On Saturday 18 October 2025 04:24:55 am Joe wrote: > On Fri, 17 Oct 2025 21:06:37 -0400 > "Roy J. Tellason, Sr." <[email protected]> wrote: > > > On Thursday 16 October 2025 04:26:37 pm Joe wrote: > > > On Thu, 16 Oct 2025 15:28:53 -0400 > > > "Roy J. Tellason, Sr." <[email protected]> wrote: > > > > > > > This isn't strictly debian-related, so if there's a better place > > > > for this feel free to point me at it and I'll try there... > > > > > > > > Back when my LAN was a workstation and a DSL modem, and a bit > > > > later on a routher/firewall was added, and a server, then > > > > later on a second workstation. Wifi was an old (now older and > > > > very flaky) AP. These days wifi is also provided by the "modem" > > > > (Hugesnet, who is completely useless for help on this) and it's > > > > dual band and seems overall faster. > > > > > > > > The problem is when I'm using that wifi I have no access to my > > > > local server, I can only get to it by way of the old flaky AP > > > > that's internal to the LAN. > > > > > > > > Particulars: The "modem" is 192.168.1.1, the WAN side of the > > > > router is 192.168.1.2, the server on the other side of the > > > > router is 192.168.0.1, and the workstations get DHCP addresses > > > > assigned when they connect, as do any devices (a couple of > > > > phones and a tablet) that connect to the wifi. Is there any > > > > simple way to get that external wifi to point to my internal > > > > server when a 192.168.x.x address is used? > > > > > > > > > > > > > > Yes, but it may be a bit involved. Firstly the firewall must be > > > opened to allow the ports you want to use on the server to pass > > > inward through the router if it isn't using NAT. > > > > > > If the router is doing NAT it will be necessary to create port > > > forwarding rules in the router to direct those ports to the > > > server's IP address. This should automatically create the right > > > firewall rules. > > > > > > If the router does not do NAT, the modem will need to be given an > > > additional route, telling it that the route to network 192.168.0.0 > > > is via the gateway 192.168.1.2. > > > > That looks like what I'll need to do. Going into the admin login on > > that device, I do Advanced Setup -> Routing -> Static Route, had to > > enable that, added one for 192.168.0.1 (server), gateway of > > 192.168.1.2 (router's "Internet port"), and LAN rather than WAN. > > Saved the changes, and it doesn't work. The connection just times > > out. > > > Finally, if NAT is used on the router, you will need to address the > > > server as if it was the router i.e. 192.168.1.2 and if not, then use > > > the server's own IP address. > > > > > > It all depends on whether the router is just a plain router, or > > > whether it is using NAT. Your use of the term 'WAN' suggests it is > > > a cable router, using NAT by default. > > > > Actually that port is labeled "Internet", it's what used to connect > > to my DSL modem back when, and it's what connects to the Hughesnet > > device now. > > > > > > First, are you absolutely certain the router is not using NAT?
Nope. > I would expect an Internet router to do so by default. Many routers can > disable NAT, 'bridge mode', but then you need all IP addresses to > be on the same subnet and it isn't a router at all. Almost certainly, if the > router has a port forwarding feature that is not disabled, there is > NAT working. > > What can you ping from where? Ah, that's where it got "interesting" this morning... > Are you able to turn off the firewall function of the router for testing? If > you ever see ping work in one > direction but not the other between the same two hosts, it's NAT/firewall > trouble. Noted. > The modem itself will probably have a 'ping' option, I don't see one in there. I log into it in my browser and the whole UI is graphical, with menus and such. > I assume it can ping 192.169.1.2 successfully, can it ping the server? It > would be nice > if it had a traceroute facility, but they usually don't. Nope. > What about ping and traceroute from a wifi client? What do you get if > you try to trace a route to the server? Phone and tablet are both android, which tends to not provide that kind of tools. I have some laptops here I could probably get going and maybe use one of them to test this out. I came in here this morning and this email client seemed to be stuck, and a bit of poking at it got me some "unknown host" errors. Huh? I couldn't ping *anything* from this machine, though the lady of the house didn't seem to be having any trouble from her machine. I did try and hit the server from my phone last night, via wifi, and didn't get there, but I saw a faint image that looked like the modem?! Anyway, after seeing those errors this morning I un-did the changes in the modem and now things are working fine. That modem originally wanted to be 192.168.0.1, which is what my server is, and I did change it when the dish setup was installed, but apparently there's a bug somewhere in the firmware where the original address is being retained, or I've got some other bit that I need to fiddle with in there to make this work. I may have a go at contacting their tech support, but so far that doesn't look terribly promising... -- Member of the toughest, meanest, deadliest, most unrelenting -- and ablest -- form of life in this section of space, a critter that can be killed but can't be tamed. --Robert A. Heinlein, "The Puppet Masters" - Information is more dangerous than cannon to a society ruled by lies. --James M Dakin
