Jump to content

New Server, Cant get Wan Connections to go Through


FalsePhoenix

Recommended Posts

FalsePhoenix

Hi, i just created my server today, got emby installed and it just wont work when putting the ip address in my browser (Mobile) while connected to mobile data. Internal works fine. I have tried unblocking ports on my Asus Router and TalkTalk modem +the ports on the server 2012 firewall but still no connections (I also tried with a friend and he couldn't get in either. Is there something i am missing?

Link to comment
Share on other sites

port 8920 in Emby is used for secure traffic. Port 8096 is reserved for insecure traffic. My advice would be to only allow secure traffic from the public Internet (Doing this does have some extra steps involved.)


So you need to:
1. Statically assign or DHCP reserve an internal IP address on your LAN for the Emby server.
2. add the new static IP address to the "Bind to local network address" field in "server dashboard - advanced"

3. If running windows, unblock ports 8096 and 8920 on your system firewall.
4. Open either the insecure or secure port and port forward traffic to the IP of your Emby server
5. Once you have done this you can use what's my IP "http://www.whatsmyip.org/"to determine what your public IP address is.

6. Then use: https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap to confirm that either port 8920 or 8096 is open to the public Internet.  if it is you are done. be careful doing this as some ISPs note that this is not permitted in their contracts. 

If you setup using the Insecure method you are done at this point. If you setup using the secure method read on:

 

you need to create/acquire an SSL certificate and add it to your emby server.  there are two options.  create a selfsigned certificate and load it, or pickup a domain that you can request publicly verifiable certificates on. 

to create a selfsigned PFX certificate you can use IIS (in windows) or openssl in Linux. 

 

alternatively you could pickup a domain that you can request publicly trusted SSL certificates for:

good paid solutions are namecheap, google domains.

 

good free solutions are: duckdns. 

NOTE: be careful for other free and paid DDNS solutions as they may not allow you to acquire publicly trusted SSL certificates. 

 

now you need to request a publicly trusted SSL certificate. 

good paid solutions are: namecheap, and comodo.  to get this working you will need to

 

good free solutions are: let's encrypt. 


Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites

FalsePhoenix

@@FalsePhoenix please disregard the above until you have a working external connection over http.

 

I would suggest checking out our Connection Troubleshooter. Please try the steps listed there and let us know which ones succeed and which ones do not. Thanks !

 

 

port 8920 in Emby is used for secure traffic. Port 8096 is reserved for insecure traffic. My advice would be to only allow secure traffic from the public Internet (Doing this does have some extra steps involved.)

 

 

So you need to:

1. Statically assign or DHCP reserve an internal IP address on your LAN for the Emby server.

2. add the new static IP address to the "Bind to local network address" field in "server dashboard - advanced"

3. If running windows, unblock ports 8096 and 8920 on your system firewall.

4. Open either the insecure or secure port and port forward traffic to the IP of your Emby server

5. Once you have done this you can use what's my IP "http://www.whatsmyip.org/"to determine what your public IP address is.

6. Then use: https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap to confirm that either port 8920 or 8096 is open to the public Internet.  if it is you are done. be careful doing this as some ISPs note that this is not permitted in their contracts. 

 

If you setup using the Insecure method you are done at this point. If you setup using the secure method read on:

 

you need to create/acquire an SSL certificate and add it to your emby server.  there are two options.  create a selfsigned certificate and load it, or pickup a domain that you can request publicly verifiable certificates on. 

to create a selfsigned PFX certificate you can use IIS (in windows) or openssl in Linux. 

 

alternatively you could pickup a domain that you can request publicly trusted SSL certificates for:

good paid solutions are namecheap, google domains.

 

good free solutions are: duckdns. 

NOTE: be careful for other free and paid DDNS solutions as they may not allow you to acquire publicly trusted SSL certificates. 

 

now you need to request a publicly trusted SSL certificate. 

good paid solutions are: namecheap, and comodo.  to get this working you will need to

 

good free solutions are: let's encrypt. 

 

 

Sent from my iPhone using Tapatalk

Im sorry it has taken so long for a reply, i thought i had done so already but it turns out i didn't..... Sorry.

I went to bed that night and when i checked in the morning it worked via 4g! But after another 2 days it seems to have stopped... I have managed to get it connected by two other friends on Monday although i have not asked them again yet. I am yet to try the second port that @@Tur0k mentioned but i am sceptical now since it worked on fine without that on Monday Tuesday until i had to restart the server... 

Link to comment
Share on other sites

@@Luke is probably right here. Secure connections can be a PIA based on the use of a self-signed SSL certificates or publicly trusted SSL certificate chains. Additionally, some smartphones/tablets won't let you connect using self-signed certificates.

