Thomson TG585v7 Hell

Hi Lee,

if you are still checking replies in here please could you let me know, I would like to ask you a question that i cant seem to find a solution.
thx a lot

lancellot

I read every reply. I just don’t always have time to answer every question, I sometimes also don’t have the answer.

Sorry Alexander, not having an XBox I have no idea. Incidentally, I also don’t have one of these routers and have never had one. My girlfriend does but I’ve spent a while working on several now to know their quirks.

Hi Lee,

thx for that, Lee what I am trying to do is to disable NAT on the inside
interface (the ethernet), could you pls help me on this
thx a lot

I think what you’re asking is how to bypass the natting and put a device on the DMZ.

Take a look at the comments around this post: https://www.leenukes.co.uk/?p=71&cpage=4#comment-16932

Let me know if any of that helps.

Hi Lee

We recently moved from a NewNet DSL line (and ZyXEL DSL router) to BE and their mysterious Thomson TG585 v7 router courtesy of BE ADSL line along with 4 IP addresses. A CISCO PIX sits behind the router and after much effort we realised that the Thomson TG585 needs to run in Bridge MODE with no public IP address assigned to the router at all. In the CISCO PIX we use the BE supplied gateway IP address and suddenly internet access works quite happily. By the way, just for your information and others too, when we by-passed the CISCO PIX and just had the Thomson TG585 v7 as the gateway/router on our network we couldn’t amend the default 192.168.1.254 IP address to our gateway IP address 192.168.10.254. For some reason it reset itself from 192.168.10.254 to 192.168.1.254 – and therefore no email or internet access. To solve we had to add the second IP address.

The problem we cannot get round is remote VPN access using the CISCO VPN software. We thought just changing the IP address to the new IP address of the firewall would work (one of the fixed IP address provided by BE). The CISCO VPN software cannot communicate with the CISCO firewall. In Bridge mode the router firewall was switched on – so that was switched off. Its not clear what is blocking the VPN access now? Could you suggest what ports may need to be opened or something else in the Thomson TG585 setup that may need to be checked.

All the best and keep up the good work,

Steve

I would have assumed running in Bridged Mode meant all packets sent through, but I may be mistaken. Isn’t the CISCO VPN Software IPSEC? Is there an option to allow any VPN pass through on the Thomson Router once it has been set to bridged mode?

Hi Lee – thanks for the prompt response. Yes the CISCO VPN software is IPSEC. I haven’t noticed any options to allow VPN pass through in the Thomson configuration menus. I’ve on some blogs that you need to open ports 50 and 500 to allow VPN but not sure if that’s necessary.

Any suggestions would be welcome.

All the best,

Steve

Yes it is the worst router I’ve dealt with too. Thanks for this.

Hi there,

Having a nightmare with this router and glad to see I’m not alone!

I’ve got one of these, branded as the O2 wireless box ii with O2 firmware. I’m trying to open port 80 to run a webserver and port 993 for IMAP over SSL. I’ve forwarded these ports through the web GUI to the server on the LAN via static IP, by creating a ruleset (or “Custom Application” to use Thomson speak!) using Game & Application Sharing, however for some reason these ports are still closed when running a port scanner from the server. Weirdly I’ve opened another port to translate to 5900 for VNC and 21 for FTP, these are working a charm and are within the same ruleset, so it does appear to at least be partly working.

I’ve telnetted in and listed the services and rules, and I can see what I set up through the GUI is in place, apparently forwarding to the static IP. However, 993 is definitely still closed and IMAP ain’t syncing reporting “unable to connect to server”. I’m wondering if there may be something else I need to do?

From what others have written here, port forwarding on this router is flaky at best so I don’t entirely trust it. I can’t believe O2/Be would be blocking those ports….

