Jump to content
RESET Forums (homeservershow.com)
st3lvio

Remote Access Router Config Fails - Help

Recommended Posts

ikon

Thanks again doc.

But my settings are identical to the pic above. I even went as far as disconnecting my Workstation (where I configure my router) from my network when attempting the WHS remote setting page - thinking it may be a Windows firewall issue. I get the router failed picture as I posted above. I've tried this several times and after many reboots as well. All, before posting here asking for help. My homeserver domain gets approved and logging into my windows live account I find this:

 

2nir3hh.jpg

 

Pending DNS config. - I'm guessing when it can ping my server from outside my network I'll be good to go.

So next (which I setup a month ago on WHSv1 - and it still failed to connect) is to reassign ports 443 and 4125 to alternative ports.

 

Thanks for your help.

If Cox is blocking port 80 that config won't work. You need to change the top entry from 80 to something like 8080 or 8888 or whatever. Then, from outside, you would have to add the 8080 or 8888 to the end of the server name: e.g. http://myserver:8080

Share this post


Link to post
Share on other sites
pcdoc

Actually you do not need Port 80 at all. If you ISP is blocking port 80 then just access the site using https:\\somehting.homeserver.com. Port 80 setting is only used to redirect to the secure site.

Share this post


Link to post
Share on other sites
ikon

Actually you do not need Port 80 at all. If you ISP is blocking port 80 then just access the site using https:\\somehting.homeserver.com. Port 80 setting is only used to redirect to the secure site.

if you're accessing the inbuilt secure whs site, yep. I was kinda trying to point out how you would set up the router if you wanted to have a family/friends/public website and post links on the web or in emails when your isp blocks port 80; apologies for not being clearer.

Share this post


Link to post
Share on other sites
Jason

I am unable to get my ports forwarded properly for WHS Remote Web Access.

I am able to configure my https://SERVER.homeserver.com name through ok (But can't access it over the internet)

I can RDP into my server from my client just fine.

The server does get out to the internet on it's own (through IE just fine). So I'm at a loss here.

I have configured port forwarding correctly as outlined here.

Easy enough, I've done this before. But No Go.

I have a new D-Link DIR-655 revB and updated to the latest firmware (dir655_revB_FW_201NA). I couldn't get it to connect with it's original firmware either. My ISP is Cox and they do block port 80 (HTTP) but WHS uses HTTPS on port 443, which Cox has told me they do not block.

I'm using this port cheecker tool which is telling me:

External IP Address: XX.X.XX.X (shows my home IP fine)

Ping Result: "We were not able to ping your router"

Port Check Result: "Your port is NOT OPEN or not reachable!"

 

I have tried a number of firewall settings, but nothing seems to work. So, what should I look for now - and how?

 

Thanks

 

Hi - I was wondering if and how you ever resolved your issue as I too am experiencing the exact same issue. And, here, I thought I was alone. I did post my symptoms on another forum, but they're probably more relevant here. Any resolution would be much appreciated:

 

I was hoping another fellow pfsense admin could assist me with a peculiar issue. My ISP modem is a SB6120 (Docsis 3.0) with the pfsense router box behind it.

 

- I have a LAN and WAN interface setup under pfsense 2.0 (release).

- There are two unique ports on a dual NIC card (LAN and WAN)

- My WAN interface is using DHCP to obtain its internet IP from my ISP.

- My LAN interface has an IP of 192.168.0.1 and is issuing internal IP addresses via DHCP.

- My WHS2011 box is assigned a static DHCP lease of 192.168.0.100

- ALL PCs on the LAN can access the internet without issue

- http://whatismyip.com returns the correct internet IP address from any PC

- I've confirmed that I have ports 80 and 443 (only 443 required for HTTPS) forwarded on pfsense to 192.168.0.100 and can access the box via https://xxxx.dyndns.org.

