Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

Topic # 223176 17-Sep-2017 15:49
Send private message quote this post

I would really appreciate some help getting my head around port forwarding and ddns and how to tell if its working or not, or if I've not done something right.

 

 

 

I have a WHS2011 server with a Microsoft live domain (myname.homeserver.com). Its part of the WHS setup, not something that runs anywhere else.

 

I have a website on that server which I can access remotely via myname.homeserver.com:port1.

 

When I was using Unotelly I used the same domain name to keep my IP updated with them and that worked, so I dont think the Live domain is WHS specific.

 

Now I have replicated the website on a NAS which I can access internally. I have put a new forwarding rule in my HG659b.

 

So I have two forwarding rules now, two ports, two different internal devices, both with static IPs.

 

Rule 1 : WHSWEB : PORT1 : WHSIP10

 

Rule 2 : NASWEB : PORT2 : NASIP11

 

(in the HG659b the devices dont appear as IP addresess but as MAC addresses)

 

But I cant the NAS website remotely using myname.homeserver.com:port2. 

 

I'll need to get an alternative DDNS service at some point as the WHS server is being retired, but not until I can get remote access to the NAS working.

 

I have tried substituting myname.homeserver.com with my.external.IP:port2 but still no joy, so that removes the Live domain from the equation right? 

 

The web response is "This site can't be reached. my.external.IP took too long to respond."

 

I dont know if this means the site just could not be found, or it was found but was too slow.

 

Is there anything I have overlooked?

 

 

 

 





Life is too short to remove USB safely.


Create new topic
6683 posts

Uber Geek
+1 received by user: 3057

Moderator
Trusted
Subscriber

  Reply # 1867558 17-Sep-2017 16:30
One person supports this post
Send private message quote this post

I am going to strongly suggest that you don't port forward to the Windows Home Server - support ended last year for this and since then there has been a multitude of IIS exploits that may compromise your server. One way of getting access would be to use a VPN - if you've got a Raspberry Pi handy then there is an excellent app called PiVPN which will achieve this for you.

 

If this is just a general purpose website you could also host this on a Raspberry Pi or similar.

 

This is just me being cautious - I've seen people lose mass data on their NAS devices via cryptolocker-type tools and would rather you don't be another victim to this.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1867605 17-Sep-2017 17:34
Send private message quote this post

@michaelmurphy

 

I am open to better solutions.

 

I dont know anything about RPis, other than I have heard of them.

 

I realise the WHS is the weak point in my setup, which is why am I trying to retire it.

 

I bought a NAS to hold the data, and it can run the website but it's no biggie if something else does, so long as its on 24/7.

 

I have an older Intel Compute Stick but it might be a bit underpowered.

 

I will also need something to do incremental backups of 4 Win10 computers, but that's a battle for another day.





Life is too short to remove USB safely.


 
 
 
 




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1867608 17-Sep-2017 17:41
Send private message quote this post

Do RPi's run Win10, and have ethernet ports?





Life is too short to remove USB safely.


6683 posts

Uber Geek
+1 received by user: 3057

Moderator
Trusted
Subscriber

  Reply # 1867617 17-Sep-2017 18:03
Send private message quote this post

@kiwifidget Raspberry Pi's run Linux mostly. Linux is quite easy to learn and rock solid.

 

What kind of website is it? Feel free to flick me a PM and I may be able to help you out.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1867621 17-Sep-2017 18:18
Send private message quote this post

@MichaelMurphy

 

Thanks for your offer of assistance. Much appreciated.

 

And I may take you up on that.

 

You have put an idea in my head though.

 

I'll put the website on my ICS and see if I have the same issues.

 

It might not be fast, but its just for testing.

 

 





Life is too short to remove USB safely.


384 posts

Ultimate Geek
+1 received by user: 55


  Reply # 1867941 18-Sep-2017 11:20
Send private message quote this post

This won't be a DDNS issue, as long as the hostname resolves to the correct IP, it will either be an HG659 firmware issue or a port problem.

 

Normally when doing a port forward setup and I am having issues I do local testing first to confirm that the services are accessible internally without NAT or PAT being the issue. As it's a website and you now have it running in two places and wish to have it accessible I assume you are running the second webserver on a different port ie 81 or something similar?

 

Can it be reached internally via http://nasaddress:newport - if not then that's your issue. If it is then the next step is to confirm the port forwarding. There are a bunch of online port scan tools available which will tell if the port is open and accepting connections. If the connection is not open then it could be a firmware issue on the HG659, or there is a problem with what you have setup.

 

I generally try and avoid PAT (port address translation ie http://externalip:81 to http:/internalip:80) as I have experienced a bunch of issues with consumer grade devices.

 

 

 

Cheers

 

Matt.




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1868030 18-Sep-2017 13:50
Send private message quote this post

@mattmannz

 

Yes, the website has a different port on each device.

 

I can access the websites fine within my network. 

 

I went to setup the Compute Stick but it started doing a big windows update, so thats out of service for a few days.

 

My rules have the same port number on each side.

 

So externalip:9090 goes to WHS:9090, and externalip:9095 should go to NAS:9095.

 

Both the WHS and NAS sites have a login screen before accessing the site.

 

I am using MXTool with my external IP to check the ports.

 

The externalip:9090 connects successfully with MXTool but the externalip:9095 does not.

 

I get this response from MXTools : The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

 





Life is too short to remove USB safely.


536 posts

Ultimate Geek
+1 received by user: 202

Subscriber

  Reply # 1868042 18-Sep-2017 14:09
Send private message quote this post

kiwifidget:

 

The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

Perhaps the NAS is expecting different host headers? (I assume the URL is different when you are accessing it on the lan?)

 

 










1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1868061 18-Sep-2017 14:30
Send private message quote this post

@gbwelly

 

 

 

Its not really different.

 

Internally its just internalip:9095 , and externally externalip:9095.

 

I cant use my browser to access the external address because my HG659b doesnt allow it.

 

My old TP-Link ADSL router did, but not this one VF gave me for fibre.

 

So can only test using the MXTool.

 

I have to leave the house and go to the library to test with my browser.





Life is too short to remove USB safely.


25 posts

Geek
+1 received by user: 3


  Reply # 1868150 18-Sep-2017 16:48
Send private message quote this post

 

The externalip:9090 connects successfully with MXTool but the externalip:9095 does not.

 

I get this response from MXTools : The remote server returned an error: (401) Unauthorized.

 

What would this error indicate?

 

 

 

NAS probably has it's own firewall, and may be rejecting a connection attempt from outside your LAN?

 

 




1224 posts

Uber Geek
+1 received by user: 272

Subscriber

  Reply # 1870743 22-Sep-2017 09:48
One person supports this post
Send private message quote this post

Because you've probably all been wondering, I've got it all working now.

 

I was at a friends place when I decided to try it out from there, and it just worked.

 

So I think something to do with the library wifi was blocking it.

 

Thanks everyone for your help.

 

Now onto project two : setting up a RPi3, so exciting!





Life is too short to remove USB safely.


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone TV — television in the cloud
Posted 17-Oct-2017 19:29


Nokia 8 review: Classy midrange pure Android phone
Posted 16-Oct-2017 07:27


Why carriers might want to embrace Commerce Commission study, MVNOs
Posted 13-Oct-2017 09:42


Fitbit launches Ionic, its health and fitness smartwatch
Posted 12-Oct-2017 15:52


Xero launches machine learning automation to improve coding accuracy for small businesses
Posted 12-Oct-2017 15:45


Bank of New Zealand uses Intel AI to detect financial crime
Posted 12-Oct-2017 15:39


Sony launches Xperia XZ1, a smartphone with real-time 3D capture
Posted 11-Oct-2017 10:26


Notes on Nokia’s phone comeback
Posted 10-Oct-2017 10:06


Air New Zealand begins Inflight Wi-Fi rollout
Posted 9-Oct-2017 20:16


The latest mobile phones in perspective
Posted 9-Oct-2017 18:34


Review: Acronis True Image 2018 — serious backup
Posted 8-Oct-2017 11:22


Lenovo launches ThinkPad Anniversary Edition 25
Posted 7-Oct-2017 23:16


Less fone, more tech as Vodafone gets brand make-over
Posted 6-Oct-2017 08:16


API Talent Achieves AWS MSP Partner Status
Posted 5-Oct-2017 21:20


Stellar Consulting Group now a Domo Partner
Posted 5-Oct-2017 21:03



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.