Remote connection problem

August 31, 2024

Still not working.

Maybe we'll call it a day, because it's late both for me, and I think for you too.

We can resume if you'd like tomorrow when I get back from work. Maybe I'll give you a remote, to check things.

Thanks a ton for everything!

August 31, 2024

I am somewhat at a loss as there really is only port firewall rules/network type and port forwarding for ports assigned with Emby.

But there is really something off with almost every port showing open on this hardware as I do not think you are running something on every port.

August 31, 2024

1 hour ago, Alexmh said:

Btw to have a better comprehension why you can see all ports opened it's because my DDNS comes from my ISP, it's set up by me on their website. The DDNS is redirecting you to my external IP, not to a specific service that I run locally.

No that's not how that's supposed to work. A DDNS entry just updates the DNS record when your IP changes, but port connections would generally be handled by your gateway firewall (ISP modem/router). It is not supposed to be accepting a connection on every port, it should only be accepting a connection on the ports that you have forwarded, and you can also expose a different port than what your destination actually is, meaning you could expose 7920 but have that go to 8920 on the destination server. Maybe your ISP is doing something weird here but bottom line is it should not accept on every single port, only the ones you open.

August 31, 2024

19 hours ago, Lessaj said:

No that's not how that's supposed to work. A DDNS entry just updates the DNS record when your IP changes, but port connections would generally be handled by your gateway firewall (ISP modem/router). It is not supposed to be accepting a connection on every port, it should only be accepting a connection on the ports that you have forwarded, and you can also expose a different port than what your destination actually is, meaning you could expose 7920 but have that go to 8920 on the destination server. Maybe your ISP is doing something weird here but bottom line is it should not accept on every single port, only the ones you open.

I know how it works and you're right. I'm saying that I've researched this, and absolutely everyone that uses my ISP says that when they activate DDNS and IF I have an IP which doesn't put me on a CGNAT, all the ports are forwarded and the devices can be accessed from outside the network. My ISP just blocks a number of 6 ports as per their documentation. All the other ones are opened. On the other hand, ofc they also need to be opened in the firewall.

P.S.: Hello guys! I'm back from work. Is there someone adventurous enough to take a look under the hood?

Edited August 31, 2024 by Alexmh

August 31, 2024

Sounds like they're doing something weird with double natting, I don't think it's worth using their DDNS service if that's what they end up doing unless it's required for any kind of port forwarding. There's plenty of free alternatives that can handle DDNS.

August 31, 2024

1 minute ago, Lessaj said:

Sounds like they're doing something weird with double natting, I don't think it's worth using their DDNS service if that's what they end up doing unless it's required for any kind of port forwarding. There's plenty of free alternatives that can handle DDNS.

well to be honest, there are, but ... I can't manage to connect even on IP, so DDNS or not it doesn't work at this moment. Also, by using a free alternative, I couldn't probably stream at 100 Mbps bitrate from outside the network So that's a huge loss for me.

August 31, 2024

Maybe something the "Remote MGMT System" on port 80? But is something wonky on this network.

August 31, 2024

7 minutes ago, Alexmh said:

well to be honest, there are, but ... I can't manage to connect even on IP, so DDNS or not it doesn't work at this moment. Also, by using a free alternative, I couldn't probably stream at 100 Mbps bitrate from outside the network So that's a huge loss for me.

No a free alternative has nothing to do with your bandwidth, it's purely for updating the DNS record when your IP changes.

August 31, 2024

2 minutes ago, Lessaj said:

No a free alternative has nothing to do with your bandwidth, it's purely for updating the DNS record when your IP changes.

I thought you were talking about VPN, which some users say it's very slow. Any other alternatives you know? I've tried DuckDNS with no success.

Also, I've also ran Emby from a virtual machine, on a freshly installed Windows.

