Weird Remote Access Issue (switched from DSL to Cable) ?

Discussion in 'Tomato Firmware' started by BassKozz, Feb 12, 2008.

  1. BassKozz

    BassKozz Network Guru Member

    At work I have a Buffalo WHR-G54S with Tomato v1.11 on it. We recently switched from BellSouth/AT&T DSL to Comcast Business Class Cable internet, and since the switch I am no longer able to access the router remotely via the WebGUI or SSH. I didn't change any of the settings on the router (besides switching the WAN connection type from PPPoE to DHCP) which is what really gets me?

    I am able to connect to the remote ports locally; meaning the ports I've set for remote access for both WebGUI and SSH I can access when I am at the office, but when I am not on my LAN I can't access those ports?

    It's as if something is blocking access from my HOME connection to WORK... Could Comcast be filtering traffic inbound to my WORK ?

    Any idea's?

  2. ifican

    ifican Network Guru Member

    You hit the proverbial nail on the head, easiest way to check is to (assuming you have windows) bring up a command promtp and telnet to port 22 and the port you are using for remote access. If you get an open connection then its not the isp but chances are you will not, it will just hang, then youll know access is not open inbound.

    telnet <your public ip> 22
  3. BassKozz

    BassKozz Network Guru Member

    Yup it just hangs "Connection timed out" :(
    So now that I know it is the ISP, what can I do about it?

    The funny thing is the remote port I have set is obscure (52252) why would they be blocking that port?
    I can login to the remote computers using LogMeIn but I can't logon to the router via WebGUI, Telnet, or SSH ?
    What can I do to correct this?
  4. BassKozz

    BassKozz Network Guru Member

    DOH !!!

    I think I figured out what the problem is...
    I wasn't in the office when Comcast came to install the hardware, but after looking at it today, I realize they didn't just setup a Cable modem, it's actually a SMC Router... DOH !!!

    So I now realize why the Buffalo/Tomato Router isn't working properly... it's not playing nice with the SMC router... so now I need to figure out what I need to modify in the SMC routers settings to give control back to the Buffalo/Tomato router...

    Here are a couple of screenshots of the relevant SMC routers settings:
    [​IMG] [​IMG]

    I think I need to Disable the "LAN DHCP" function, is that correct? Will that force the Buffalo/Tomato Router to pickup the slack and take control... or is there more to it then this?
  5. linuxuser

    linuxuser LI Guru Member

    Tomato and Comcast

    We have Comcast Business class internet and have no problems with it (now)

    For dynamic ip: setup your port forwards on the SMC with Tomato as DHCP WAN
    For static ip: keep the disable firewall for true static ip subnet only with Tomato as Static IP WAN

    One note, it causes a lot of problems if you shut off the LAN DHCP on the setup even with static ips.

    We are running Tomato 1.15 on two Buffalo WHR-HP-G54 and one Asus WL-500G Premium with no problems through our connection with static ips. We get a faster throughput when we put the MTU to 1492. We have also found that the Asus is faster than the Buffalo units (same settings with QoS.)
  6. BassKozz

    BassKozz Network Guru Member

    Thanks for the help linuxuser,

    Can you expand on what settings need to be changed for "Static IP" (I signed up for the Static IP thru Comcast) on both the SMC router and the Buffalo/Tomato Router?
    I've never used a router w/ a router, I've always dealt with Cable or DSL Modems.
  7. linuxuser

    linuxuser LI Guru Member

    Comcast and Tomato


    Wan/Internet (this is the standard for a Comcast Business with 1 static ip)
    IP: 74.xx.yy.zz (on the Comcast install sheet)
    Subnet mask: (on the Comcast install sheet)
    Gateway: 74.xx.yy.(zz+1) (on the Comcast install sheet)
    MTU: manual 1492

    Router IP Address: (or whatever)
    Subnet mask:
    Static DNS: <-- We use OpenDNS since Comcast DNS is unreliable

    Administration - Admin Access
    Local Access: HTTP
    HTTP port: 80
    Remote Access: HTTP or HTTPS
    Port: 8020 (we need 8080 for our web server behind the router)

    On the SMC
    Disable Firewall for True Static IP Subnet Only <-- Must be turned on
    With this one, check it if you ever have to have Comcast support check/work on you stuff. They turn this off every time they get into their SMC box.

