Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsLAN (ethernet/Wifi/routers/Bluetooth)Trouble shooting forwarding/ddns issues...


1449 posts

Uber Geek
+1 received by user: 317

Subscriber

Topic # 223176 17-Sep-2017 15:49
Send private message

I would really appreciate some help getting my head around port forwarding and ddns and how to tell if its working or not, or if I've not done something right.

 

 

 

I have a WHS2011 server with a Microsoft live domain (myname.homeserver.com). Its part of the WHS setup, not something that runs anywhere else.

 

I have a website on that server which I can access remotely via myname.homeserver.com:port1.

 

When I was using Unotelly I used the same domain name to keep my IP updated with them and that worked, so I dont think the Live domain is WHS specific.

 

Now I have replicated the website on a NAS which I can access internally. I have put a new forwarding rule in my HG659b.

 

So I have two forwarding rules now, two ports, two different internal devices, both with static IPs.

 

Rule 1 : WHSWEB : PORT1 : WHSIP10

 

Rule 2 : NASWEB : PORT2 : NASIP11

 

(in the HG659b the devices dont appear as IP addresess but as MAC addresses)

 

But I cant the NAS website remotely using myname.homeserver.com:port2. 

 

I'll need to get an alternative DDNS service at some point as the WHS server is being retired, but not until I can get remote access to the NAS working.

 

I have tried substituting myname.homeserver.com with my.external.IP:port2 but still no joy, so that removes the Live domain from the equation right? 

 

The web response is "This site can't be reached. my.external.IP took too long to respond."

 

I dont know if this means the site just could not be found, or it was found but was too slow.

 

Is there anything I have overlooked?

 

 

 

 




Life is too short to remove USB safely.

Create new topic
Meow
8020 posts

Uber Geek
+1 received by user: 4006

Moderator
Trusted
Lifetime subscriber

  Reply # 1867558 17-Sep-2017 16:30
One person supports this post
Send private message

I am going to strongly suggest that you don't port forward to the Windows Home Server - support ended last year for this and since then there has been a multitude of IIS exploits that may compromise your server. One way of getting access would be to use a VPN - if you've got a Raspberry Pi handy then there is an excellent app called PiVPN which will achieve this for you.

 

If this is just a general purpose website you could also host this on a Raspberry Pi or similar.

 

This is just me being cautious - I've seen people lose mass data on their NAS devices via cryptolocker-type tools and would rather you don't be another victim to this.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1867605 17-Sep-2017 17:34
Send private message

@michaelmurphy

 

I am open to better solutions.

 

I dont know anything about RPis, other than I have heard of them.

 

I realise the WHS is the weak point in my setup, which is why am I trying to retire it.

 

I bought a NAS to hold the data, and it can run the website but it's no biggie if something else does, so long as its on 24/7.

 

I have an older Intel Compute Stick but it might be a bit underpowered.

 

I will also need something to do incremental backups of 4 Win10 computers, but that's a battle for another day.




Life is too short to remove USB safely.



1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1867608 17-Sep-2017 17:41
Send private message

Do RPi's run Win10, and have ethernet ports?




Life is too short to remove USB safely.

Meow
8020 posts

Uber Geek
+1 received by user: 4006

Moderator
Trusted
Lifetime subscriber

  Reply # 1867617 17-Sep-2017 18:03
Send private message

@kiwifidget Raspberry Pi's run Linux mostly. Linux is quite easy to learn and rock solid.

 

What kind of website is it? Feel free to flick me a PM and I may be able to help you out.




Michael Murphy | https://murfy.nz
A quick guide to picking the right ISP | The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial



1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1867621 17-Sep-2017 18:18
Send private message

@MichaelMurphy

 

Thanks for your offer of assistance. Much appreciated.

 

And I may take you up on that.

 

You have put an idea in my head though.

 

I'll put the website on my ICS and see if I have the same issues.

 

It might not be fast, but its just for testing.

 

 




Life is too short to remove USB safely.

448 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1867941 18-Sep-2017 11:20
Send private message

This won't be a DDNS issue, as long as the hostname resolves to the correct IP, it will either be an HG659 firmware issue or a port problem.

 

Normally when doing a port forward setup and I am having issues I do local testing first to confirm that the services are accessible internally without NAT or PAT being the issue. As it's a website and you now have it running in two places and wish to have it accessible I assume you are running the second webserver on a different port ie 81 or something similar?

 

Can it be reached internally via http://nasaddress:newport - if not then that's your issue. If it is then the next step is to confirm the port forwarding. There are a bunch of online port scan tools available which will tell if the port is open and accepting connections. If the connection is not open then it could be a firmware issue on the HG659, or there is a problem with what you have setup.

 

I generally try and avoid PAT (port address translation ie http://externalip:81 to http:/internalip:80) as I have experienced a bunch of issues with consumer grade devices.

 

 

 

Cheers

 

Matt.



1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1868030 18-Sep-2017 13:50
Send private message

@mattmannz

 

Yes, the website has a different port on each device.

 

I can access the websites fine within my network. 

 

I went to setup the Compute Stick but it started doing a big windows update, so thats out of service for a few days.

 

My rules have the same port number on each side.

 

So externalip:9090 goes to WHS:9090, and externalip:9095 should go to NAS:9095.

 

Both the WHS and NAS sites have a login screen before accessing the site.

 

I am using MXTool with my external IP to check the ports.

 

The externalip:9090 connects successfully with MXTool but the externalip:9095 does not.

 

I get this response from MXTools : The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

 




Life is too short to remove USB safely.

722 posts

Ultimate Geek
+1 received by user: 300

Subscriber

  Reply # 1868042 18-Sep-2017 14:09
Send private message

kiwifidget:

 

The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

Perhaps the NAS is expecting different host headers? (I assume the URL is different when you are accessing it on the lan?)

 

 









1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1868061 18-Sep-2017 14:30
Send private message

@gbwelly

 

 

 

Its not really different.

 

Internally its just internalip:9095 , and externally externalip:9095.

 

I cant use my browser to access the external address because my HG659b doesnt allow it.

 

My old TP-Link ADSL router did, but not this one VF gave me for fibre.

 

So can only test using the MXTool.

 

I have to leave the house and go to the library to test with my browser.




Life is too short to remove USB safely.

64 posts

Master Geek
+1 received by user: 11


  Reply # 1868150 18-Sep-2017 16:48
Send private message

 

The externalip:9090 connects successfully with MXTool but the externalip:9095 does not.

 

I get this response from MXTools : The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

NAS probably has it's own firewall, and may be rejecting a connection attempt from outside your LAN?

 

 



1449 posts

Uber Geek
+1 received by user: 317

Subscriber

  Reply # 1870743 22-Sep-2017 09:48
One person supports this post
Send private message

Because you've probably all been wondering, I've got it all working now.

 

I was at a friends place when I decided to try it out from there, and it just worked.

 

So I think something to do with the library wifi was blocking it.

 

Thanks everyone for your help.

 

Now onto project two : setting up a RPi3, so exciting!




Life is too short to remove USB safely.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.