cancel
Showing results for 
Search instead for 
Did you mean: 

How to turn the "smart" Hub 2 into a router for multiple servers

kevcursor
Member

I've just changed my broadband from another supplier and have a question about the "smart" Hub 2 box I was sent.

 

Background: I have one server which is configured with IPs, x.x.x.1 and x.x.x.2, and a second machine configured to use x.x.x.3.  All IPs are valid and in my range, and are just x'd out for security. All IP assignments were done on the servers themselves.

 

Question:  Is there any way to disable the firewall so all of the IPs can receive unsolicited traffic, with security handled by the machines themselves?  I switched the firewall off in the hub but it seems to still block (or neglect to route) incoming traffic anyway.  For giggles I jumped through some hoops to set up port forwarding as if I had a home router and only one IP.  I told it to route ports 1-65535 to ports 1-65535 (TCP/UDP) on one of the IPs.  That works fine to bypass the firewall, but then I don't get to set up for the others as I've used all of the ports.  Ugh.  What if I have port 80/443/whatever open on more than one IP?

 

I disconnected the second server to concentrate on the one that has two IPs so I could get my head around this, as the whole "IP reservation" system is a whole other can of worms to work out.  I'm starting to think I got sent a Home Hub designed for a single IP address instead of a business one designed with multiple IPs in mind.  I'm sure it's great for that.

 

If anyone can point me to the super-secret "just route all traffic from and to the connected IPs" option, it would be greatly appreciated.  The "smart" stuff is just getting in the way so I'd like to disable it all.  I could stick it in bridge mode and use a normal router but I'd most likely lose the main BT selling point (4G failover) by doing so.

 

Thanks for your time.  I did look on Google (for ages), but questions that seemed to be on the right track ended with messages like "you need to be on that BT Smart Hub forum instead of this one," or whatever, and then the trail went cold with no answer or follow-on link to follow.  I hope I found the right place to ask about this device.

1 ACCEPTED SOLUTION

Accepted Solutions

kevcursor
Member

This a followup message to conclude this thread.

 

A BT engineer got back to me me today and revealed this cannot be done via the Fisher Price "smart" hub 2, so the five static IP addresses can only be used with the aid of port forwarding hackery. If you have the same port open on more than one IP then they cannot be addressed independently, as would be expected. I'm told this deficiency may or may not be addressed in version 3 of the hub sometime in the future.

 

For example: If you have port 22 (SSH) open to allow remote login to each server then you're out of luck; pick one machine and forward port 22 there or change the port number and do likewise. If each machine has ports 80/443 (HTTP/HTTPS) open to serve web pages or whatever then the same applies (pick one server to be the port target and forget the others exist). If you're resorting to port forwarding then you only need one static IP so don't rent a block of them from BT. It's basically a home service with "home hub" changed to "business hub" in the admin panel.

 

The "solution" for me is therefore to leave the servers in the data centre and reduce the 5 static IP allocation down to just the one usable one, which happens to be included in the base price. That'll cut 25% off the monthly broadband bill at least, so there's that.

 

This issue is now "resolved" and I will mark this message as "the solution". I hope this helps someone.

View solution in original post

11 REPLIES 11

kelper
Guru

Are you paying for three, static IPs?

kevcursor
Member

No, I'm not paying for three.  I'm paying for five.  I said that "all three" are in my range because I was testing with three of the five (and now two).  It seems that the "smart" firewall can't be switched off despite the option to do so having been selected.  Outgoing connections are fine, as are incoming replies to those calls.  It's incoming connections that are the issue.

 

Incoming pings are fine.  If I bring an interface up on the server then it can be pinged from outside.  If I tear it down then pings fail as expected.  The problem is that the Fisher Price "smart" router finds the TCP/UDP routing part to be a bit of a challenge unless I bypass the firewall with port forwarding rules.  I'd like to find the option to completely disable the firewall so I have all incoming ports available on all servers.

 

To restate the question, is there any way to disable the firewall so all of the IPs can receive unsolicited traffic?

kelper
Guru

What do you mean when you say the addresses are legal and in your range?  Are you using WAN IP addresses given to you by BT?

 

 

kevcursor
Member

To be clear,  I have ordered 5 static IP addresses from BT.  I have received all five.  All five are correct as per the welcome email and were auto-setup in the hub.   All five can call out and all five get a correct response if I ask "what is my IP".   In short, I am indeed paying for a block of five.  All of the IPs can be pinged when I connect a device and fail to ping when I disconnect, indicating that they can be routed to.   I hope that clears up any confusion about the background section in the original post.

 

 

The question is about how to get rid of the firewall so that all of the IPs five can receive unsolicited incoming connections to any ports I have open, and I really would like an answer if anyone has ever tried to use their assigned IPs for anything other than outgoing/related connections.  If I have one port on one IP I can set up a port forwarding rule as if I was using a home hub with a NATed connection, but if I don't set up port forwarding rules then all incoming connections are blocked on all of the IPs.  It's as if each of the static IPs has its own NAT or something ridiculous like that, and nobody knows how to turn the "smart" hub into a router.  There's a DMZ but it seems to only allow one device, which leads me to think I was sent a home hub by mistake, even though it identifies itself as a "smart" hub 2.

 

Is this something BT can help me with, or do I have to terminate and go to a company with Internet experience instead?

kelper
Guru

I am just a BTB customer trying to help you.  You don't answer my reasonable questions so I shall stop trying to assist.

kevcursor
Member

I missed and hit accepted instead of reply.  Oops.

 

What I need is answers rather than questions on whether I paid my bill or not.  I'm really surprised that this simple question cannot be answered in the official BT support forum.  I'll try by phone on Monday and see if I can find an engineer who knows about routing, NATs and other networking concepts.  If not then this Poundshop "smart" paperweight will have to be returned as not fit for purpose.

SamG
Administrator
Administrator

Hi kevcusor,

 

If you head to my profile and hit "Send a Message", I can arrange for a member of our high-level tech team to contact you regarding this.

 

Thanks,

 

^SamG

kevcursor
Member

This a followup message to conclude this thread.

 

A BT engineer got back to me me today and revealed this cannot be done via the Fisher Price "smart" hub 2, so the five static IP addresses can only be used with the aid of port forwarding hackery. If you have the same port open on more than one IP then they cannot be addressed independently, as would be expected. I'm told this deficiency may or may not be addressed in version 3 of the hub sometime in the future.

 

For example: If you have port 22 (SSH) open to allow remote login to each server then you're out of luck; pick one machine and forward port 22 there or change the port number and do likewise. If each machine has ports 80/443 (HTTP/HTTPS) open to serve web pages or whatever then the same applies (pick one server to be the port target and forget the others exist). If you're resorting to port forwarding then you only need one static IP so don't rent a block of them from BT. It's basically a home service with "home hub" changed to "business hub" in the admin panel.

 

The "solution" for me is therefore to leave the servers in the data centre and reduce the 5 static IP allocation down to just the one usable one, which happens to be included in the base price. That'll cut 25% off the monthly broadband bill at least, so there's that.

 

This issue is now "resolved" and I will mark this message as "the solution". I hope this helps someone.

zaidgg
Member

Pings that come in are fine. If I activate an interface on the server, outside pings are possible. Pings will fail as expected if I take it apart. The issue is that, unless I use port forwarding rules to get beyond the firewall, the Fisher Price "smart" router finds the TCP/UDP routing portion to be a bit of a challenge. In order to have access to all inbound ports on all servers, I need to be able to completely disable the firewall.