Remote Network Access to Asus Router behind a Bell Hub 2000... No longer Working!

I have a vacation home in the Canada and have been using the Bell Wireless Home Internet for about a year now. I have been quite happy with the service as the 25Mbs is significantly better than anything else I could find!

Bell provided a POE injector and modem/router (Bell Hub 2000). I already had my own router (Asus RT-AC3100) and I wanted to continue using it as the main router. So, I set up the Bell Hub 2000 as follows:

- all Wi-Fi off
- DDNS is off
- DNS is automatic
- Wan Mode is auto
- DHCP is on

·       Router address:          192.168.2.1

·       Subnet Mask:             255.255.255.0

·       IP Address Range:      192.168.2.10  to  192.168.2.254


- DMZ is on and I set my Asus router as the only active device (192.168.2.12). I chose the DMZ option to forward inbound Internet traffic to my Asus router.  

The Lease Table on the Bell Hub 2000 shows the Asus router address as the only leased one.

I access the Bell Hub 2000, from inside my network, using 192.168.2.1. I haven’t figured out how to access the Bell Hub 2000 remotely.

My Asus router is connected to one of the Wan ports on the Bell Hub 2000.

On my Asus router, I set the WAN connection to Automatic IP.

This set up worked as I thought it should, for about a year! It allowed me to access the internet from within the home network, and it also allowed me to remotely access my Asus network, through the Bell Hub 2000.


Recently (a month ago?) I can no longer have access to my Asus router remotely! (I use a free No-IP address which I update regularly)

When I try ping the No-IP name or the actual address of the Bell modem / router I get no response! I cannot remember if I could ping the No-IP name of address before, but since I had access to ports opened on my Asus router, I would have thought that a ping would have worked!

Internet access on the local network still works well, but I cannot get in remotely!

I finally got through to a Bell technician... he was able to get into my Bell Hub 2000 config and told me that as far as he was concerned everything was working well! He told me that they do not support trying to do what I am doing and so he couldn't help me with my issue!!

I have rebooted the devices numerous times and changed the ethernet cables.

Today, I logged into my FingBox on my iPhone and I saw something on my network that caused me to wonder if this is an issue!

My internal network is setup as follows:

-       Router address:          10.0.2.1 (subnet Mask 255.255.255.0)

-       DHCP is enabled

-       IP Address Range:      10.0.2.2 to 10.0.2.254

-       Default Gateway:       10.0.2.1

Looking at the FingBox the Network shows the following:

-       Netmask:        10.0.2.0/24

-       Gateway:         10.0.2.1

-       DNS:                4.4.4.4

FingBox also shows under Vulnerability Test 3 open ports… however none of those ports are open on my Asus router!

Any thoughts on how I fix the remote access issue?

Tagged:

Answers

  • RobinRobin Administrator, Fing Team Posts: 3,706
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    admin
    Thanks @GMD99 for the post.
    Any advice @kltaylor @Pixelpopper @Marc @rooted
    Thanks



    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
  • ScoobyScooby Member Posts: 161
    100 Comments 25 Awesomes 25 Likes 5 Answers
    ✭✭✭
    edited July 2020
    Something does seem strange. If your ASUS router has an IP address of 192.168.1.12, then how does it have 10.0.2.1, if it is being used for the internal network? May want to verify your ASUS router setup. It seems like something changed, on it.
  • PixelpopperPixelpopper Moderator Posts: 130
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    edited July 2020
    Hi @GMD99
    a few thoughts, 
    1. Your firewall will allow an internal (LAN) ping, but not an external (WAN) ping. The reason being is that it opens up your router to DoS and DDoS attacks.
    2. DMZ doesn’t Usually need to be activated to forward incoming traffic to a specific port.
    3. No-IP, recheck the settings as it is not unknown for setting to “just Change.” Also, are you sure that your Hub is automatically & frequently refreshing No-IP with your WAN IP Address. Check your WAN IP Address (& DNS settings) in your Hub & the One currently in use in the DNS control panel on your NO-IP account. If they are not in synch the it’s not refreshing & you won’t be able to access remotely.

    The addresses you mention for your Bell Hub below, look OK. These should appear as the available addresses on your internal network

    ·       Router address:          192.168.2.1

    ·       Subnet Mask:             255.255.255.0

    ·       IP Address Range:      192.168.2.10  to  192.168.2.254

    First, your ASUS device should be connected to an ordinary Ethernet port on both devices, this may resolve your problem but the next section may also be relevant.

    Second, I think another problem may be that DHCP is enabled on your Asus Router. A simple network can only have one instance of DHCP running, In your configuration it looks like DHCP is enabled on the Bell & the ASUS devices, assuming this is correct you need to disable DHCP on the ASUS and let your Bell device handle it. 
    See if this helps and do report back any findings for the benefit of other community members.

