Need help Port Forwarding/Firewall/Virtual Server

  • Hello all!


    I appreciate all of the work you guys have done in this project! It is a spectacular NAS.


    I have need of assistance though.


    I followed technodadlife's video for securely accessing nextcloud from offsite.


    I had nextcloud properly configured and it worked. Got the maria database setup and working. It all fell apart when we were working on getting letsecrypt going.


    The logs.txt file continually happens in the logs of LetsEncrypt.


    I will mention the build now:
    I have OMV5 Running on a Dell Optiplex 990:
    Intel i5 (not sure which release) quad core 3 ghz
    8 GB Ram
    650 gb hdd
    32 GB SanDisk Usb running OMV From



    My router: DLink DIR-850L A1 running firmware 1.09



    I know i am failing in the ports department. The problem I am running into is the alternating ports. External port to internal port. The problem lies in the fact that my firmware or router doesn't allow it. The closest I am coming is with the virtual server option but I don't think I'm getting it quite right.


    I am running lets encrpyt through portainer.


    Let me know anything else you might need to help me figure this out. Attached are setups and logs.
    DuckDNS_Portainer.txt
    Lets_Encrypt_Portainer.txt
    logs.txt
    mariaDB_For_Nextcloud.txt
    Nextcloud_Portainer.txt





  • The are many ways to deal with it:




    • You can deploy pfsense in your old machine with two NICs if you have… one for WAN and other for LAN.
    • You can change router to an does offer best cost-benefit such as Mikrotik serie 750 or other.

    The last time I saw eclipse I was programming :thumbup:

  • Ok is there not a way to do this without pfsense or changing router. I'm ok with doing a new router but can't at this moment.


    Is there not something I'm missing in what I have done?

  • Ok is there not a way to do this without pfsense or changing router. I'm ok with doing a new router but can't at this moment.


    Is there not something I'm missing in what I have done?

    You really haven't told us exactly what you are trying to do, you just say it isn't working.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    Honestly, I had a lot of problems following his video for nextcloud Pi as well. I'm assuming I was missing something.


    I just went back to his original video, and set it up per that video again, and it's worked ever since. Obviously I had to make some adjustments since I was now using Portainer, but it was pretty easy.


    Edit: Nevermind, I just looked at your logs a little more closely and I'm guessing you are following the first set of videos.


    And you say you got it where you can access Nextcloud locally, and things went haywire when you set it up via DuckDNS/Letsencrypt?

  • @KM0201 that is correct.


    @gderf I apologize. I thought I was clear.


    I am attempting to get my nextcloud available offsite securely. I followed technodadlifes' video for this using lets ecrypt and duckdns. I followed and I ran into the issue where lets encrypt is not getting the tokens or something of that sort. The part it is failing on is in the logs.

  • So what is the problem with port forwarding?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • @KM0201 I would love to see those if you don't mind.



    @gderf In the video he suggested porting public 80 to internal 90 and public 443 to internal 450. I can't seem to do this, or if I am able to I am not sure. My router currently only allows me to choose a port (not internal to external, or external to internal)


    As aforemention the closest my router allows is virtual servers. I tried this with every port open (to check) and lets encrypt sill fails to initialize fully. It fails on the tokens with duck dns. Every time. All ports open (80, 90, 443, 450) with or without the virtual servers (tried pointing external port 80 to internal 90 and external 443 to internal 450, as well as external port 90 to internal 80 and external 450 to internal 443) all of which have failed still.


    My problem is getting the right configuration down for the ports that makes letsencrypt work.

    • Offizieller Beitrag

    First, I'm sure this is going to be way longer and sound very difficult.. but if you've followed his videos on this, most of this is just changing a few things he did in the video and it will probably be fairly simple


    If you followed this one, you should have local access up and running... Don't bother with the below if you've not done this yet.. https://www.youtube.com/watch?v=PKsq7k2pwsI


    Once you've done that, proceed to this video
    https://www.youtube.com/watch?v=TkjAcp8q0W0&t


    I'm also assuming in your efforts to do this, you've already followed his instructions to create the "my-net" network (about 9:00 in the 2nd video). If not, it's no big deal, you'll just need to do that later. One other thing to keep in mind. Since you've apparently struggled with this to this point, I'd delete duckdns and letsencrypt containers you already have (along w/ their AppData directories) and just start over.


    In Portainer, on the left click Stacks/Add Stack, Name the stack at the top, and then copy/paste everything below into the window.



    First the duckdns section of the stack. If you're following TDL's videos, this starts around 3:50 and ends around 9:40 of the 2nd video. Rather than making these adjustments in the container, we'll make them to the stack compose file.


    Lines 5 and 6. Adjust your PUID/PGID here if needed.
    Line 7. Add your duckdns subdomain
    Line 8. Your DuckDNS token.
    Line 11. Path to your duckns config folder
    Line 12 is optional. I don't set my time zone in the environments section, and instead just bind /etc/localtime of the container, to /etc/localtime for my server... as long as my server time is correct, the container time is correct. You can leave it or just delete it. It's not going to change anything.


    If you're following along in video #2, around 9:10 he creates the "my-net" network, then adds it to the duckdns extra arguments and starts the container. Just create the my-net at this point if you haven't already, don't worry about adding it to the extra arguments or starting the container. For now, we'll skip to the lets encrypt portion of the video (about 10:05 in video 2)


    In the stack code I posted.. adjust as needed per the video


    Lines 19/20. Your PUID/PGID for the Letsencrypt container
    Line 22. Your DuckDNS subdomain
    Line 24. Your DuckdDNS email
    Line 27. Adjust this path to the letsencrypt Appdata configuration folder you created.
    Line 28. Again, you can delete this or just leave it, it's just to bind the container time, to my server time.
    Line 32 and 33. Adjust your ports as needed (you should have forwarded these in your router earlier during the duckdns setup part of the video).


    Once that is all done, at the bottom click deploy stack. After it's done and assuming it completes without error, click Containers, and you should see your letsencrypt and duckdns containers running.


    Now, click on your Nextcloud container, and click Duplicate/Edit
    Click on Network
    In the drop down box next to Network, choose "my-net" (assuming you used that name from the video).
    Then click Deploy the Container... the container will then redeploy with the new network settings.


    Repeat this for the duckdns container, and then the letsencrypt container.


    When that is done, SSH your server and docker logs -f letsencrypt and eventually you should see letsencrypt fetch the key.


    Proceed with video 2, and make the edits he suggests to the configuration folders.


    Assuming all goes well, when you're done it should work just fine.

  • @gderf In the video he suggested porting public 80 to internal 90 and public 443 to internal 450. I can't seem to do this, or if I am able to I am not sure. My router currently only allows me to choose a port (not internal to external, or external to internal)

    Post a link to the users manual for your router.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    Page 113 of your router manual spells it out.


    You'll need to create two rules here.. Edit: I just realized your pic is quite a bit different than the manual pic. Changes below.


    First, we'll just call "next1"
    IP -- your server IP
    Protocol... It should say TCP, UDP in the drop down. It may also say Both... if it says both, choose that (that's what I have in mine).
    Public Port (if your'e following my compose file above).. 443
    Private Port 450
    I don't have that last option, but I'd probably leave it to always enable and allow.


    Save that rule.


    Next, create a new rule, we'll call it "next2".


    Same as above, but you'll supply 80 for Public, and 91 for Private.


    Make sure the changes are saved and applied.

  • Sounds like you have the port forwarding under control. OMV runs on port 80 so you need to do something about that potential conflict.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    • Offizieller Beitrag

    Yeah, him and I just spent some time on teamviewer, I can't see the problem. We completely deleted everything and I watched him redo it from scratch, it's right. Heck he used practically the same docker-compose file I used to set mine up, and he's still getting errors.


    His router settings are right


    Only thing i can figure (and networking isn't really my thing).. his nas ip is connected to 192.168.0.xxx. would it be possible something at 192.168.1 is blocking this from working?

  • Yeah, him and I just spent some time on teamviewer, I can't see the problem. We completely deleted everything and I watched him redo it from scratch, it's right. Heck he used practically the same docker-compose file I used to set mine up, and he's still getting errors.


    His router settings are right


    Only thing i can figure (and networking isn't really my thing).. his nas ip is connected to 192.168.0.xxx. would it be possible something at 192.168.1 is blocking this from working?

    no it not possible.

    The last time I saw eclipse I was programming :thumbup:

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!