Optional: Enable Remote Device Filtering
If your modem is performing NAT, or you are using other equipment for your network gateway, it is essential to turn on DMZ or Port Forwarding on the gateway to the DrawBridge WAN/External interface IP address to enable Remote Device access.
Required Remote Device Ports
| Port | Protocol | Service | Accessible From | Notes |
|---|---|---|---|---|
| 1525 | TCP | PAC | All IP's/Everywhere | Proxy PAC (HTTPS) |
| 6502 | TCP | Redwood | All IP's/Everywhere | Proxy PAC (HTTP) |
| 25000-29000 | TCP | Redwood | All IP's/Everywhere | Per-device authentication |
Implementation
The ports above must be open in the ClearOS Incoming Firewall. The following sections assume that has been done.
Installation Type A:
DrawBridge Gateway situations
- Fiber and Cable modems: We recommend you use DMZ on the modem for the IP address the DrawBridge is using for its WAN interface. Note that you'll need to ensure the WAN interface IP address doesn't change, either by configuring the interface on the DrawBridge to a static IP or by configuring a DHCP reservation for the IP address in the modem DHCP settings.
- DSL modems: We recommend you use port-forwarding on the modem for the IP address the DrawBridge is using for its WAN interface. (DMZ is usually unreliable on DSL modems for some unknown reason.) Configure the Port Forwarding in the modem per the Required Remote Device Ports list, above.
- Fixed Wireless: Either DMZ or port forwarding will work. Usually you'll need to contact your fixed wireless provider to have them set up these features for you. Have them forward the ports in their equipment per the Required Remote Device Ports list, above.
FAQ: Why aren't you recommending Bridge mode? You're recommending Double-NAT!
Yes. The reason is that most Internet Service Providers lose access to the diagnostic functionality on their equipment when it is in Bridge Mode. If you call them up about an issue, they'll simply have you reset the modem, which may "fix" an issue, but hide the root cause (such as recurring timing errors on cable networks, etc).
This Double-NAT configuration method works well, despite not following the typical recommended industry "best practices". If you wish to use Bridge mode instead, you are certainly welcome to do so.
Installation Types B and C:
DrawBridge non-gateway situations (other equip at actual gateway)
- Configure port forwarding on your gateway equipment (per the Required Remote Device Ports info, above) to the DrawBridge WAN/External network interface IP address.
WARNING:
For Installation types B and C, Do Not place the DrawBridge in a DMZ, as this will leave the DrawBridge unprotected from incoming threats!