Routing – How to Run Static IP Through Comcast Business Class Modem to Router

iprouting

I apologize in advance for this kind of nebulous question, but I'm very stuck after many hours of trying and I need help.

Here's what I have:

  • Newest model of the Comcast Business Class Modem/Router
  • Static IP purchased through Comcast x.x.x.150 gateway, and x.x.x.149 IP
  • Zyxel VPN300 router
  • Small Linux Server

Here's what I need to do:

  • I need to set the VPN300 to be the x.x.x.149 static IP and then port forward 80 and 22 to the small linux server (in the future maybe I can get VPN working, but baby steps at this point)

I tried many different configurations to get this to work, but none of them work, but I'll share the one I thought should definitely but didn't.

  • the VPN300 was connected to the modem+router in port 1 of it's 8 port switch and unplugged every other device and plugged into the first port of the VPN300
  • set the modem+router in Bridge Mode (Advanced) (I also tried Basic later, which totally wrecked everything)
  • set the VPN300's first port to 'external' (I tried 'general' too), set the IP(x.x.x.149), gateway(x.x.x.150), and subnet(255.255.255.252)
  • Verified the modem had it's own ip AND the gateway IP (it did!)
  • All other switches were plugged into the 3rd and 4th ports of the VPN300, (192.168.1.x, 192.168.2.x)
  • The linux server was plugged into the 2nd VPN port directly, and was given the 192.168.0.2 address, which I reserved)

When I tried to ping the .149 IP from an outside connection, there was no response.
I setup a NAT record in the VPN300 to map 22 to the 0.2 address (linux server) but I was never able to get in as well.

In addition to trying the various bridge modes, I also tried leaving it out of bridge mode and turning off "Enable LAN DHCP".

Prior to this, before a power outage at the facility, I had double port forwarding from the gateway (x.x.x.150) to the VPN300's internet address and then to the linux machine working — but then it stopped working one day and I couldn't get working again after.

Does anyone have any ideas on what I'm doing wrong or a guide I can follow? My hunch is that I'm not setting something on the Zyxel properly, but I don't know what I'm missing.

Best Answer

Your question is nebulous but let's give it a try.

Check these steps in proper order. You need to clear each step before proceeding.

  1. Make sure that your router can ping its default route gateway. If that doesn't work, check the ARP table for the default gateway's MAC address (assuming Ethernet). If that also fails, your IP setup on WAN is wrong. Usually, the first public IP address is the ISP router and the rest is for your use.
  2. Ping from the router to some public, known-good IP address. If that doesn't work there's something wrong with you default route's gateway. Alternatively, the WAN side's subnet mask is too large - commonly /31 or /30 are used for a single usable public address.
  3. Permit ICMP echo requests/replies on your router's WAN interface, ping it from outside by public IP.
  4. Set up NAT routing, firewall rules etc and try Internet access from a client behind the router.
  5. Set up port forwarding aka destination NAT for the required ports to your server. Don't forget firewall rules.
  6. If 5. doesn't work, run a packet trace on the WAN interface of your router and on the server. If the WAN request is visible but not on the server your port forwarding isn't working. If both requests are visible but still not working your server is the problem (off-topic here).
  7. If everything is working secure access to port 22 by firewall rule - limit to those source IP addresses that it is actually required from. Note that SSH is one of the most attacked services on the 'net.
Related Topic