Trying to access my ISP's DMZ to be able to open ports

Hi! This is my first post. Nice to meet you all, guys! Well, to the topic...

I don't know how common this is around the world, but here ISP typically force you to use their modem-router and do not give you access to the router menu. So even just to set up your WiFi password, you have to log in to their websites and change it there. They control everything. This is really annoying, especially because I can't even do port-forwarding that way.

So, what I initially did when I hired this ISP was to have them put their side in bridge mode and bought a new router that I plug to their modem-router. It worked like a charm, although it took me long and I had to learn a lot to understand this. Now they've suddenly changed the rules: they've removed everyone from bridge mode and instead, they put me in a DMZ, or so they say, and charge me to have a "public IP", as they say (it seems they're talking about something entirely different from what I understand as "public IP"). They gave me their DMZ IP: 192.168.100.200, mask: 255.255.255.0 and gateway: 192.168.0.1.

My router, when they made the change, continued to get connectivity, but my ports are no longer open no matter what I do. I noticed that my WAN configuration was set in "dynamic IP" mode (which worked with the bridge), but just to try, I changed it to "static IP" and configured it with the data they gave me. This still results in the same thing: connectivity=yes; port-forwarding=no. It looks like something at least is correct because, if I change the IP, I lose connectivity.

When I call them, they refuse to help me. They say this has nothing to do with them. It looks like they only want to give internet to people who only post cat photos in social networks. I have lots of doubts. For example, whether I should disable DHCP on my router. I tried it and what happened was that I lost connectivity and I couldn't even access the router menu. I had to reset it. Now it's working again. I don't have access to the ISP's router menu, so I can't change anything there.

I appreciate any hint on what I may be doing wrong or not doing or whether there is a key I need to consider. I know the information is vague, but that's precisely the problem: they are not telling me enough. If there is something else from my router configuration that it'd be useful to know, let me know and I'll post it. Thank!
 

MattS

Posts: 677   +180
Hi xlucas,

Its difficult to grasp the whole situation here what the issue looks here is a configuration issue from the provider.

Are you able to provide at least a snippet of a traceroute from your machine/network to google?
 
Hi, Matt. Thank you so much for trying to help!

After a lot of testing and wondering, I realised what was wrong and it was my fault. Because the ISP had changed my configuration, I was assuming that what was going on was at their end, and at first, it was, but as soon as I changed my configuration, the problem was fixed and I didn't realise. I kept trying, but making one mistake: the program I was running was opening a different port number, so of course, the sites I was using to test whether the port was open were telling me it was not.

So, lesson to learn: never forget the simple things and assume it's something more complex. For anybody else who'd come across this topic, to make sure you can forward ports, these are the steps I should have followed from the beginning:
1 - In my router, go to DHCP and have it reserve a fixed IP for my computer. Then turn off the router, wait a little and back on, so my computer is given that IP
2 - Again in the router menu, go to Port Forwarding and forward the desired port to my computer IP
3 - Run any server program that will use (bind) that port, for example, if it's a Minecraft server, make sure server.properties has this port configured as the server port and make sure the program is already running before testing
4 - Attempt to get to the server from an external client, that is, connect to the server using my current public IP (reported at sites like www.whatismyip.com). Also, using a website to check if the port is open would give the result. This should work and the port should be open. Make sure I'm not connecting via LAN (which would always work)
5 - If at this stage, it still does not work, contact the ISP and make sure they don't have a firewall for me. If they do, do whatever necessary to undo that, such as ask them to set up a DMZ or a bridge mode if possible and wait the necessary time for this to have an impact
6 - If it still doesn't work, make sure in the router, the connection to the ISP modem/router is going out statically instead of dynamically, by specifying IP (provided by the ISP), sub-net mask (typically 255.255.255.0) and gateway (which should be displayed while the router is in dynamic mode). If changes are made here, turn the router off, wait and back on before testing again
7 - If after all this it still doesn't work, cry desperately :)
 

MattS

Posts: 677   +180
Hey xlucas I'm glad its fixed. I appreciate that you left the notes for the fix!

Well done
 
D

DelJo63

Well done :) That outline is documented elsewhere on TS, but it's great to see your success. BTW; The DMZ opens your whole system to attack and is really no part of the solution due to the Port Forwarding