Port forwarding with multiple IP's

networking router port-forwarding modem
191

Configuring port forwarding on a 60B is a several step process. First you need to create a Virtual IP for the interface (WAN2) and IP (I assume 10.1.10.10) you want to forward. Then you have to add a firewall rule allowing traffic from the virtual IP to the internal interface. Can you confirm you've already done both of these?

Also, you mention that your static IP (with Comcast) remained the same. If this is the IP of the modem, I'd expect it to be an external IP, ie not in the 10.xx subnet. Yet the WAN2 interface of your Fortigate has a 10.xx address. This suggests you've got a double-NAT setup.

If this is the case you can fix it in one of two ways:

  1. Setup port forwarding/NAT on the modem (ie actually use double NAT - not nice)
  2. Change the modem to 'bridge mode' and have the Fortigate get the external IP as its WAN2 IP (better).

Note that with 2 if your Comcast connection is eg ADSL w PPP, you'll need to configure the Fortigate to do do the PPPoE authentication.

Double-NAt would also explain why changing the router broke things - the old router had port forwarding/NAT configured, but the new one didn't.

Edit:

It really sounds like my guess at the double-NAT scenario is correct. The DSL modem connected to WAN1 is getting the external IP address, and is assigning a 10.1.10.xx address to the Fortigate's WAN1 interface via DHCP. If the old modem definitely didn't have port forwarding then it was probably in bridge mode.

If you can't access the newly added modem via your internal network, I recommend you take the following steps:

  1. Connect to the modem directly with an ethernet cable to eg your laptop
  2. From your laptop, access the modem's configuration web interface. If you cant reach it, reset the modem to factory defaults and point your web browser at its factory set IP. This is guaranteed to get you to a config page, but will wipe existing settings.
  3. Within the interface, set the modem's IP address to something inside your internal network's IP range.
  4. Access the modem at the new IP, configure all the ADSL related settings (not authentication, just lower layer settings like encapsulation, VPI/VCI etc. Get these from Comcast if you dont have them.
  5. Set the modem to 'bridge' mode. This is the important step.
  6. If your ADSL connection uses PPPoE authentication, access the Fortigate admin page, and under Network -> Interfaces -> WAN1, select PPPoE and enter your ADSL username and password.

If this all works, you'll see WAN1 on the fortigate get an external IP address.

Share:
191

Related videos on Youtube

Aswin
Author by

Aswin

Updated on September 17, 2022

Comments

  • Aswin
    Aswin almost 2 years

    Is it possible to change the default property of faded area color/background while showing a custom dialog.

    I know for complete transparency in faded area. But want to change the color of it.

  • Jon
    Jon about 14 years
    Thank you very much for the detailed response. First, I do have port forwarding configured as you described, with both a virtual IP setup as well as a policy configured for it. The Virtual IP is setup for the WAN2 interface with an IP of 10.1.10.50. This had been working fine with the old modem. Right, the external static IP remained the same. But you're correct that that external IP isn't visible anywhere in Fortigate, only 10.1.10.10 under system status. I am positive the old modem did not use port forwarding, as I never accessed that modem to add forwarding, only the Fortigate.
  • Jon
    Jon about 14 years
    I am not sure why the WAN2 interface has an internal IP address. It was setup like that (before I worked here). Our WAN1 interface, a backup DSL, shows the external IP. The WAN1 subnet is 255.255.255.248 and the WAN2 subnet is 255.255.255.0.
  • Jon
    Jon about 14 years
    Thanks! I hadn't thought of the simple solution of just connecting directly to the modem. Once I did so, I found the router was apparently assigned the ip 10.1.10.10 (the modem is 10.1.10.1), so that's where I was getting two IP's from. I just added the router to the DMZ, and I'm able to just do all the port forwarding config from the router itself.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can a people DDOS a block Port?
My repeater is not letting me port forward
how much of a security risk is turning off the firewall in a modem?
Mysql port forward and access from any pc outside network
port forwarding alternatives?
How to circumvent a private WAN IP address?
Wan IP shown by router is different that public IP [Port Forwarding]
Likely causes of intermittent domain name resolution failure?
Public IP address answered by router, not internal web server with Port Forwarding
Why my Port Forwarding rule is not working?