Wiser with Smart Community Telstra Cabling

I have recently attempted to setup the wiser with remote access to control cbus devices, however with telstra velocity cabling the Internet is streamed from the ONT via Ethernet (cat 5E) & telstra supply a router with the package. The netgear EVG2000 router telstra supplied doesn?t seem to allow me to change port-forwarding options. I have spoken to telstra and they said that this is correct & I cant use any other router to connect to the Internet. When I was on site I connected the cat5e cable straight from the ONT unit into the Internet port on the wiser. With a few quick password & username settings the Internet was up & running in no time. But I then did some digging around within the wiser and found there was no way to configure port forwarding within the wiser. Spoke to CIS and they confirmed this is correct and assured me I would have no worries enabling port forwarding within the telstra router. Not sure what I can do to solve this little problem?

Has anyone else experienced the same problem with telstra velocity or smart community cabling?

The below links are info & discussion on the router & a summary of how the smart community cabling works

http://forums.whirlpool.net.au/archive/1362223

http://www.telstra.com.au/smartcommunity/assets/telstravelocityhomewiring_1108.pdf

 

It would appear that clients are being asked to pay $249 for an intelligent router which does not have all of its features. I would be guessing but I suspect DDNS might be blocked.

So long as port-mapping / port-forwarding (depending on which wording is used in the netgear) is still retained as an option then externally operated requests such as

* Video security
* File server access
* Remote logon

Should still be possible. However, not having one, it comes down to a straight comparison between the OEM and Telstra product. I assume that DDNS is disabled too. This would allow home owners to effectively run a gigabit backbone to a private server.

I think the big deal is that the WAN port is gigabit. So long as you retain that capacity then any other retail product on the market will do exactly the same thing. For now I think it is a specification driven limitation and not a functional difference between other brands. The NBN is obviously already in place for some homes and the optical module is delivering these services already. In order to extract the best possible speed they are advising clients to consider only using a gigabit WAN port.

Some place in the fine print is a condition which allows for termination of your service if you exceed the allowed parameters of your existing router (the Telstra version) by adding any services to the ONT which are not possible now. Needs to be further investigated !

 

Nick,

Just want to be able to access wiser to turn on and off devices. I believe it is port forwarding I need? Where do Change this in the wiser?

No need for remote login to change programming etc.

The customer does have a DVR which will require some form of port forwarding but this is other kettle of fish!!

Thanks

Airman

 

Thanks for your reply nick

I was out on site today and tired port forwarding in the gamming application but still couldn?t get the access to the wiser remotely.

I forwarded port 8080 to 8080 to ip address of the wiser and clicked the enable tab? Is this correct?

I am a little green when it comes to the wiser as this is the first unit I have programmed up.

On my iphone I have set the IP address of the WAN, IP address of the wiser and the password? Is this correct?

I went and bought a router off the shelf at dick smiths today and will hopefully give that a go tomorrow.

If I use another router to stream the internet, were do I enable LAN mode in the wiser?

Is there something I have missed altogether?

Thanks

Airman

 

I recall that there are several solutions to this problem.


DDNS:
------------
You can register the router with DDNS to give a fixed domain name with the DHCP IP address of the Telstra Router.

So rather than using WAN IP you may further control it by using a DDNS name such as www.cbusremote.net.bz and it will ALWAYS point to the same WAN IP even if it changes.


WAN IP:
-----------------
Only the router connected to the ONT has to be configured for the function of port management. I would strongly recommend that you use Telstra's router unless you specifically have been crippled in this function by Telstra and have no choice.

You will notice I attached two image files for you to look at. Try using the Custom Service option in the port setup on the Netgear.


Remote addressing:
---------------------------
The address can at times be very syntax sensitive.

Try this format:

wan ip:port number (works most of the time)
http://wan ip[B]:[/B]port number (works some of the time)

name.password@wan ip:port number (only needed for very old FTP and Samba accounts)

You will find that often the commercial software looking at the WAN port will not correctly send the port address in all cases. I would try to open the WISER over the WAN port with a browser first. In that case you may need to port forward 80 or 8080 onto another port address such as 9000. It depends on which port the WISER uses for browser config (you suggested 8080 as being detault).


