drpickles 1 Posted 21 hours ago Posted 21 hours ago First off, I'm sorry if this has been answered 15,000 times but I am at a loss. I moved recently and before I moved I could sign into my emby server outside of my LAN. After moving, my LAN server still works but I can no longer access my server via WAN. My server is on a Windows computer with the LAN IP reserved on the DHCP list on my router and is port forwarded . I know that my WAN IP has changed but I didn't think that would affect anything. Any help is greatly appreciated!!!
drpickles 1 Posted 20 hours ago Author Posted 20 hours ago 10 minutes ago, darkassassin07 said: https://chuck.is/cgnat/ I don't think that is the case. The only thing that has changed is my WAN IP address which is not in any private address ranges and correlates with the area I now live in.
darkassassin07 658 Posted 19 hours ago Posted 19 hours ago https://whatismyipaddress.com/ Does the IP displayed here, match the WAN IP shown in your routers management page? If not, there's something in between, typically cgnat. https://portchecker.co/check-v0 If the IPs do match, does this show the port you want as open? (8096, 443, or whichever you've chosen) If not; there's likely a misconfigured port forward (Could be the LAN IP isn't actually static like you expect; some devices spoof their MAC by default, and this can annoyingly change with updates.) or potentially your ISP is blocking the port you want. (I can't host on port 80 for example, doesn't get past the ISP) 1
drpickles 1 Posted 7 hours ago Author Posted 7 hours ago 12 hours ago, darkassassin07 said: https://whatismyipaddress.com/ Does the IP displayed here, match the WAN IP shown in your routers management page? If not, there's something in between, typically cgnat. https://portchecker.co/check-v0 If the IPs do match, does this show the port you want as open? (8096, 443, or whichever you've chosen) If not; there's likely a misconfigured port forward (Could be the LAN IP isn't actually static like you expect; some devices spoof their MAC by default, and this can annoyingly change with updates.) or potentially your ISP is blocking the port you want. (I can't host on port 80 for example, doesn't get past the ISP) The IP matches the WAN IP for my emby server so I don't think it's a CGNAT. The Port checker says my WAN IP port is closed though so there's something wrong with that. I tried assigning a different port to the WAN IP server and forwarded that in my Router but that didn't work either. I tried assigning and forwarding 3 different ports but they all say it's closed. I don't know how to proceed.
Q-Droid 992 Posted 7 hours ago Posted 7 hours ago Make sure it matches the WAN IP of your router, not your server. This is because the server is getting the same information you did from the site. You want to make sure the WAN interface on your router also has the same IP. Otherwise it's double-NAT or CGNAT. 1
drpickles 1 Posted 7 hours ago Author Posted 7 hours ago (edited) 18 minutes ago, Q-Droid said: Make sure it matches the WAN IP of your router, not your server. This is because the server is getting the same information you did from the site. You want to make sure the WAN interface on your router also has the same IP. Otherwise it's double-NAT or CGNAT. I'm not sure if this is what you mean but when I look at my router management page and locate my device hosting my emby server, it has the same WAN IP as the IP checker whether it is checked from my computer or from the device itself. Edit: it does not have the WAN IP but the LAN IP on my router management page. Hang on I'm trying to figure things out. Edited 7 hours ago by drpickles
drpickles 1 Posted 6 hours ago Author Posted 6 hours ago I'm not sure if any of this will help indicate my issue.
darkassassin07 658 Posted 6 hours ago Posted 6 hours ago 16 minutes ago, drpickles said: I'm not sure if any of this will help indicate my issue. In the first image, it appears you are forwarding port 49494 to your WAN IP, this should be the servers LAN IP. You are also forwarding 8096 to your servers LAN IP, which directly exposes the HTTP port to the internet. Not a good idea generally, though this should at least show port 8096 as open in the port checking tool I provided earlier. (check if that's true. If not, again I suspect either cgnat or isp blocking) The second image looks like a filter list; defined by name. But the forwards above them are set to 'allow all', not referencing those filter names. (you shouldn't need filters unless you're trying to restrict connectionw to a specific remote IP, just ignore the filters for now) Based on the port 49494 in the third image, I assume you have a reverse proxy on that port, handling HTTPS and proxying to 8096? Is the proxy running and correctly accepting connections on its lan ip+port? You still have not shown/said you found your WAN IP as your router sees it. Look for connection details for the WAN interface of your routers management page. Should be somewhere under 'status' or similar. An example from mine: status > wan (you want the blue circle)
darkassassin07 658 Posted 5 hours ago Posted 5 hours ago (edited) That's the configuration for the WAN interface, but doesn't seem show the current connection status. Perhaps it's on the dashboard somewhere? I hate ISP provided routers/gateways; they make things so difficult to find/configure sometimes. It's not just you, these things suck. Did 8096 show up as open in the port check? Edited 5 hours ago by darkassassin07
drpickles 1 Posted 5 hours ago Author Posted 5 hours ago 1 minute ago, darkassassin07 said: That's the configuration for the WAN interface, but doesn't seem show the current connection status. Perhaps it's on the dashboard somewhere? I hate ISP provided routers/gateways; they make things so difficult to find/configure sometimes. It's not just you, these things suck. this?