    @Pixelpopper
  • ProTecKProTecK Member Posts: 55
    10 Comments First Anniversary 5 Agrees First Answer
    ✭✭
    Hang on guys, the 192 address is the Asus WAN address assigned by the Bell Hub. The Bell is running its own DHCP server that will not control any devices that use the Asus. The Asus is going to run its own DHCP that would run independently from the BELL. It would not use the same 192 .168.2.x addressing, so it makes sense it has the 10.10.x.x. address for the fingbox.
    The DHCP servers do not see each other and are not on the same network, there can be two DHCP servers in this setup.
    The DMZ setting would be his best way to bypass the need for specific port forwarding so that's correct.  Any other way would run into double NAT issues.
    Open ports are probably UPnP unless you remember turning that off specifically.  Being in DMZ nothing is blocked, all ports should be open.  i can't guess any more without knowing the port numbers it said were open.
    I don't know enough about your bell hub, but it sounds like it includes a fully working router including WIFI. if you turned wifi on and changed the settings to match your existing wifi said and passwords on your Asus, all your devices would move over without any problems. Since you cant bridge the bell so the Asus would be assigned the Bell WAN address without any firewall filtering, this is really your best bet. Even with DMZ  used like you did, the bell or Asus could be blocking traffic and you wouldn't know about it.  Anytime you double up routers like this, its basically a hack to get them working together.
  • GMD99GMD99 Member Posts: 2
    Name Dropper First Comment Photogenic
    Thanks for the comments... let me deal with each of them:
    @Scooby  "If your ASUS router has an IP address of 192.168.1.12, then how does it have 10.0.2.1".
    You misread my description... The Bell Hub 2000 router has the address of 192.168.2.1. Because my Asus router is behind the Bell router it needs an address on the Bell network... so it needs an address within the Bell router's IP address range... hence 192.168.2.12. The Asus however runs it's own network range starting with it's own address of 10.0.2.1 and assigns addresses (DHCP) to devices on that network in the set range 10.0.2.2 - 10.0.2.254.

    @Pixelpopper  
    "2. DMZ doesn’t Usually need to be activated to forward incoming traffic to a specific port."
    I set up DMZ on the Bell Hub 2000 router to forward all inbound Internet traffic to my Asus router, not a specific port. Since I don't believe that I can set the Bell Hub 2000 into bridge mode, this is the only way I can see to getting past the double NAT situation.

    "3. No-IP, recheck the settings as it is not unknown for setting to “just Change.” Also, are you sure that your Hub is automatically & frequently refreshing No-IP with your WAN IP Address. Check your WAN IP Address (& DNS settings) in your Hub & the One currently in use in the DNS control panel on your NO-IP account. If they are not in synch the it’s not refreshing & you won’t be able to access remotely."
    I have a Raspberry Pi that updates my No-IP address every 30 minutes, 24/7 and I opened up my No-IP dashboard and verified that the address was correctly set before I tried pinging. I even tried pinging the actual WAN address instead of the No-IP ddns name!

    "First, your ASUS device should be connected to an ordinary Ethernet port on both devices" I have the ethernet cable connected to a LAN port on the Bell Hub 2000 but to the WAN port on the Asus router. When I connect it like you suggest (LAN to LAN), the Asus router reports 'no internet connection'! So I cannot think this (LAN to LAN) works unless there is some setting I am missing!

    "Second, I think another problem may be that DHCP is enabled on your Asus Router. A simple network can only have one instance of DHCP running, In your configuration it looks like DHCP is enabled on the Bell & the ASUS devices, assuming this is correct you need to disable DHCP on the ASUS and let your Bell device handle it." See ProTeck's response to this issue. Yes, DHCP is enabled on both devices... the Bell Hub, using DHCP, provides the only device connected to it (the Asus router) with the address 192.168.2.12... that is the extent of the Bell Hub's network. My Asus router runs it's own network with all my other devices and has DHCP enabled to handle that. I cannot see that having them both enabled has any impact on this... unless I am missing something. On the Bell Hub, if there was a way to actually reserve an address, I would do that for my Asus router and then turn off the DHCP... but there doesn't seem to a way to do that!

    @[email protected]
    I agree with your comments about DHCP.

    "The DMZ setting would be his best way to bypass the need for specific port forwarding so that's correct.  Any other way would run into double NAT issues
    Sadly, despite the DMZ setting I am still running into the double NAT issue! My Asus router reports the WAN IP as 192.168.2.12!

    "I don't know enough about your bell hub, but it sounds like it includes a fully working router including WIFI. if you turned wifi on and changed the settings to match your existing wifi said and passwords on your Asus, all your devices would move over without any problems. Since you cant bridge the bell so the Asus would be assigned the Bell WAN address without any firewall filtering, this is really your best bet."
    I think what you are suggesting is that I put my Asus router into a form or bridge mode to the Bell Hub...  I have several concerns with doing that including:
    - the Bell Hub 2000 is not a great router;
    - it means that a Bell technician could actually log into the Bell Hub and have access to my network!

    I also tried Port Forwarding on the Bell Hub without success! I set up a rule on the Bell Hub that forwarded a port to the only client (that is, my Asus router). For testing purposes, I used the same port number for both the internal and external fields, and the same value that was already setup as the external port on my Asus. I would have thought that if things were working as they should, anything sent to the Bell Hub with that port number would have passed it right through to my internal port on my Asus router... but I only received an error message saying that the browser could not connect to the server!! 

    The odd thing about all of this is that I actually had it working for about a year before it just stopped working. I cannot think of any change that I did to either the Bell Hub or Asus configuration that would have affected things!! Seriously frustrating!
  • ScoobyScooby Member Posts: 161
    100 Comments 25 Awesomes 25 Likes 5 Answers
    ✭✭✭
    @GMD99, My apologies. I get it now, from @ProTecK 's explanation. Was having a "slow" night, when I posted.
  • PixelpopperPixelpopper Moderator Posts: 130
    100 Comments 25 Likes First Anniversary Member of the Month
    ✭✭✭
    edited July 2020

    It’s possible that reason you're seeing failed pings is that your firewall is blocking anonymous ping (& remote access) requests by default (any competent router should do this as well). It helps to prevent people from "seeing" you on the internet, therefore improving your security. Check the settings on your router/firewall as a recent firmware update may have taken place without your knowledge. 

    You'll likely still need to open and forward ports, for reliable operation & no additional security issues.

Sign In or Register to comment.