Port forwarding only works seen from outside my local network?
sleoj
Enthusiast - Level 1

I have a new Fios Home router (the white can). I set up port forwarding for SSH and HTTPS. I also have dynamic DNS set up with no-ip.

From anywhere outside my local network, like my phone when I’m away or at work, I can SSH or browse to the DDNS server name and I connect to the computer being forwarded to at home. All is well.

The moment I’m at home on the local network, the exact same thing fails. Any attempts to connect via the DDNS server name fail with what looks like a timeout awaiting a response. But I can still connect by internal IP address (192.168.1.xxx) to that computer.

Has anyone else seen this or fixed this? It feels to me like there’s a bug in the router firmware.

0 Likes
1 Solution

Correct answers
Re: Port forwarding only works seen from outside my local network?
smith6612
Community Leader
Community Leader

It sounds like NAT Hairpinning is not set up on the router.

Try this if you only need this to work for one device. Log into the router's web Interface, go to Advanced, and then open the DNS Settings section. See if you can add in a Static DNS entry for the computer you have these ports forwarded to. You'd add your Dynamic DNS name in as the hostname and your computer's internal IP address in for the address / A record.

Disclaimer: I do not have a G3100 to play with. If this is not possible, let me know!

View solution in original post

Re: Port forwarding only works seen from outside my local network?
smith6612
Community Leader
Community Leader

It sounds like NAT Hairpinning is not set up on the router.

Try this if you only need this to work for one device. Log into the router's web Interface, go to Advanced, and then open the DNS Settings section. See if you can add in a Static DNS entry for the computer you have these ports forwarded to. You'd add your Dynamic DNS name in as the hostname and your computer's internal IP address in for the address / A record.

Disclaimer: I do not have a G3100 to play with. If this is not possible, let me know!

Re: Port forwarding only works seen from outside my local network?
sleoj
Enthusiast - Level 1

Thanks for the suggestion. That worked for me!

It still feels though like this is some kind of bug, though. To my recollection, I don’t recall doing that on the old Quantum Gateway router that this replaced. I could be wrong though...

Re: Port forwarding only works seen from outside my local network?
mhennessie
Newbie

I just upgraded to the G3100 router today and I am having this exact same issue. I have tried adding the hostname to the DNS server records and it is still not working. I have no issues connecting from my phone on cellular but resolving the hostname when on the local network it is still not working. Never had this issue on using the quantum gateway router.

0 Likes
Re: Port forwarding only works seen from outside my local network?
mhennessie
Newbie

Digging more into this the router just appears to refuse any connection that loops back to it. That includes records in the DNS Server settings. Setting test.com to point to Google's IP address works fine but setting test.com to point to a local device IP results in a connection refused. Using that same local device IP directly, pulls up its web interface. Same result when using a Dynamic DNS service like no-ip.com. When connecting externally everything works fine but on the local network the host name results in connection refused because it is looping back.

0 Likes
Re: Port forwarding only works seen from outside my local network?
dslr595148
Community Leader
Community Leader

Ok. This is a reply to all.

#1 Get a domain name. This means for example use the service no-ip.com

#2 You need to setup a LAN Static IP some how. This means either manually or telling the router to give out the same IP Address to this given computer.

For example of the non manual way. If my Hardware/MAC/Pysical Address is 00:00:00:00:AA:A0, I would tell the router to handle out to 00:00:00:00:AA:A0 192.168.1.9

#3 On the computer(s) that are behind the router, you need to find and edit something called the HOST File. The location of this file varies based upon the OS. As need be see, https://en.wikipedia.org/wiki/Hosts_(file)

#4 Let us say your domain name is example.com and that your LAN IP

In the HOST file, enter in

192.168.1.9 example.com.lan

#5 Restart the computer that you edited it's HOST file, as need be.

#6 Now for accessing the server, directions.

a) Use example.com.lan when you are behind the NAT router.

b) and use example.com when you are NOT behind the NAT router.

#7 For users without a domain and do not want one:

a) make up a domain name, add in .LAN into domain name and add that to your HOST File.

b) when not behind the NAT router, without a domain name you need to use the public IP Address.

---

Note It is very important to follow RFC 6762 down where it clearly says Appendix G. Private DNS Namespaces. REF for RFC 6762 = https://tools.ietf.org/html/rfc6762

Re: Port forwarding only works seen from outside my local network?
TizzyT
Enthusiast - Level 1

Just got off the phone with the G3100 expert team. They say its a "Basic" feature that you not be able to access your local services via the public ip nor your domain name. If you ask me this is not a feature and sounds more like a bug. Like others have mentioned, we did not have any such issues with previous equipment. I asked if I could put in a feature request to see if desired behavior can be implemented in a future update and he said he put it in but it cant be guaranteed. For now I am using the host file trick which I saw someone else has already posted.

Re: Port forwarding only works seen from outside my local network?
morganvpi
Newbie

The host file solution sounds like it will work for computers/NAS etc, but what about cameras with native software?  Not sure how to even address those and there are over a dozen behind my router.  Thoughts?

0 Likes
Re: Port forwarding only works seen from outside my local network?
dslr595148
Community Leader
Community Leader

@morganvpi wrote:

The host file solution sounds like it will work for computers/NAS etc


You are welcome. 🙂


@morganvpi wrote:

but what about cameras with native software?  Not sure how to even address those and there are over a dozen behind my router.  Thoughts?


I am not sure since I do not have any FIOS routers to play with, but I will give my two cents.

** Idea one **

#1 Post 2 of this thread.

@Smith6612 wrote:

Try this if you only need this to work for one device. Log into the router's web Interface, go to Advanced, and then open the DNS Settings section. See if you can add in a Static DNS entry for the computer you have these ports forwarded to. You'd add your Dynamic DNS name in as the hostname and your computer's internal IP address in for the address / A record.


#2  Once you know that works, you add another Static DNS entry for another computer

#3 and then repeat as need be as many times as you need to.

** Idea two. **

#1 Setup your own DNS Sever for your domain name. If you do not have your own domain either get one or make your own and make sure to add .lan at the end of the domain.

For your own domain name if make one one up it does not have to be ending .com (or normal other domains ending that you see on the net) and then ending in .lan - example mydomain.lan will work.

#2 Then in the router tell it to use your DNS Server.

#3 Also you should have the router setup to use another DNS Server, but that I mean for example:

Primary DNS: 192.168.1.5

Secondary DNS: 4.2.2.2

#4 OR you could leave the router's settings alone, as far as DNS is concerned. Instead tell the systems to use for example:

Primary DNS: 192.168.1.5

Secondary DNS: 4.2.2.2

#5 Note this could be done even on systems that have the host file, if desired.

0 Likes
Re: Port forwarding only works seen from outside my local network?
morganvpi
Newbie

Ok, but in solution 2, aren't I still having to use 2 different addresses to reach the same device, whether I'm outside the LAN or inside (meaning, when I'm inside I use example.com.lan, and when I'm outside I use outside.com)?  If that's the case, I can already do that by addressing the cameras directly (they are all static IPs, so I can just use the static IP vice using a DNS name).  

I'll explain my specific case a bit more....

I'm using an iOS app to view the camera rtsp feeds.  In the settings of the app, I enter an rtsp address for a given camera which uses a no-ip.com DDNS URL.  (e.g. rtsp://myno-ipdomain.com:554)  In the previous instance of the router, this "feature" wasn't there, so the address worked both inside and outside the LAN.  Now, inside the LAN, the app can't access the cameras (it seems to be looking for the local address).  When I configure the camera to a local address e.g.(rtsp://192.128.1.100:554) - no problemo inside the LAN.  So my lazy workaround is to install the cameras twice - once with a local address, once with the DDNS address, but now I have 26 cameras on  my app, of which 1/2 only load at any given point.  Seems like a pretty inelegant solution to what is a supposedly a "feature".  I'll try your first suggestion and report back.  Thanks!

0 Likes