Modem / router port remains closed

Markoni

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

Hi,

As suggested I tested the modem at bridge mode.
...
- The "internet light" at the modem is off.
- I could no longer access the web configurator of the modem. I had to reset the modem to the factory settings to switch back to "Router mode".

Bridge mode disables all routing and NAT functions. Just as the name suggests, it makes a single "bridge" from your DSL connection to some other device on your network. This device is usually one capable of routing but not able to act as a DSL modem - in your case the Netgear.

A PC connected directly to the modem will allow you to change the settings without reset.

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

Again, I forwarded port 12000 to the router and added the above mentioned rule to the firewall:

Packet direction: WAN to LAN
Source IP: any
Destination: <IP address router>
Service: Any(TCP)
Action: Permit

I think adding this rule is more or less the same as bridging all traffic to the router. Correct me if I'm wrong.

Not quite. Now you have routed all TCP traffic received by the modem to port 12000 on the router, which in turn forwards all traffic received on its port 12000 to port 12000 of your Dreambox.

You can check this by browsing to your public IP or DDNS address on any port. You should see unusual characters or a popup.

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

FYI, there's one more line in the firewall rules:

Packet direction: WAN to LAN
Source IP: any
Destination: <xxx.x.x.x - xxx.x.x.x>
Service: Multicast (IGMP:0)
Action: Permit

This is the #1 line. The line I added is #2. I don't know what #1 is for, but it came with the factory settings after the reset and it was there before.

IGMP broadcast is normal. Your ISP might need it, but probably does not. You can disable if you wish, or leave it alone.

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

As some of you mentioned already there's a risk in opening ports. I think all (TCP-) traffic through port 12000 ends up at my Dreambox. I guess that goes for all Dreamboxes, not just mine. Maybe it's unnecessary but it raises concerns with me. Was the risk of opening ports ever discussed? (OK, I could use the search-button).

It sounds like you have forwarded all unsolicited TCP traffic (not just 12000) to your Dreambox. Again, you can check this in a browser. You can correct this by replacing Any in Service: Any(TCP) with a custom-defined service which only forwards TCP traffic received on port 12000. All else it drops.

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

Since the current configuration is working fine I will keep it as it is, at least for now.

As long as you are happy with it I would not change anything. You should check your external IP address with a port scanner or scanning service to make certain you have not opened up more than you intended.

Quote:

Originally Posted by Focus1 [Only Registered Users Can See LinksClick Here To Register]

Thanks to all of you.

whoslooking

first having to routers is never a good idea, they both try to work as management tools,

for less messing about get a better router, or a wireless gaming adapter to plug the dreambox straight in and make it a wireless device.

**boknoy_ph**

@focus1,

when you set your modem to bridge mode, you do the same to the router. your modem will act as an ordinary modem, needing the router to "dial-in" your provider/ISP details. from this point on, your router takes all the job, from DHCP (if you want it) to packet routing to your devices on the internal LAN.

Focus1

Hi,

I adjusted the rule in the firewall of the modem for Service: Any(TCP) which is now limited to port 12000. I overlooked the option to customize the Service. Thanks for pointing out.

Although I'm still in "router mode" I appreciate explaining "bridge mode" further. I understand having 2 routers is not the best choice, but it's still working for me.

Bye.