Jump to content

[Solved] v6.8.2 - Unable to access server using port-forwarding

oko2708

By oko2708
in General Support

Recommended Posts

oko2708 Rookie

oko2708

Posted
Posted (edited)

Hello,

 

I am trying to set up a reverse proxy and would like to be able to access some containers externally using port-forwarding. However I somehow can't access the server or any of my containers.

 

I have verified that my port-forwarding is set up correctly by:

- Forwarding port 80:80 to a local computer and running an nginx test server on port 80

- Forwarding port 80:81 to a local computer and running an nginx test server on port 81

 

In both cases I was able to access the nginx server both from inside and from outside my network on port 80.

 

However, when I the swapped out the IP of my computer for that of the server, I was unable to reach the nginx container running on the server.

 

My container is configured as follows:

(This is a clean nginx container that is only being used to verify that the port-forwarding is working correctly.)

d457080f95.png

 

I've also tried using different ports than 81 and 444 without success (while updating the port-forwarding rules accordingly) as well as pointing to port 80 on the server instead of port 81, which should be the UnRaid GUI, but I was unable to access this as well. 

 

There are no other forwarding rules that accept traffic on port 80 and 443 other than the one I just created.

 

What could be the issue here?

Edited by oko2708
Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted

Then what else could cause this? The wired connection to my pc and to the server are both identical. Modem/router (with DHCP) > Switch > PC/UnRaid.

 

I am not sure how I can test what is causing the issue. As I explained before the portforwarding rules are configured correctly, which means it has to be an unraid related problem. Since I cannot even connect to the UnRaid GUI this is probably not related to docker, because the OS itsself obviously isn't in a container.

 

So I suspect that the OS is somehow blocking external connections, but I have no idea what causes that or which settings could be related to this problem.

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted

The router does not specifically know that the server is on 192.168.2.10, however the router is configured to only hand out ip addresses in the range of 192.168.2.50 to 192.168.2.255 (the first 50 being reserved for devices that require a static ip). The UnRaid server is the only device requesting 192.168.2.10.

Link to comment
Chess Apprentice

Chess

Posted
Posted
1 hour ago, oko2708 said:

I've tried connecting to the server using my external IP both from inside as well as from outside the network. After both attempts failed I downloaded the diagnostics and attached them to this post.

tower-diagnostics-20200206-1518.zip 88.18 kB · 2 downloads

 

I've gone through the thread here and based on the above it sounds like the port is closed on your router. Did you setup a NAT/Port Forwarding rule in your router to allow traffic from these ports into your network and then onto the unRaid IP? What router/firewall are you using, and what does the your port forwarding rule look like? Another thing to look at, a lot of ISP (almost all here in Canada) block port 80 inbound. That you could not even get to the unraid web console kind of points to something along that line. Go to the below website and put in your ip (or domain name) and the ports you think should be open and see if they come back open or closed. Then we can go from there to see where to look next.

 

https://www.yougetsignal.com/tools/open-ports/

 

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
8 minutes ago, Frank1940 said:

As you can see your server has Internet access and appears to be working properly.  I would suggest that you now post about your problem in the Support thread for the Docker container that you are using.

Thanks for all your help so far, but I don't think this is related to a single container, I am unable to to reach any of my containers from outside my network.

 

I tried sonarr, nginx and letsencrypt but none of them are working. I can't even access to UnRaid GUI from outside my network even though port 80 is open and being forwarded to the UnRaid server on 192.168.2.10.

 

Link to comment
trurl Grand Master

trurl

Posted
Posted
1 minute ago, oko2708 said:

I can't even access to UnRaid GUI from outside my network even though port 80 is open and being forwarded to the UnRaid server on 192.168.2.10.

Don't do this. It may not be working for you for some unknown reason but it might be working for someone else you don't want.

  • Like 1
Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
3 minutes ago, Chess said:

 

I've gone through the thread here and based on the above it sounds like the port is closed on your router. Did you setup a NAT/Port Forwarding rule in your router to allow traffic from these ports into your network and then onto the unRaid IP? What router/firewall are you using, and what does the your port forwarding rule look like? Another thing to look at, a lot of ISP (almost all here in Canada) block port 80 inbound. That you could not even get to the unraid web console kind of points to something along that line. Go to the below website and put in your ip (or domain name) and the ports you think should be open and see if they come back open or closed. Then we can go from there to see where to look next.

 

https://www.yougetsignal.com/tools/open-ports/

 

I can confirm that my ISP is not blocking port 80 since I am able to access the nginx server just fine when I run it on my PC instead of on the server.

 

I am using a ZTE H369A as modem/router.

 

I currently have it configured to forward port 80 to port 81 and port 443 to port 444 on the server:

09af9b8094.png

image.png.9ef16e4ddc512234c305c579b5ddb9ad.png

 

On yougetsignal it is showing that my port is closed however. I am unsure if that means that it is actually closed or that it just can't find anything running on that port.

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
5 minutes ago, trurl said:

Don't do this. It may not be working for you for some unknown reason but it might be working for someone else you don't want.

I know it's not a good idea to do this. I just tried it to see if I could get it to work, because if it did it would've narrowed the issue down to docker, but since this also isn't working it makes me think something else is the problem.

Link to comment
Chess Apprentice

Chess

Posted
Posted
1 minute ago, oko2708 said:

I can confirm that my ISP is not blocking port 80 since I am able to access the nginx server just fine when I run it on my PC instead of on the server.

 

I am using a ZTE H369A as modem/router.

 

I currently have it configured to forward port 80 to port 81 and port 443 to port 444 on the server:

09af9b8094.png

image.png.9ef16e4ddc512234c305c579b5ddb9ad.png

 

On yougetsignal it is showing that my port is closed however. I am unsure if that means that it is actually closed or that it just can't find anything running on that port.

 

 

Oh, you are using the LetsEncrypt container? I believe it has to have port 80 mapped to it to work and you can't use a different port or the docker will not work. Try this, spin up a nginx docker (without LetsEncrypt) and see if you get that the port is open. If that is still showing closed, switch the port forward rule back to your PC and lets see if it shows the port open with nginx running there.

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
6 minutes ago, itimpi said:

Maybe another solution is to set up WireGuard VPN on your Unraid server and access it via that?    As well as being more secure your port forwarding gets much simpler as the only port to forward in such a case is the one used for WireGuard.   

I have been think about this, however I haven't looking much into this yet. 

 

My goals are to be able to access plex, sonarr, radarr, bazarr and transmission over the internet. Which I guess should be fine over a VPN. But I also want to run a small minecraft server which I don't think you want running over a VPN (I may be wrong).

 

The most important thing is that I don't want to expose my actual IP-Address, which I wanted to achieve using a reverse proxy with my own domain and having cloudflare sitting in the middle. 

Link to comment
Chess Apprentice

Chess

Posted
Posted
Just now, oko2708 said:

My goals are to be able to access plex, sonarr, radarr, bazarr and transmission over the internet. Which I guess should be fine over a VPN. But I also want to run a small minecraft server which I don't think you want running over a VPN (I may be wrong).

 

I do this, but am using the Traifk docker instead as my ISP blocks port 80. I don't expose unRaid's web console to the outside world.

 

As for the minecraft server, I do have one exposed to the internet, but I don't use the reverse proxy to expose it. Maybe I should look into that.

 

2 minutes ago, oko2708 said:

The most important thing is that I don't want to expose my actual IP-Address, which I wanted to achieve using a reverse proxy with my own domain and having cloudflare sitting in the middle.

 

Well, I believe even doing this your IP can be determined, but I don't use cloudflare.

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
3 minutes ago, Chess said:

 

 

Oh, you are using the LetsEncrypt container? I believe it has to have port 80 mapped to it to work and you can't use a different port or the docker will not work. Try this, spin up a nginx docker (without LetsEncrypt) and see if you get that the port is open. If that is still showing closed, switch the port forward rule back to your PC and lets see if it shows the port open with nginx running there.

Ahh I realize this is confusing. Let me explain.

 

Initially I tried running the letsencrypt container, but this didn't work, so I did exactly as you said. I shut down letsencrypt and got a plain nginx container running on the same ports. (To test if the portforwarding was working, which It still didn't.)

 

So while it says letsencrypt it is currently pointing to the plain nginx container. The name of the forwarding rule doesn't matter in the router.

 

It currently looks like this:

c2991fbc6d.png

 

I followed this guide: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

 

On my PC I can't get nginx to run just fine and I am also able to access it from outside my network, when forwarding port 80 to my PC. (I of course remove this rule, while experimenting with the nginx docker)

Link to comment
Chess Apprentice

Chess

Posted
Posted (edited)
14 minutes ago, oko2708 said:

Ahh I realize this is confusing. Let me explain.

 

No worries. If I missed that in the thread I apologize. 

 

14 minutes ago, oko2708 said:

 

c2991fbc6d.png

 

I followed this guide: https://blog.linuxserver.io/2019/07/10/troubleshooting-letsencrypt-image-port-mapping-and-forwarding/

 

On my PC I can't get nginx to run just fine and I am also able to access it from outside my network, when forwarding port 80 to my PC. (I of course remove this rule, while experimenting with the nginx docker)

 

Ok, so with nginx running right now what happens when you try to access the default page from inside your network? 

 

That is I think the page I checked out when I had trouble. Alas for me, with port 80 closed inbound I had to use something different.

 

First off, I see that letsencrypt container is setup wrong according to the page you send me. You have to forward port 80 on your firewall to the unraid IP port 81, then docker needs to point port 81 to port 80. Same for port 443/444. Send port 443 on your firewall to port 444 on unraid, then point port 444 to 443 for the docker. Go back and look at the picture on that guide. 

 

"Sometimes, using ports 80 or 443 on the docker host may not be possible due to the host system's gui taking up those ports (ie. Unraid, QNAP, etc.). In those cases, we can go through different ports on the host as long as the outside (wan) ports and the container ports are 80 and 443. For instance, it is OK to forward port 80 on the router to port 81 on the docker host, and map port 81 to port 80 in docker run/create or compose (-p 81:80). That way the docker host port 80 is not needed, but the requests from the internet at port 80 still end up at port 80 inside the container."

Edited by Chess
Spelling
Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
3 minutes ago, Chess said:

 

No worries. If I missed that in the thread I apologize. 

 

 

Ok, so with nginx running right now what happens when you try to access the default page from inside your network? 

 

That is I think the page I checked out when I had trouble. Alas for me, with port 80 closed inbound I had to get use something different.

 

First off, I see that letsencrypt container is setup wrong according to the page you send me. You have to forward port 80 on your firewall to the unraid IP port 81, then docker needs to point port 81 to port 80. Same for port 443/444. Send port 443 on your firewall to port 444 on unraid, then point port 444 to 443 for the docker. Go back and look at the picture on that guide. 

 

"Sometimes, using ports 80 or 443 on the docker host may not be possible due to the host system's gui taking up those ports (ie. Unraid, QNAP, etc.). In those cases, we can go through different ports on the host as long as the outside (wan) ports and the container ports are 80 and 443. For instance, it is OK to forward port 80 on the router to port 81 on the docker host, and map port 81 to port 80 in docker run/create or compose (-p 81:80). That way the docker host port 80 is not needed, but the requests from the internet at port 80 still end up at port 80 inside the container."

When accessing the plain nginx container locally on port 81 it goes to the nginx "hello world" page, which is the expected behavior.

 

I just noticed too that the letsencrypt container is not configured correctly. I am pretty sure this wasn't the case before. I am also unable to change it now. (as you can see the container port is greyed out). Nevertheless, this is a secondary concern. The main issue right now it that I can't get the port-forwarding to work on the plain nginx container (if it works on that one, it will probably also work on the others if they are configured correctly)

image.png.53642172a228b5d0a0e9067c43023500.png

 

I also know that I can't port-forward port 80 directly, since the unraid GUI runs on port 80, which is why I forwarded port 80 on the router to port 81 on the server.

Link to comment
Chess Apprentice

Chess

Posted
Posted
1 minute ago, oko2708 said:

When accessing the plain nginx container locally on port 81 it goes to the nginx "hello world" page, which is the expected behavior.

 

Ok, that tells us that it is working internally. 

 

How about this... Add port a port forward for port 81 to your firewall, pointed to the unraid IP. Then test the port using the port testing page I sent to you earlier. If you want, PM me ether the url you are using or IP and I can test to see what I am getting from my connections.

 

4 minutes ago, oko2708 said:

I also know that I can't port-forward port 80 directly, since the unraid GUI runs on port 80, which is why I forwarded port 80 on the router to port 81 on the server

 

Not 100% true. I run my unraid web consoles on non-standard ports, so I can keep my port forward rules cleaner. When the day comes that Telus opens up port 80 to residential connections, I'll be ready.

Link to comment
oko2708 Rookie

oko2708

Posted
  • Author
Posted
21 minutes ago, Chess said:

How about this... Add port a port forward for port 81 to your firewall, pointed to the unraid IP. Then test the port using the port testing page I sent to you earlier. If you want, PM me ether the url you are using or IP and I can test to see what I am getting from my connections.

 

I tried this, but it doesn't work.

 

I have changed my portforwarding rules to this:

image.png.1ab58685f79354a25455344bb1d8c181.png

 

When forwarding to my PC:

image.png.93f428ba9fbeac135f090af95854a7d6.png

Port 81 (changed nginx config to also listen on 81) shows as open and I am able to reach the nginx server from outside my network.

 

When forwarding to the UnRaid server:

image.png.830ea3e639046f048ad15d91b282018f.png

Port 81 shows as closed and I am NOT able to reach the nginx server from outside my network.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...