ISP Blocking
----------------
Mapping 8080 or 80 on the WAN port is normally blocked by the ISP and may flag the account for investigation. Make sure the WISER is heavily password protected as it would only take a few minutes for a sniffer to see an unprotected port.

If you are blocked then you may have to use PORT TRIGGERING and not PORT FORWARDING and hope that the packet handling doesn't cause a time-out on the WISER because of latency. You would think that would not be an issue on a GbE WAN port.


DMZ Server
-------------
Your least desireable option is to install the DMZ in Router 1 (Netgear) for Router 2 (Wiser). A DMZ is one more LAN device becoming coupled with the WAN port. It allows an item of a specific address on the LAN to be coupled with the primary WAN port and any attacks on the WAN port also attack the item listed in the DMZ. It breaks through the protection of the router on that LAN IP and is not recommended for long term use. A DMZ is very handy for testing purposes to validate correct setup of the remote LAN devices and to confirm that it does actually work. Make sure that you do not open massive holes in your WAN to your LAN for extended periods. See 3rd photo.


Router with Router
----------------------------
Generally it is not easy to operate two routers in the same LAN. There are some important considerations.

Router 1 = direct ONT attachement.
Router 2 = Network device same as any LAN device. (I assume WISER)

The router 2 config must have the following configuration.
* DHCP = off
* LAN address = Fixed (outside router 1 DHCP range) or MAC associated.
* WAN Port = not used
* Connection from router1 to router2 on LAN ports only (on both)
* NAT translation = off (usually happens when you stop using the WAN port).
* Bridge mode = ON (some routers need to be told that the lan port is now able to see the wireless port however most do this anyway).

In essence you will be turning the WISER into a wireless Access Point and disabling all of its firewall features.


DHCP restriction
-------------------------
Be sure to limit the DHCP range in your Router 1 (assume Telstra) to not cover the entire possible IP range. You must have a narrower DHCP range to allow for the access of fixed ip address.

For example, many routers come from factory with LAN address xxx.xxx.xxx.1 and DHCP range .002 - .254 ...... you need to trim that range to no more than 64 address units and then operate your WISER fixed IP address outside of that range. Such as .100 or .200


PING from WAN and REMOTE MANAGEMENT
-------------------------------------------------
You will notice that by default most routers are on port 8080 or 80 and that they are setup to IGNORE packets on this port from the WAN. This means that you may have both a conflict of port between the two routers and also an IGNORE request inside the Netgear router. I do not recommend that you enable PING from WAN on the Netgear as you will cause the Netgear to become the primary 8080 server on the WAN port. There is also another hard coded option in Netgear called "Remote management" which is also also disabled by default. You may find that these clashes need to be resolved accordingly. Moving over to another port number is the fastest option.

In a perfect world we could manually select which port number the router is to be managed on. This is generally possible in some routers but deemed not necessary in the SOHO market so it may be totally absent. It varies from brand to brand and model to model whether you can modify the browser port manually.


TCP/UDP
------------------
Make sure that in your Port Forwarding setup you configure Router 1 and not Router 2 - at this stage router 2 is just another LAN device. I imagine you have removed the Netgear from the ONT but I am working on the assumption that the Netgear is in place because that will be the generic configuration for Telstra ONT customers and I need to construct this advice in the most generic configuration.


Teamviewer
--------------------
Install Teamviewer on the site. Then determine what is happening remotely by being offsite and operating the Teamviewer session inside the LAN whilst simultaneously making your access request from the WAN. This will help you to see where the traffic is being halted.

.

 

Tobex,

Thanks for your detailed info.

I just fired up the netgear router and can?t find anywhere in the menus to adjust the ports.

How did you navigate to the 3 pasted graphics you have attached?

