> Bigwill99 wrote  on 30 Nov 2006 07:51:33 -0800:
>
> > But, when I type in my external IP address, I'm getting Cannot find
> > server or DNS Error
>
> This is your mistake. It won't work from inside your router - it'll only
> work from outside the router. It's a feature of most routers - packets
> received on an interface will not be sent back to the same interface, even
> if there are forwarding rules in place.
>
> To test your configuration you will need to get someone else outside your
> router to test it for you, or find a proxy server outside of your router
> that you can use to make the requests through.
>
> Dan

> In addition to my other reply, see notes inline below.
>
> Bigwill99 wrote  on 30 Nov 2006 07:51:33 -0800:
>
> > Sorry, this is long, but I wanted to include all of the details.
> > Basically, I was able to use an http and ftp server with IIS, but now I
> > can't since I started using a router. Here are all of the fine details.
> >
> > I have an http and ftp server set up on my personal computer and have
> > been using it successfully for a few years. I just got a router. (a
> > TRENDnet TEW-432BRP)
> >
> > I've successfully set up the router (address 192.168.1.1) and connected
> > my PC (192.168.1.100).
> > I'm also able to connect my laptop (192.138.1.101) to the internet
> > using the wireless connection. So, all of that is working fine. I can
> > surf websites, IM, send email etc, no problem.
>
> How is your laptop configured? Are you using a netmask of 255.0.0.0 ?  Is
> your router and other machines all using the same netmask?

>
> > However, I have an HTTP and FTP server on the 192.168.1.100 box, and I
> > can't get it to work when I enter my external IP. Here's what I've
> > tried so far:
> >
> > - Enabled port forwarding on port 80 for http and port 21 for ftp to
> > 192.168.1.100. I've checked IIS and these are the ports that I was
> > using successfully before.
>
> This should work.
>
>
> > - Cloned the MAC address of my network card on my router so now the
> > router and network card appear to have the same MAC address.
>
> Why did you do that?

>
> My replies are inline below following ***>>***
>
> Daniel Crichton wrote:
>> In addition to my other reply, see notes inline below.
>>
>> Bigwill99 wrote  on 30 Nov 2006 07:51:33 -0800:
>>
>>> Sorry, this is long, but I wanted to include all of the details.
>>> Basically, I was able to use an http and ftp server with IIS, but now I
>>> can't since I started using a router. Here are all of the fine details.
>>>
>>> I have an http and ftp server set up on my personal computer and have
>>> been using it successfully for a few years. I just got a router. (a
>>> TRENDnet TEW-432BRP)
>>>
>>> I've successfully set up the router (address 192.168.1.1) and connected
>>> my PC (192.168.1.100).
>>> I'm also able to connect my laptop (192.138.1.101) to the internet
>>> using the wireless connection. So, all of that is working fine. I can
>>> surf websites, IM, send email etc, no problem.
>>
>> How is your laptop configured? Are you using a netmask of 255.0.0.0 ?  Is
>> your router and other machines all using the same netmask?
>
> ***>>*** All pieces use netmask 255.255.255.0 - Incidentally, I have no
> idea what a network mask does. I just see that it is very often
> 255.255.255.0. They were all set to this by default, so I didn't change
> that setting.

>>> However, I have an HTTP and FTP server on the 192.168.1.100 box, and I
>>> can't get it to work when I enter my external IP. Here's what I've
>>> tried so far:
>>>
>>> - Enabled port forwarding on port 80 for http and port 21 for ftp to
>>> 192.168.1.100. I've checked IIS and these are the ports that I was
>>> using successfully before.
>>
>> This should work.
>>
>>> - Cloned the MAC address of my network card on my router so now the
>>> router and network card appear to have the same MAC address.
>>
>> Why did you do that?
>
> ***>>*** I read in a post that this could be a potential solution. I
> later found that it relates more to the DHCP and assigning the IP
> address. On the bright side, I can switch my internet connection from
> my router directly to my network card now without having to
> release/renew.

>>> - IIS is still working fine, because if I type 192.168.1.100 in for the
>>> web site address on the local machine, I'm able to access my website
>>> internally.
>>> - I've even tried changing the port forwarding settings to forward port
>>> 80 to 192.168.1.1 (my router) and when I type in my external IP address
>>> in the address, it successfully displays my Router's administration
>>> page. So, this tells me that my port forwarding is not at fault.
>>
>> All this does is show that the forwarding works when pointed at the
>> router (and so there is no interface to same interface traffic attempts).
>
> ***>>*** I had my external user attempt to hit my IP address when I had
> forwarding directed to my router's IP. He was able to successfully hit
> my router's "home page". But, when I switched the forwarding back to
> 192.168.1.100, he recieved the error noted above.