Total nightmare… Any help / suggestions very gratefully received! :-)

Cheers
Steve

OK, so I’m assuming you’re using 993 as opposed to the default port for IMAP. When you connect to your router using a browser are you connecting to it on port 80? So its an http session and not https? If so, then it would suggest its still got control of that port and you’ll probably need to stop that much how I had to stop the 443 port in the article/post.

My friend has an O2 varient of one of these routers and they seem to be more locked down then the Tiscali ones, I can’t even find a place to backup the config on his as its what I always do before resetting to factory defaults. I was happy to see that when I went ahead anyway, it keep the connection information, as it doesn’t need to authenticate to connect anyway.

hi guys
listen to me i have this dam router you are talking about.
at first it is p reconfigured from the DSL company
i can not change anything with it create a new user ..
there is a configured DHCP which i am do not observe..or change anything

1- problem that i am going over limit and i am paying a lot of money
(i have checked every thing there is can access my connection because i have disabled my wireless all the time )

2- i have 512 download with 4 GB storage maximum above i pay double

on the network we are three users
me : normal user just a viewer with no heavy applications on web to use
sis: she is too not a heavy user\
freind: he is using my connection for VOIP use to talk on the phone with less cost
lhe has 2 lynksis machines every one connected to a phone
well he is telling me that what he is doing does not cost that much
my question is he talking right or not does the VOIP on DSL use a little of the download usage i am suppose t stay with
he is connected by cable not wireless with my dam router
if not plz tell me or lead me to a way that helps me access my router and sees how much he is downloading day per day

I don’t think the router gives you that level of detailed information. As mentioned previously though, I don’t actually own one of these routers, I just came across one whilst at work one day and wrote this based on that.

I have since seen them but they seem to vary from ISP to ISP depending on what they have cut out.

Regarding VOIP, it really depends on the quality of the calls amongst other things. If he is hosting a VOIP server with lots of people connecting, then it could easily go over your limit. If he is only using it to talk occasionally, then its unlikely. Using VOIP is a bit like streaming media, so consider that as a comparison. There is a calculator here: http://www.bandcalc.com/ but I’ve setup VOIP systems before but couldn’t advise you how to use that I’m afraid.

Is your download limit 512MB or 512GB?

Have you check certain things such as automatic updates for any software you are running? Those have gotten much larger over time due to less people using dialup etc.

Hi
Thanks for all this work you are doing.
I have the same problem with getting the HTTPs or HTTP ports NATing though to my Firewall. But when i try to run the following command i get an error, see below.

{admin}=>ip config natloopback=enabled
{admin}=>service system ifdelete name=HTTP group=wan
Failed to delete interface group from unknown service access list.
{admin}=>saveall

Also i have a problem with the public IP address subnet mask that is getting assigned and cant seem to find the place in the CLI where i can change this. I have a Staic IP address from my ISP 80.x.x.x but when the router assigns this to the local network the device with the subnet mask of 255.0.0.0. I have used a 2wire router in the place of the thomson and the subnet mask is set to 255.255.255.255 which works correctly. As you can imagine the router addresses in our VPN are all withing the same Subnet and having the 255.0.0.0 subnet mask means they wont talk to each other as they are looking for a host locally.

Thanks

Hi Lee – you are clearly THE online TG585v7 guru – quite an achievement as you’ve confessed to not having one! My problem is slight compared to many on here (I’ve spent an hour reading them!). I’m with Plusnet and the router works fine except: at least once a day, and generally no more, I lose my web connection. This can happen at any time for no discernible reason – one moment I’m online and the next moment I’m not. It applies to my cable connected PC and my wireless laptop. Also, I borrowed a friend’s BTHub 2.0 for a week and it worked flawlessly.

The solution is simple – I turn the Thomson off, then back on again. And it reboots and works fine. So it’s just an irritation really. But I’d like to know what’s causing the problem. Having spent some time on the Plusnet helpline they sent me a replacement (same model) – and lo & behold – it has the same problem! Any thoughts?

Thanks.

