Jump to content

Not working with 2wire modem...


Hypnotize

Recommended Posts

Hey all, my ISP just sent me a new modem to replace my old one. The new modem is a 2wire 2701HG-G (with a modified firmware from my ISP). The thing is, if I run the modem with the firewall on, I can't connect to WebUI as I get an error (server is taking too long to respond). My port in µTorrent is forwarded correctly (green light) and I'm not using an alternative port. On the other hand, if I run the modem in demilitarized mode (with XP firewall), I can access WebUI.

Does anyone know what I must do to make it work with the firewall on?

Link to comment
Share on other sites

First, to turn off the firewall, I have to setup a DMZ.

Second, the port is correctly forwarded (I have a green light at the bottom, µTorrent and grc port checker are reporting the port open). Even with that, it just doesn't work.

Currently, I am running with the XP firewall only and it's working. But it'd nice to have the firewall in the router.

Link to comment
Share on other sites

Well if u have to setup a DMZ when you turning off your firewall that means you router is using the term 'firewall' for its NAT system.

Anyways. DMZ is nothing more then a portmap for ALL ports. So if a DMZ IS working and a port forward isn't than you must be forwarding the wrong port. So again I must ask... did you set an alternative port for the webui?

If you are sure its all correct then the router probly DOES have a real firewall and it IS blocking traffic and your router is stupid for not allowing you to disable it without forcing you to set a DMZ...

Link to comment
Share on other sites

Yeah, I've got one of those 2Wire things. Its got a crazy built-in firewall that you can't really disable, and depending on model a switcher/router as well; so, you need to set up a custom rule to do so. Unfortunately, the way to do that it is implemented on those models through the web interface is kind of a multi-step annoying process. If you have problems, give your ISP a call to make sure you are doing it correctly.

Due to the built-in firewall of the "modem" though, I've personally found it easier to hook up a standard linksys switch and give that DMZ mode from the 2Wire. Your milage may vary.

There are unsupported hacks that can turn the firewall portion off, but that might void your warranty; your ISP (in my case AT&T) wouldn't be too happy in that case I'd imagine. Which is too bad because those 2Wire things are buggy pieces of junk, and to top it off don't support UPNP.

Link to comment
Share on other sites

@Lord Alderaan: Yes, I'm 100% sure that the port is forwarded correctly and WebUI does not use an alternate port. I can receive incoming connections in µTorrent.

@Ryan Norton: Yeah, I did think of this "solution" with a switch, but I don't want to pay for that. It's not worth it. Oh well, I will just stick with the XP firewall and run the modem in DMZ mode if I can't get it to work with the firewall.

Thanks all!

Link to comment
Share on other sites

  • 3 months later...

Hi

Another person was asking about this question on the IRC channel ('ihope'), and referenced this thread.

Let's side-step the complexity of port-forwarding! The specific equipment provided by the DSL ISP doesn't do it well, or support UPnP!

A solution was to put the telco-dsl-provided (in this case, 2Wire-branded) DSL Modem/Bridge/CPE/Router/Gateway (pick a name you like) into Bridging 'Pass-Through' mode. The high-frequency DSL signal on the telephone line is then only translated into ethernet, or ethernet wireless (with or without security on the wireless segment), without any additional work on the part of the router.

This can have the following added benefits:

# while all routers do surfing and checking email okay by several clients, many kinds of router/gateways can fail when using P2P software, especially the lower-quality DSL-provider provided equipment, because of the greatly increased demands.

# For the DSL-provider to do a complete diagnostic on both ends, for instance, to test the line quality and other connection diagnostics, the upstream DSLAM and downstream CPE work together with software designed only for the DSL or telco's equipment. Using any other equipment besides the provided equipment directly after the Splitter causes these diagnostics to fail. Leaving the telco's equipment in place, in bridging mode, provides minimal interference to any hardware connected after, and simultaneously allows telco-initiated diagnostics.

Reconfiguring the gateway as a bridge: all CPE gateways usually provide bridging mode, it is the simplest kind of connection. Computers: the computer user must setup the computer, and any other computers, as if they were directly connected to a DSL Bridge, wired or wireless. This simply means, as an Administrator (the default XP user account is an Administrator), going to Start, Network Connections, using the network wizard to create 'a new connection to a broadband provider', in XP, 'which requires a username and password'. The username is the PPPoE username assigned to you by your provider, usually sent in a piece of mail separate from the hardware. Some providers do not assign a password. The DSL account should be limited to use on the specific matched circuit (your DSL line), while you can use the same account from multiple computers simultaneously. Check with your provider, it's true with my provider, and at least three computers can connect simultaneously, each receiving a Public IP address.

In my case: the telco's equipment is pre-configured as a Bridge, doesn't have to work harder - it gets Hot anyway. Strangely, UPnP was on while in Bridging mode, if only to announce the device on the network and help the DSL Customer find the web interface. DHCP Service was on, solely so connecting computers (Windows) don't freak out with the message 'Limited or No Connectivity'. I logged into the CPE web interface and upgraded the firmware once, turned off UPnP and DHCP Services, and reconfigured the LAN IP Address to be within the same range (subnet) as my existing network. For instance, if the existing wireless router uses the IP 192.168.175.1, the DSL CPE LAN address changes from 192.168.1.1 -> 192.168.175.2. It might be necessary to 'Repair' [refresh the DHCP assignment] of your computer a few times, before and after setting up the CPE. I reconnected my existing wireless router to the central LAN switch, and connected the DSL CPE Bridge to my central LAN switch. A patch cable was added from the WAN port on the existing wireless router to a router LAN port. It is now possible to configure the wireless router from the LAN while simultaneously the router connects with PPPoE. The existing router provides basic services such as open wireless, over which I use OpenVPN to secure my traffic. In the configuration on the existing router, for non-'white'listed [an old racist term] MACs [a network connection of client computers other than my own], NoCatSplash on the router provides a 'Welcome' page with terms of use and other information, and an I Agree button. The LAN-based wired desktop does an independent PPPoE connection, then related VPN connection(s) as needed.

No-where does port-forwarding need to be setup, or wondering whether an application supports UPnP, both ideas designed to solve a problem of IPv4. If clients are dynamically assigned an IP address, there is no concern about port-forwarding changes [or port-triggering], or preconfiguring the CPE at all.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...