6

I have an Ubuntu 12.10 server installed and have a static IP from my ISP. Pinging the IP results in success. I also have a Huawei Echo-Life HG-521 modem. I setup port forwarding with instruction from this site. I also checked this with the guys at Huawei. The problem is that when I enter my static IP in the browser, I always get stuck at the modem/router login interface.

Going to the IP address assigned to my Ubuntu server (on my network) I can see that nginx serves pages correctly. Another thing is that getting my modem/router interface is only possible via my local network. I asked a friend to try my static IP but he said he got a blank page. I think this means that the gateway is not accessible from the outside world.

Any idea why I might be having this problem? How should I troubleshoot this?

rendekarf
  • 61
  • 1
  • 4
  • Good first question. Couple of ideas. Try temporarily disabling iptables if it's enabled. Also if you go to https://www.grc.com/ and use the ShieldsUP! service under services to see what ports you have open. – slm Dec 23 '12 at 03:09
  • Port forwarding only affects connections from outside your LAN. You can't test it from inside your LAN. – David Schwartz Dec 23 '12 at 03:35
  • @DavidSchwartz Are you saying that in all cases, someone on the LAN side of a modem/router who tries to access a WAN socket will not have port forwarding rules applied to them? – Wesley Dec 23 '12 at 05:51
  • @slm I tried grc.com and got the following lines for ports 22 and 80: `22|SSH|Closed|Your computer has responded that this port exists but is currently closed to connections.` `80|HTTP|Stealth|There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!` – rendekarf Dec 23 '12 at 13:32
  • @WesleyDavid: Yes. Port forwarding can only work from the outside in. You need hairpin NAT (a form of dual NAT) to reflect a local connection to a local service. See [this answer](http://serverfault.com/a/408280/91987) for the gory details (this addresses the case where it's the same machine, but it's substantially the same for another machine on the same LAN -- the server gets a reply with the local IP address and rejects it). – David Schwartz Dec 23 '12 at 16:16

2 Answers2

1

You never say which external port you are forwarding to the Ubuntu server, and you also never say what port your Ubuntu web server is running on. I'm going to assume port 80 and/or 443 for both cases.

It is highly likely that, in spite of port forwarding rules, the modem's web management page is parked on port 80 and intercepts traffic before forwarding rules take place. I have seen this exact scenario in lower end routers and modems. You will likely need to change the management port for the modem to something other than port 80. Port 8080 is a popular alternative.

Wesley
  • 32,690
  • 9
  • 82
  • 117
  • When I go to my router's interface to set for example port 80 to be forwarded to my internal server ip, I get an alert box that says I should be using port 8080 to access the router's interface next time. Also, while setting port 22 for ssh, a similar box appears and tells me to use port 2222 next time I'd like to access the gateway's ssh server. Plus when I called the tech support the guy said forwarding the ports is enough. – rendekarf Dec 23 '12 at 12:31
  • @Wesley, how to change modem's port 80 ito 8080? – Shahid Karimi Nov 10 '20 at 21:02
0

You have 2 different issues. I will address them on by one.

For easy reading, lets make some assumptions

Router external IP : xxx.xxx.xxx.xxx
Router internal IP : 192.168.0.1
Server IP          : 192.168.0.10
Your Desktop IP    : 192.168.0.100

Issue 1 - Accessing internal site through router port forwarding

This is a common issue not only for home office setup, but many small to medium office too.

In this case, port 80 (for web traffic) is suppose to be forwarded from router to 192.168.0.10. However, as the router configuration web interface is also on port 80. It become a conflict.

The first step will be login to router interface, and change the interface to use another port, eg. 8000.

That will remove the conflict on port 80 for the router internal interface. You should (not 100%) be able to access your sever through your router internal IP (http://192.168.0.1 or http://xxx.xxx.xxx.xxx).

That is assuming your port forwarding rule is correct and active.

PS: There is a slight possibility that even port forwarding is correctly setup, and you are still not able to access your server through router from internal network. In that case, the router lack, or need additional configuration for, port reflection. Hope this is not your case.

Issue 2 - Port Forwarding and External Access

Ping failed from external may not be a real issue, as many router/modem are set to ignore ping by default. That can be change from the web interface.

Fail to access your web server from external IP has multiple possibilities

  • The external IP is wonrg. For quick verification, from your internal desktop, go to http://whatismyip.com .
  • The port forwarding rule is inactive due to issue 1
  • The port forwarding rule was not setup, or setup wrong. Check the rule in the router web interface.

PS: Update the question with router model if you want some help or pointer for configuring it through web interface.

Configure Port Forwarding

I checked the portforward.com link of OP. And also the offical manual. Since the later does not have information on port forwarding at all. I have to rely on screen shot from the site.

Port Forwarding config should be as follow

Type: Customization
Interface: <See (1) below>
Remote Host: <I believe it should be leave empty>
External Start Port: 80
External End Port: 80
Internal Host: 192.168.0.10
Internal Port: 80
Mapping Name: Seerver-Ext80

(1) I believe one rule is needed for each interface (internal/external). If in doubt, update question with list of interface name.

John Siu
  • 3,667
  • 2
  • 17
  • 23
  • I have updated my question with the router model as you recommended. Firstly, I can access my site via 192.168.0.10 (using your terminology), internal ip. I am pretty sure the port forwarding rules are set correctly (I set them under a supervising tech support). Also the static ip is set correctly too, because when I type into the address bar it takes me directly to the modem interface. I can also confirm this via (whatismyip.com). About issue #1, I added a comment to WesleyDavid's answer. – rendekarf Dec 23 '12 at 13:27
  • Updated with Configure Port Forwarding. – John Siu Dec 25 '12 at 04:11