Changing the HTTP port!

[hypnosis4u2nv]

I am the creator of this thread ... heaven forbid you Google "port forwarding" and learn something.

Relax, Almighty Creator of This Thread.. It's a public forum and information posted in this thread is VERY relevant to your topic.. Thanks for adding nothing but insults to the discussion..

[hypnosis4u2nv]

The router is a DLink DIR-825..

The Port Forwarding section of the router menu that you posted only lets you open ports but not redirect to a different port. However, the Virtual Server section (just above Port Forwarding on your Advanced menu) lets you redirect any WAN port to any IP/port combo on your LAN (such as your 2DS). I have a DIR-655 which I believe is the same as your DIR-825.

Thanks for that bit of information, I will check it out and report back.. The DIR-655 shares the same firmware setup as the DIR-825..

[stevew]

Why does anyone need to access the device from outside? If you're accessing locally, port 80 works fine regardless of how many devices /sites are sitting on or responding to port 80. What exactly is the issue "oh great thread creator"?

[kevin]

Why does anyone need to access the device from outside? If you're accessing locally, port 80 works fine regardless of how many devices /sites are sitting on or responding to port 80. What exactly is the issue "oh great thread creator"?

On busy networks there can be enough broadcast traffic to cause a problem for the 2DS, and you may need to put a router in to block the broadcast traffic from reaching the 2DS. In my case, I forward port 81 on the WAN side to port 80 on the 2DS's internal IP address. I'm not accessing the 2DS from "outside" (as in from the Internet), but from my LAN. The only reason the 2DS is being accessed from the "outside" is because I'm accessing it from the WAN side of its router.

Internet --- main router --- LAN --- another router --- segment with only 2DS on it

[stevew]

You are telling me that you would put a router behind a router to block unwanted traffic accessing port 80?

Even on a busy network, no matter how much traffic, when you put in the IP request to the 2DS, it will hit the 2DS. If it's not doing that - you have other issues aside from traffic. This isn't a DNS issue as you're addressing the 2DS via the IP address I take it.

By the way, you'd be much better off using VLAN's rather than doing what you described...either that, or a managed switch with VLAN's - but putting a router behind a router...that's just bad network topology.

You should never have to use a router behind a router. Even If I'm streaming video on several machines concurrently, I would not have the issue you describe - and accessing the LAN via the WAN is just poor network design, sorry, but that is what it is.

Traffic is traffic - and on a "busy" or congested network, port forwarding still needs to deal with a lot of TCPIP activity, regardless of port destinations.

[kevin]

You are telling me that you would put a router behind a router to block unwanted traffic accessing port 80?

Even on a busy network, no matter how much traffic, when you put in the IP request to the 2DS, it will hit the 2DS. If it's not doing that - you have other issues aside from traffic. This isn't a DNS issue as you're addressing the 2DS via the IP address I take it.

By the way, you'd be much better off using VLAN's rather than doing what you described...either that, or a managed switch with VLAN's - but putting a router behind a router...that's just bad network topology.

You should never have to use a router behind a router. Even If I'm streaming video on several machines concurrently, I would not have the issue you describe - and accessing the LAN via the WAN is just poor network design, sorry, but that is what it is.

Traffic is traffic - and on a "busy" or congested network, port forwarding still needs to deal with a lot of TCPIP activity, regardless of port destinations.

No, you may have me confused with the originator of the thread.

The router is to block broadcast traffic, not traffic addressed for the 2DS.

The problem is not with the port forwarding or busy networks.

[stevew]

No confusion Kevin. As I previously stated, I just think it's not good network strategy/topology. I can't think of why on a busy network - one would need to do that and access the 2DS from the WAN side. No matter what, since it's a direct IP call to the device, it should respond, congestion or not, and it should be fairly fast in any case. Think VLAN! It segregates traffic and allows packets to travel unfettered to their respective destinations...

I use 3 Cisco layer 3 managed switches in my home LAN/WAN setup with a Fortigate Dual WAN/5 LAN firewall...with multiple VPN's/ Tunnels. I have a WIndows 2008 DC sitting on this side of the VPN, a 16-channel DVR streaming video on each channel to at least devices concurrently - and at least 30 other IP devices of various sorts, including a good 5-6 WAPS. I have a TLINK 250 and a 2DS sitting in the mix as well. I'd say there's a lot of traffic on the LAN's (3 subnets) but there's very, very little latency at all, both on the private and/ or public side. I have an 11 phone SIP/VOIP setup as well, with perfect quality and no chatter or jitter on the audio side of things. I don't use VLAN'S as I have no real need for them, but any device I access, is as fast as the device itself, regardless of what it is or how much noise is present on the LAN'S. This is why I'm having trouble understanding why you have your router setup the way you described. I can access the 2DS from anywhere on the LAN/ VPN, or anywhere in the world that has decent internet, and it always responds quickly.

We have way more traffic at our offices and even across the VPN from there, I have no delays talking to the 2DS on the home LAN.

I guess I just don't get the need for having the ability to set optional ports on the 2DS. This can all be done through almost any firewall /router by using NAT - if remote access is required outside a VPN.

[kevin]

I can't think of why on a busy network - one would need to do that and access the 2DS from the WAN side.

I had a problem with my 2DS rebooting repeatedly. I did about 2 weeks of troubleshooting directly with Envisacor, and went through several firmwares. In the end the only possibility left was that there was too much broadcast traffic on my network that was overwhelming the 2DS, and the solution was to put a router between the 2DS and the rest of the LAN. I got an old router and put it in and bingo, problem solved. I have set up this "internal" router so I can access it from the LAN side to admin it, and have a port forward set up in it so I can access the 2DS from the 2nd router's WAN side.

In larger networks it's common to use routers to separate departments, areas, whatever, for traffic reasons, or security. My network isn't like that but I have enough broadcast traffic to need to add the router to limit the traffic reaching the 2DS. In other larger busier networks, routers have solved problems with too much broadcast traffic to the 2DS.

It's not standard network traffic we're talking about. Standard traffic would show up at the 2DS if the network were built with hubs, but in my LAN it's all switches, so only traffic destined for the 2DS, and broadcast traffic, will reach the 2DS. I didn't investigate why there was a lot of broadcast traffic on my LAN but the router blocks the broadcast traffic. Because my switches don't support port mirroring I wasn't even able to packet sniff the 2DS traffic without finding an old hub and adding it to the network temporarily.

[stevew]

Makes sense, and if it addressed the issue, I guess that was the right fix! Thanks for the explanation!

[gmanvbva]

The second router (if configured properly) is essentially doing the exact same thing VLAN's would accomplish. The critical piece would be ensuring routing and firewall rules are setup appropriately.

I wouldn't necessarily discount it as "bad network strategy/topology".