Minecraft server- im so confused

[Helpful Tech Witch]

OK. Ive setup a Minecraft server. 

I was having issues with the port, which were fixed with DMZ (im not paying for the isp to send someone to come turn bridge on). port 25565 was forwarded with my private ip.  (edit: the port is forwarded with my private ip, but is iopen on my public, not my private)

which brings up question one: should i use my private ip (192.168.xx.xxx) or public ip (162.255.xx.xxx) for the port forward

I can connect as of now from my local network (same one the server is on, same pc, or different one) but I cant connect with my public ip. 

which is question 2: should I be able ot connect like this?

question 3:Would changing the ip used for the port forward change that?

 

its a papermc 1.16.5 offline mode server for context

 

[jj9987]

Port forwarding is necessary to allow access to services, which are behind NAT (multiple devices in private network behind one public IP). Port forwarding is configured on a router and generally requires you to input the destination port on your public IP, target IP and port in your private network and the protocol (usually TCP or UDP).

 

Port forwarding must be done to the private IP, otherwise your packets could end in a loop because the router is forwarding packets to itself (as it has the public IP on an interface).

 

But the issue you are facing is related to hairpin or NAT reflection/loopback. If you are trying to connect from inside the private network using the external IP, some routers get confused, that the packet comes from the internal network to the router on unexpected interface. While the packets might reach the server (no guarantees, routers are different), they are not going to reach back to the client. Some routers have an option called NAT reflection or NAT loopback to help with that, but that could bring other issues (this thread contains some details: https://forum.netgate.com/topic/111035/why-is-nat-reflection-not-a-good-thing).

[Helpful Tech Witch]

Also the arror I have when I connect to it with my public ip is 

io.netty.channel.abstractchannel$annotatedconnectexception connection refused

[Helpful Tech Witch]

2 minutes ago, jj9987 said:

Port forwarding is necessary to allow access to services, which are behind NAT (multiple devices in private network behind one public IP). Port forwarding is configured on a router and generally requires you to input the destination port on your public IP, target IP and port in your private network and the protocol (usually TCP or UDP).

 

Port forwarding must be done to the private IP, otherwise your packets could end in a loop because the router is forwarding packets to itself (as it has the public IP on an interface).

 

But the issue you are facing is related to hairpin or NAT reflection/loopback. If you are trying to connect from inside the private network using the external IP, some routers get confused, that the packet comes from the internal network to the router on unexpected interface. While the packets might reach the server (no guarantees, routers are different), they are not going to reach back to the client. Some routers have an option called NAT reflection or NAT loopback to help with that, but that could bring other issues (this thread contains some details: https://forum.netgate.com/topic/111035/why-is-nat-reflection-not-a-good-thing).

Would this resault in a conection refused error, like this one

io.netty.channel.abstractchannel$annotatedconnectexception connection refused

[Slayer3032]

Not sure if this happens with other routers, but if you have dmz enabled it usually overrides all other port forwarding as everything has been directed towards your dmz ip.

[Helpful Tech Witch]

7 minutes ago, Slayer3032 said:

Not sure if this happens with other routers, but if you have dmz enabled it usually overrides all other port forwarding as everything has been directed towards your dmz ip.

dmz is enabled to fix the double nat, and theport is forwarded with my tplink deco m5, with the server conected to it.

[Master Disaster]

4 minutes ago, HelpfulTechWizard said:

dmz is enabled to fix the double nat, and theport is forwarded with my tplink deco m5, with the server conected to it.

Double NAT? Are you running 2 routers?

[Helpful Tech Witch]

2 minutes ago, Master Disaster said:

Double NAT? Are you running 2 routers?

 Yeah. my deco m5 is conected to my isp router, and im usind DMZ because its a service call to get bridge running.

[Master Disaster]

1 hour ago, HelpfulTechWizard said:

 Yeah. my deco m5 is conected to my isp router, and im usind DMZ because its a service call to get bridge running.

OK, well here's how to fix it...

 

For this example I'll say Router 1 (isp router) is 192.168.0.1 and router 2 (deco) is 192.168.1.1, you can adjust these as needs be.

 

First disable DMZ, in my experience with DMZ it rarely works properly (if at all). Once everything is configured you wont need it anyway. Also go ahead and delete all existing port forwarding rules too, make a note of any you need to re add after.

 

On the admin panel of Router 1 (192.168.0.1) head to the port forwarding page and create a new inbound rule. Have this rule forward all traffic across all ports (the full range is 1 to 65535) to 192.168.0.2. Most routers allow all outbound traffic by default so you shouldn't need to touch the outbound rules at all.

 

Next open up the admin panel of Router 2 (192.168.1.1), head to the WAN setup section, change it from Auto Assign to Manual and tell it to use 192.168.0.2 as its connection address and 192.168.0.1 as its gateway and DNS.

 

Now you should only need to create forwarding rules using router 2, router 1 will forward all traffic on to router 2 by default.

 

This is exactly how my setup works and I have no issues forwarding ports.

[Helpful Tech Witch]

5 hours ago, Master Disaster said:

OK, well here's how to fix it...

 

For this example I'll say Router 1 (isp router) is 192.168.0.1 and router 2 (deco) is 192.168.1.1, you can adjust these as needs be.

 

First disable DMZ, in my experience with DMZ it rarely works properly (if at all). Once everything is configured you wont need it anyway. Also go ahead and delete all existing port forwarding rules too, make a note of any you need to re add after.

 

On the admin panel of Router 1 (192.168.0.1) head to the port forwarding page and create a new inbound rule. Have this rule forward all traffic across all ports (the full range is 1 to 65535) to 192.168.0.2. Most routers allow all outbound traffic by default so you shouldn't need to touch the outbound rules at all.

 

Next open up the admin panel of Router 2 (192.168.1.1), head to the WAN setup section, change it from Auto Assign to Manual and tell it to use 192.168.0.2 as its connection address and 192.168.0.1 as its gateway and DNS.

 

Now you should only need to create forwarding rules using router 2, router 1 will forward all traffic on to router 2 by default.

 

This is exactly how my setup works and I have no issues forwarding ports.

Ive forwarded all ports to the ip adress that has the last number one greater than the ip adress.

I get the error "Port true is reserved by system and not available" [id assume that means a port is open that I cant see. Since I only use port 25565, could I just forward that?

[Helpful Tech Witch]

7 minutes ago, HelpfulTechWizard said:

Ive forwarded all ports to the ip adress that has the last number one greater than the ip adress.

I get the error "Port true is reserved by system and not available" [id assume that means a port is open that I cant see. Since I only use port 25565, could I just forward that?

Also so I need to forward to port on the  192.168.1.1 router?

[Master Disaster]

1 hour ago, HelpfulTechWizard said:

Ive forwarded all ports to the ip adress that has the last number one greater than the ip adress.

I get the error "Port true is reserved by system and not available" [id assume that means a port is open that I cant see. Since I only use port 25565, could I just forward that?

If you give me the gateway IPs of both routers I can give you exact settings that should work.

[Helpful Tech Witch]

20 minutes ago, Master Disaster said:

If you give me the gateway IPs of both routers I can give you exact settings that should work.

never mind.

my dads not letting me set a dns thats not 1.1.1.1 (he would pay the service call fee for bridge before doing that). And yeah i explained to him that the dns would be 1.1.1.1 on the isp one still.........

Ill see if someone else can join externally with DMZ, thanks for the help though.