Port numbers

[JERRY1 17]

Local http port number and public http port number..

Shouldn't those numbers be the same, they are different in the emby settings

[GrimReaper 3301]

That depends on one's setup and port forwarding settings, they can be same or they can be different. 

[Happy2Play 8291]

9 minutes ago, JERRY1 said:

Local http port number and public http port number..

Shouldn't those numbers be the same, they are different in the emby settings

Where are they different?  By default they are the same.

[JERRY1 17]

Well i switch vpn service and was trying to setup port forwarding..

Where the red X are,not the normally emby port number in use

[Luke 37086]

4 hours ago, JERRY1 said:

 

Shouldn't those numbers be the same, they are different in the emby settings

No, that's up to you. One is the port on the server machine, the other is the internet facing port on your router (well typically).

[JERRY1 17]

Didn't get anywhere with port forwarding even with support from the vpn service. I can do it with my static ip but i want the nas that have Emby on it behind the vpn.

Can i ask for remote assistance setting this up

Edited April 3, 2023 by JERRY1

[GrimReaper 3301]

Can you elaborate which ports you're forwarding in your VPN and share a screenshot of your network settings? 

[JERRY1 17]

The port i want to forward is from the vpn....

 iptables -I FORWARD -i tun13 -p udp -d 192.168.xx.xxx --dport 26238 -j ACCEPT
iptables -I FORWARD -i tun13 -p tcp -d 192.168.xx.xxx --dport 26238 -j ACCEPT
iptables -t nat -I PREROUTING -i tun13 -p tcp --dport 26238 -j DNAT --to-destination 192.168.xx.xxx
iptables -t nat -I PREROUTING -i tun13 -p udp --dport 26238 -j DNAT --to-destination 192.168.xx.xxx

these rules were put into the router following the instructions for the vpn port forwarding asus merlin

In the picture you will see where it's timeout when i test the port

[GrimReaper 3301]

But your public http port is 26237 (that is the port that would be presented to remote clients) and your VPN ain't forwarding that port (and nothing is listening on external 26238), you need to either forward 26237 external->26238 internal OR change Emby public http port to 26238. Btw, you don't need UDP forwards (and maybe IPv6 either, but that is according to your setup). 

[JERRY1 17]

this is a picture of port forwarding in the router interface..instructions from vpn service said not use the interface .it must be itables rules

i did what you said 26237 forward to 26238 local port..i did the set all over same results

[GrimReaper 3301]

If you want to use VPN - then those settings have absolutely no effect, port forwarding there won't do any effect, your example was showing VPN and what I replied refers to your VPN:

3 hours ago, GrimReaper said:

either (Edit: VPN) forward 26237 external->26238 internal OR change Emby public http port to 26238

 

[JERRY1 17]

I did everything over ssh into the router change the rules external to internal port numbers etc. to no avail.

I mean it's works with my static ip but that just leave the nas wide open..question won't the vpn service need a dedicated ip

for port forwarding to work ?

Edited April 4, 2023 by JERRY1

[GrimReaper 3301]

Don't know how to explain it in different terms, so gonna give it one last shot: when you connect to your VPN, you're creating VPN tunnel (and have port 26238 forwarded, as per your settings). Incoming requests should come on port 26238 at the end of that tunnel (extremal entry point into your network). They're not. They're incoming to 26237. As your Emby public http port is set on 26237. For the third time:

12 hours ago, GrimReaper said:

either (Edit:VPN) forward 26237 external->26238 internal OR change Emby public http port to 26238

As for:

2 hours ago, JERRY1 said:

I mean it's works with my static ip but that just leave the nas wide open..

I'm unclear about your target, as connecting to VPN will do absolutely nothing in respect to your server security. At best, it'll give you anonymity for your outbound requests, but since you're using http (unencrypted) connection, it makes no difference whether external connection is coming through your real IP/26237 or your VPN IP/26238, it's still equally unsecure. 

[JERRY1 17]

So you are saying if i use my isp static ip it's the same as using the vpn only difference it get anonymity with vpn no extra security.

port forwarding works, if i use my isp

Edited April 4, 2023 by JERRY1

[GrimReaper 3301]

Maybe below image might assist you in visualizing processes involved:

Your VPN tunnel is secure (communication between your device and VPN server is encrypted), meaning no ISP packet sniffing, MITM attacks and similar - they can see connection established, but not what is transmitted. However, what security measures are implemented at the exit side of that tunnel are completely up to your VPN service provider. I'd assume they largely have some basic security, similar as your router does. But, if you have open port (port forwarded) in either VPN or your router and incoming http (unencrypted) connection (from "Internet" side in the above image), net effect is the same, as anything could've happened between source IP and your VPN IP/real IP, as there's no end-to-end encryption (you need SSL setup for that, https). Just imagine your VPN server taking the role of your "remote router", as it somewhat does, for all intents and purposes. 

Edited April 4, 2023 by GrimReaper

[rbjtech 4276]

Question #1 - does the VPN service provide REMOTE port forwarding ?  

[JERRY1 17]

Service is Airvpn, on their site says they do

[rbjtech 4276]

9 minutes ago, JERRY1 said:

Service is Airvpn, on their site says they do

ok good - so at least your VPN service does actually remote port forward - good - the majority do not.

https://airvpn.org/faq/port_forwarding/

I'm not going to get into how to setup the port forwarding as I have no knowledge of your VPN provider (that's between you and them) but once the packets 'exit' the VPN tunnel on your router - they need to then be forwarded to your local emby server.

At this point - it doesn't really matter what the ports are and they can be mismatched - as PAT (Port Address Translation) will deal with it.

so if your VPN IP is 1.2.3.4:26000 - then you need this as your 'source' with the destination of your emby server - 192.168.1.1:8096

Honestly the best thing to do is to give airvpn the local emby IP and port and router model details and ask them to provide the config to put on your router.

 

[GrimReaper 3301]

AirVPN supports port forwarding alright. 

An old post of mine:

 

[JERRY1 17]

 I had PIA  years ago port forwarding was great, most recently Mullvad.Mullvad setup is the same as Airvpn and works.

Currently i have Expressvpn but their port forwarding only on their own router.Something just not right with airvpn

Sorry for wasting you guys time