)

Now, interestingly, when trying to port forward as per the Fritz instructions - item 3 - it won't let me...

After entering the IPv4 address and follow the instructions, this is what I get

"An error occurred.

Error description: The IP address is not available.

Please enter your data again. If the error occurs again, please consult AVM Support."

 
 
 
 


680 posts

Ultimate Geek
+1 received by user: 201


  Reply # 2062648 25-Jul-2018 21:59
Send private message

Okay, I've grasped it now - odd and wasteful, in my opinion, but I guess I can understand why they might do it for the sake of simplicity.

 

Anyway, regarding your error for forwarding, surely there's simply no port forwarding involved? I'd suspect the standalone computer/router/device has an IP of x.x.x.37 or x.x.x.38 assigned to it, with a default gateway inversely. So the Fritz! is just pushing all that traffic past to the IP, no forwarding required.

 

Edit: Oh wait - is the IP terminated on the fritz as a second public IP, while the other device has a private LAN IP address? If so, I go back to knowing little!


6370 posts

Uber Geek
+1 received by user: 320

Trusted
Subscriber

  Reply # 2062650 25-Jul-2018 22:02
Send private message

Hi, as mentioned before I have never used a Fritz box, I understand they are a great device, but as a network engineer, I have never used one, Cisco, Fortigate, Juniper, Watchguard, Mikrotik, yes, but Fritz, no.

 

Based on the fact that you have given your server a public IP there should be no port forward needed, I suspect section3 is infact firewall rules, as you will need to filter what gets to the server. Maybe Spyware can enlighten you.

 

Cyril




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062664 25-Jul-2018 22:37
Send private message

Thanks for your help - I need to wait until DNS propogates to the new address of .38 which is now pointing to a locally hosted website on that IP address - which is now on my CentOS machine.

Can you see if you can connect please:

http://justben.nz

or 202.124.115.38 and see if you get the index page up

I really appreciate all the help

6370 posts

Uber Geek
+1 received by user: 320

Trusted
Subscriber

  Reply # 2062675 25-Jul-2018 22:52
Send private message

Hi, dns is resolving, but no response from server

 

Cyril




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062676 25-Jul-2018 22:57
Send private message

Thank you. I can see it internally but not externally...

Tomorrow nights challenge.

Thanks for your help.

6370 posts

Uber Geek
+1 received by user: 320

Trusted
Subscriber

  Reply # 2062677 25-Jul-2018 23:00
Send private message

Hi, no worries, cannot ping it either so I suggest its firewall related, which as mentioned is probably what part3  is about.

 

Cyril




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062731 26-Jul-2018 06:53
Send private message

Time for a new router - suggestions anyone?

Having done all this I now find that provisioning of the subnet is possible in the fritz!box but port forwarding of the subnet is not

In summary, the fritz only facilitates one way traffic on a subnet - out.

When you search out this error after trying to do port forwarding as per their instruction:

β€œAn error occurred.

Error description: The IP address is not available.

Please enter your data again. If the error occurs again, please consult AVM Support."

It reveals this response across all models of fritz box:


β€œ2 IP address is located in another IP network (subnet)
Due to an error in FRITZ!OS, you cannot set up port sharing for devices that are in a downstream IP network (subnet), for example in the IP network of an additional router connected to the FRITZ!Box.
We are working on a solution and shall correct this behavior with a FRITZ!OS update for the FRITZ!Box as soon as possible. We cannot give you a release date for the update yet.”

6370 posts

Uber Geek
+1 received by user: 320

Trusted
Subscriber

  Reply # 2062739 26-Jul-2018 07:27
Send private message

Hi, I thought you would end up here, as mentioned last evening the Fritz seemed akward.

I would normally use a Mikrotik, a Hex S is what I would recommend, but also check out an Edgerouter, may be a little more intuitive to use for the casual user.

 

Edit: added some links, the Edgerouter4 is a higher performer, the Lite3 is probably sufficient for what you are after.

 

https://www.pbtech.co.nz/product/NETUBI1048/Ubiquiti-EdgeRouter-ERLite-3-Gigabit-Router-3-x-Gi

 

https://www.pbtech.co.nz/product/NETUBI171218/Ubiquiti-EdgeRouter-ER-4-Gigabit-Router-3-x-Gigabi

 

https://www.pbtech.co.nz/product/NETMKT1259/MikroTik-RB760iGS-RB760iGS-Dual-Core-880MHz-CPU-Ro

 



Cyril




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062751 26-Jul-2018 08:29
Send private message

Thanks for that Cyril - I think I'll run with the EdgeRouter4 - My setup at home would benefit from a decent router as I'm running 3 windows rigs, 2 CentOS rigs, a QNAP NAS - not to mention the many IP required connections from home appliances, smartphones etc. The CentOS rigs and 1 Windows rig are port temperamental so are

There is one additional step in my setup - an unmanaged switch, which lies between my network and my router. not that that creates issues as it's basically just a pass through. I'll probably keep the fritz!box as part of the new network for it's wifi. I can set it up that way easily enough.