 

For the moment let's get this working on port 8096. Unblock port 8096 on your firewall and port forward it to the static or DHCP reserved IP address of your Emby server.

 

Then for the sake of testing disable the Windows firewall on your Emby server (you will need to configure this properly later)

 

Then make sure that:

 

Requires HTTPS for external connections (server dashboard - advanced) is unchecked.

 

Local HTTP port number (server dashboard - advanced) is set to 8096

 

Public HTTP port number (server dashboard - advanced) is set to 8096.

 

Once you have done this you can use what's my IP "http://www.whatsmyip.org/"to determine what your public IP address is.

 

Then use: https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap to confirm that port 8096 is open on your public IP address.

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites

Actually if you read our Connection Troubleshooter, we suggest not to disable Windows Firewall and instead make sure it is configured properly.

Agreed, but testing this would help eliminate it as a possible source of the problem. I have updated my post to note it should be fixed later.

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites

FalsePhoenix

@@Luke is probably right here. Secure connections can be a PIA based on the use of a self-signed SSL certificates or publicly trusted SSL certificate chains. Additionally, some smartphones/tablets won't let you connect using self-signed certificates.

 

For the moment let's get this working on port 8096. Unblock port 8096 on your firewall and port forward it to the static or DHCP reserved IP address of your Emby server.

 

Then for the sake of testing disable the Windows firewall on your Emby server (you will need to configure this properly later)

 

Then make sure that:

 

Requires HTTPS for external connections (server dashboard - advanced) is unchecked.

 

Local HTTP port number (server dashboard - advanced) is set to 8096

 

Public HTTP port number (server dashboard - advanced) is set to 8096.

 

Once you have done this you can use what's my IP "http://www.whatsmyip.org/"to determine what your public IP address is.

 

Then use: https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap to confirm that port 8096 is open on your public IP address.

 

 

Sent from my iPhone using Tapatalk

Okay i haven't had time until today, sorry for making you wait. I have tried disable my firewall, after that i tried to connect from mobile data via my phone and from an exterior network (school) nether connected. I have an internet setup of a modem (Broadband provided) which goes to a second Modem/Router from asus (N66U if i am correct, i would have to check. I do this as it gives me more control + capacity. Anyway i have on both those port forwarding with port 8096 open ( i think) i imagine that seeing as the firewall turning off had no effect it may be due to the network setup i have or i just have mucked up my port forwarding. I shall see if i have done it wrong but i do doubt this. SO i am still kinda stuck in my original hole.

Link to comment
Share on other sites

Please confirm whether you have an ISP provided gateway (this would be a router/firewall device that has multiple LAN network connections, possibly hosts its own wifi and can serve Internet access to more than 1 device in your home) or a modem (1 wan uplink (fiber, POTS (phone), or cable coax) and 1 Local network connection)? Also confirm that this is connected to an Asus N66U router next ?

 

If the ISP provided device is a gateway/router/firewall you have a double NAT situation. This type of configuration needs some additional setup to get the port forward to work.

 

If you are double NATing I would recommend:

1. DHCP reserving (in the ISP gateway management UI) or statically assigning the WAN interface IP address on your ASUS router. Then try one of the following

2. Put the IP address of the ASUS router in the DMZ zone of the ISP gateway. Then see if you can get to your Emby server from the public Internet. This is the cleaner method as you don't have to port forward on two firewall devices.

3. Port forward the Emby ports from the ISP gateway to the IP address assigned to the Asus WAN network interface.

 

 

 

Sent from my iPhone using Tapatalk

Edited by Tur0k
Link to comment
Share on other sites

mastrmind11

Please confirm whether you have an ISP provided gateway (this would be a router/firewall device that has multiple LAN network connections, possibly hosts its own wifi and can serve Internet access to more than 1 device in your home) or a modem (1 wan uplink (fiber, POTS (phone), or cable coax) and 1 Local network connection)? Also confirm that this is connected to an Asus N66U router next ?

 

If the ISP provided device is a gateway/router/firewall you have a double NAT situation. This type of configuration needs some additional setup to get the port forward to work.

 

If you are double NATing I would recommend:

1. DHCP reserving (in the ISP gateway management UI) or statically assigning the WAN interface IP address on your ASUS router. Then try one of the following

2. Put the IP address of the ASUS router in the DMZ zone of the ISP gateway. Then see if you can get to your Emby server from the public Internet. This is the cleaner method as you don't have to port forward on two firewall devices.

3. Port forward the Emby ports from the ISP gateway to the IP address assigned to the Asus WAN network interface.

 

 

 

Sent from my iPhone using Tapatalk

#3 is least complex and simplest to test.  Port forward 8096 to your Asus router, and port forward 8096 on your Asus router to your Emby server IP.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...