[lug] DSL FRII/Qwest Actiontec modem

Lee Woodworth blug-mail at duboulder.com
Sat Nov 12 15:20:15 MST 2005 

Elyse M. Grasso wrote:
> I know we've been throught this before, but following the recommendations in 
> the previous threads doesn't seem to be helping me. 
> 
> I have a fixed IP address.
> Wireless is off
> Lan IP address for the modem is 192.168.0.1
> DHCP is off 
> No services blocked
> No websites blocked
> Remote managment and telnet are off
> Ports 22 and 80 are forwarded to 192.168.0.2
> DMX hosting is on, directed to 192.168.0.2
> Firewall Basic (documented as NAT only, no ports blocked)
> Dynamic Routing off
> NAT on
> Static routing 192.168.1.0/255.255.255.0,192.168.0.2
> Telnet timeout setting 30 minutes
> 
> Right after I make these settings, if I hit the external IP address with a 
> browser, I get a response that suggests I'm getting through to the server. If 
> I try ssh-ing, I get 
> [emgrasso at bast ~]$ ssh local.data-raptors.com
> ssh: connect to host local.data-raptors.com port 22: Connection refused
> 
> and then retrying the external web address gives me the Actiontec login 
> screen.
> 
> 192.168.0.2 is static IP address of a Linksys Wireless-G Broadband router 
> whose lan address is 192.168.1.1.
> DDNS is disabled
> MAC address cloning is on
> Advanced routing is Gateway, no static routing settings
> Wireless is on, 
> Firewall is enabled, with Block Anonymous, Filter Multicast, and Filter IDENT 
> checked, Filter NAT is not checked
> Access restrictions disabled
> Ports including 80 and 22 are redirected to 192.168.1.2
> No port triggering set
> DMZ is disabled
> QOS is disabled
> UPnP is enabled
> 
> The server has a static Lan IP of 192.168.1.2 with a wired connection, not 
> wireless. It can be reached by ssh using its LAN IP. 
> 
> I would appreciate any suggestions for Actiontec and Linksys settings changes 
> that will let me actually hit the server from outside: I'm on the road a lot 
> these days.
I'm interpreting this to mean you want to host a web-server on the LAN that is
visible externally and not that you want to get to the admin page from outside.

Telnet into the router from the LAN side and check the IP-tables. If its the
same kind of actiontec I was fiddling with a while ago, you will see some
rules with QUEUE targets redirecting certain ports to user space. If you know
the interaction of forwarding, DNAT and user-space queueing better than I do,
you may be able fix the ipt rules so the WAN packets don't get swallowed.

If Sean is so inclined, I expect he would make it work in routing or bridged
mode.
> 
> Should I try updating the modem software?
Actiontec's paid support told me turning off the packet swallowing wasn't
possible (they hijack ports 53 and 80).
> 
> Should I buy a different modem? Will Qwest let me use one I didn't buy from 
> them?
Qwest won't officially support anything but the modems they supply. Others can
still work. On a recommendation from the list, we switched to a ZOOM ADSL X5.
They are around $90 mail-order from PC-connection, $100 at Microcenter in
south Denver.

The Zoom has a much better admin interface and it doesn't interfere with the
routing. Works for the DSL with a static ip that qwest provides in
Eldorado Springs.

More information about the LUG mailing list