1. Home
  2. Telecom Technical
  3. SOLVED: run a home webserver with VoIP (D-Link DVG-1120M)

SOLVED: run a home webserver with VoIP (D-Link DVG-1120M)

I have a webserver on my network. When I installed a VoIP box, it broke outside access to my webserver. Here is how I fixed it; I offer these comments in the hope that someone else may benefit. These comments are specific to the D-Link DVG-1220M VoIP router, but the concept should apply to other hardware as well, assuming the VoIP router can be configured to do port forwarding.

I had a setup like this:

---> cablemodem ---> broadbandrouter -> webserver

Under this config, the broadbandrouter was getting its IP address from the cablemodem (and it was publically routable address, so the world could see that IP). The webserver has a 192.168 private address, but the broadbandrouter port-forwarded #80 to the webserver, so it worked even though the IP address of the webserver is not routable.

I added a VoIP box (D-Link DVG-1120M), which fits in like this:

---> cablemodem ---> VoIP -> broadbandrouter -> webserver

This broke public access to the webserver. The problem is that the VoIP box takes the public IP from the cablemodem and assignes (via DHCP) a private address to the downstream client (the broadbandrouter) and NATs the traffic. That's fine for my hone network computers to get OUT to the internet, but it breaks the routing of internet web users trying to get IN to my webserver.

To get it to work, it was simply a matter of configuring port forwarding on the VoIP box (so VoIP port-forwards to the broadbandrouter which port-forwards to the webserver). Browse to the VoIP box (192.168.15.1 by default) to enter the VoIP config panel. Under the "NAT Configuration" folder select "Virtual Server Configuration." Edit the first item. Use protocol TCP, global port 80, local port 80, serverIP 192.168.15.225 (see below) and state Enabled. Save it. Do the same for port 443 if you want to do HTTPS and port 22 if you want SSH. You could open up FTP also, if you like getting 0wn3d (scp or sftp is much better than ftp).

It's important that the downstream box (the broadbandrouter) always has the same IP address. This might not happen under the default VoIP config, because it assignes the downstream address via DHCP, so it might not always be the same. You could force the address, but I preferred to solve the problem by going to Dynamic IP assignment (under DHCP configuration) and setting the Start IP Address to 192.168.15.225 and the IP Range to 1. This allows me to leave the broadband router alone (allowing it to pull its WAN address via DHCP) but insures the broadbandrouter will always be assigned

192.168.15.225, so our port forwarding rules always work.

Reboot your VoIP box, renew the DCHP lease on your broadbandrouter, and you're back in business.

Cheers!

Reply to
David Filmer
Loading thread data ...

One question: did you find that the router would not let you connect to the webserver internally?

Ie. If you pointed one machine behind the router to the local IP of the webserver (192...) it would work, but if you tried your public forwarded IP it would time out?

This seems to be the case with my 1120. :(

-greg

Reply to
Greg Smolyn

Actually, I had that problem BEFORE I ever put the 1120 onto my network. But my network is a little more complicated than I described in the original post (which was simplified for clarity). My network looked thus (view w/fixed font):

|-> PC client (192.168) | -> LinuxBox -> Hub|-> PC client (192.168) cable | |-> PC client (192.168) modem -> BroadbandRouter| | -> BroadbandRouter#2 -> WEBSERVER (170.22)

So my webserver is isolated on its own private 170.22 network (security in depth - if someone hacked my webserver they wouldn't have immediate visibility to my other internal 192.168 machines).

But, for some VERY strange reason, I was never able to access the public internet IP address or domain name of my webserver from any of my PC Clients. I tried LOTS of stuff, but I never could get it working properly. Yet, I could access the internal address (which, in this situation, was actually the "public facing" WAN IP address of BroadBandRouter#2 which did port forwarding). So everybody in the world could access the public address of my webserver - EXCEPT ME! A guy in China could get to the webserver ON MY DESK, but I couldn't get to it!

I worked around the problem by adding an entry in the hosts file of the Client PCs (/etc/hosts on Linux, or /windows/system32/drivers/etc/hosts on Windows) that forced the internet domain name to resolve to the internal IP address. So now I can go to

formatting link
and it works, but only because /etc/hosts is causing that domain name (my_website.com) to resolve to my internal IP address.

This was my situation before I ever added my 1120; adding the VoIP router didn't change it one way or another. However, the fact that you are now seeing this problem after adding an 1120 (when presumably you didn't see it before) is interesting and maybe gives some additional clues that would help both of us understand the nature of our problems (because it seems that adding a router to the stack is causing this problem). Can you describe your network configuration in more detail?

Reply to
David Filmer

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.