22-12-2016 05:58 PM
Quite a technical one this..
I've a web-server and a webcam running within my home network which is setup and is accessible fine from outside with port forwarding setup on the router.
If i access the webserver from inside using, say, 192.168.1.20.. it works fine.
If I access the webserver from inside usine the external IP address using, say, 220.127.116.11 (for example) it doesn't work
If I access the webserver from outside usine the external IP address using, say, 18.104.22.168 (for example) it does work.
Basically, the router doesn't re-direct external ip addresses towards the WAN side of the router itself. I'm not sure if it gets thrown outside on the WAN side and gets lost, or the router blocks it and therefore it doesn't get translated by the port mapping. I've done a trace route which doesn't show that it leaves the network, and I can ping the external IP just fine.
My thoughts are that the port mapping doesn't pick it up.
Quite annoying since the only way I can check the status of the network is to access it from another connection... Has anyone come across this or can think of something I can't?
Tried adding it to the DMZ and turning off the firewall.. no help.
Solved! See best answer
14-03-2017 08:00 PM
23-12-2016 06:57 AM
I think you have identified the issue. I used to have an old D-Link router that had the same problem. After some testing I could confirm that the request never left the internal network and so the port forwarding never triggered. I just used to get the router login screen. I can't be sure as I don't have the VF router but I would hazard a guess it's a similar problem, as you have already summised.
Other than running an internal DNS server I can't think how else to fix it using IP's
Again, I don't know for sure but I would think DDNS would work in your scenario. Rather than looking for IP's, use a hostname and your DNS query will go to the WAN side and should then redirect back to your router's WAN connection.
23-12-2016 04:20 PM - edited 23-12-2016 04:25 PM
@Makelo, very kind of you to suggest and I agree, I think an internal DNS server could help, though I think it would deminish the network somewhat if everything routed through there first. I've done quite a bit of digging using the pcap and it seems that there are 2 things going on.
1) there is a NAT happening which translates the internal ip to the external IP, the router then forwards that onto the internal webserver - so that's that sorted, it does NAT properly.
2) the web server replies back to the router then the router freaks out and kills the TCP connection - it's the router having a bug.
I've attached the PCAP files which I viewed in wireshark. There are two files in the zip with DMZ enabled and then disabled - it doens't make a difference as you'll be able to see. The website i'm trying to visit is http://mouse.dc43.co.uk (that's the one that appears in the PCAP files), the process is.
>DNS query from laptop, to router (and then to WAN DNS servers)
>DNS response from WAN servers, to the router and then back to my laptop - it returns the external (WAN) IP of the router like it should - so far, so good.
>TCP connection from laptop initiated to WAN IP (to router) - as it should.
>Router converts it into the internal address and forwards it to the webserver, pretending the packet came from the WAN IP - great, that means port forwarding IS working.. good good.
>webserver replies back to the router's WAN address because that's where the packet appears to have come from (which is correct, the router doesn't change IP addresses because my laptop is looking for a response from the WAN IP, not the internal address) - this is all great.. perfect up to thispoint.
>the router then FREAKS OUT and kills the TCP connection with the webserver, by issuing a RST flag - this is bad, very bad, it shouldn't do this.
>The webserver backs off as it should do and ends communication, my laptop still waits for a packet that is never going to come.. thus it just hangs.
I've tried this with a webcam too, and it all worked fine on my previous Linksys modem, it's a firmware fault with the modem.
@Rahim, how do we go about raising this to the firmware developers. Whilst this might not be a large problem for the home customer base, this IS a fault in the firmware which might be causing other problems all over the place. I'd be surprised if it doesn't become a problem with many people wanting to use home servers like webcams, Hive, Nest etc..If it's not a problem now, it will be.
@Makelo, If you're interested in looking at the PCAP files, i've attached them - i use wireshark portable to view them - saves on the full install. @Rahim, this should definitely be passed on, not many customers would have a clue how to capture this information and this could be a fauolt that the technical team might not be able to recreate - this is how firmware gets improved after all.
14-03-2017 08:00 PM
© 2017 Vodafone Limited. Registered office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN.
Registered in England No 1471587.