cancel
Showing results for 
Search instead for 
Did you mean: 

PlusNet Router pass through - DMZ

scargill
Grafter
Posts: 41
Registered: 25-06-2015

PlusNet Router pass through - DMZ

I've been using another router other than the Plus 1 as it does not have the features I need - but we're having reliability problems and Plusnet want me to use their router and have in fact sent me a new one to try..

I have a Draytek 2830 router (won't connect directly to Plusnet) with a WAN input.... and I've been told that if I set the router connected to the Internet as a simple modem I can pass everything through to the Draytek to do port redirects, VPN server (which the Plusnet router does not do)... but I can't figure out the setting in the Plusnet Router - is that the DMZ setting - in order words if I enable this can I have the Plusnet router simply pass all traffic to the Draytek which would then have it's own subnet and would then let me treat the Draytek as if it is the router connected to the InternetHuh

 

8 REPLIES
bill888
Seasoned Pro
Posts: 806
Thanks: 104
Fixes: 20
Registered: 18-10-2008

Re: PlusNet Router pass through - DMZ

fyi, the Hub One does not support 'bridge modem' mode.

DMZ on Hub One may work as you describe for your VPN server.

Are you on ADSL or fibre ?

If you have fibre, I would suggest getting an Openreach VDSL modem, such as a Huawei HG612 (type 3B).  Plenty on eBay.  Then simply configure your Draytek to use PPPoE to connect to Plusnet.

 

Update:  I see you have posted in this thread:

https://community.plus.net/t5/Fibre-Broadband/PlusNet-Hub-One-static-IP-bridge-mode/td-p/1301814/pag...

 

 

scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: PlusNet Router pass through - DMZ

I did... So I DMZ from the Plus One to the Draytek - with the Plus one on 192.168.2.x and the Draytek shelling out 192.168.0.x addresses and it all works SWIMMINGLY - as does my similar situation in Spain where I have a little satellite box firing out to a (different) Draytek).

 

But BOTH are suffering the same issue - normal redirects work but for two things..

 

1. external addresses coming back into the house are not working

2. SSL works but not on port 443

The first is more of a curiosity than a problem

The second is a deal breaker as I have an SSL into a box in the house for an Amazon SKILL and they will only talk to port 443 SSL (NO idea why they won't allow another port).

 

 

scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: PlusNet Router pass through - DMZ

I have neither -  I have high speed VDSL2 coming in on copper wires on the same connector as ADSL - few of the modems support it - hence the reason for sticking with the Plus One but wanting more control - see elsewhere - almost there just two issues left.

bill888
Seasoned Pro
Posts: 806
Thanks: 104
Fixes: 20
Registered: 18-10-2008

Re: PlusNet Router pass through - DMZ

To clarify, VDSL2 is a 'fibre' service in the loosest context, so an Openreach modem would work fine on your line with your Draytek.

Personally, I don't recommend using DMZ mode combined with another 'router', because the double-NAT could result in unexpected issues.  A proper 'bridge modem' such as Openreach Huawei HG612 (3B) would be far better imho.

 

I've read your posts in the other thread regarding external addresses, but got confused.

Are you saying when you are connected to your internal LAN, and try to access your server using your external WAN IP address or DNS, it fails?   And there are no problems when you are connected to internet from anywhere else to access your server?

 

fyi, The TD-W9980 and Hub One uses Lantiq based chipset.  I assume your TPlink is running latest firmware.  Openreach ECI modem also uses Lantiq SoC. The Openreach Huawei modem uses Broadcom SoC.

 

Regarding port 443 issue, I presume you have turned off the Plusnet Firewall on your account.

scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: PlusNet Router pass through - DMZ

Hi - I found an ad for the Huawei HG612 but that just says VDSL - nothing about VDSL2.

So the original problem was that the TDLINK was failing after a day or so - sometimes once a day, sometimes two or three times a day. Plusnet and TDLink were (are) unable to agree on a problem - actually TDLink have just shirked responsibility and said try another modem - great.  So I put the TDLink entirely to one side.

I'd also had dropout problems with the original Plus One - but Plusnet say the line is fine as far as they could tell  - hence they sent me a new Plus One to try. The problem being, the Plus one has no-where near the feature set I require.

So here's what I've done. Turned off the Plus One Firewall, put it on a base of 192.168.2.1 and DMZ to 192.168.2.30 - that is the address that I have given to a Draytek 2830 which is using WAN2 to connect (via fixed IP). The Draytek for it's LAN (the one I'm actually using is ranged 192.168.0.x  -  and all of that is working fine including a commercial SSL certificate through to a machine in the house. Everything works. But.... before I started all of this, I could access the house via a domain name. I still can. But only from outside of the house. I can no longer use the domain name to access the house from inside the house network. That, as far as I can tell is the ONLY change thanks to shifting from a single TP-Link modem to the Plus-One + Draytek combination.

But this got me to thinking - in Spain I have a property with the same Draytek and a WIFI-based dish with it's own built in router for the broadband (we live in the hills there) - the setup is pretty much identical. And again, there, I have an issue of accessing a domain name pointing into the building, from within the building network - so it seems there is some common ground.  I have an additional, unrelated issue there that a FREE SSL certificate there will NOT allow SSL on port 443 into the building. At first I had the same issue in the UK and figured it must be the dual-modem setup but then realised I'd made a silly mistake and the SSL issues went away in the UK - but not in Spain despite careful checks of the Draytek settings. So in Spain. I can SSL into the house from outside on any port EXCEPT 443.

I realise by now as things have unfolded that this is not REALLY a Plusnet issue - but it's in here so if anyone has any thoughts do let me know.

bill888
Seasoned Pro
Posts: 806
Thanks: 104
Fixes: 20
Registered: 18-10-2008

Re: PlusNet Router pass through - DMZ

Openreach branded Huawei HG612 and ECI b-focus modems support VDSL2 and all FTTC fibre connections provided by Openreach are in fact VDSL2 connections.  

Plusnet stopped supply these modems via Openreach when Plusnet switched from 'engineer managed installations' to 'self installs' with the introduction of the Hub One about a year ago for all fibre broadband customers.

 

Generally speaking, when you cannot access you server on your LAN from within your LAN using the WAN IP address, it usually suggests a router does not support 'loop back'.

It could be that loop back works fine with Hub One or your Draytek when used individually.  But in combination, perhaps it does not function.  ie. it could be a side effect of double-NAT perhaps.

 

Replace the Hub One with an Openreach modem and it may resolve this issue.  If it still persists, then it is a Draytek issue.  Some routers are known to block 'loop back' for security reasons.

 

 

 

 

 

scargill
Grafter
Posts: 41
Registered: 25-06-2015

Re: PlusNet Router pass through - DMZ

Thanks for that insight... it is really annoying not being able to use the external address and in some cases critical - as that means with some home control apps having two versions one with internal and one with external address..

I'll take that further.  Actually the original point of all of this was to prove once and for all if my dropouts are line or modem issues - so in a few weeks IF there are no issues I'll be looking for an all in one router for Plusnet - with it's own logging and VPN server. I think some of the guys were suggesting an ASUS (don't want to spend £200) - maybe the Asus RT-AC68U

 

Browni
Seasoned Champion
Posts: 1,522
Thanks: 430
Fixes: 35
Registered: 02-03-2016

Re: PlusNet Router pass through - DMZ

fwiw the Hub One does support loopback on its own.

I must have been really bad in a previous life. This is my 3rd ISP in a row that uses lithium.