August 31, 2024

A VPN can definitely reduce speeds but no not what I was talking about. Personally I'm using No-IP for dynamic DNS because I've been using it for probably 15-20 years lol but DynDNS is also popular. My pfsense has a fairly long list of providers to choose from so there's really plenty to choose from. But when you say DuckDNS didn't work, what do you mean? It wasn't able to update the DNS entry? The IP being resolved was wrong?

August 31, 2024

9 minutes ago, Happy2Play said:

Maybe something the "Remote MGMT System" on port 80? But is something wonky on this network.

I didn't exactly caught the question but I don't have anything running on port 80. Also port 80 is forwarded for my outdoor camera, if it has any relevance.

August 31, 2024

1 minute ago, Lessaj said:

A VPN can definitely reduce speeds but no not what I was talking about. Personally I'm using No-IP for dynamic DNS because I've been using it for probably 15-20 years lol but DynDNS is also popular. My pfsense has a fairly long list of providers to choose from so there's really plenty to choose from. But when you say DuckDNS didn't work, what do you mean? It wasn't able to update the DNS entry? The IP being resolved was wrong?

I used no-ip for a long time some years ago, but I needed to keep updating it manually every time the IP changes, and I can't verify it 24/7, and also I don't want to pay extra for another service, just to run a server that I pay for, for electricity that I pay for, through a provider I pay for. If that makes any sense :))

I get either:

OR

image.png.af8be7b735cdabcb80346473199d5b34.png

It's the same as with my ISP's DDNS.

If I do a lookup, it redirects to my IP, my IP is discovered under the DNS. Also I can connect to my outside camera through its assigned port. So my IP is reachable through both DuckDNS and my ISP's DDNS.

August 31, 2024

For No-IP I think you can run an application which will check periodically but since this is handled by my pfsense I don't have any experience with the desktop application updater that I ran many years ago. It should perform a similar check every few minutes. As long as the address resolves to the correct IP then it's working.

Typically you can't use the DDNS address in your internal network unless you create your own DNS entries that resolve to the internal IPs, this is because not all gateways support hair pinning - it's trying to go outside your network because it's resolved an external address, but it's not able to be routed back on itself. I'm not 100% sure if that's what's happening here but I can say with certainty that something is not configured correctly if every port can be opened, but yes only port 80 seems to provide a web page which I guess is the login page of your cameras. Since this is working correctly, what does that configuration look like?

August 31, 2024

30 minutes ago, Alexmh said:

I didn't exactly caught the question but I don't have anything running on port 80. Also port 80 is forwarded for my outdoor camera, if it has any relevance.

Looks like port 80 goes to whatever the "Remote MGMT System" so would think all your DomainName traffic should terminate there.

As the domainname above resolves to your IP address.

image.png.9535f2707091f62cb108a8a02b42629f.png

Edited August 31, 2024 by Happy2Play

August 31, 2024

So if port 80 is forwarded and working have you compared that rule against the Rules created for Emby?

August 31, 2024

4 minutes ago, Lessaj said:

For No-IP I think you can run an application which will check periodically but since this is handled by my pfsense I don't have any experience with the desktop application updater that I ran many years ago. It should perform a similar check every few minutes. As long as the address resolves to the correct IP then it's working.

Typically you can't use the DDNS address in your internal network unless you create your own DNS entries that resolve to the internal IPs, this is because not all gateways support hair pinning - it's trying to go outside your network because it's resolved an external address, but it's not able to be routed back on itself. I'm not 100% sure if that's what's happening here but I can say with certainty that something is not configured correctly if every port can be opened, but yes only port 80 seems to provide a web page which I guess is the login page of your cameras. Since this is working correctly, what does that configuration look like?

My gateway supports it because I used to be able to login from both my IP and DDNS from my computer. I've tried it now from phone outside the network, and it doesn't work.

The configuration of my camera is simple. MAC reservation with IP (same thing I did on my PC for Emby), and forwarded port 80 on that IP. So no different.