 

Here's the issue:

- since the SSL certificate that WHS2011 issues corresponds with https://xxxx.homeserver.com, I get a certificate authenticity error (by design)

- when I go thru the process to obtain a free WHS live domain and SSL the process works fine

- but the NSLOOKUP for the xxxx.homeserver.com address returns nothing as if the domain doesn't even exist.

- it doesn't appear that my WHS box (LAN IP: 192.168.0.100) is registering it's internet/WAN IP with the domain service as it's supposed to

- no matter how many times I do a turn on/off, repair, release domain, apply for a new free domain, etc. the same result (at least it's consistent)

- if I ping xxxx.homeserver.com, it will return 192.168.0.100 on my LAN

 

I am losing my mind trying to figure out why pfsense might be blocking my WHS2011 server from returning it's internet IP to the microsoft live domain registration server.

Share this post


Link to post
Share on other sites
jmwills

Not necessarily a ping but a trace route will confirm if any ports or firewalls are getting in the way.

Share this post


Link to post
Share on other sites
st3lvio

@Jason

 

I have no experience with pfsense. Since my ISP (Cox) does block port 80 and they certainly must block homeserver.com as well (port 443 for https did not work) I ended up changing it to port 9090 or something like that. I still get the error is the dashboard, but I can connect to my server's web site (www.server.homeserver.com:9090)

Edited by st3lvio

Share this post


Link to post
Share on other sites
jmwills

Did you bind port 9090 to the web site in IIS?

Share this post


Link to post
Share on other sites
dvn

 

 

Here's the issue:

- since the SSL certificate that WHS2011 issues corresponds with https://xxxx.homeserver.com, I get a certificate authenticity error (by design)

- when I go thru the process to obtain a free WHS live domain and SSL the process works fine

- but the NSLOOKUP for the xxxx.homeserver.com address returns nothing as if the domain doesn't even exist.

- it doesn't appear that my WHS box (LAN IP: 192.168.0.100) is registering it's internet/WAN IP with the domain service as it's supposed to

- no matter how many times I do a turn on/off, repair, release domain, apply for a new free domain, etc. the same result (at least it's consistent)

- if I ping xxxx.homeserver.com, it will return 192.168.0.100 on my LAN

 

I am losing my mind trying to figure out why pfsense might be blocking my WHS2011 server from returning it's internet IP to the microsoft live domain registration server.

If I recall correctly, there were times I was not able to ping my server for a number of hours (?) after acquiring a MS home server domain. I'm pretty about this. I also remember that the next day, I could. I wonder if anyone else has seen this.

Share this post


Link to post
Share on other sites
Jason

OK - I have confirmed that my ISP (also Cox) is blocking port 80. However I've confirmed I have port 443 open (and not blocked) as I can still https://xxxx.dyndns.org and hit the Homeserver Remote Access page. Though the SSL script error occurs. I am able to obtain a customer homeserver.com domain, only it doesn't appear that the dynamic dns updater that's built into WHS 2011 is able to report back out over the internet to the homeserver.com server to register my internet IP address with the xxxx.homeserver.com domain I've selected. I am not familiar with how to run tracert so any suggestions on how to trace through this issue would be appreciated.

 

I have a motorola docsis 3.0 SB6120 modem in front of my router and don't believe my modem is doing any NAT.

 

if I do a: tracert mydomain.homeserver.com, it stops at 192.168.0.100 which is the internal IP of the same machine I'm doing the tracert command from.

 

If I do a: tracert for random.homeserver.com, it will do several hops until it times out which appears to indicate there isn't anything on my router preventing it from communicating outward.

Edited by Jason

Share this post


Link to post
Share on other sites
ikon

I don't believe you can tracert to a server on your LAN from a computer that's also on your LAN. Well, you can, but it won't tell you anything of value because it will never leave your own network. You need to run tracert from a computer outside your LAN (http://network-tools.com/), or get a friend (one of us?) to do it. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...