Well thank you for your kind words, as you’ve read, I don’t own a Thomson router but I’ve seen my fair share of them. A friend has one on O2 broadband and my girlfriend has one on TalkTalk (old Tiscali customer).

Hmm, I have seen this issue before on a Be broadband line but I think it was resolved by a replacement router. It was another Thomson. I’d be interested to see what the router thinks when you get disconnected. See if it still thinks its online. Also, see if its an actual disconnection or if its just a DNS problem.

To test the DNS when it drops, you can just try pinging an address by IP address. Here is one of Googles for reference: 209.85.227.104

I am reluctant to go on too far without knowing the results of the above. Also, maybe make a note of when it drops? Some routers are better at coping with line faults, where I used to work we replaced a BT router with a netgear and their line drops stopped too.

Hi, Lee

Thanks for sharing all this info with the world!

Martin, I’m running one of these beasts from my UK ISP (Plusnet also) here in Sofia, Bulgaria. I’m getting exactly the same problem with drop-outs – roughly one a day, although sometimes more often – and simply rebooting the router “fixes” the problem until the next time.

The line is rock-solid and fast (25 megs down AND up ;-) ) and my neighbours here have no problems with their connections. I’m thinking of binning the junk and getting a decent router if I can’t persuade it to stay up…my trusty Zyxel back in the UK stays up ALL the time!

Ahh Sofia, we have an office there where I work. Although I’m based in the UK.

Interesting that you have that fast a connection (nice upspeed too). I had an old cable modem that the minute I started to download anything at its upper limits, it would just cut off. So a download speed of 2MB/s for example I could guarantee it would drop the connection. I complained and they sent the next generation model and it was fine.

I wonder if you’re both running the same firmware too.

KayJay – So, proof that I haven’t been singled out. What a relief, but small consolation!

Lee – Thanks for your speedy reply. I’ve waited until the router went down again – and it just has! The timing seems completely random – I attempt to change page and find the connection has gone.

I Pinged the Google address you suggested and I got a succession of ‘Request timed out’ messages. In Network Connections the connection is marked as ‘connected’. If I right-click and select repair, after a while I am told that Windows cannot renew my IP address.

According to the Properties, the Network Adapter (Intel(R) PRO/1000 MT Network Connection #2) “Device is working properly”. No conflicts.

Running IPCONFIG I get:

Ethernet adapter Local Area Connection 3:

Connection – specific DNS Suffix……: lan
IP Address……………………………….: 192.168.1.64
Subnet Mask…………………………….: 255.255.255.0
Default Gateway ……………………….: 192.168.1.254

To send this I’ll have to reboot the router…

———————-

This time, rebooting did not immediately solve the problem. Under connections the adapter is now marked as ‘Limited or no connectivity’. Attempting a repair has the the same result as above, and running IPCONFIG I get:-

Connection – specific DNS Suffix…..:
Autoconfiguration IP Address……….: 169.254.117.176
Subnet Mask…………………………….: 255.255.0.0
Default Gateway ………………………:

(2 blanks). I will try rebooting again – and count to 10 this time!

———————

That worked. Any further tests you can suggest for when it goes down again?

PS How could I establish what firmware I have? And might updating it help?

Thanks.

Now that’s interesting. From what you’re describing there, it sounds like a DHCP problem. Which I have actually experienced on these routers.

What I would suggest trying, is setting your computer to a static IP address. The best way to do this is identify if there are an IP address not being handed out by DHCP on your router. If I had a router to hand I could be more specific.

Essentially somewhere on your router it will say DHCP address range. And its will likely be 192.168.1.1 to 192.168.1.253. If it isn’t for example the range is 192.168.1.1 to 192.168.1.200 then you can safely choose an IP address between 192.168.1.201 and 192.168.1.253 (192.168.1.254 is the router).

Technically, you don’t HAVE to choose an IP address that is outside of your DHCP range, its just good to do that so that it doesn’t try to get assigned elsewhere.

