dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Port forwarding

Fri Jan 31, 2020 2:39 pm

How to redirect connection on raspberry pi from public IP with80 to -> private IP with port 80 on raspberry pi?
I am using DCU no-ip.com

My R PI is connected to my hot spot network mobile. I don't use a router.

klricks
Posts: 7279
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: Port forwarding

Fri Jan 31, 2020 2:53 pm

You can't port forward without a router under your control.
You can't port forward with most mobile broadband ISP's even if you do have a router as most mobile broadband ISP's use CGNAT and don't give you a public IP.

Edit: Correction
Last edited by klricks on Fri Jan 31, 2020 4:48 pm, edited 1 time in total.
Unless specified otherwise my response is based on the latest and fully updated RPiOS Buster w/ Desktop OS.

drgeoff
Posts: 11224
Joined: Wed Jan 25, 2012 6:39 pm

Re: Port forwarding

Fri Jan 31, 2020 3:49 pm

klricks wrote:
Fri Jan 31, 2020 2:53 pm
You can't port forward with most broadband ISP's even if you do have a router as most broadband ISP's use CGNAT and don't give you a public IP.
I think you missed out the word "mobile" (or "cellular" in US parlance) before the two instances of "broadband".
Quis custodiet ipsos custodes?

tpyo kingg
Posts: 900
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Port forwarding

Fri Jan 31, 2020 3:53 pm

Some ISPs offer forwarding and an outside IP address for your mobile device, for a fee. Otherwise, you can set up a reverse tunnel to an outside host and get to your Raspberry Pi via that. Or you can set up whatever you want as an Onion service and get to it that way.

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Fri Jan 31, 2020 7:06 pm

I have checked a firewall status and all ufw firewall rules.
It works fine if I am using internal network with router.
I have checked all open ports for my IP public address: 21, 80, 443, 8080. There are open.
Customer service from ISP company says that they don't block any ports.

Should I check something else? I don't have know a router with sim card slot.

tpyo kingg
Posts: 900
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Port forwarding

Fri Jan 31, 2020 8:40 pm

Are you checking from outside or checking the outside address from within the LAN? If from within the LAN, some routers do not support "NAT hairpinning" like that.

From the actual outside, try from really far away:
https://canyouseeme.org/

Danrancan
Posts: 39
Joined: Wed Jan 15, 2020 4:28 am
Location: Milwaukee, WI, USA
Contact: Website Twitter

Re: Port forwarding

Mon Feb 03, 2020 5:47 am

At the beginning of this post, I immediately suspected that your ISP was blocking your ports since you are connecting directly through your ISP's wifi. However, since we've clarified that your ports 'seem' to be open and your ISP told you they don't block any ports this leaves us to a few ways of navigating this. First of all, ON YOUR RASPBERRY PI, please go to https://www.whatsmyip.org/port-scanner/server/ on your Raspberry pi and run a port scan. Post the results here. Then use Gibson Research's port scanner to "Scan all ports" using shields up. Go here: https://www.grc.com/x/ne.dll?rh1dkyd2 to do so. Post the results or outcome of that.

Now, to get started, having ports unblocked (unfirewalled), is not the same thing as having them forwarded. If your ports are just unblocked and not forwarded, then your ISP's inaccessible router will be able to receive queries from sources on the internet, but it wont know what to do with those queries unless it's ports are all forwarded to your Raspberry pi. In other words, even if your ISP doesn't block your ports with a firewall, they don't necessarily forward them to your raspberry pi either.

Assuming this is the case, then, you really don't have many options other than creating a cloud instance of a router "PFsense or other router packages available on the internet", and tunneling into it as a vpn, then redirecting your open ports from your cloud instance to be forwarded through the VPN tunnel back to your router. All this is a very complicated setup and probably not worth your time unless you have no other options. That being said, I will not go into detail on how to do this unless you express interest and it's your only option.

Another way is to call your isp and asl them to forward the ports for you. I am almost certain you are on a private network, but I could be wrong.

