8 IP block and closed ports :S

[Emu76]

I'm probably asking a very stupid and obvious question, but here goes...
I'm with ADSL24 on the 8 IP block so I have a no-NAT connection and manually assign IPs to all my machines. I believe this should mean that all my ports are available all the time, but not so. uTorrent seems capable of opening its own ports, but other programs, mainly game servers, do not, and nobody from the outside world can connect to them . I am using a Netgear DG834GT router, and I am wondering if that is the problem...
Can anyone help with this issue?

Thanks in advance.

[Jay]

you need to forward the ports

[smargh]

Just to confirm, are you giving your PCs the actual public IPs?

Is the block of 8 IPs organised in such a way that there is 1 reserved for gateway, 1 network and 1 broadcast, with 5 usable?

What device or IP are you using as the default gateway, and was a default gateway provided to you from ADSL24? Presumably you are using your own device as a default gateway - if so, what device do you have?

Have you checked for typos on your gateway and the PC IP settings? It's a very easy mistake - I've done it.

How is the Netgear configured?

Are the PC firewalls configured appropriately?

[TheAnimus]

Also check that you have the right subnet mask on each machine.

uTorrent might be doing the whole uPnP 'thing', can you connect to machine A's server from machine B (which are both inside your local network) using only the public addresses?

[badass]

I'm probably asking a very stupid and obvious question, but here goes...
I'm with ADSL24 on the 8 IP block so I have a no-NAT connection and manually assign IPs to all my machines. I believe this should mean that all my ports are available all the time, but not so. uTorrent seems capable of opening its own ports, but other programs, mainly game servers, do not, and nobody from the outside world can connect to them . I am using a Netgear DG834GT router, and I am wondering if that is the problem...
Can anyone help with this issue?

Thanks in advance.

You may find your router needs to be changed to work in bridge mode. On most you'll lose pretty much all of their firewall type features.

[Emu76]

1.) Just to confirm, are you giving your PCs the actual public IPs?

2.) Is the block of 8 IPs organised in such a way that there is 1 reserved for gateway, 1 network and 1 broadcast, with 5 usable?

3.) What device or IP are you using as the default gateway, and was a default gateway provided to you from ADSL24? Presumably you are using your own device as a default gateway - if so, what device do you have?

4.) Have you checked for typos on your gateway and the PC IP settings? It's a very easy mistake - I've done it.

5.) How is the Netgear configured?

6.) Are the PC firewalls configured appropriately?

1.) Yes
2.) Yes
3.) My router, a Netgear DG834GT.
4.) Yes I've done it before too, but no typos.
5.) PPoE connection, DNS servers entered manually, IP entered manually, NAT off, subnet mask entered manually, multiplexing VC based 0,38.

Also check that you have the right subnet mask on each machine.

Done

uTorrent might be doing the whole uPnP 'thing', can you connect to machine A's server from machine B (which are both inside your local network) using only the public addresses?

An app I can try this with?

You may find your router needs to be changed to work in bridge mode. On most you'll lose pretty much all of their firewall type features.

Doesn't work, sorry :/

[Blastuk]

Check windows firewall settings?
#6 that that was quoted basically.

[smargh]

From the ADSL24 web page, they don't use PPPoE. I don't know of any UK ISP which does - they're mainly used in America. Their web pages state "Encapsulation: PPPoA or PPP over ATM (RFC2364)"

I think that you will need to put the GT in modem-only mode and use your own routing device to act as your router. I've used pfSense and currently use m0n0wall for this. What does /mode.htm on your GT say? It's been a long time since I used a proper 8-IP subnet though - perhaps the GT can act as the gateway on its own.

Are you following to the letter the stuff on their page: http://adsl24.co.uk/faq/ in the "
No-NAT (block of 8/16 IP's) configuration" section.

To suggest anything else I'd probably need to have a dump of your GT config (I have three spare GTs to use!) and the IP settings on your PCs.

Also, which ADSL24 package are you on? LLU?

[schubbs]

Do ADSL24 route that 8 IP block via your router WAN (e.g. can be assigned to the router LAN interface), or is the 8 IP block part of the router WAN network itself.

Why does your internal network need to sit on a Public IP network? You are limiting yourself to the number of internal machines that can connect on the LAN and exposing them directly to the internet (where-as before they would have been protected by NAT on the router)

Personally, I would put in a proper hardware firewall as you can have much more control over what is allowed inbound (and outbound if you wish) and create zones (e.g DMZ network) to isolate your hosted servers from your internal machines/PCs. You can then assign a private network for your internal LAN (e.g. 192.168.1.0/24) and then use the DMZ (make sure it is a proper DMZ e.g. segmented by the firewall using a different network range) to setup the public/hosted network block (or alternatively use a different private network range for the DMZ e.g 192.168.255.0/24; then perform static 1-to-1 NAT on the firewall)


To address your question, I suspect the firewall settings on the router is blocking all inbound traffic by default. It's not a good idea punching inbound holes into your LAN/internal PCs as this is a potential security risk. It is always best to segment/isolate the hosted servers from your internal PCs (as described above) and tie down access as much as possible (especially inbound access) to only allow the ports required thereby limiting what someone can do should the hosted server get compromised. Ultimately you want to protect your internal PCs as this is where your important data is kept.


edit:
If the hardware firewall is not the route you want to take, you should at least use a private network (e.g 192.168.1.0/24) on the router LAN, re-enable NAT on the router, and setup port forwarding as already mentioned in an earlier post. At least all of your internal hosts on the LAN will be hiding behind the NAT on the router and you are only exposing particular ports (for particular hosts) to the outside world.

[schubbs]

Another option to segregate the LAN network is to add a router (the cable router type e.g. the WAN port is a normal RJ45 port - not the ADSL type), let's call this Router B, and we'll call your ADSL router Router A.

You could assign a public IP from your block to Router A LAN interface, the hosted server can be connected to this network (connected to Router A LAN port) and assigned a public IP address from your block, then assign a public IP (from your block) to the Router B Wan Interface. Then assign a private address range to Router B LAN interface and turn on NAT and the firewall on Router B. Then connect Router B WAN to Router A LAN port, then connect your internal machines to Router B LAN port.