If your DHCP range does cover the whole subnet so 192.168.1.1-192.168.1.253 change one of the numbers at the end. Either change the start range, so it starts at say 192.168.1.10 or change where it ends, maybe to 192.168.1.200.

There is a good chance its already a small-ish subnet.

Once you know what IP address you have you can set about putting it onto your PC as a static address. I’m not sure which version of Windows you are running, I’m assuming you’re running Windows as you’ve used IPCONFIG as a command.

If you google for setting static IP address in Windows {XP/Vista/7 whatever you have} you should find plenty.

Also, set your primary DNS server to be one of plusnets and put your router as the secondary. This might not work, you might need to do it the other way around. You should be able to find plusnets DNS servers assigned on your router on its internet connection settings. If not, let me know and I’ll dig them out for you.

hello Lee, thanks for this, i have found a lot of information which i am going to try on here. searching google i can’t find the info anywhere else. i have the strict NAT problem with the xbox, which is driving me and many others bonkers. i will try the suggestions and the info on how to set up the DMZ may help but failing that, im going to try and get my mate to take my router to Afghanistan when he goes back and blow it up for me!!!!!!

I’m all in favour of you getting your friend to blow it up :)

Hi,

I need some help please, I have a Thomson TG585v7 in the office. I have 2 remote users working from home, I am trying to allow them to work using VPM.

Can the Thomson do this..? I think the Thomson doesnt do VPN tunnels or passthrough?

Could someone let know please.

Thanks

I’m pretty sure that you can connect TO a VPN I just don’t think it does tunneling. I’m sure it cannot host VPNs.

stupid thomson my isp told me to forget it so i got a bridge modem and router and tweaked them up will work much better and give me more management access thats all i need for the company site is to switch it out if they ever let me take down the net for 5 secs (chat junkies) but I am glad i found this site now i can stop looking for interface access methods for the stupid thomson so i can bypass the junkies

Hi Lee ,i have a problem authenticating the default webpage of Thomson Tg585 V7 wireless router . This router has been given for free by a DSL company to subscribe to their services.Now i resetted the router and i am trying to access the page with Administrator and The Password as the Serial number of the router but i can’t . I tried Administrator with no Passowrd and i can not . Could actually the Dsl internet company have changed the factory settings for password and username even if i did reset the router they would be the only one to have it. And is there a way to hack the router.
Best Regard
Jad

I think if you reset the router back to factory defaults its the defaults set by the ISP. It does appear that ISP’s are choosing a variety of passwords for this particular router. I’d do a search for TG585+{ISP Name}+Password in google to see if you can find anything.

As far as I am aware you cannot encrypt your wired connection like you would your wireless connection.

Maybe if you lock it down by MAC address it could work. Try it.

Please is here a potential way to solve my problem? I have got the Thomson TG 585 v7 router too. I would need to set an ethernet encryption (password) the same as to the wireless output to be sure nobody will use my internet access via ethernet.

Is there any reason why I can’t see any devices when I try to use DMZ on my computer? I get “Not assigned and no compatible device found”(PS I’m using static ip on my wireless computer. Also what’s the difference between dynamic NAT and NAT and can I change them in my TG585v7 router?) Thanks for the great job!

Dear. lee,

here i am facing problume to forward port in thomson tg585v7 router. because i need to open port 16001, 16000 etc. how to make . where i put thid port details in my thomson router to open . please help me

This is documented in the documentation. Also, you could try checking out this site:

http://portforward.com/english/routers/port_forwarding/Thomson-Alcatel/TG585v7/default.htm

Cool. Thanks for the comment and additional help. I should really get around to collecting them all in a summary.

I had the same error:
failed to delete interface group from the unknown service access list

I chatted with BeThere support and had to factory reset my router (please backup/write down all of your settings before hand!)