I think no-ip from what I last remember, you need to pay to automatically update if I'm not mistaken, otherwise you need to do it manually from the Windows App. I can be mistaken but I will try it too. I don't think it will make a difference because both my DDNSes work from what we've seen. It seems like a port issue to me.

August 31, 2024

7 minutes ago, Happy2Play said:

Looks like port 80 goes to whatever the "Remote MGMT System" so would think all your DomainName traffic should terminate there.

As the domainname above resolves to your IP address.

yes this is my outside security camera. I can access it through port 80 for web interface, and another port for streaming on my phone or PC App.

August 31, 2024

From what I've seen online, in some threads people are talking about the same problem as me. It appeared after an Emby update, but works fine if it's not updated. I haven't tried to install a different version. I need to find again what version they are talking about because I forgot to note it. It's the last resort.

August 31, 2024

But Emby dashboard shows your correct WAN information, correct?

August 31, 2024

10 minutes ago, Happy2Play said:

But Emby dashboard shows your correct WAN information, correct?

Yes, you are correct.

August 31, 2024

Going back to your router port forwarding, you don't have your external port number defined.

There are so many router interfaces and not all of them clearly describe their options. I think external port number is the WAN interface port. The internal port number is the LAN destination port. External source port number should be any. I don't know if for your device that means 0 or empty (no value).

Your map for this port forwarding should be like this:

Client [any IP:any port] <--> WAN IP:7920 <--> LAN IP:7920

Client [any IP:any port] <--> WAN IP:7921 <--> LAN IP:7921

Edit: Client in this case would be "source"

Edited August 31, 2024 by Q-Droid

August 31, 2024

Have you compared the working port forwarding for port 80 to the Emby port forwarding rules?

Minus testing Emby on working port 80 rule I am out really out of ideas.

August 31, 2024

6 minutes ago, Q-Droid said:

Going back to your router port forwarding, you don't have your external port number defined.

There are so many router interfaces and not all of them clearly describe their options. I think external port number is the WAN interface port. The internal port number is the LAN destination port. External source port number should be any. I don't know if for your device that means 0 or empty (no value).

Your map for this port forwarding should be like this:

Client [any IP:any port] <--> WAN IP:7920 <--> LAN IP:7920

Client [any IP:any port] <--> WAN IP:7921 <--> LAN IP:7921

Edit: Client in this case would be "source"

I have the external port number defined right now. That was just my initial setup because if I did define a port, the port checker would say that my port is closed. If I didn't define it it would say opened. However, now it's open in both situations. Although, when I didn't have my extern port defined I could access the server from the local network both from my IP and DDNS, but not from the external network. I still can't access it externally even though I have it defined, and ofc, I can't access it even locally from my WAN IP or DDNS.

Also, both 0 and empty, counts as (no value).

August 31, 2024

9 minutes ago, Happy2Play said:

Have you compared the working port forwarding for port 80 to the Emby port forwarding rules?

Minus testing Emby on working port 80 rule I am out really out of ideas.

I will test it now, I will remove the port from the camera and input it into Emby, but having it on port 80 even if it works, it's not a good solution I think I'll come back with the results.

August 31, 2024

At the moment I can only access what you've defined on port 80, I can no longer connect to any random port like I could yesterday. So however you have the rule defined for port 80 seems to work, and should be mimicked for 7920 and 7921.

Sign In

Remote connection problem

Recommended Posts

Alexmh 2

Happy2Play 9780

Lessaj 467

Alexmh 2

Lessaj 467

Alexmh 2

Happy2Play 9780

Lessaj 467

Alexmh 2

Lessaj 467

Alexmh 2

Alexmh 2

Lessaj 467

Happy2Play 9780

Happy2Play 9780

Alexmh 2

Alexmh 2

Alexmh 2

Happy2Play 9780

Alexmh 2

Q-Droid 989

Happy2Play 9780

Alexmh 2

Alexmh 2

Lessaj 467

Create an account or sign in to comment

Create an account

Sign in

Activity