DMZ issues

Got something else to discuss that is not covered by the previous forums? Post it here!
Post Reply
RobinsonHome
Posts: 6
Joined: Thu May 14, 2009 10:21 pm

DMZ issues

Post by RobinsonHome » Sun May 17, 2009 9:29 am

I've been running round in circles with the ooma "advanced" router settings.

I have this network configuration:
modem -> ooma -> router (ISP uses PPPoE)

I have a whole page of port mappings in my router. I would like to setup ooma to DMZ to the router so that all port mappings continue to occur at my router.

Here is what's occurred so far.

Initially, I followed instructions exactly and then inspected the settings. I changed nothing on my router (which was set for PPPoE) and left ooma default settings.

Result:
Ooma has this IP 172.27.35.1
Router has this IP 172.27.36.2 (YES, it was given a different subnet! Is this a bug?)
Web works, but port forwarding obviously does not.

With the router on a different subnet I am unable to DMZ. So I started to tinker with settings. I set my router to get its IP via DHCP and set ooma to dole out IP addresses with a restricted range: 172.27.35.2-172.27.35.2 (as a previous user on the forums suggested)

After restart things look more promising:
ooma: 172.27.35.1
DMZ: 172.27.35.2
router: 172.27.35.2

However, port forwarding is still not occurring which leads me to believe that DMZ is not occurring either (web continues to work just fine). I've restarted all network devices and computers. I consider myself an advanced user but this one has me stumped. Are there any known bugs in the router software (I have a "revision A" box)? Are updates available?

Please help! I'm about ready to put the ooma router on its own "side" path rather than in the main trunk of my network... but I don't want to loose QoS.

Thanks,
David Robinson

WayneDsr
Posts: 3790
Joined: Wed Feb 04, 2009 6:28 pm
Location: Northern Indiana

Re: DMZ issues

Post by WayneDsr » Sun May 17, 2009 9:46 am

I feel your pain. I put ooma behind the router, like a pc and used my router for QOS. Keep in mind, you might not need to worry about QOS unless you run into a problem with quality.

Wayne

murphy
Posts: 7207
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: DMZ issues

Post by murphy » Sun May 17, 2009 2:14 pm

RobinsonHome wrote:I have this network configuration:
modem -> ooma -> router (ISP uses PPPoE)
Put the PPPoE data in the ooma hub and set the router to get it's address via dhcp.

Limit the DHCP table in the ooma hub to one address so the router will always get that address.

Put that address in the ooma hub's DMZ slot.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

RobinsonHome
Posts: 6
Joined: Thu May 14, 2009 10:21 pm

Re: DMZ issues

Post by RobinsonHome » Mon May 18, 2009 4:00 pm

This is exactly what I did already. Ooma connects to the internet fine; Ooma has restricted DHCP range to one exact IP address; Ooma set to DMZ to that address. Router set to get IP through DHCP.

Everything reports as I expect (router gets the IP that ooma is DMZ'd to), but it still doesn't work. I *know* it sounds crazy. I've worked as an admin before and typically users simply screw up. I'm just stumped here.

murphy
Posts: 7207
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: DMZ issues

Post by murphy » Mon May 18, 2009 4:26 pm

Are you using DynDNS?
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

RobinsonHome
Posts: 6
Joined: Thu May 14, 2009 10:21 pm

Re: DMZ issues

Post by RobinsonHome » Mon May 18, 2009 10:08 pm

murphy wrote:Are you using DynDNS?
Nope. Regular (default) DNS provided by my ISP (Verizon FiOS). Why?

User avatar
jmassimilla
Posts: 525
Joined: Sat Feb 07, 2009 4:38 am
Location: Burlington County, South Jersey

Re: DMZ issues

Post by jmassimilla » Tue May 19, 2009 2:09 am

I also have Verizon Fios. I just put the hub behind my router as QOS hasn't been an issue, even when uploading files.
Customer since Feb 2009
2 Hub/Scout
1 Telo/Handset
Lifetime Premier Subscriber

murphy
Posts: 7207
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: DMZ issues

Post by murphy » Tue May 19, 2009 2:31 am

RobinsonHome wrote:
murphy wrote:Are you using DynDNS?
Nope. Regular (default) DNS provided by my ISP (Verizon FiOS). Why?
DynDNS is a service that automatically links a URL to your actual external IP address. Many routers have it built in. Unfortunately most (all?) routers implement it incorrectly. With the ooma hub ahead of the router, the router uses the IP address that it got from the ooma hub instead of the actual external IP address. In that case you have to run the client provided by DynDNS on a 24/7 computer to make it work.

http://www.dyndns.com/

I asked because unless you have a static external IP address it is the only way to keep track of a dynamic external IP address.

There are a few other companies that provide this service but I have never used them.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

RobinsonHome
Posts: 6
Joined: Thu May 14, 2009 10:21 pm

Re: DMZ issues

Post by RobinsonHome » Tue Jun 23, 2009 10:53 am

I figured I'd report the solution. It turns out that DMZ really was working. It was the 'testing' part that had the issue. Apparently the ooma router gets confused with the following loopback scenario:

computer1 (vnc client) ---> MYrouter ---> MYooma --->
---> External Internet --->
---> MYooma ---> MYrouter ---> computer2 (vnc server)


I found that when I tried to access my network from a totally unrelated network, then DMZ appeared to work just fine. No clue why this is the case, but I found this also happened with another hardware box (Wimax modem) that I was playing with on someone else's network. It might be the DMZ implementation, or it might be the DMZ protocol itself (not sure).

If anybody knows why this loopback scenario doesn't work, please share.

Thanks,
David Robinson

murphy
Posts: 7207
Joined: Tue Jan 27, 2009 12:49 pm
Location: Pennsylvania

Re: DMZ issues

Post by murphy » Tue Jun 23, 2009 11:29 am

Unless the router was specifically programmed to implement loopback, it won't work. The router has to detect that an outbound packet has a destination IP address that matches it's WAN address. Instead of sending the packet out into the void it has to ship it back in as if it had come from the outside world. Many routers don't do this properly if at all.
Customer since January 2009
Telo with 2 Handsets, a Linx, and a Safety Phone
Telo2 with 2 Handsets and a Linx

Post Reply