163 posts

Master Geek
+1 received by user: 34


  Reply # 2062819 26-Jul-2018 10:22
Send private message

I'd probably have gone with the Mikrotik too. Cheap and good for what is needed. BUT....

 

 

I still don't quite understand the base issue and why 2 IPs are needed at all. You can just forward port 80/443 to a server that can then route based on the url that is coming in in the httpd.conf. Anything that is needed to be presented on web reverse proxy to :3000 all else send to /var/www or wherever is needed.

 

 




256 posts

Ultimate Geek
+1 received by user: 43


  Reply # 2062892 26-Jul-2018 11:25
Send private message

For the most part I understand what you are saying olivernz but I'm not great on running networks or setting up port forwarding etc.

What I do know is that I run one server that I don't want to have public facing, nor exposing my network. My other server is public facing and will be running via the subnet assigned public IP.


163 posts

Master Geek
+1 received by user: 34


  Reply # 2062963 26-Jul-2018 13:48
Send private message

cjmchch,

 

 

So the internal server is default. i.e. just run a webserver or whatever and you can go http://192.168.123.10 (example IP). That is reachable from anyone in your network and not from the outside. Even if it were exposed it wouldn't get out because 192.168 is a private network and doesn't get routed.

 

 

So now you have a server within the network that you want exposed externally. So now you need a forward rule on the Fritzbox that says "traffic arriving at port 443 is forwarded to 192,168.123.11". So now if someone calls http://203.xxx.xxx.3x:443 they will land on 443 on 192.168.123.11. On there your webserver needs to proxy to port 3000.

 

 

In Nginx nginx.conf that would looks something like...

 

 

server {

 

listen 443;

 

server_name WHATEVERNAME;

 

location / {

 

proxy_pass http://127.0.0.1:3000;

 

}

 

}

 

 

this has nothing to do with your other network. Your server still lives within that. The thing is if your server gets compromised then they have access to your internal network.

 

 

There is the "Exposed Host" functionality in FritzBox. You probably don't want that. That basically drops your trowsers to the internet on one box!

 

 

So what you need is a DMZ. Same principle but the box cannot talk to your local network (but the local network can talk to it! Otherwise you couldn't administrate it). But sadly FritzBox doesn't support a DMZ. So you'd be looking at a different router.

 

 

The second IP doesn't really help you either or rather it's an expensive complicated way of doing what you want I think. A mikrotik router would go a long way in sorting your issues. But you need to be at least half a network engineer to set one of those up. So probably some ASUS router would do the trick. Basically you're looking for a DMZ option. And beware that if the box is in the DMZ you can't/shouldn't use it for anything else.

 

 

Looking at the cost and complexity, my question would be why you don't go externally hosted server/service. AWS & Co are good and cheap. Would be about the same price provided you're not going to have Ziggabytes of traffic.

 

 

Cheers oliver

148 posts

Master Geek
+1 received by user: 40


  Reply # 2063001 26-Jul-2018 14:54
Send private message

cyril7:

 

Hi, so via pppoe 2D are giving you an IP address, they are then routing another /30 subnet to the IP address that you have just gained via pppoe. So now any traffic forwarding to any of the IP addresses in that /30 will be forwarded to your router, which can then be routed on to that network which is now connected to your router.

 

The notes provided by Fritz (thanks to Spyware) essentially tell you how to add another network to your router (ie the new /30) which will now be routable.

 

As with any IP network, a subnet has an ID or subnet ip, and an broadcast IP, neither of which you can use for hosts in your network, hence you have two left, one will be assiged to the router as the subnets gateway, and the other for your use.

 

As you can see its not very efficient to hack up lots of /30 subnets. 

 

Edit: Personally I dont like the way this done, it is a bit clumsy, in that respect I refer to the way the Fritz has implemented it, as now the server is not accessible from within the network, there are other ways to have done this, but maybe not with the abilities or lack of presented by the Fritz

 

Cyril

 

 

the answer is not to turn the second subnet into a network, just set up port forwards, then you can use all 4 addresses, and reach them internally. not sure if fritz will let you set up port forwards for a network that's not directly connected though - other routers will.


1 | 2 | 3
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.