Then I was able to telnet 192.168.1.254 (netw cable direct into router with ip in the 192.168.1.0 range)

I then ran the command: service system
list
this showed me HTTPs
so I ran
ifdelete
name=HTTPs
group=wan
(case sensitive!)
and it accepted the command
saveall
list command again showed it’s in place but it’s just a ghost … when you enable HTTPS server from Application sharing it worked fine

Ive been trying to disable NAT, here’s how I did it:

telnet to the Router, then type:

menu

Then drill through the nat sub menu (using arrow keys and return key to select what you want) then selecting ifconfig, then using the space bar to toggle the interface to the WAN port and using space bar again to toggle NAT mode to disabled and then typing ctrl i allows you to select the OK option underneath and you can save the setting, then returning back thru the menus to the command prompt by hitting ctrl c a few times, and doing a saveall and NAT has gone.

Took me a good few hours though (perhaps because I have a hangover, or then again because this is a HORRIBLE router).

Many thanks to all those who posted here, it was a great help.

Hiya! LOL! I always end up with the problem routers and the problem women! sigh… must be karma.

Heres a quickie Lee if you got any idea.

I have the router pointing to SBS2003 – I can VPN in and remote onto various desktops.

Howver there is one linux box on the network (redhat) and I can ping it from the vpn but i can internally from a macine I remote desktop onto.

Any ideas?

Thanks

G

Hi, I just wanted to add the the above. It would appear that before I replaced the sonicwall with this thomson tg585v7 I could vpn in and remote desktop onto any machine in the office.

It appears now that I can only remote desktop onto the SBS2003 itself. Ive tried editing the firewall and ive checked log files on both the thomson and the SBS2003 but I cant see why I can remote desktop into my main server (which is where the vpn settings point to) but not to any other server on the network!

Damn and blast (and some help please!)

Thanks

G

Hello,

Just to get some background, I’m assuming you’re VPN’ing into your network first, and then trying to remote desktop onto internal machines using their internal IP addresses? Previously I’d be interested to know if this was the same setup, or were several different ports setup for remote desktop. So for example 3389 goes to SBS2003, 3390 goes to desktop1, 3391 goes to desktop2 etc.

I’m also not sure what you mean with regards to your linux box? There doesn’t appear to be a question there.

You don’t give me enough information. As it is listed in many comments here, it could be a number of options depending on your ISP.

please send me the username and password of tg585v7 router they are not accepting administrator username

You would probably be best setting up some custom applications for your poet forwards. If I had access to one I could walk you through it. I often use portforward.com try this page http://www.portforward.com/english/routers/port_forwarding/Thomson-Alcatel/TG585v7/default.htm

Hi Lee
Hellllp! After exhaustive searching i’ve only found your comments re thompson router hell
I use web cams to monitor my terminally ill wife. My old dlink router configure port forwarding no prob.
o2 insist they do not cover help in this area.
I can set up ip cams on lan network and view on lmy pc at home but as ssoon as i log on over the internet – no go.
Tried everything. i’m not a programmer which makes it harder.
Ive checked online to see if the port is open on my satic ip at home and its closed.
Do you think you could post how i configure the Thompson router to open ports 6000 and 6003. or at least point me in the right direction.

Im with o2 and after receivin 3 old black thompson routers they sent me the new one like in your image above.
keithhhhh

Hi Keith,

Depending on the service you use to check if your ports are open, it may by default show them all as being closed.
I also use the TG585v7 on the O2 network, and the community-approved service Shields-Up show all my ports closed. They are NOT closed! They only APPEAR to be closed.

You have already got a Static IP. Good!

Now, use this TG585v7 port forwarding guide as a template, but instead of opening the ports suggested for the game ‘Battlefield 2’, use your own- ie 6000 and 6003.

http://portforward.com/english/routers/port_forwarding/O2/O2-TG585v7/Battlefield_Bad_Company_2.htm

Frankly, that guide isnt brilliantly written, but in conjunction with my attached info it should be enough to get you set up:

You didn’t mention whether the ports should be UDP or TCP.
If you are unsure, simply make each port UDP *and* TCP by selecting ‘any’.