    If you shutoff the DHCP on the SMC, you will have problems getting in if there is a problem on the SMC. Also, leave the Assign DNS Manually turned on.

    Now if you use the static ip and go to, you should see the static ip address. If you use the SMC DHCP assigned ips and go to, you will see the gateway's ip.

    Thanks to this info, you are essentially getting two static ips. Setup the one Tomato router to be the static as above. On the second, setup the following:

    Basic - Network
    IP: (or any address outside the DHCP range)
    Subnet mask:
    MTU: manual 1492

    Then setup the appropriate port forwards on the SMC.

    You now have two static ips going to two different networks/servers. One with the assigned IP and one with the gateway ip.

    Hope this helps.
  8. BassKozz

    BassKozz Network Guru Member

    Ok here is a breakdown of the network info from my Comcast SMC Router:

    What "type" of connection should I use here?
    I usually use DHCP, but should I change this to Static?

    And if I do change it to static:
    In the IP Address field do I use the "WAN DHCP IP Address" from the SMC router (pictures above), or the "WAN Internet IP Address"?
    and I assume I use the "WAN DHCP Default Gateway" for the gateway field in tomato?
    Ok I am confused by the whole "you now have two static ips" comment, how does that work, I only signed up for one?

    Also do I need to port forward every port I want to use on both the SMC and the Tomato router? Can't I just let everything flow thru to the Tomato router (a la DMZ) and then deal with port forwarding only via the Tomato router?

    Thanks again for all the help,
    Sorry for all the questions,
    I really appreciate it.
  9. linuxuser

    linuxuser LI Guru Member

    You set the connection type to static.
    The address comes off of your Comcast Install sheet.
    If the static ip that Comcast has assigned you is, then the subnet is (for 1 static ip) and the gateway would be Again, check your install sheet or call you Comcast Business rep. Do not deviate from the install sheet (which someone had to sign to accept the install and is pink in color).

    The Tomato router is going to be the true static ip address. Due to the nature of the setup, your gateway (SMC router) also has a static ip. You can then chain another Tomato router off the SMC and port forward the SMC to the 2nd Tomato router to use the gateway static ip.

    In the first photo, the WAN Internet IP Address is the Gateway/SMC static ip and not your dedicated address.

    Also, I would not recommend using the Comcast DNS servers at and since they are unreliable. I use the OpenDNS servers.

    Again, use the numbers off the Comcast install sheet and not the numbers in the SMC router.
  10. cpgbg

    cpgbg LI Guru Member

    I think that enabling DMZ in the CMS Router will solve the problem.
    You should set static IP in Tomato for WAN / Internet:

    Type: Static
    IP Address:
    Subnet Mask:

    Then enable DMZ in CMS Router with destination address I see it in the Firewall menu on your screenshot. This should forward all ports to Tomato. Then you can use port forwarding and everything else in Tomato. Double NAT should not be a problem.

    I guess you should also set Static DNS in Tomato Basic: Networking. I have always used DHCP or PPPoE and it gets the DNS automatically, so I never tried this.
  11. linuxuser

    linuxuser LI Guru Member

    Using the above method is going to allow him to use the Gateway/SMC ip address and not the static ip that he is paying $5 a month. This would work for the second Tomato router. For the static ip, use the numbers off of the install sheet. The method above is how you would setup Comcast Residential. Comcast Residential, the gateway is somewhere at Comcast and the modem is the endpoint. Comcast Business, the gateway is the SMC sitting on your desk and your server/Tomato router is the endpoint.
  12. cpgbg

    cpgbg LI Guru Member

    OK, I don't know the service specifics.
    But this way they are wasting a lot of IP addresses (4 addresses for just 1 static IP).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice