Need help Port Forwarding/Firewall/Virtual Server

    • OMV 5.x (beta)

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Need help Port Forwarding/Firewall/Virtual Server

      Hello all!

      I appreciate all of the work you guys have done in this project! It is a spectacular NAS.

      I have need of assistance though.

      I followed technodadlife's video for securely accessing nextcloud from offsite.

      I had nextcloud properly configured and it worked. Got the maria database setup and working. It all fell apart when we were working on getting letsecrypt going.

      The logs.txt file continually happens in the logs of LetsEncrypt.

      I will mention the build now:
      I have OMV5 Running on a Dell Optiplex 990:
      Intel i5 (not sure which release) quad core 3 ghz
      8 GB Ram
      650 gb hdd
      32 GB SanDisk Usb running OMV From


      My router: DLink DIR-850L A1 running firmware 1.09


      I know i am failing in the ports department. The problem I am running into is the alternating ports. External port to internal port. The problem lies in the fact that my firmware or router doesn't allow it. The closest I am coming is with the virtual server option but I don't think I'm getting it quite right.

      I am running lets encrpyt through portainer.

      Let me know anything else you might need to help me figure this out. Attached are setups and logs.
      DuckDNS_Portainer.txt
      Lets_Encrypt_Portainer.txt
      logs.txt
      mariaDB_For_Nextcloud.txt
      Nextcloud_Portainer.txt
    • semajtttttt wrote:

      Hello all!

      I appreciate all of the work you guys have done in this project! It is a spectacular NAS.

      I have need of assistance though.

      I followed technodadlife's video for securely accessing nextcloud from offsite.

      I had nextcloud properly configured and it worked. Got the maria database setup and working. It all fell apart when we were working on getting letsecrypt going.

      The logs.txt file continually happens in the logs of LetsEncrypt.

      I will mention the build now:
      I have OMV5 Running on a Dell Optiplex 990:
      Intel i5 (not sure which release) quad core 3 ghz
      8 GB Ram
      650 gb hdd
      32 GB SanDisk Usb running OMV From


      My router: DLink DIR-850L A1 running firmware 1.09


      I know i am failing in the ports department. The problem I am running into is the alternating ports. External port to internal port. The problem lies in the fact that my firmware or router doesn't allow it. The closest I am coming is with the virtual server option but I don't think I'm getting it quite right.

      I am running lets encrpyt through portainer.

      Let me know anything else you might need to help me figure this out. Attached are setups and logs.
      DuckDNS_Portainer.txt
      Lets_Encrypt_Portainer.txt
      logs.txt
      mariaDB_For_Nextcloud.txt
      Nextcloud_Portainer.txt





      The are many ways to deal with it:



      • You can deploy pfsense in your old machine with two NICs if you have… one for WAN and other for LAN.
      • You can change router to an does offer best cost-benefit such as Mikrotik serie 750 or other.
      The last time I saw eclipse I was programming :thumbup:
    • semajtttttt wrote:

      Ok is there not a way to do this without pfsense or changing router. I'm ok with doing a new router but can't at this moment.

      Is there not something I'm missing in what I have done?
      You really haven't told us exactly what you are trying to do, you just say it isn't working.
      --
      Google is your friend and Bob's your uncle!

      RAID - Its ability to disappoint is inversely proportional to the user's understanding of it.

      ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380
    • Honestly, I had a lot of problems following his video for nextcloud Pi as well. I'm assuming I was missing something.

      I just went back to his original video, and set it up per that video again, and it's worked ever since. Obviously I had to make some adjustments since I was now using Portainer, but it was pretty easy.

      Edit: Nevermind, I just looked at your logs a little more closely and I'm guessing you are following the first set of videos.

      And you say you got it where you can access Nextcloud locally, and things went haywire when you set it up via DuckDNS/Letsencrypt?
      Air Conditioners are a lot like PC's... They work great until you open Windows.

      The post was edited 1 time, last by KM0201 ().

    • @KM0201 that is correct.

      @gderf I apologize. I thought I was clear.

      I am attempting to get my nextcloud available offsite securely. I followed technodadlifes' video for this using lets ecrypt and duckdns. I followed and I ran into the issue where lets encrypt is not getting the tokens or something of that sort. The part it is failing on is in the logs.
    • @KM0201 I would love to see those if you don't mind.


      @gderf In the video he suggested porting public 80 to internal 90 and public 443 to internal 450. I can't seem to do this, or if I am able to I am not sure. My router currently only allows me to choose a port (not internal to external, or external to internal)

      As aforemention the closest my router allows is virtual servers. I tried this with every port open (to check) and lets encrypt sill fails to initialize fully. It fails on the tokens with duck dns. Every time. All ports open (80, 90, 443, 450) with or without the virtual servers (tried pointing external port 80 to internal 90 and external 443 to internal 450, as well as external port 90 to internal 80 and external 450 to internal 443) all of which have failed still.

      My problem is getting the right configuration down for the ports that makes letsencrypt work.
    • First, I'm sure this is going to be way longer and sound very difficult.. but if you've followed his videos on this, most of this is just changing a few things he did in the video and it will probably be fairly simple

      If you followed this one, you should have local access up and running... Don't bother with the below if you've not done this yet.. youtube.com/watch?v=PKsq7k2pwsI

      Once you've done that, proceed to this video
      https://www.youtube.com/watch?v=TkjAcp8q0W0&t

      I'm also assuming in your efforts to do this, you've already followed his instructions to create the "my-net" network (about 9:00 in the 2nd video). If not, it's no big deal, you'll just need to do that later. One other thing to keep in mind. Since you've apparently struggled with this to this point, I'd delete duckdns and letsencrypt containers you already have (along w/ their AppData directories) and just start over.

      In Portainer, on the left click Stacks/Add Stack, Name the stack at the top, and then copy/paste everything below into the window.

      Source Code

      1. duckdns:
      2. image: linuxserver/duckdns:latest
      3. container_name: duckdns
      4. environment:
      5. - PUID=1000
      6. - PGID=100
      7. - SUBDOMAINS=YOUR_SUBDOMAIN
      8. - TOKEN=YOUR_TOKEN
      9. - LOG_FILE=false #optional
      10. volumes:
      11. - /PATH/TO/AppData/duckdns:/config
      12. - /etc/localtime:/etc/localtime
      13. restart: unless-stopped
      14. letsencrypt:
      15. image: linuxserver/letsencrypt:latest
      16. container_name: letsencrypt
      17. cap_add:
      18. - NET_ADMIN
      19. environment:
      20. - PUID=1000
      21. - PGID=100
      22. - URL=duckdns.org
      23. - SUBDOMAINS=YOUR_SUBDOMAIN
      24. - VALIDATION=http
      25. - EMAIL=YOUR_EMAIL
      26. - ONLY_SUBDOMAINS=true
      27. volumes:
      28. - /SRV/PATH/TO/APPDATA:/config
      29. - /etc/localtime:/etc/localtime
      30. depends_on:
      31. - duckdns
      32. ports:
      33. - 450:443
      34. - 91:80
      35. restart: unless-stopped
      Display All

      First the duckdns section of the stack. If you're following TDL's videos, this starts around 3:50 and ends around 9:40 of the 2nd video. Rather than making these adjustments in the container, we'll make them to the stack compose file.

      Lines 5 and 6. Adjust your PUID/PGID here if needed.
      Line 7. Add your duckdns subdomain
      Line 8. Your DuckDNS token.
      Line 11. Path to your duckns config folder
      Line 12 is optional. I don't set my time zone in the environments section, and instead just bind /etc/localtime of the container, to /etc/localtime for my server... as long as my server time is correct, the container time is correct. You can leave it or just delete it. It's not going to change anything.

      If you're following along in video #2, around 9:10 he creates the "my-net" network, then adds it to the duckdns extra arguments and starts the container. Just create the my-net at this point if you haven't already, don't worry about adding it to the extra arguments or starting the container. For now, we'll skip to the lets encrypt portion of the video (about 10:05 in video 2)

      In the stack code I posted.. adjust as needed per the video

      Lines 19/20. Your PUID/PGID for the Letsencrypt container
      Line 22. Your DuckDNS subdomain
      Line 24. Your DuckdDNS email
      Line 27. Adjust this path to the letsencrypt Appdata configuration folder you created.
      Line 28. Again, you can delete this or just leave it, it's just to bind the container time, to my server time.
      Line 32 and 33. Adjust your ports as needed (you should have forwarded these in your router earlier during the duckdns setup part of the video).

      Once that is all done, at the bottom click deploy stack. After it's done and assuming it completes without error, click Containers, and you should see your letsencrypt and duckdns containers running.

      Now, click on your Nextcloud container, and click Duplicate/Edit
      Click on Network
      In the drop down box next to Network, choose "my-net" (assuming you used that name from the video).
      Then click Deploy the Container... the container will then redeploy with the new network settings.

      Repeat this for the duckdns container, and then the letsencrypt container.

      When that is done, SSH your server and docker logs -f letsencrypt and eventually you should see letsencrypt fetch the key.

      Proceed with video 2, and make the edits he suggests to the configuration folders.

      Assuming all goes well, when you're done it should work just fine.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

      The post was edited 1 time, last by KM0201 ().

    • semajtttttt wrote:





      @gderf In the video he suggested porting public 80 to internal 90 and public 443 to internal 450. I can't seem to do this, or if I am able to I am not sure. My router currently only allows me to choose a port (not internal to external, or external to internal)
      Post a link to the users manual for your router.
      --
      Google is your friend and Bob's your uncle!

      RAID - Its ability to disappoint is inversely proportional to the user's understanding of it.

      ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380
    • Ok port fowarding (portforwarding) page is submitted and the virtual server page is as well (untouched)

      Portforwarding has a few ports opened for emby 8096 and two games that I am hosting as well. These ports should have no effect on the lets encrypt/nextcloud/duckdns.

      @gderf manualslib.com/manual/548456/D…r-850l.html?page=1#manual
      Images
      • Untouched.png

        288.76 kB, 1,920×1,080, viewed 25 times
      • portforwarding.png

        151.69 kB, 845×813, viewed 26 times
    • Page 113 of your router manual spells it out.

      You'll need to create two rules here.. Edit: I just realized your pic is quite a bit different than the manual pic. Changes below.

      First, we'll just call "next1"
      IP -- your server IP
      Protocol... It should say TCP, UDP in the drop down. It may also say Both... if it says both, choose that (that's what I have in mine).
      Public Port (if your'e following my compose file above).. 443
      Private Port 450
      I don't have that last option, but I'd probably leave it to always enable and allow.

      Save that rule.

      Next, create a new rule, we'll call it "next2".

      Same as above, but you'll supply 80 for Public, and 91 for Private.

      Make sure the changes are saved and applied.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

      The post was edited 3 times, last by KM0201 ().

    • Sounds like you have the port forwarding under control. OMV runs on port 80 so you need to do something about that potential conflict.
      --
      Google is your friend and Bob's your uncle!

      RAID - Its ability to disappoint is inversely proportional to the user's understanding of it.

      ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380
    • Yeah, him and I just spent some time on teamviewer, I can't see the problem. We completely deleted everything and I watched him redo it from scratch, it's right. Heck he used practically the same docker-compose file I used to set mine up, and he's still getting errors.

      His router settings are right

      Only thing i can figure (and networking isn't really my thing).. his nas ip is connected to 192.168.0.xxx. would it be possible something at 192.168.1 is blocking this from working?
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • KM0201 wrote:

      Yeah, him and I just spent some time on teamviewer, I can't see the problem. We completely deleted everything and I watched him redo it from scratch, it's right. Heck he used practically the same docker-compose file I used to set mine up, and he's still getting errors.

      His router settings are right

      Only thing i can figure (and networking isn't really my thing).. his nas ip is connected to 192.168.0.xxx. would it be possible something at 192.168.1 is blocking this from working?
      no it not possible.
      The last time I saw eclipse I was programming :thumbup: