Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Network/port forward help

Aug 16, 2017 11:06AM PDT

Our church's hvac system is connected online and can be reached internally at 192.168.0.200. Our building guy used to have home access to the system by entering the external IP:port, so I assume we had forwarded a port to allow external access to the hvac system. Somewhere along the way he lost home access, not sure when, maybe when we had to replace the modem or a router?

So it seems I need to port forward to that address, correct? The issue is that the linksys router is 192.168.1.1 and gives me no options to forward to the address listed below, because of the 0 instead of 1.

The connection goes:
phone line to modem (w/ built-in wifi router)
modem to hardwired firewall
firewall to unmanaged switch
Switch sends internet all over the building, including to wifi routers and directly to the hvac controls.

When connected to a wifi router (not the one built in to modem) I can access the hvac controls internally. But like I said there is no option to port forward to that address.

Total novice, hope I'm making sense, but I feel like it could be pretty simple if someone points me in the right direction. If anyone could help I'd greatly appreciate it, thanks!

Discussion is locked

- Collapse -
Answer
Let's fix this the easy way.
Aug 16, 2017 11:10AM PDT

Change your router's LAN NETMASK value from 255.255.255.0 to 255.255.0.0. Now both 192.168.0.x and 192.168.1.x machines are in the LAN.

At this point you enter in the same port forward information as before. I will not know what that information is but we can fix the LAN IP range to allow your port forward to work again.

- Collapse -
Answer
PS. If as you say there are more than one router.
Aug 16, 2017 11:13AM PDT

This puts you in an unsupportable configuration. Our office will not go on site if folk have more than one router. Maybe you have WAPs instead of those other routers? (Wireless Access Points)

So the supportable setup is:
phone line to modem (w/ built-in wifi router)
modem to hardwired firewall
firewall to unmanaged switch
Switch sends internet all over the building, including to wifi access points and directly to the hvac controls.

- Collapse -
Re:
Aug 16, 2017 11:24AM PDT

The switch sends internet all over the building, mostly to multiple linksys E1200s . Isn't that a router? So that is unsupportable?

I can still access the hvac controls while connected to the linksys so I was hoping it would be possible.

If so where would the LAN netmask be changed?

- Collapse -
The e1200 can be configured as a WAP and supported.
Aug 16, 2017 11:31AM PDT

But as routers you run into the double NAT and routing problems. No one I know will deploy such.

The LAN netmask would be set in the router connected to the modem.

If the HVAC is on the LAN, then we port forward as documented by the person that set this up in the router connected to the modem.

If the HVAC is on the other side of another router other than the one connected to the rotuer you will have issues that are beyond what I support or discuss other than correcting the setup to be a LAN and not a mess.

- Collapse -
Thanks for your quick replies!
Aug 16, 2017 11:36AM PDT

I will take a look and see if I can do some of this.

- Collapse -
Answer
Sorry I missed a thing.
Aug 16, 2017 11:47AM PDT

I missed where you didn't connect to the router connected to the modem. If you do indeed have many routers, the only router that should let you get to the HVAC is the router the HVAC is connected to.

I'm not there to check out if the HVAC is on some router or connected to the first router connected to the modem or if said modem has a router in it (model numbers help here.)

But even so with all that I missed, more than one router will find yourself in an unsupportable position.

- Collapse -
The hvac has a wired connected to the unmanaged switch
Aug 16, 2017 12:12PM PDT

But I can't access the hvac controls by connecting to the original AT&T modem/router (wirelessly) and entering 192.168.0.200. I *can* access the hvac by using that same IP when connected to any of the linksys routers (that receive internet from the switch).

But if I change the subnet mask on the original router perhaps that will help? Will that affect devices connected to it?

- Collapse -
What it will affect.
Aug 16, 2017 12:17PM PDT

The design to me is a mess. I can't guess what will break if you fix your setup.

It may be time to talk to the person who designed this. So choices have to be made.

1. Create a LAN. Turn the routers (other than the first one connected to the modem) into WAPs.
2. Try changing the IP address of the HVAC to be on the LAN that is on LAN that the first router created.
3. Don't change the HVAC IP but change the netmask to include the LAN your HVAC is on.
4. Task the person who made this messy system to correct it, make it work.

- Collapse -
The shorter answer.
Aug 16, 2017 12:17PM PDT

It's a broken design in my view. Fixing it should take a hour or so.