Get superfast AT&T Fiber internet
bforsse's profile

6 Messages

Sunday, February 11th, 2024 9:01 AM

Issue moving Ubuntu/Apache webserver from Comcast to AT&T router

I've hosted a simple Ubuntu web server for years on port 443 via a Comcast router with port forwarding enabled without issue.

I am in the process of changing to AT&T, the router provided is a BGW320, which also has port forwarding that I've enabled on 443 after a full factory reset.

The web server still works perfectly when accessed externally via the Comcast router. When switching to the BGW320, the web server is no longer accessible.

When connected to the BGW320 I can confirm with tcpdump that simple external port scan TCP [SYN] packets are received at the server, but a [SYN,ACK] response never happens from Apache.

Things I've tried which have not worked include:

sudo ufw status = Status: inactive

sudo sysctl -w net.ipv4.tcp_timestamps=0
sudo sysctl -w net.ipv4.tcp_window_scaling=0
sudo sysctl -w net.ipv4.tcp_tw_recycle=0
sudo sysctl -w net.ipv4.tcp_tw_reuse=0
sudo sysctl -w net.ipv4.tcp_syncookies=0

sudo ethtool --offload eno1 rx off tx off

I confirmed that port forwarding is working as expected by disabling it, and verifying no packet transmission with tcpdump.

I can confirm the web server works fine on the internal network.

I also tried running the Rebex tiny web server on a windows box (with port forwarding changed), that works as expected without issue and is accessible externally through the BGW320.

I would be very grateful for any suggestions that would help me test or try to resolve this, thank you!

Accepted Solution

6 Messages

2 months ago

I purchased a BE9300, set the BGW320 to IP Passthrough mode with port forwarding, and the Ubuntu server worked right away from external devices. 

My conclusion is that port forwarding is broken on BGW320 routers provided by AT&T.

Community Support

 • 

231.2K Messages

2 months ago

“Hi @bforsse,

 

The Community Forums are a public support option where other users, and AT&T, will try and assist with high level support needs.   This means we won’t be able to look into account specific concerns.  To get the help you need for your unique issue, please review our Contact Us page, and choose the best option to reach out to us.  You can call, chat, or reach out via social media and we can review your specific issue and provide you support.  If you feel your issue isn’t account specific, and can be answered generally, please let us know, and we’ll be happy to help”.

 

Thank you.

Mike, AT&T Community Specialist 

6 Messages

2 months ago

Hi Mike, thank you for your response, the AT&T technicians assigned to my issue have not been able to resolve it.  If this support community can assist with any suggestions I would really appreciate it.

Thanks, Brian 

Community Support

 • 

231.2K Messages

2 months ago

Hi @bforsse,

Thanks for writing back.

We hear you, and let's guide you in the right direction.

After reviewing your concern and trying to resolve through the Community Forums, it looks like you may need more account specific support. In order to look into your router settings and to assist you best, we encourage you to review our Contact Us page for this account level help. We’re sorry we weren’t able to resolve your concern directly in the forums, but let us know if we can assist with anything else.

Thank you.
David, AT&T Community Specialist.

Tutor

 • 

65 Messages

2 months ago

Did you change the A and AAAA records at your register's DNS to the new WAN port?   Where is your domain registered, you need to change DNS there.   

6 Messages

2 months ago

Thank you @SCSIraidGURU, yes I can confirm that I changed the A record at my domain registrar.  An external nslookup of the domain confirms that the WAN IP address matches the broadband IP reported by the router.  

Tutor

 • 

65 Messages

2 months ago

Do you have a forwarding rule from your WAN to the Web Server LAN on ports 80 and 443.

6 Messages

2 months ago

Yes the BGW320 has port forwarding set up for both 80 and 443.  I can confirm that I receive packets on 443 with tcpdump on the Ubuntu server.

(edited)

Tutor

 • 

65 Messages

2 months ago

What is your web site URL?   I can test it and post my results for you.   

6 Messages

2 months ago

Sorry I can't post the url or IP, but here are results from dnscheker.org when I scan either the domain name or IP address:

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.