darkassassin07 658 Posted 5 hours ago Posted 5 hours ago Yup, your router is seeing this as your WAN ip. You are behind CGNAT and will have to look for a solution around that. You cannot forward ports. I don't have a whole lot of advice for that as I've not had to deal with it myself. I know cloudflare tunnels is a popular method, but hopefully someone else with experience there can chime in too. @GrimReapermaybe? 2
Neminem 1535 Posted 5 hours ago Posted 5 hours ago 8 minutes ago, darkassassin07 said: Yup, your router is seeing this as your WAN ip. You are behind CGNAT and will have to look for a solution around that. You cannot forward ports. I don't have a whole lot of advice for that as I've not had to deal with it myself. @drpicklesI would call the ISP and ask for a Static IP ( It might cost you a few extra $ ) but well worth it. 2
Neminem 1535 Posted 5 hours ago Posted 5 hours ago 44 minutes ago, darkassassin07 said: Your router is do for a restart been running for almost a year. 1
darkassassin07 658 Posted 5 hours ago Posted 5 hours ago 1 minute ago, Neminem said: Your router is do for a restart been running for almost a year. Lol, I'm also running 6 year old firmware. I should probably get off my butt and do something about that... I just really don't like touching core infrastructure if it's working fine. 1
Neminem 1535 Posted 5 hours ago Posted 5 hours ago (edited) I see your point But there might be some security updates to the FW too. Edit. And as always with new FW, something breaks Edited 5 hours ago by Neminem 1
GrimReaper 4765 Posted 4 hours ago Posted 4 hours ago 1 hour ago, darkassassin07 said: Yup, your router is seeing this as your WAN ip. You are behind CGNAT and will have to look for a solution around that. You cannot forward ports. I don't have a whole lot of advice for that as I've not had to deal with it myself. I know cloudflare tunnels is a popular method, but hopefully someone else with experience there can chime in too. @GrimReapermaybe? 51 minutes ago, Neminem said: @drpicklesI would call the ISP and ask for a Static IP ( It might cost you a few extra $ ) but well worth it. That would be most hassle-free/streamlined solution. Otherwise, something like Tailscale, ZeroTier or some other solution of OP's preference. 1
Lessaj 467 Posted 2 hours ago Posted 2 hours ago Hi, I'm not entirely sure that you're behind CGNAT if your external IP starts with 75. It looks to me like the MSI router is showing the IP address being handed out to it from your ISP gateway. Did you get a new ISP gateway when you moved? Is it in bridge mode or router mode? If it's in router mode you'll have to port forward on there first to the router, then your port forward rules on the router would go to your server
drpickles 1 Posted 2 hours ago Author Posted 2 hours ago 14 minutes ago, Lessaj said: Hi, I'm not entirely sure that you're behind CGNAT if your external IP starts with 75. It looks to me like the MSI router is showing the IP address being handed out to it from your ISP gateway. Did you get a new ISP gateway when you moved? Is it in bridge mode or router mode? If it's in router mode you'll have to port forward on there first to the router, then your port forward rules on the router would go to your server Yes I switched from Spectrum to ATT and got a new gateway. I looked to see how I can put it in bridge mode. I'm not sure if I did this correctly. I'm guessing it's not the solution because I still cannot access my WAN emby server. I put the MAC address of my MSI router in the redacted part. Not sure if this is safe to give out or not.
Lessaj 467 Posted 2 hours ago Posted 2 hours ago (edited) Okay you switched ISPs so that defnitely changes things. From what I can tell from the help on the side you've likely done it correctly, though you should see the router in the drop down menu which is more friendly than using the MAC address. MAC addresses are pretty safe to share, they contain some information about the manufacturer of the NIC but aren't really routable - layer 2 switches would use MAC addresses. I would recommend contacting your ISP to ask. P.S. You can use win+shift+s to take more manageable screenshots. Edited 2 hours ago by Lessaj
drpickles 1 Posted 1 hour ago Author Posted 1 hour ago 35 minutes ago, Lessaj said: Okay you switched ISPs so that defnitely changes things. From what I can tell from the help on the side you've likely done it correctly, though you should see the router in the drop down menu which is more friendly than using the MAC address. MAC addresses are pretty safe to share, they contain some information about the manufacturer of the NIC but aren't really routable - layer 2 switches would use MAC addresses. I would recommend contacting your ISP to ask. Yeah I did the drop down menu and it just puts it in the window. Still doesn't work but I think we were on the right track.
Q-Droid 992 Posted 1 hour ago Posted 1 hour ago For what it's worth you don't need to use DHCP-fixed for passthrough. You can use DHCP-dynamic without needing additional details as long as you only have one device, your router, connected to the AT&T gateway LAN ports. Also restart gateway and router after you make the changes. 1
Lessaj 467 Posted 1 hour ago Posted 1 hour ago Yes the change may not apply right away, a recycle of the device(s) or at the very least an interface release/renew is a good idea. I think you should see your actual external IP on the MSI router afterwards. I think this method is the same thing as what my ISP gateway calls DMZ, I can only assign a single device to be in the DMZ which would work for my WAN interface on pfSense but I have a second interface that I also use so that would still need to have port fowarding rules and be double NAT. I don't think there' any measurable performance trade off to run it in router mode either way.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now