Netopia-3346n-VGx
I have a Netopia 3346N-VGx (like 002) that is a modem-router unit, and was originally configured by my employer for my home-to-office using static IP-addresses assigned by my employer. The Netopia used "RFC-1483 Routed IP vcc1" for its WAN interface. The Interface Type was "IP Address". DHCP Server Mode was set to "Server", and the IP-range was a small set of LAN addresses assigned by my employer, one for the Netopia, and four others to the four Ethernet ports that connected computers to the Netopia. The WAN side communicated via DSL with an AT&T office by means of another set of IP-addresses from another LAN group: 171.22.97.33 and 34. The lowest address in each group went to the Netopia as its Gateway pair: 171.22.97.33 from the WAN side, and an employer address from the LAN side. My LAN employer's addresses looked and acted like WAN addresses.
My employer stopped providing DSL service, and I was forced to get another vendor (ISP) to supply my DSL service. I chose DSLExtreme (DSLX), and when the day came to switch from my employer's DSL to DSLX, I had to "reset" the Netopia and reconfigure it. That was relatively easy since DSLX gave me specific instructions and values for most settings.
) Other modem-routers:
If you have some other modem-router, or a modem separate from a router, much of what follows may also apply to your setup. Be sure to look at the Glossary at the end of this page because other modems and routers probably use different terminology, but the Glossary should help you translate.
) RESET the Netopia procedure:
To reset the Netopia, I pressed and held the reset button on the back of the unit until the lights flashed RED. I then let go of the paperclip used to push the button, waited 10 seconds, and turned OFF the Netopia. After a minute, I then turned it back ON. It lit up normally.
) RECONFIGURE the Netopia procedure:
LOGIN procedure. Connect your computer to the Netopia via one of the Ethernet ports. Using "System Preferences -> Network", create a new "Location" with any name you like. "Show" -> "Built-in Ethernet" for that Location. Click on the TCP/IP tab and set "Configure Ipv4:" to "Manually". Enter 192.168.1.1 for the "IP Address, "Subnet Mask" to "255.255.255.0", and "Router" to "192.168.1.254". Fill in at least one "DNS Servers" address given to you by your vendor (or 8.8.8.8), and enter your vendor's "Search Domain" name. "Apply Now" to make these changes take effect. Quit System Preferences.
From any web-browser (I used Firefox), you send the following URL to the Netopia: http://192.168.1.254/ and you should get a Login dialog box. Netopia units reset to: Username: admin; Password: (Serial Number on the bottom of the unit). I got into the WebUI (user interface) using that.
The first thing I had to do was use "Quickstart". That asked me for an ISP Username (account name with the ISP), and ISP Password (account password). After entering those entities, click "Submit" and then click the yellow triangle that has an exclamation point (!) inside. This should validate your settings. If the WebUI doesn't restart on its own, click the "Restart" button. You'll do this process of "Submit", "!", "Restart" for many of the following settings, so write this down for future reference. I'll only say "Submit" in the future. But be warned that if "!" finds an error, it will show error messages and won't let you go forward. You'll have to figure out what you did wrong, fix it, and try again. You can save up several setting changes by clicking "Submit" for each group, but don't click on the yellow triangle until you're ready to apply all of them.
If you're going to use one of your computers as a Web Server, then you must make another change. This was my case, so continue directly below if it applies to you as well; otherwise, skip to "Network Preferences".
After making my first group of setting changes, I went back to "Home" and followed the Configure -> Advanced path. On that page there are many options within several headings. The "Miscellaneous" heading has something called "Internal Servers". Click on that, and change the HTTP setting from 80 to 8100. This is important because port 80 would be in conflict with your computer's need to communicate with the Netopia. You must allow normal Web Server traffic on 80, and use 8100 to communicate with Netopia. That means your login to Netopia will become: http://192.168.1.254:8100 and that appended :8100 is what makes the connection because the Netopia is listening to the LAN side on that port, and the WebUI will respond. "Submit" any changes you made.
Once you've verified setting changes with "!", the Netopia should restart, but if it doesn't, click the "Restart" button in the upper right corner. That can take time, so be patient. You may have to login to the Netopia again; but remember, you may need to use port 8100 if you changed the Internal Servers.
Since I needed to make ONE computer act as the "master", and all the others as "slaves", I chose 192.168.1.1 as the master's LAN IP-address. I want Remote Login and Web Server requests to go that machine. I revisited Configure -> Advanced, and under the NAT heading I double-clicked on "Pinholes". There you can Add pinhole entries that have the form:
Pinhole Name
Protocol Select
External Port Start
External Port End
Internal IP Address
Internal Port
I only needed to deal with ports 22 and 80. I chose the following settings:
P22, TCP, 22, 22, 192.168.1.1, 22
P80, TCP, 80, 80, 192.168.1.1, 80
Each of these was added separately. I submitted these changes, verified them with "!", and restarted the Netopia. Now ports 22 and 80 are piped through to my "master" computer, which will always by assigned the 192.168.1.1 address.
) Network Preferences:
If you only have ONE computer to plug into the Netopia, you're done. But if you have other computers to plug in, continue reading.
Login to the Netopia from any browser, and visit Configure -> Advanced again. Click on the "DHCP Server" link under the "Services" heading. That should show the Server Mode to be "Server", and the Starting and Ending IP Address range should be 192.168.1.1 through 192.168.1.253. Any computer you plug into the Ethernet ports of the Netopia can be assigned any address in this range.
OK, quit from your browser; you're done with the Netopia. Your main computer should already have a Network Location configured to 192.168.1.1, but now you may wish to configure any other computers to be plugged into the Netopia.
Connect any other computer via Ethernet cable to an open port on the Netopia. Boot up the computer, and visit "System Preferences -> Network". Create a new "Location" with any name you like. "Show" -> "Built-in Ethernet" for that Location. Click on the TCP/IP tab and set "Configure Ipv4:" to "Manually". Choose a number in the range: 2<=x<=253, and enter 192.168.1.x for the "IP Address. Then set "Subnet Mask" to "255.255.255.0", and "Router" to "192.168.1.254". Fill in at least one "DNS Servers" address given to you by your vendor (or 8.8.8.8), and enter your vendor's "Search Domain" name. "Apply Now" to make these changes take effect. Quit System Preferences.
Do the above procedure for each computer you plan to connect to the Netopia, but be sure to pick a different "x" for each computer. I have four computers, so I just picked "1" for my "master", and 2,3,4 for each of the "slaves". What I mean by master/slave is that only the master can receive a Remote Login or act as a Web Server. However, ANY of my computers can request a Remote Login to any other computer in my LAN or outside. It's just that the outside world can't Remote Login to my slaves. HOWEVER, anyone I allow to login to my master, can then Remote Login to one of the slaves. They just reference the appropriate 192.168.1.x address assigned to that slave. I think that's neat.
) More than ONE Web Server:
You may have noticed I have been stressing only ONE computer that acts as a Web Server. But that's really not true. You can have other machines in your LAN, serviced by a single WAN address, that also act as a Web Server. I'll make this simple... let's just add one other Web Server machine. That means it needs to receive port 80. That's fine, but the router is currently configured to send port 80 from outside to just ONE machine's 80 on the LAN side. That's machine #1 (192.168.1.1) described above. But let's add another "pinhole":
P984, TCP, 984, 984, 192.168.1.4, 80
What this is saying is that a pinhole (here named P984) can send requests from the outside world to port 984, through to the LAN machine at 192.168.1.4, and send it to its port 80. That computer thinks it's a normal Web Server request, and responds accordingly. What the users in the outside world need to do is append :984 to the WAN IP-address to the Netopia. How does the outside world know this address, since it can change almost every day? Well, that's really the same question concerning machine #1. The solution has to do with Dynamic Name Services, and companies like DynDNS.org that offer such services for small fee if you only want one (or two) "Domain Names". You setup an account with DynDNS and pick from large lists of domain-name suffixes. I have a pair from "dyndns.org" and "dnsalias.net". You then pick a unique prefix-name, something that personally suits you. When you submit your choice for both prefix and suffix, DynDSN checks if it is available, and if so, you can claim it as your own.
DynDNS also offers free software, that you install on your server machines, to monitor your WAN IP-address (what the outside needs to know), and when it changes, it sends a change notice to DynDSN. They update the IP-address associated with your domain name. When your users want to access your Web Server, they use your domain name in the URL, something like this: http://dicksters-domain.dnsalias.net/~username/target.html (or other targets). In that form, the reference to to port 80, which would be my machine #1. But "dicksters-domain.dnsalias.net:984" is a reference to the same WAN IP-address, but the Netopia will route it to port 80 on machine #4. Now that's REALLY neat.
Having added one other Web Server machine, I'm sure you realize how another pinhole with another name and External port can forward it to port 80 of another machine. If you want Remote Login on another machine, just add another pinhole (with a different name) substituting port 22 as the Internal Port. In ALL cases, if your machine has a Firewall, be sure it passes TCP input from port 80 and/or port 22 through for 192.168.1.0/24, such as: 02100 allow tcp from 192.168.1.0/24 to any dst-port 80 in .
Going even further, since I have two domain names, and two or more computers connected to my LAN, I can configure one computer to synchronize the IP-address to one domain name, and another computer can synchronize that same IP-address to the other domain name. Now both domain names point to the same IP-address, which is being used by all the computers in my LAN, so I can use EITHER domain to access any computer through pinholes setup for that computer (#1 through #4).
) Safer method for Remote Login:
You may have been thinking that with more than one computer, it might be safer to just have port 80 on the "master" at 192.169.1.1, and only allow remote login to one of the "slave" machines. That's what I did. I deleted the "pinhole" at P22, TCP, 22, 22, 192.168.1.1, 22 and created a different "pinhole" at P924, TCP, 924, 924, 192.168.1.4, 22 within the Netopia' Configure -> Advanced -> NAT section. If you're wondering about my port-assignments, the algorithm is simply "9 || (1st digit of dest port) || (last digit of LAN)". So for port 22 on machine #4 (192.168.1.4), the external port is 924. Ports in the 900-range are typically not assigned to anything, so this is a safe assignment. But what it does is make it much more difficult for someone to probe your machine. To break in, you'd need the DynDNS domain name, the external port number, my username and password.
) Attachments:
Attached are a couple of items. One is a picture of the Network control panel for machine #4. The other is a summary of all the settings within the Netopia, as I have them.
) Glossary:
DHCP -- Dynamic Host Configuration Protocol
DSL -- Digital Subscriber Line
DSLX -- DSLExtreme (the company)
IP -- Internet Protocol
ISP -- Internet Service Provider
LAN -- Local Area Network
NAT -- Network Address Translation (or Table)
Pinhole -- Netopia's word for a Port Forwarding entry
PPPoE -- Point to Point Protocol over Ethernet
TCP -- Transmission Control Protocol
WAN -- Wide Area Network (could be World wide)
WebUI -- Web User Interface to your modem-router