I originally had more pop into my brain, but I lost it from my memory somehow. Lets just start with you posting the portscan results from the two links I posted above. Then we can take it from there.
Nerd-Tech - Exploring Technology, Computers, and Techno…
https://github.com/danrancan
dan@nerd-tech.net
https://nerd-tech.net
https://keybase.io/danran/
My Keybase Invite https://keybase.io/inv/5a35010417/

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Mon Feb 03, 2020 5:50 pm

tpyo kingg wrote:
Fri Jan 31, 2020 8:40 pm
Are you checking from outside or checking the outside address from within the LAN? If from within the LAN, some routers do not support "NAT hairpinning" like that.

From the actual outside, try from really far away:
https://canyouseeme.org/
I have a configuration like this: Smartphone (with broadband internet connection) + Personal Hotspot WiFi <=> Raspberry Pi + DCU Linux no-ip configuration.

I am checking the my service for example X.X.X.X:80 from outside from another internet connection anyway. It doesn't work.
If I am connected to my Personal Hotspot on Smartphone from my second smartphone, I am able to run my website via :80 but I am able to do this only via inside local LAN IP Address; 172.32.20.10:80. It works fine. In this LAN I have a router so this is why it works. A router automatically forward this packet traffic.

https://canyouseeme.org/ shows me that my port 80 is not open. I should use another router with sim slot.
Last edited by dukedude on Mon Feb 03, 2020 9:27 pm, edited 1 time in total.

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Mon Feb 03, 2020 7:43 pm

Danrancan wrote:
Mon Feb 03, 2020 5:47 am
At the beginning of this post, I immediately suspected that your ISP was blocking your ports since you are connecting directly through your ISP's wifi. However, since we've clarified that your ports 'seem' to be open and your ISP told you they don't block any ports this leaves us to a few ways of navigating this. First of all, ON YOUR RASPBERRY PI, please go to https://www.whatsmyip.org/port-scanner/server/ on your Raspberry pi and run a port scan. Post the results here. Then use Gibson Research's port scanner to "Scan all ports" using shields up. Go here: https://www.grc.com/x/ne.dll?rh1dkyd2 to do so. Post the results or outcome of that.

Now, to get started, having ports unblocked (unfirewalled), is not the same thing as having them forwarded. If your ports are just unblocked and not forwarded, then your ISP's inaccessible router will be able to receive queries from sources on the internet, but it wont know what to do with those queries unless it's ports are all forwarded to your Raspberry pi. In other words, even if your ISP doesn't block your ports with a firewall, they don't necessarily forward them to your raspberry pi either.

Assuming this is the case, then, you really don't have many options other than creating a cloud instance of a router "PFsense or other router packages available on the internet", and tunneling into it as a vpn, then redirecting your open ports from your cloud instance to be forwarded through the VPN tunnel back to your router. All this is a very complicated setup and probably not worth your time unless you have no other options. That being said, I will not go into detail on how to do this unless you express interest and it's your only option.

Another way is to call your isp and asl them to forward the ports for you. I am almost certain you are on a private network, but I could be wrong.

I originally had more pop into my brain, but I lost it from my memory somehow. Lets just start with you posting the portscan results from the two links I posted above. Then we can take it from there.
Yes, but is one thing. My smartphone can forward packet in the LAN (inside) but I can't forward packet from outside to inside so it is NAT. Yes, I am sure know that I have to use another router with sim card and set up a forwarding. Would pfsense run on a raspberry pi4?

The first link https://www.whatsmyip.org/port-scanner/server/ on your Raspberry doesn't work on my Raspberry Pi, I don't why.
The second link doesn't work too. there is an information:
"Browser Reload Suppressed
For your security, your web browser's "reload"
function has been temporarily disabled"

tpyo kingg
Posts: 900
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Port forwarding

Mon Feb 03, 2020 7:51 pm

What do the instructions say about whether your "Personal Hotspot" software can do forwarding from outside? How many layers of NAT are you behind when using the "Personal Hotspot" for a connection? You might have to contact the ISP for a different service subscription to get ports forwarded, if they have many layers of NAT.

klricks
Posts: 7279
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: Port forwarding

Mon Feb 03, 2020 8:37 pm

What does this show:

Code: Select all

traceroute 8.8.8.8
If any of the hops other than the 1st one (your router) are in the private IP ranges then that is a problem.
Unless specified otherwise my response is based on the latest and fully updated RPiOS Buster w/ Desktop OS.

