1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

forward port 80 and DNS loop-back issue

Discussion in 'Tomato Firmware' started by x-men, Mar 13, 2009.

  1. x-men

    x-men Addicted to LI Member

    There are 2 (separate) problems. All happened recently.
    Few things to be cleared up first. I use Comcast Residential and switch over to Business class as of yesterday. Neither class blocks port 80, and both classes blocks ICMP pings so no pinging.

    Problem 1, I was using roadkillmod of tomato, v 1.19. My network setup at the time was Internet -> Cablemodem -> Tomato -> My network consisting the web server.
    Registered a free domain at Dyndns, setup tomato to update WAN IP. Put Apache on my webserver, server started and listening on port 80 no problem, can browse to it using localhost just fine.
    Time to go public. I forwarded external port 80 into internal port 80. Added Apache in firewall exception list. Used a few port checker sites found on Google, all of them shows my port 80 is closed. Used a different internet connection and try to load my website, didn't work either.

    Get back on my server and start pinging my domain, it RESPONDED, the IP is my WAN IP. The site loads when I call my domain in Firefox. Tracert shows it only goes out to the tomato gateway and come right back.
    For sure port forwarding works because my torrent port shows open and working the entire time. I tried putting the server in DMZ, didn't work either.

    But when I set Apache to listen to something OTHER than 80, like 8000, and forward external 80 to internal 8000, it works like a charm. In fact, go to it now, xmen.serveftp.net . You'll only see a blank page but it's not "The page cannot be displayed".

    This issue is not too major, just wondering what exactly happen? My cousin runs a webserver as well, uses comcast and WRT54G as well but with stock firmware. No problem in forwarding port 80 ext to int on his end. Weird? I think so.

    2nd problem is what I don't have a solution yet and looking for one.
    "Upgrade" to Comcast Business class yesterday. They gave me a free modem/router to use, SMC brand. The only reason I'd use it instead of my SURFBOARD is that it's DOCSIS3 capable.
    Ok, so adding another lay of router/firewall on the network. No big deal, I thought. Just limit the DHCP into 1 device, plug my tomato-running linksys into its LAN and set the DMZ for it. Port forwarding works like usual. Changed the DDNS into the "Use external IP" option, external IP updates the domain fine. No problem for users from the public internet to access my web server.

    BUT I can't access my webserver, not from internal network, not from the server itself or from another laptop in the network using the public domain name. Can't connect at all. My network now is Internet >> Modem/Router >> Tomato >> Webserver. Tried updating the firmware to v1.23, the official one and not a mod, not helping.

    I don't really know what's gone wrong now. If a solution/theory cannot be granted, somebody please let know if I can use Dnsmasq to remedy this issue and how? That's what my friend suggested, just have the router resolve the domain right back into the server, but my problem is that it's running on port 8000 instead of 80 so I'll need a port forward in place as well.

    Thanks ahead guys.
  2. Dashiell

    Dashiell Network Guru Member

    I've run into this problem myself. A lot of cable companies filter port 80 unless you pay for their package that allows you to use it. A lot of the New York providers do this very thing.
  3. x-men

    x-men Addicted to LI Member

    Nope, Comcast doesn't block port 80. My cousin runs Comcast with port 80 just fine. I forwarded ext 80 to internal 8000 and that works fine. Issue isn't with my ISP.
    It won't work if it's ext 80 to int 80 that's all.
  4. x-men

    x-men Addicted to LI Member

    Update: I've kind of remedy the problem... Add an entry in the host file saying 127.0.01 xmen.serveftp.net and have apache listens on 80 as well as 8000. Reading some manual for Dnsmasq atm, but if there's an expert at tomato's dnsmasq implement, a few quick and dirty tips would be nice.

    The new modem/router that's added in the network is the SMC 8014, if that rings ne bells.

    And after some consulting with my fellows whom I only meet on Friday nights, I tested a few things.
    The new router's subnet is -> my tomato's WAN IP is I tried going to in firefox, the blank page loads just fine. So the traffic has no problem looping from and to tomato. But rather the SMC is having problem...

    Then I guess that makes this thread in the wrong section :eek: . But the initial suspect in my mind was Tomato... Well... any help would be appreciated.

Share This Page