Home network troubles (port forwarding, possibly)

chrisashton84

I've got a DSL modem that acts as a HPNA router and also has a CAT-5 and USB ethernet jack on the back (HPNA is a phoneline networking setup). I then have a wireless & 4 way router plugged into the CAT-5 cable from the modem. My problem is thus: anything connected to my second router is unable to connect to secure sites, or if they're able to it's at an extremely slow rate. This is a problem because I can't access my bank accounts, college course planner, or website configuration panel like this.

On my dsl modem/router, I have enabled what they call "DMZPlus" - it's port forwarding for all ports, plus it forwards the real-world IP. This is going to my second router. I know it's working because the second router gets my real IP while the other phoneline-networked computers get the standard 192.168.0.x address. If instead of plugging the ethernet cable into the second router I go directly to my computer, I am able to access all sites.

Anyway, my second router is a Netgear MR814v2 if that matters. It's got a four-way ethernet router and wireless router in it. Anything connected to it, though it's getting all ports and my net IP address from the DSL modem, cannot access these secure pages. Note that it's not all secure pages I can't access - some https sites work just fine, but ones with apparently higher security have a lot of trouble connecting. I've turned the "Default DMZ Server" on for my desktop - it's set to the right IP, yet the desktop can't access the secure sites. The laptop, with no DMZ enabled, used to be able to connect in windows but now can't connect in windows or linux to these sites.

I hope I've given a clear enough picture of my setup

Basically, I'd like it so at least one of my machines can access these sites. I don't know why port forwarding isn't working. Any ideas?

adaptr · Posted: Mon Jul 19, 2004 8:45 am Post subject:

My first recommendation would be to drop the "DMZplus" stuff and make the DSL modem your primary access point.
Then - if this is possible, I know it is with some routers - configure the router to work as an ordinary router, and not a DSL router.
This lets you assign a private IP to both sides of the router and it will simply route the inside.

Your problem is that inside addresses get NATted twice - once by the router and again by the modem.

While this is by no means impossible, it's rather useless unless you have a very freaky setup that requires some hosts to be on a different subnet.

I also have very strong doubts about the portforwarding + IP forwarding at the same time thing...
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen

chrisashton84 · Posted: Mon Jul 19, 2004 8:22 pm Post subject:

I need both subnets as far as I can tell. We have several computers around the house, and use phoneline networking so we didn't have to wire ethernet everywhere. This is done by the dsl modem. I have my two computers (desktop and laptop) in the same room as the dsl modem - it takes up the only phone jack, so I have to use the ethernet connection from the modem to connect. However, since I have two computers that need the internet here I need the second router as well. You're saying skip DMZ for both routers? I'll try it and post back if it works.

think4urs11 · Posted: Tue Jul 20, 2004 5:22 am Post subject:

just a shot into the dark: check your MTU sizes
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

chrisashton84 · Posted: Wed Jul 21, 2004 1:54 am Post subject: