Jump to content

ISP Changed and now my external domain WAN connection is borked


Go to solution Solved by Happy2Play,

Recommended Posts

CrankstaWho
Posted

I imagine this is a bit of a compound issue: my apartment complex changed their ISP provider recently (which I imagine changed my public IP) though I was not having issues until I moved my computer into it's own room, which changed my IP. I should have set a static IP for this guy but hindsight and all that.

I can get into my Emby server through the LAN connection just fine, but the WAN times out. I am using HTTPS so have a domain through Dynu for SSL so I imagine that the issue is the IP that Dynu has isn't valid anymore. However, my understanding is that they dynamically update that so it should be accurate which has made me avoid messing with it. I did perform the canyouseeme test on port 8920 and it came back failed. I have attempted port forwarding but it made no difference.

I'm sure I just need to flip a few switches here but I've been looking at it all for two days now and I'm fried. Any help would be appreciated.

EmbyDash.png.9ff8c9bd8f26234d753b14bad084c65a.png

embyserver.txt

Posted

Hello CrankstaWho,

** This is an auto reply **

Please wait for someone from staff support or our members to reply to you.

It's recommended to provide more info, as it explain in this thread:


Thank you.

Emby Team

Happy2Play
Posted

Since your network changed have you verified Windows is setup the network as Private or Public?  As this will affect firewall access or may need to be reset by changing the system.xml   <IsPortAuthorized> to false and starting Emby to run the firewall script to clear and readd firewall rules.  But easy enough to check if other devices can still connect to Emby on your LAN.

 

Remote access sound like port forwarding as the previous forwarding would have broke when you moved the pc and got different address assuming you did not statically assign the previous address.

Have you restarted your route and modem?

Log has lots of ConflictInMappingEntry for UPNP port mapping so you may have to disable Emby port mapper and manually port forward ensuring to restart hardware afterwards.

Last thing to check would be if your new ISP has you behind a CGNAT.

https://emby.media/support/articles/Remote-Setup.html#:~:text=You could also be blocked by your ISP in something known as a cgNAT (carrier grade Network Address Translation)

  • Like 1
Posted

Did you change your port forward to your new server ip ?

CrankstaWho
Posted
1 hour ago, Happy2Play said:

Since your network changed have you verified Windows is setup the network as Private or Public?  As this will affect firewall access or may need to be reset by changing the system.xml   <IsPortAuthorized> to false and starting Emby to run the firewall script to clear and readd firewall rules.  But easy enough to check if other devices can still connect to Emby on your LAN.

 

Remote access sound like port forwarding as the previous forwarding would have broke when you moved the pc and got different address assuming you did not statically assign the previous address.

Have you restarted your route and modem?

Log has lots of ConflictInMappingEntry for UPNP port mapping so you may have to disable Emby port mapper and manually port forward ensuring to restart hardware afterwards.

Last thing to check would be if your new ISP has you behind a CGNAT.

https://emby.media/support/articles/Remote-Setup.html#:~:text=You could also be blocked by your ISP in something known as a cgNAT (carrier grade Network Address Translation)

Just rebooted the router, and did verify that my ethernet connection is set to public. My firewall should be arranged as it was previously when everything was working, but I did check and don't see any notable conflicts there. The ports for inbound are indeed allowed. I restarted my server after disabling port mapping but no change. I am on fiber now, so there is a separate panel that feeds my router but I'm not sure I should be messing with pulling plugs on that unless completely necessary.

The thing about my router port forwarding is that I did not have it set up originally- I didn't need to as the WAN worked. I did set it up solely for troubleshooting so there's been no change from a previous version of it to this one- it's brand new.

As far as the CGNAT goes, this is where I believe there is a private/public IP conflict. Canyouseeme shows that I'm on IP 65.38.124.111, which is not what my computer/server is on at 192.168.1.20. I can assume that the 65.xxx number is my public IP. Dynu shows 70.160.66.99 which was my previous Cox address as shown by a reverse DNS query, but even after changing to my current 65.xxx IP it doesn't resolve. We could just be dealing with things delaying to populate I suppose, but I wanted to cover my bases in case that does not end up resolving by tomorrow.

There is also the fun part where canyouseeme shows a failure when pinging my ports.

I have included some data off my port forwarder details, and updated logs.image.png.38996a4e518c9eec1062e85b51f7969d.png

embyserver(1).txt

Posted

Can you show us an output of command prompt.

tracert 1.1.1.1

Then we can see if you are in a CG-Nat situation 

Because this looks weird.

8 minutes ago, CrankstaWho said:

Canyouseeme shows that I'm on IP 65.38.124.111

9 minutes ago, CrankstaWho said:

Dynu shows 70.160.66.99

If I was an computer, I would say " This Does Not Compute !! "

CrankstaWho
Posted (edited)
9 minutes ago, Neminem said:

Can you show us an output of command prompt.

tracert 1.1.1.1

Then we can see if you are in a CG-Nat situation 

Because this looks weird.

If I was an computer, I would say " This Does Not Compute !! "

Yep that's why I've been toying with it for the past few days. I did download Dynu's client to my machine just now and had it run an IP update, but I know it takes a bit to actually get the work done. As it sits, my WAN access is still timing out. I had previously manually updated the Dynu IP to my current public IP, but it doesn't hurt to let the app do it's work I suppose.

Here's your trace route:


image.png.375e66f3b570c8601c342b0da1c7b9d9.png

Edited by CrankstaWho
Happy2Play
Posted

A network guru may have to comment further but this looks like a CGNAT.

if it is within this IP range 100.64.0.0 - 100.127.255.255. The is the range for cgNAT.

carrier-grade-nat-cgnat

  • Agree 1
Posted

I think you need to call your ISP and ask about cgnat.

And tell them you need a static IP for your Minecraft server 😂🤣

It might cost you a extra fee pr month.

  • Agree 1
CrankstaWho
Posted
Just now, Happy2Play said:

A network guru may have to comment further but this looks like a CGNAT.

if it is within this IP range 100.64.0.0 - 100.127.255.255. The is the range for cgNAT.

carrier-grade-nat-cgnat

That does seem to be a match to me. If it does become a CGNAT situation, what can I do from here?

CrankstaWho
Posted
3 minutes ago, Neminem said:

I think you need to call your ISP and ask about cgnat.

And tell them you need a static IP for your Minecraft server 😂🤣

It might cost you a extra fee pr month.

"Minecraft Server" indeed lol. Funny thing is one of my roommates was legitimately running one of those before he moved out.

I will see if there is any means of recourse with "Internet Subway" for support, though I doubt it. I can always change back to Cox of course, but our apartment forces us to pay for the fiber anyway so I'd be double paying for internet. =P

  • Solution
Happy2Play
Posted (edited)

The none traditional route of a VPN or something like TailScale

Or as mentioned talking to your ISP.

Edited by Happy2Play
  • Agree 1
CrankstaWho
Posted
4 minutes ago, Happy2Play said:

The none traditional route of a VPN or something like TailScale

Or as mentioned talking to your ISP.

I do pay for ProtonVPN, so I might explore some magic through that. If all else fails I can go back to Cox where no issues existed, but I'll try to talk to my current ISP and see how far I get.

I'm just glad it wasn't anything I personally borked. Thank you for your help!

  • Like 2
Posted

ProtonVPN was that running on your server ?

When you tried connecting.

  • Haha 1
CrankstaWho
Posted
Just now, Neminem said:

ProtonVPN was that running on your server ?

When you tried connecting.

No, I only turn it on for work or... other reasons. Otherwise it stays off.

Posted

Ok, because that would have changed everything 🤣😂

CrankstaWho
Posted
3 minutes ago, Neminem said:

Ok, because that would have changed everything 🤣😂

That would have been hilarious though. 🤣

  • Haha 1
Posted
25 minutes ago, CrankstaWho said:

I do pay for ProtonVPN, so I might explore some magic through that. If all else fails I can go back to Cox where no issues existed, but I'll try to talk to my current ISP and see how far I get.

I'm just glad it wasn't anything I personally borked. Thank you for your help!

If your remote streaming is on the lighter side and you don't mind getting a domain ($10ish/year), you could use a free Cloudflare plan and connect to them using a Cloudflare Tunnel.  Works great behind a NAT, with no port forwarding or open ports to worry about, plus they have a security suite in front of you.

CrankstaWho
Posted
23 minutes ago, Carlo said:

If your remote streaming is on the lighter side and you don't mind getting a domain ($10ish/year), you could use a free Cloudflare plan and connect to them using a Cloudflare Tunnel.  Works great behind a NAT, with no port forwarding or open ports to worry about, plus they have a security suite in front of you.

I generally only use the remote to download files I've loaded up and might need elsewhere like manuals/books but I don't want on my GDrive. All the watching happens at home. However I've already purchased a domain through Dynu so I don't see a huge benefit to getting another. I'll explore the options though and see if Cloudflare fits me better.

pwhodges
Posted
2 hours ago, CrankstaWho said:

 and did verify that my ethernet connection is set to public.

Your Windows ethernet connections should be set to Private - Public means they are restricted (it might seem counter-intuitive at first, but thinking in terms of security restrictions, it isn't).

Paul

CrankstaWho
Posted
1 minute ago, pwhodges said:

Your Windows ethernet connections should be set to Private - Public means they are restricted (it might seem counter-intuitive at first, but thinking in terms of security restrictions, it isn't).

Paul

Noted, and changed. Unfortunately it doesn't seem that it's had much effect. I am currently waiting to see if my fiber provider will give me a static IP. If not, I'll go back to Cox.

Posted
11 minutes ago, CrankstaWho said:

Noted, and changed. Unfortunately it doesn't seem that it's had much effect. I am currently waiting to see if my fiber provider will give me a static IP. If not, I'll go back to Cox.

 

I wouldn't count on that. They appear to be quite limited in IPv4 addresses and no IPv6.

 

image.png.6ea2b87dc1f5ea3471839b601b11ce82.png

  • Facepalm 1
CrankstaWho
Posted
33 minutes ago, Q-Droid said:

 

I wouldn't count on that. They appear to be quite limited in IPv4 addresses and no IPv6.

 

image.png.6ea2b87dc1f5ea3471839b601b11ce82.png

Trust me, I'm not. I'm just giving it the ole college try before blowing up the front office to get the "mandatory fee" off my lease so I'm not paying for two lines of internet. I have no problem going back to Cox (we haven't even cut our line yet, just moved the equipment), but I'm not going to let them charge me $80 for an inferior service.

Posted
21 hours ago, Neminem said:

I think you need to call your ISP and ask about cgnat.

And tell them you need a static IP for your Minecraft server 😂🤣

It might cost you a extra fee pr month.

Asking for a static IP is much more likely to cost you $ than asking for a dynamic IP (but not behind CGNAT).

  • 1 month later...
Posted

How did you go with this, i am having the same issue took me 3 days of pain to learn i was on CGNAT i didnt even know it was a thing. I have a Dynamic IP atm but ive been trying to set up a DDNS to stablise my IP through No-IP for free but i am still having issues. I am just trying to make a server so i can share the love with my family but this hobby is starting to cost more than hardware lol. I really dont want to have to buy a static IP or domains all that BS lol. Any advice thats not changing ISP again lol.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...