PortForwarding 2 external subnet

Discussion in 'macOS' started by Aperture, Dec 26, 2006.

  1. Aperture macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #1
    Hi Guys. Is there a way to setup Port Forwarding for an external SubNet? Or, is there a way to make an alias for an IP address on an external subnet then forward ports to the alias?

    Thanks, Kevin
     
  2. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #2
    Can you be more descriptive of what you exactly intend to do and use this for? It would help to understand what exactly you need to setup.

    Just FYI, any port forwarding would have to be managed on the remote router's inbound connections, so you must be able to administrate that router.
     
  3. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #3
    This is usually needs to be done on your router.

    Are you using the Mac directly on the public network and using it as a router?

    B
     
  4. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #4
  5. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #5
    Let me start off by thanking the replys above and I ask you please take the time to read this rather long post.




    Okay. Let me explain this a bit better. I have an Xbox 360, connected over "Internet Sharing" to my iMac G5. The iMac is wirelessly connected over Airport to my Linksys BEFW11S4 (V.4) Router. I want to be able to connect to Microsoft's Xbox Online Service. I have set it all up as far as the network settings go on my Xbox, and I ran a Diagnostic Connection Test on the 360 itself. These are the results from the test:

    Network Adapter - Wired
    IP Address - Confirmed
    DNS - Confirmed
    MTU - Confirmed
    ICMP - Confirmed
    Xbox Live Service - Confirmed
    NAT - Moderate

    I've read at Xbox.com, if you can't connect to some online games (I can connect to some, but not all) then you need to make your NAT say "Open" instead of "Moderate"

    It was explained as if you have a Moderate status, you can only play online with people having an Open or Moderate status. Also, if you have a Strict status, you can only play with people either with Open or Strict status.

    To correct the problem, Microsoft said to forward ports UDP 88, and TCP/UDP 3074 to the 360's IP address.


    The IP address assigned to the Xbox from the iMac appears to be outside my subnet. The IP is 192.168.2.***. My router's IP is 192.168.1.***.


    In the router's online admin panel, I can only forward ports to IP addresses that begin with 192.168.1.***. Therefore, it won't allow me to forward the right ports on to the Xbox.

    I had an idea that maybe if I could make an alias for the Xbox's IP address, so it would fool the router into thinking the Xbox was within it's subnet, I could forward the ports.
    What do I know, though.



    Hope I didn't confuse you! Please ask for clarification on anything!:eek:


    Thank You
     
  6. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #6
    Your problem appears to be that you've essentially got two NAT routers in series and you can't generally make port forwarding work that way. You need to turn off NAT (Internet sharing) on the Mac and have it just put the Xbox on your LAN, but I'm not sure how to do that.

    EDIT: Perhaps to clarify more: Both your BEFSW and the Mac are translating local addresses to "public" ones except that the Mac is creating it's own private subnetwork for the Xbox.

    B
     
  7. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #7
    Hmm, makes sense. I have not the slightest clue how to do that though.

    Btw guys, just so you know, you so far are being 10x more helpful than Linksys support. They didn't know crap.
     
  8. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #8
  9. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #9
    I tried about 3 dif. searches to no avail. All are talking about separate hardware or the setup I already have. :( I'm going to keep trying, though.
     
  10. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #10
    Sure you can. You would just need to set up another forward on the iMac to handle the extra layer. OS X internet sharing uses BSD's ipfw and you can just add a forward from the command line. Google ipfw (not the university in my home town...) and it should give you some info.

    Better yet, there is a gui available. Flying Butress is the old Brickhouse and it should work fine under Tiger. Just use it to set up another forward on those ports and everything should work fine.

    The easiest thing you can do, however, is just to hook it directly in to your router.
     
  11. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #11
    You might be able to get it to work, but NAT behind NAT is completely unnecessary here. The articles I linked above suggest a number of ways of just having the Mac bridge between the two connections.

    I agree with that wholeheartedly and this is essentially what bridging would do.

    B
     
  12. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #12
    Alright guys, I tried the software and it doesn't work. My NAT is still Moderate. I'm going to try some of Balamw solutions. Don't give up on me!

    THANK YOU SO MUCH:)
     
  13. WildPalms macrumors 6502a

    WildPalms

    Joined:
    Jan 4, 2006
    Location:
    Honolulu, HI
    #13
    Unless you have a specific need to subnet, stick with bridging exactly as balamw suggested. If you're having your router dish out IP's, have the iMac relay it as well.
     
  14. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #14
    I'm assuming you just installed it. You have to configure a forward as well.
     
  15. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #15
    FWIW. I read the articles rather than skimming and they are lacking.

    One uses the built-in internet sharing and the other also creates a router instead of a true bridge. While a bit easier to set up than the NAT behind NAT (IMHO) it's still too complicated.

    EDIT Here's a FreeBSD link on ipfw and bridging that might also apply to OS X http://www.phildev.net/ipf/IPFfreebsd.html

    B
     
  16. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #16
    I agree about that. If you can change away from NAT, do so. You are already behind one on your main network and this 2nd one does add complexity. I'll admit, I'm just so used to subdomains and maintaining network infrastructure that I overlooked this.
     
  17. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #17
    tuartboy, I configured the forwards as well. I'm going to try out the first link balamw posted, but I'm still confused and am looking for a step by step solution.

    Thanks Again

    EDIT: Should I go ahead with what the first link said, to change the parameters in the /etc/hostconfig file?
    EDIT2: Should I go ahead with the link just posted by balamw about FreeBSD?

    ^^Sorry, when it comes to networking and such i'm useless.
     
  18. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
    #18
    Interesting. Sorry, it's been too long since I used it to help you out with it. Well, I *must* sleep now and I hope you have this figured out by morning. I'll check in tomorrow sometime to see what's up.

    Good luck!
     
  19. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #19
    As many of the comments there suggest the link is setting up a router not a bridge, which is still too complex as it partitions your network. I missed it for the same reason as tuartboy, I'm too used to slapping these things together and making them work.

    Here's another FreeBSD link which I don't know if applies to Darwin.

    http://www.chrishowells.co.uk/index.php?content=5

    EDIT: Here's Wiki link on what I remember to be the problem of NAT behind NAT. http://en.wikipedia.org/wiki/NAT_traversal. It might work if the two NAT implementations are aware of each other, but in general NAT behind NAT doesn't work well if you need to port forward.

    B
     
  20. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #20
    Aww guys I'm so confused by that FreeBSD. I really don't know what to do, I don't want to ruin the OS by changing the wrong parameters in the core system files / etc. Do you guys think I should go ahead with it? Is it worth the trouble?
     
  21. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #21
    Have you considered just getting a "wireless gaming adapter" for the Xbox? They can be had for ~$60-$100 and would avoid you having to plug the Xbox into the Mac at all.

    FWIW unless you take the extra steps to make changes to kernel options/routing tables persist across reboots they'll simply vanish the next time you restart the Mac.

    B
     
  22. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #22
    Yeah, that seems to be the best option. Maybe i'll see what I can find tomorrow. I'm pretty tired, I'm going to head off to bed. Maybe if I feel like it I'll start on my endless search again. Anyway, thank you so much balamw & tuartboy & the others that replied. :)

    -
     
  23. tuartboy macrumors 6502a

    tuartboy

    Joined:
    May 10, 2005
  24. Aperture thread starter macrumors 68000

    Aperture

    Joined:
    Mar 19, 2006
    Location:
    PA
    #24
    Yeah, no resolution. :(

    Edit: I just went out and bought the frigin game adapter. Oh well, it works great. Thanks again for your help though, guys!
     

Share This Page