Need help in port forwarding (Airtel Xstream with Static IP)

[napstersquest]

Recently got the static IP from Airtel Xstream on the 200Mb/s plan.

Today I set up my first NAS, installed openmediavault and was ready to configure the port forwarding for portainer, ssh, openmediavault web interface and plex so that I can access them from outside my home. I plan to host another homeassistant instance inside a VM/on a raspberry pi for the smart home stuff as well. Main reason for the static IP.

The router that Airtel provided me is AOT-4221SR from vendor Sercomm. The range is great so not looking to put this in bridge mode for now.

The OMV server is connected by cable to a Tplink Archer C80 which is in AP mode.

I tried to enable port forwarding like this:

SSL is enabled on the OMV server. https via local network works. SSH inside the local network also works.

But when I try to access the OMV server via the internet, it times out. No connection.
Putting the static IP I have got into the address bar just opens up the Airtel Router management page (same that opens at 192.168.1.1)


Enabling DMZ like this however enables me to access the OMV web interface on my static IP. No SSH over the internet though.

XX is the actual LAN IP of OMV server.

Am I missing something?

Adding other config pages for reference:

Here I am unable to tick any of the boxes:

 

[superczar]

Recently got the static IP from Airtel Xstream on the 200Mb/s plan.

Today I set up my first NAS, installed openmediavault and was ready to configure the port forwarding for portainer, ssh, openmediavault web interface and plex so that I can access them from outside my home. I plan to host another homeassistant instance inside a VM/on a raspberry pi for the smart home stuff as well. Main reason for the static IP.

The router that Airtel provided me is AOT-4221SR from vendor Sercomm. The range is great so not looking to put this in bridge mode for now.

The OMV server is connected by cable to a Tplink Archer C80 which is in AP mode.

I tried to enable port forwarding like this:
View attachment 137136
SSL is enabled on the OMV server. https via local network works. SSH inside the local network also works.

But when I try to access the OMV server via the internet, it times out. No connection.
Putting the static IP I have got into the address bar just opens up the Airtel Router management page (same that opens at 192.168.1.1)


Enabling DMZ like this however enables me to access the OMV web interface on my static IP. No SSH over the internet though.

View attachment 137138
XX is the actual LAN IP of OMV server.

Am I missing something?

Adding other config pages for reference:
View attachment 137140
View attachment 137141


Here I am unable to tick any of the boxes:
View attachment 137142
View attachment 137143

I am presuming this was by design - and not accidental.
You have port mapped 8022 on wan side to port 22 on lan side (and similarly 8080->443)

I am presuming that while trying to ssh, you are using "-p 8022 "flag as well?

 

[napstersquest]

I am presuming that while trying to ssh, you are using "-p 8022 "flag as well?

Yes. Same for the web panel. Nothing doing

 

[superczar]

Yes. Same for the web panel. Nothing doing

I have the same router - but its working in bridge mode so port forwarding is not really an issue (and also not an ISP constraint)
However, at least i can confirm that Airtel static IP mode has no issues with port forwarding and The solution likely lies within the rather non user friendly interface of the router itself .

Perhaps try a straight-through forward to test first? i.e. 22->22

 

[napstersquest]

I have the same router - but its working in bridge mode so port forwarding is not really an issue (and also not an ISP constraint)
However, at least i can confirm that Airtel static IP mode has no issues with port forwarding and The solution likely lies within the rather non user friendly interface of the router itself .

Perhaps try a straight-through forward to test first? i.e. 22->22

Okay thank you. Is your DMZ on the second router on?

just setting 80->80 I expected not to work, because the static IP was showing the airtel router management page on trying to access the web panel, hence I tried 8080

 

[superczar]

Okay thank you. Is your DMZ on the second router on?

just setting 80->80 I expected not to work, because the static IP was showing the airtel router management page on trying to access the web panel, hence I tried 8080

no DMZ needed.
The primary router (non airtel) does the pppoe to Airtel server
The Sercomm router is in dumb bridged mode doing the gpon-> cat6 conversion


The port forwards are defined as normal on the primary router
Also, fwiw, port 80 is forwarded to a webserver on the LAN (in addition to the other port forwards)

 

[napstersquest]

no DMZ needed.
The primary router (non airtel) does the pppoe to Airtel server
The Sercomm router is in dumb bridged mode doing the gpon-> cat6 conversion


The port forwards are defined as normal on the primary router

Well I can't have the same setup as the Tplink router (which I am using as an AP to connect multiple devices in my bedroom including the server) won't be able to provide enough coverage to the whole house.

Having a static IP, I see that the connection type isn't pppoe for me, it is static. See Network -> WAN config.

I could replicate your config using the same settings that are on my airtel router, but as I said, I would have to purchase one more router for it I guess.

 

[superczar]

Well I can't have the same setup as the Tplink router (which I am using as an AP to connect multiple devices in my bedroom including the server) won't be able to provide enough coverage to the whole house.

Having a static IP, I see that the connection type isn't pppoe for me, it is static. See Network -> WAN config.

View attachment 137145

I could replicate your config using the same settings that are on my airtel router, but as I said, I would have to purchase one more router for it I guess.

you are right - mine is also configured as static.
With a static IP, you can also fwd port 80 and 443 which are otherwise blocked from back end for dynamic pppoe.

This is how its configured for me:

 

[gwrench2000]

I am not familiar with this airtel router, but please check and verify that DMZ works correctly first.

It is strange (refer to attachment) that web access works but not ssh when enabling DMZ. This is not the expected behaviour and DMZ should forward **all** ports to the configured client. (OMV)

Suggest you fault-find and get DMZ working properly first. DMZ is only a temporary and (dirty) fix for testing.

 

[napstersquest]

DMZ isn't working now either (for anything)
Trying bridge mode now.

Edit: Bridge mode wasn't working, turns out I have to call them to enable it on a port of my router, as per a few posts on brondbandforum.
Before doing that, I think I will drop a mail to net@airtel.com about port forwarding.


Quick question, will I be able to use the landline anyhow while using bridge mode?

 

[superczar]

DMZ isn't working now either (for anything)
Trying bridge mode now.

Edit: Bridge mode wasn't working, turns out I have to call them to enable it on a port of my router, as per a few posts on brondbandforum.
Before doing that, I think I will drop a mail to net@airtel.com about port forwarding.


Quick question, will I be able to use the landline anyhow while using bridge mode?

yes, landline works in bridge mode as well.

The landline configuration is a separate connection stream on the router. Just note down the settings as it currently exists and replicate the same after you are done configuring the Internet stream

 

[napstersquest]

Another update on the situation.
Since the static IP config changes that the 'network engineer' made on my router, the landline wasn't working.

I told him about the missing config for the voice channel in the WAN settings, he had no idea what I was talking about.

I raised a request through the Thanks app, called him again, he assigned it to himself.
Called me to reset the router to factory settings. The old pppoe for internet and voice settings came back, I changed the Internet settings from pppoe to static IP and internet (and landline) works again.

I just wish every ISP had at least one knowledgeable person in every region/locale.

Now I told him about port forwarding, let's see.


Edit 8:34PM:


Now this is super dumb (I don't know if on my part or on how it works).

So it seems all the port forwarding was working from the beginning.

Basically I tried to access home assistance instance (port 8123) on my static IP (after port forwarding) with mobile data (Not WiFi) and it works.
port 80 still points to the airtel router web panel, but the rest of the ports seem to work.

But if I am on the WiFi and try to access via http(s)://<Static IP> then it does not work (connection times out).

I have changed the LAN DNS to a pihole instance and WAN DNS to googledns by the way. Before and after behaviour is the same about above.
@superczar can you please verify if you can access http(s)://<Static IP>:<WAN Port> from inside your LAN as well as via internet? I am able to access it over SIM network, but not when I am on same network.

<LAN IP>:<LAN Port> works fine though on local network.
You have been very helpful so far. Thank you

 

[superczar]

Another update on the situation.
Since the static IP config changes that the 'network engineer' made on my router, the landline wasn't working.

I told him about the missing config for the voice channel in the WAN settings, he had no idea what I was talking about.

I raised a request through the Thanks app, called him again, he assigned it to himself.
Called me to reset the router to factory settings. The old pppoe for internet and voice settings came back, I changed the Internet settings from pppoe to static IP and internet (and landline) works again.

I just wish every ISP had at least one knowledgeable person in every region/locale.

Now I told him about port forwarding, let's see.


Edit 8:34PM:


Now this is super dumb (I don't know if on my part or on how it works).

So it seems all the port forwarding was working from the beginning.

Basically I tried to access home assistance instance (port 8123) on my static IP (after port forwarding) with mobile data (Not WiFi) and it works.
port 80 still points to the airtel router web panel, but the rest of the ports seem to work.

But if I am on the WiFi and try to access via http(s)://<Static IP> then it does not work (connection times out).

I have changed the LAN DNS to a pihole instance and WAN DNS to googledns by the way. Before and after behaviour is the same about above.
@superczar can you please verify if you can access http(s)://<Static IP>:<WAN Port> from inside your LAN as well as via internet? I am able to access it over SIM network, but not when I am on same network.

<LAN IP>:<LAN Port> works fine though on local network.
You have been very helpful so far. Thank you

Don’t fret. Happens to the best of us …
Port forward initial tests have to be always done from a separate connection, usually phone data

Incidentally My primary use case for static ip was also home assistant and the ability to forward port 443 (Alexa and google home don’t work if you use any other port)

And yes, local access over Wlan required me to do a dns host mapping.
So 123.xyz.org (my wan side url mapped to my static ip via duckdns) works as expected when outside network.

On lan side, I have a static host mapping for 123.xyz .org to 192.168.5.64 (local ha instance)

 

[napstersquest]

Port forward initial tests have to be always done from a separate connection, usually phone data

Now will never forget!

And yes, local access over Wlan required me to do a dns host mapping.

On lan side, I have a static host mapping for 123.xyz .org to 192.168.5.64 (local ha instance)

I am beginning to understand now.
So basically if I have two servers (one for hass, one for OMV), I will create two domains on duckdns
hass123.xyz.org --> <My Static IP>
omv123.xyz.org --> <My Static IP>

And then on adguard instance (which I use for DNS on local server), two static host mappings:
hass123.xyz.org --> hass local IP
omv123.xyz.org --> OMV local IP

ports for both will be different of course, and will not try hostname of one with port of other so everything should work.
Thanks once again.

EDIT: IT WORKS!! THANK YOU SO MUCH!

 

[napstersquest]

Another update on this topic:
This is regarding the specific router I got with Airtel Xstrem fiber connection (seems everyone is getting the same now)
There's a limit of 8 for port forwarding rules. You can't add more than 8, 9th one won't apply.
Router in question is: Sercomm AOT-4221SR.
Video for how it looks:

If you are planning to use your own router by setting the ONT in bridge mode, this is a good one. Bridge mode works without having to contact Airtel support (as per a post on broadbandforums) and almost everything is unlocked. Range is good too.


If you don't want to use your own router and need more than 8 port forwarding rules, it's a bummer.

 

[lockhrt999]

If you don't want to use your own router and need more than 8 port forwarding rules, it's a bummer.

I'd suggest you to use nginx reverse proxy manager. It'll make managing SSL, assigning ports to different services stupid simple. Plus you won't have to rely on security of the individual services as many homelab apps aren't hardened. With a reverse proxy you can encapsulate your whole server. You can add as many new containers as you'd like and not have to worry about the limitations of the router.

Also it's easier if you add an A record with '*' in the dns and do all the mapping like hass123.xyz.org inside the reverse proxy.

 

[TheBark]

Anyone got the latest gigabit router? Even though I have a static IP. I can’t seem to forward 443 - not sure what it’s being used for.

 

[superczar]

Anyone got the latest gigabit router? Even though I have a static IP. I can’t seem to forward 443 - not sure what it’s being used for.

443 forwarding works fine for me. That was my primary reason to getstatic ip anyway

 

[TheBark]

443 forwarding works fine for me. That was my primary reason to getstatic ip anyway

What modem do you have?

 

[napstersquest]

Anyone got the latest gigabit router? Even though I have a static IP. I can’t seem to forward 443 - not sure what it’s being used for.

443 works fine for me as well. Dragonpath modem in bridge mode + TPLink Archer C80 as main router. Was working with Nokia router as well. Just that mine had firmware issues and was rebooting randomly, so they gave me the Dragonpath router. Only caveat with it, is that it only has 2 LAN ports (not a dealbreaker for me as I am using it in bridge mode anyway)

Now will never forget!



I am beginning to understand now.
So basically if I have two servers (one for hass, one for OMV), I will create two domains on duckdns
hass123.xyz.org --> <My Static IP>
omv123.xyz.org --> <My Static IP>

And then on adguard instance (which I use for DNS on local server), two static host mappings:
hass123.xyz.org --> hass local IP
omv123.xyz.org --> OMV local IP

ports for both will be different of course, and will not try hostname of one with port of other so everything should work.
Thanks once again.

EDIT: IT WORKS!! THANK YOU SO MUCH!

I'd suggest you to use nginx reverse proxy manager. It'll make managing SSL, assigning ports to different services stupid simple. Plus you won't have to rely on security of the individual services as many homelab apps aren't hardened. With a reverse proxy you can encapsulate your whole server. You can add as many new containers as you'd like and not have to worry about the limitations of the router.

Also it's easier if you add an A record with '*' in the dns and do all the mapping like hass123.xyz.org inside the reverse proxy.

Also an update on this, I did in fact set up nginx reverse proxy manager. Thanks @lockhrt999 for your input, it was very helpful.