>>> - I know my ISP doesn't block port 80 and 21 because I was using these
>>> successfully before the router.
>>> - The only other "clue" I have is that I'm not able to ping
>>> 192.168.1.100 from 192.168.1.101 or view the web site internally by
>>> typing the local LAN IP in the address. (I'm not great on networking,
>>> so I'm not sure if this is even expected) However, there is a ping test
>>> in the router settings, and I'm able to successfully ping 192.168.1.100
>>> from the router.
>>
>> If you can't ping 192.168.1.100 from 192.168.1.101 then that's a problem.
>> Are you running any sort of firewall software on the PC at 192.168.1.101
>> that could be blocking packets from 192.168.1.100?
>
> ***>>*** There is no firewall on the laptop (192.168.1.101). It is my
> work machine, so they have a network firewall there. On that note, I'm
> able to log in through the wireless connection, connect to my work's
> VPN, and use my work applications ok. So I don't think I'm having any
> communication problems on that machine.

> Bigwill99 wrote  on 30 Nov 2006 09:39:57 -0800:
>
> >
> > My replies are inline below following ***>>***
> >
> > Daniel Crichton wrote:
> >> In addition to my other reply, see notes inline below.
> >>
> >> Bigwill99 wrote  on 30 Nov 2006 07:51:33 -0800:
> >>
> >>> Sorry, this is long, but I wanted to include all of the details.
> >>> Basically, I was able to use an http and ftp server with IIS, but now I
> >>> can't since I started using a router. Here are all of the fine details.
> >>>
> >>> I have an http and ftp server set up on my personal computer and have
> >>> been using it successfully for a few years. I just got a router. (a
> >>> TRENDnet TEW-432BRP)
> >>>
> >>> I've successfully set up the router (address 192.168.1.1) and connected
> >>> my PC (192.168.1.100).
> >>> I'm also able to connect my laptop (192.138.1.101) to the internet
> >>> using the wireless connection. So, all of that is working fine. I can
> >>> surf websites, IM, send email etc, no problem.
> >>
> >> How is your laptop configured? Are you using a netmask of 255.0.0.0 ?  Is
> >> your router and other machines all using the same netmask?
> >
> > ***>>*** All pieces use netmask 255.255.255.0 - Incidentally, I have no
> > idea what a network mask does. I just see that it is very often
> > 255.255.255.0. They were all set to this by default, so I didn't change
> > that setting.
>
> I'm amazed that the laptop works - with a netmask of 255.255.255.0 it should
> not be able to talk to the router IP of 192.168.1.1, as they are effectively
> on different networks - the netmask defines the network portion of the IP
> address, and to successfully pass packets back and forth without any other
> proxy or router between the hardware they both need to use the same network,
> your router network is 192.168.1 and your laptop is 192.138.1, so it should
> not work. I'm guessing that the address you tuped for the laptop is
> incorrect and is actually 192.168.1.101.
>
> >>> However, I have an HTTP and FTP server on the 192.168.1.100 box, and I
> >>> can't get it to work when I enter my external IP. Here's what I've
> >>> tried so far:
> >>>
> >>> - Enabled port forwarding on port 80 for http and port 21 for ftp to
> >>> 192.168.1.100. I've checked IIS and these are the ports that I was
> >>> using successfully before.
> >>
> >> This should work.
> >>
> >>> - Cloned the MAC address of my network card on my router so now the
> >>> router and network card appear to have the same MAC address.
> >>
> >> Why did you do that?
> >
> > ***>>*** I read in a post that this could be a potential solution. I
> > later found that it relates more to the DHCP and assigning the IP
> > address. On the bright side, I can switch my internet connection from
> > my router directly to my network card now without having to
> > release/renew.
>
> So long as your router only clones the MAC on it's external interface it
> shouldn't cause a problem, but if it clones on the internal interface then
> it could well be intercepting packets destined for the server machine
> itself, hence causing problems. I'd never suggest cloning a MAC unless you
> had only a single machine and the ISP locks itself to a single MAC (such as
> Blueyonder/Telewest in the UK used to require) and so adding a router would
> not work if the modem was already locked to the PC NIC MAC.
>
> >>> - I've checked the firewall rules in my router settings and they were
> >>> automatically set up by my router when I enabled FTP and HTTP port
> >>> forwarding to allow traffic on those ports.
> >>>
> >>> But, when I type in my external IP address, I'm getting Cannot find
> >>> server or DNS Error
> >>
> >> As in my other reply, this is expected.
> >
> > ***>>*** I get this error when attempting to access externally as well.
>
> This indicates that the forwarding is not working, or the response packets
> are not coming back.
>
> >>> - IIS is still working fine, because if I type 192.168.1.100 in for the
> >>> web site address on the local machine, I'm able to access my website
> >>> internally.
> >>> - I've even tried changing the port forwarding settings to forward port
> >>> 80 to 192.168.1.1 (my router) and when I type in my external IP address
> >>> in the address, it successfully displays my Router's administration
> >>> page. So, this tells me that my port forwarding is not at fault.
> >>
> >> All this does is show that the forwarding works when pointed at the
> >> router (and so there is no interface to same interface traffic attempts).
> >
> > ***>>*** I had my external user attempt to hit my IP address when I had
> > forwarding directed to my router's IP. He was able to successfully hit
> > my router's "home page". But, when I switched the forwarding back to
> > 192.168.1.100, he recieved the error noted above.
>
> Is your router management page being served from port 80? Personally I'd
> dump that router - allowing forwarding of a an external connection to it's
> own internal management interface is a security risk, and obviously an easy
> one to set up.
>
> >>> - I know my ISP doesn't block port 80 and 21 because I was using these
> >>> successfully before the router.
> >>> - The only other "clue" I have is that I'm not able to ping
> >>> 192.168.1.100 from 192.168.1.101 or view the web site internally by
> >>> typing the local LAN IP in the address. (I'm not great on networking,
> >>> so I'm not sure if this is even expected) However, there is a ping test
> >>> in the router settings, and I'm able to successfully ping 192.168.1.100
> >>> from the router.
> >>
> >> If you can't ping 192.168.1.100 from 192.168.1.101 then that's a problem.
> >> Are you running any sort of firewall software on the PC at 192.168.1.101
> >> that could be blocking packets from 192.168.1.100?
> >
> > ***>>*** There is no firewall on the laptop (192.168.1.101). It is my
> > work machine, so they have a network firewall there. On that note, I'm
> > able to log in through the wireless connection, connect to my work's
> > VPN, and use my work applications ok. So I don't think I'm having any
> > communication problems on that machine.
>
> OK, so the netmask problem from above is answered - you mistyped the laptop
> IP address. Still, the fact that the ping is failing is bad. Are you sure
> that there is no firewall on the machine on 192.168.1.100? If there is that
> would explain everything, as it would block all ping and connection attempts
> from any other IP, and so explain why nothing appears to work except locally
> on that machine.
>
> >>> - Any ideas on what else I might be able to check? Any help would be
> >>> greatly appreciated.
> >>
> >> Dan
> >
> > ***>>*** Thanks for your help with this.
>
> I'll do my best to keep helping. I've been running servers since 1994 in a
> wide variety of setups, so hopefully I'll find something that works :)
>
> Dan