DarrenHill
Posts: 265
Joined: Fri Oct 03, 2014 3:03 pm

Re: Port forwarding

Mon Feb 03, 2020 9:32 pm

Also if you forward external port 8080 to internal port 80 on your Pi (or whatever is hosting the website) and then connect to x.x.x.x:8080 from outside (x.x.x.x being the public internet facing IP address of your router) do you see the page?

Some ISPs block port 80 (amongst others) for either security or "let's suck as much money out of our punters as possible" reasons.

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Tue Feb 04, 2020 5:30 pm

DarrenHill wrote:
Mon Feb 03, 2020 9:32 pm
Also if you forward external port 8080 to internal port 80 on your Pi (or whatever is hosting the website) and then connect to x.x.x.x:8080 from outside (x.x.x.x being the public internet facing IP address of your router) do you see the page?

Some ISPs block port 80 (amongst others) for either security or "let's suck as much money out of our punters as possible" reasons.
I don't have now a router so I can't forward external port 8080 to internal port 80 on my Pi. I am doing this project now only where my smartphone is a Access Point; Personal Hotspot.

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Sun Feb 09, 2020 9:03 am

I have received a router. I have tested all options and features and I can't do this.
I have to buy a special service from ISP for a static IP and I have to buy a special VPN service.
My prepaid sim my card can't handle it anyway even as I am using www.noip.com. I have tested with DDNS account and a Virtual Server feature on my new router.

Do you have any other ideas how to connect to my website server or a camera livestream outside the home network? :ugeek:

tpyo kingg
Posts: 900
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Port forwarding

Sun Feb 09, 2020 9:09 am

That leaves two options. One is slow. The other costs.

You can do NAT punching by setting it up as an Onion service. It'll be slow to connect to but then it won't matter where or how you connect it.

You can rent a low-cost VPS for a few EUR per month and set it up with a reverse tunnel using OpenSSH or your own VPN using OpenVPN.

dukedude
Posts: 27
Joined: Fri Oct 25, 2019 6:13 pm

Re: Port forwarding

Sun Feb 09, 2020 11:48 am

tpyo kingg wrote:
Sun Feb 09, 2020 9:09 am
That leaves two options. One is slow. The other costs.

You can do NAT punching by setting it up as an Onion service. It'll be slow to connect to but then it won't matter where or how you connect it.

You can rent a low-cost VPS for a few EUR per month and set it up with a reverse tunnel using OpenSSH or your own VPN using OpenVPN.
Will onion service be suitable for camera livestream?

tpyo kingg
Posts: 900
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: Port forwarding

Sun Feb 09, 2020 1:59 pm

Though it is easy to set up, the subjective speed as an onion service would depend on the resolution+frame rate+individual connection at that moment. It would have a lot of latency and often at least one slow node in the connection, so the short answer would be that it would leave a lot to be desired for high-bandwidth.

For higher bandwidth and less latency you might consider renting a VPS and setting up your own VPN or else a reverse tunnel. However, tunneling TCP over TCP is less than a perfect situation as well.

Out of curiosity what would have been the price your ISP wanted for a direct connection to your device?

phineyboy
Posts: 24
Joined: Sun Dec 21, 2014 1:54 am

Re: Port forwarding

Wed Feb 12, 2020 11:10 am

you can try using a free service like remote.it or dataplicity. I have OpenVPN on my pi and I use remote.it (free) to access it from anywhere without port forwarding and no static IP from my ISP either. Check here for links to all free solutions https://www.raspberrypi.org/documentati ... /README.md

Return to “Networking and servers”