Routing problem in T-Mobile Thuis Network

Hi @EricSatu, I'll try and ask one of our network specialists to come and take a gander, my limited knowledge won't be of much assistance to be honest! 😊

Thanks for your help and contributions @Pieter_B, hopefully one of our specialists can offer more clarity! 

@EricSatu 

Can you see what happens if you connect from Laptop-1 to NAS-1 via the DDNS service, you could see that as a remote hairpin.

And try to do the same on the other side with Laptop-2 to NAS-2.

But it would be nice it some network specs at TMT could also look into this, i do not know if moderator @Jason could be of any assistance on this?

NOTE: Moderators mostly try to respond in about 48 hours, maybe now after the weekend.

Hi @Pieter_B you got it right.

What or who can help me ? What do you recommend ?

Eric

@EricSatu 

Missed that a little bit that one picture was from a Hotspot connection and the other via the fixed line. Now i see you are testing the same IP twice.

It is indeed a little bit strange that a connection via a hotspot network (mobile network) has everything open, but over the fixed TMT line all are closed.

Feels like some kind of routing issue for now.

Thanks @Pieter_B I will test with other tools next week.

The nmap result matches with reality. If the bullet = RED for a specific port, it can not be accessed from a URL either. If the bullet = GREEN, it can be accessed !

Difference is the the network I access from. RED = accessed from Zyxel-1, GREEN = accessed via Mobile Phone Hotspot.

To me it is clear that there is something blocked between Zyxel-1 and Zyxel-2 in the T-Mobile Thuis network. Do you know who I can ask to have that checked ? 

@EricSatu 

Hello again.

I see that some of the ports are maybe open, but NMAP can not determine its correct state.

See the basic info for scanning

filtered

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. Sometimes they respond with ICMP error messages such as type 3 code 13 (destination unreachable: communication administratively prohibited), but filters that simply drop probes without responding are far more common. This forces Nmap to retry several times just in case the probe was dropped due to network congestion rather than filtering. This slows down the scan dramatically.

What you can do when getting this message, deactivate the Port Forwarding on the target Zyxel and scan again. If it reports CLOSED, you know that if deactivated ports change the status, the problem could be on the direction of the NAS.

@Pieter_B 

Hi Pieter, I have played with nmap, maybe not as you suggested.

Port 200 = Access to Zyxel-2

Port 1443 = Access to NAS-2

Port 1001 = Webpage in NAS-2

Port 1501 = WebDav in NAS-2

1. Access NAS-2 with Laptop connected via Zyxel-1 modem: Only port 200 works, i.e. access to Zyxel-2.

2. Access NAS-2 with Laptop connected via Hot-Spot on Mobile Phone: All ports work as expected.

Any idea what is wrong here ? A T-Mobile configuration issue maybe ?

Regards, Eric

@Pieter_B 

Hi Pieter. I have been away for a while, but my original problem still exists.

As in the original post, I can not access the NAS in another city.

I tried nmap but do not known how nmap works, maybe you can advise.  

I also do not know how to enable the ping response on the Zyxel-2.

Please support to get my issue fixed.

Thank you @Pieter_B 

On your first 2 questions I can say:

1: Ping never works, not on IP@, neither URL

2: I don’t use telnet

3: -, next week

4: -, next week

5: I don’t know how to enable the ping response on the Zyxel T50 modem. Can’t find the setting.

I’ll get back to you next week as I am not at home right now and can’t test any further.

Eric

@EricSatu 

Are the ping problems both present when using the host name via NO_IP and the real IP of your home router?

Did you use telnet with port details or just ping without port the host / IP?

What does nmap -p  PORT IP report?

What does nmap IP (direct) or nmap HOSTNAME (via NO_IP) report?

What happens if you enable the ping response on the Zyxel-2, do you get a response from the router itself?

Hi @EricSatu, thanks for the clarification! 

I'll ask for some help from one of our home-experts. My expertise isn't nearly broad enough regarding this subject, sorry!

@Pieter_B, @Hidden.nld and @Waqqas: kunnen jullie wellicht assistentie bieden? Alvast hartelijk dank! 😄

@Jason and @Pieter B. 

There are 2 different locations or cities (2 subscriptions !) identically setup with a modem and NAS. One in T-Mobile Thuis domain 85.144.x.y and the other in 87.208.x.y.

Hope that clarifies, and I hope you have an idea to fix my issue.

Hi @EricSatu, thanks for posting a clear picture of your setup, that definitely helps matters! 😊

If I understand your setup correctly, it appears as though you've tried to install two separate Zyxel T-50 modems in the same network configuration, with the only key exception being the separate NAS's in between, is that correct? If so, you can't have two Zyxels active via the same DHCP-server. You could however, plant a separate router behind the main Zyxel modem. Hope that setup works for you!

If i completely misinterpret your setup, please forgive me! 

@Pieter_B Perhaps you can be of more assistance than I can? Thanks in advance! 😄

@yalerta and @Boris    

Here you go. I followed your advise, and get still stuck, but much more specific in detail.