[TriLUG] NAT (?) issue - w/ports that use encryption

Joseph Mack NA3T jmack at wm7d.net
Fri Aug 29 13:09:56 EDT 2014 

On Thu, 28 Aug 2014, Paul G. Szabady wrote:

> Greetings,
>
> I just installed a new U-verse modem/router

I haven't a clue, so I'm going to suggest some standard sanity points.

o put your modem into bridge mode, so that it's just a protocol converter (ISP 
<-> ethernet). It will be in the menu somewhere, but it may be hard to find. 
Just be persistent. That way, no matter what modem you ever have, you'll never 
have to figure out how to reconfigure it. (Make sure you write down how to 
access the modem once you've put it into bridge mode. Masking tape and marker 
pen on the body of the modem is a good way to record this info.)

o put a standard linux router on the inside side of your modem. Configure it any 
way you want. If you don't have anything better, a wap (eg wrt54g) running 
openwrt is a good start. If you have to buy a wap, then get one with 128-256M 
memory (or whatever is the most memory you can get nowadays) and with "a" and 
"g" bands.

o use your old modem while you're setting up the new modem with your linux 
router.

If you want to solve the problem you posted...

I assume you are DNAT'ing external clients to a 443 server on the inside. Do you 
have a rule for this on the modem (it may be called a "game port")?

Joe

> and after a lot of testing, it 
> seems I have issues that are specific to NATd IPs and encrypted traffic to 
> services on my LAN.  I'm curious if anyone out there may have experienced a 
> similar issue and have a solution.  The new router is a Motorola NVG589.
>
> What works:
> - Internet > router IP:port 80 > LAN (private IP) apache server
> - Client with LAN IP > router IP:port 80 > LAN (private IP) apache server
> - Internet > router IP:port 143 > LAN (private IP) IMAP server
> - Client with LAN IP > router IP:port 143 > LAN (private IP) IMAP server
> - Internet > router IP:port 993 > LAN (private IP) IMAPS server
>
> What does NOT work:
> - Internet > router IP:port 443 > LAN (private IP) apache server
> - Client with LAN IP > router IP:port 443 > LAN (private IP) apache server
> - Client with LAN IP > router IP:port 993 > LAN (private IP) IMAPs server
>
> This all worked fine before I upgraded the modem/router.  I'm seriously 
> thinking about downgrading back to the older model....
>
>

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

More information about the TriLUG mailing list