Do I need to download different firmware to the router?

 

Hi I am using the N600 Netgear router which one of the more well optioned routers from Netgear. I had it in storage for one year because some of my wireless devices didnt like it. Now that those devices have had firmware updates the N600 works well with them. I am not using the Telstra product. I do not have the ONT.

If I had to select a replacement for the Netgear (Telstra) product I would steer toward Cisco, Asus, TP-LINK or Hewlett Packard.

I recent times I have been installing only managed level 2 switching hubs in my LAN fabric and I am looking for intelligent routing solutions to match those networks. The simple reason, it is very nice having 2Gb/s and 4Gb/s trunks running all over the house into massive NAS servers. You need a good router to be able to cope with massive Jumbo Blocks in GbE LAN traffic. A low end router will fall over and go crying to its mother. Kind of sucks that the Telstra system doesn't handle the ideas I am suggesting.

Just bear in mind that processing power is important for LAN traffic. Putting any kind of router on a high speed link is going to push that router to its limit.

 

Ok Managed to get it up and working yesterday!

Sticking with Tobexs advice I persisted with the EVG 2000 netgear Telstra router, the port forwarding setup I found compared to other routers very hard to find and configure.

To enable port forwarding with EVG2000 Netgear Router
Go to maintenance menu

Select services, click add and enters the port ranges you wish to forward add a port name and click save settings

Once you have added all the required ports click on firewall settings
In firewall setting select the port you wish to forward and the ip address of the wiser , select allow always and then click save settings.

I had a fair bit of trouble getting the wiser in option b mode to talk to the Telstra router, this was because the IP address of the Telstra router was 10.0.0.138 and I was trying to configure the wiser as 192.168.2.xxx. So the 2 routers weren?t talking! (I don?t know the technical jargon) once I had the wiser and the Telstra router on the same ?range? 10.0.0.138 etc it all started to come together.

Just something to bear in mind I guess I know I have had problems in the past but sometimes it seems to work even if you have one platform on 192.168.xxx.xxx and the other on 10.0.0.xxx. Maybe someone in the know can shed some light on why it works sometimes and not others!

Thanks for your help guys greatly appreciated

 

If I ever get a chance to see an EVG2000 I can look at getting some screenshots. Im glad you got it running. Strange how my report on the 5500CN IP sniffing matches your problem.

To answer your question on why it sometimes works there are two reasons.

a) If you cascade the first routers LAN port into the second routers WAN port then by default it will always work but give terrible latency by having what is called "double NAT". Interestingly Apple routers are designed to detect this event and flag a request in a pop-up to disable the second NAT.

A NAT is Network Address Translation. That is the primary method of sharing one IP address on the WAN port. You do not want more than 1 such event in a small LAN.

b) Over a technology called UPnP a number of network devices with strange IP addresses can be located. The Plug and Play protocol announces itself in a different way to the IP address and pushes its way into the discoverable objects in your Network window. However, UPnP does not always work even when it is supposed to. Most people forget that in some operating systems like XP, UPnP is in fact an optional driver that has to be loaded from the master DVD (your original OS disc or factory image). Once loaded ... it doesn't always work.

c) If the subnet mask is open to a higher extent

Class C: 255.255.255.000
Class B: 255.255.000.000
Class A: 255.000.000.000

Sometimes the wider mask opens the router to more traffic from a wider range of LAN networks. It isnt as simple as that but when I was operating a class B setup I saw no advantages. It did help when I took delivery of various new hardware systems. For example, my switching hub from HP called a ProCurve 1810G-8 is a piece of space-shuttle rocket-science and has its own hub IP address in the 192.168.2.xxx range. In a Class B network you can locate that hub without manually entering any values into your lan setup of your PC. These days I prefer to read the hardware manual to learn the default settings rather than operate a broad network range which places more load on the router. In the very early days of routing from companies like D-Link, the subnet mask was not editable - it was closed at Class C. Those early routers could not handle more than 32 computers on the same LAN.