> Bigwill99 wrote  on 1 Dec 2006 07:31:50 -0800:
>
> > I'll double check that there is definately no firewall issue happening
> > on the server machine, but I'm 99% certain of it. However, the
> > microsoft security centre keeps on trying to force its way in, so maybe
> > it has turned something on that I'm not aware of. If that was the issue
> > though, I'd think it should have been causing the same issues before I
> > introduced the router. But, it was working fine before.
>
> Could be a coincidental change.
>
> > I'll also check the logs and see if I can find any incoming requests to
> > my server to help narrow down whether its the incoming request not
> > getting recieved, or if it just can't send back a response.
> >
> > The Router's internal MAC is still unique. I can see it on the
> > diagnostic settings. I'll change it back to the original setting in the
> > cloning so that the cloned MAC and the internal MAC are the same so I
> > know that this isn't causing an issue.
>
> If the internal MAC is not the same as the other machine then you could just
> leave it as is for now as it shouldn't cause a problem. When the laptop or
> the other PC attempts to ping or connect to it the router is "out of the
> loop" anyway unless it has some sort of proxy server that they are both
> connecting through, so I'm pretty sure you'll find that the XP firewall has
> become enabled on the server machine. Also check the TCP/IP settings on that
> machine in case something is messed up in the netmask or gateway settings,
> but if this had happened then I'd expect the server machine to not be able
> to connect to anything other than itself.
>
> Dan