When creating a new rule, stick the port number in all the fields where a number can go:
i.e ‘Port Range’, ‘Port Translate’, ‘Trigger Protocol’ all = 6000, then ‘Add’.
Now do the same for 6003. Add.
Now apply. The rule should save as whatever you named it.
Now you can choose your new rule from ‘Assign a game or application’, to the device at home with the static IP.

Once set up, dont use a port checker to see if it has worked. Get a friend to log in remotely from their computer outside the network, and check whether it works based on performance.

I hope some of this helps. If not, I would recommend registering and posting in the O2 forum. Lots of people there generally respond fairly quickly.

http://forum.o2.co.uk/viewforum.php?f=14

Ash

Hello Lee, and fellow members of the TG585v7-enraged community :)

I cannot configure WoL-WAN (Wake on Internet) to work on my router.

I won’t post my full efforts here, as it is an enormous topic, but I can safely say that I have tried an exhaustive list of things, and have correctly configured the following.

-Create static ARP table on router
-Create Static IP network address
-Forward relative port on router to WoL target IP
-Checked that Subnet Directed Broadcasts are enabled
-Configured PC BIOS to allow wake-up
-Succesfully tested WoL locally (not on internet)

The rest of my saga continues here:
http://forum.o2.co.uk/viewtopic.php?t=50214&start=0

What I am asking for now is information explaining the router traffic generated at the exact moment that the ‘magic packet’ fails.

It always looks like THIS:

[IN]O2_ADSL2-> : 82.xxx.xxx.xx 94.xxx.xxx.xxx 0130 UDP 51692->7
[DR]O2_ADSL2->O2_ADSL2 : 82.xxx.xxx.xx 94.xxx.xxx.xxx 0130 UDP 51692->7 :
error caused by NAT-INPUT

[IN] loop-> : 94.xxx.xxx.xxx 82.xxx.xxx.xx 0072 ICMP
Destination Unreachable (Port Unreacheable)
[DR]loop->O2_ADSL2 : 94.xxx.xxx.xxx 82.xxx.xxx.xx 0072 ICMP
Destination Unreachable (Port Unreacheable) : error caused by NAT-FORW

I am convinced that the secret to whatever is preventing me from Waking on Internet, which other TG585v7 users have done successfully, lies here.

Can anyone help?

It looks like you’re sending the WOL packet from outside the network, is this correct?

I’ve not got this router in my house where I use WOL, my girlfriend still has one but I have nothing to wake on her network. I haven’t been able to use WOL on my home network though but I only spent 5 minutes messing with it. It works fine over WIFI just not externally.

Lee,

That’s correct; A week ago it took me 3 minutes to configure WoL – but the full magic of WoL WAN has eluded me ever since.

Really hope I find a solution!

anyone have “Thomson TG576 v7 and TG585 v7 CLI Reference Guide R7.4 PDF (2.2MB)” ?

Also , when making a new user there’s no menu for password.
there’s “reset password” which changes password to new user name?

Hi, thanks for the comment, I’ve found another copy of the CLI guide and I’ve decided to host it myself to avoid it stopping working again:

https://www.leenukes.co.uk/documents/TG585-v7_CLI_guide_R74.pdf

Hopefully that should help.

Hi Lee,
need to enable remote desktop through tg585 so that i can connect to PC123 that’s behind the router. Have 2 public ip, one on my router, the other I can nat to PC123. port forwarding seems to be a popular suggestion to get remote desktop working. Is it true that with port forwarding, i connect using the IP of my router at port 3389, and the router forwards to connection to the PC123? Can I restrict remote desktop connection with IP, eg only 74.125.79.99 can connect to PC123?

Correct, you will want to forward TCP port 3389 through your router to your PC123. I don’t believe the TG585 router has the ability to filter based on IP address but you should be able to do this on your firewall on your PC.