Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Internet cuts off after seting up fort forwarding and using custom DNS.

I've got an idea to make my home a bit smarter and wanted to be able to access my home printer from school so I don't have to think about printing resources required by my teachers every time I get home. So I found an unused raspberry pi, set it up, bought public IP from my ISP and got to work. Everything worked fine until I've got stuck and cannot find a solution to the last step required to mark this as done. Every time I set up a port forwarding to my raspberry. Internet stop working. Connections that were made before I set it up still work, but I can't do any new ones (like Discord call is still working or YouTube video is still able to load itself). This behaviour ends only if I change DNS from my Pi-hole and change it to something else like Cloudflare. I first thought that this might be because Pi-hole might use the same port for its services but after I changed the port of the print server a few times I've proven myself wrong. I also tried to set up Pi-hole as a DNS through each device connected, that didn't help either. I should probably mention that if I have my DNS forwarding to pi-hole, pi-hole sees it and responds with "OK, sent to 1.1.1.1"- message that is expected so Pi-hole should not be a problem. 

Router model, if helpfull: Phicomm KE 2P 

 

Sorry if there are some problems with understanding my text. I am not a native speaker. 

Link to comment
Share on other sites

Link to post
Share on other sites

-> Moved to Networking.

F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX3080, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

17 minutes ago, MartinRusnak said:

I've got an idea to make my home a bit smarter and wanted to be able to access my home printer from school so I don't have to think about printing resources required by my teachers every time I get home. So I found an unused raspberry pi, set it up, bought public IP from my ISP and got to work. Everything worked fine until I've got stuck and cannot find a solution to the last step required to mark this as done. Every time I set up a port forwarding to my raspberry. Internet stop working. Connections that were made before I set it up still work, but I can't do any new ones (like Discord call is still working or YouTube video is still able to load itself). This behaviour ends only if I change DNS from my Pi-hole and change it to something else like Cloudflare. I first thought that this might be because Pi-hole might use the same port for its services but after I changed the port of the print server a few times I've proven myself wrong. I also tried to set up Pi-hole as a DNS through each device connected, that didn't help either. I should probably mention that if I have my DNS forwarding to pi-hole, pi-hole sees it and responds with "OK, sent to 1.1.1.1"- message that is expected so Pi-hole should not be a problem. 

Router model, if helpfull: Phicomm KE 2P 

 

Sorry if there are some problems with understanding my text. I am not a native speaker. 

I would be very weary or exposing a print server to the internet… that’s a recipe for getting pwned. If you have a pi, just set up a VPN and VPN into your home network to print, or set up split tunneling. You can also use dynamic DNS (duckDNS is pretty popular) to give your dynamic IP a URL - no need to pay your ISP any extra money.

 

As far as the rest, I am not sure. 

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, LIGISTX said:

I would be very weary or exposing a print server to the internet… that’s a recipe for getting pwned. If you have a pi, just set up a VPN and VPN into your home network to print, or set up split tunneling. You can also use dynamic DNS (duckDNS is pretty popular) to give your dynamic IP a URL - no need to pay your ISP any extra money.

 

As far as the rest, I am not sure. 

Yea, print server is just a suface, also I want to made it way so it wont print without password and token so It should be save. Even if I wouldn't figure out how to do it. I also would like to make a private could server, where I could upload stuff and wouldn't need to worry about loosing them in case my laptop goes mad.. There are more things that would require public IP so I just decided to pull the trigger and gain expirience, but sadly I can't since I can't even figure out how port forwarding works 😄

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, MartinRusnak said:

Yea, print server is just a suface, also I want to made it way so it wont print without password and token so It should be save. Even if I wouldn't figure out how to do it. I also would like to make a private could server, where I could upload stuff and wouldn't need to worry about loosing them in case my laptop goes mad.. There are more things that would require public IP so I just decided to pull the trigger and gain expirience, but sadly I can't since I can't even figure out how port forwarding works 😄

If you use duckDNS it will make your dynamic IP whatever you want, and it will auto update. You can make it MartinRusnak.duckDNS.com (off hand I forget if that is the URL duckDNS provides, but you get the point) and it will always forward to your dynamic public IP.

 

As far as needing a password and token…. I am pretty sure print servers are notoriously easy to break into. They are not meant to be public facing. Anything exposed to the internet should really be wrapped by by a VPN/SSL tunnel unless it’s EXPLICITLY BUILT to be public facing. If you have the ability to work with a raspberry pi, look into WireGuard. Set up a VPN, open ports for the VPN, and then you will effectively be on your home LAN when you VPN in. That will secure everything, reducing threat surface, and you will gain the functionality your looking for. You could then set up a SMB network share on your r-pi with say an external hard drive, and you would able to access that over the VPN just like you could when at home on the same LAN. 

Rig: i7 10700k @ 5.1Ghz, 4.8 Ring - - Z490 Vision G - - EVGA RTX 2080 XC Ultra @ 2025Mhz - - 4x8GB Vengeance Pro 3000Mhz 15-17-17-34 @ 3500MHz 16-19-19-38 - - Samsung 950 Pro 512 NVMe Boot + Main Programs - - Samsung 830 Pro 256 RAID 0 Lightroom + Photo work - - WD Blue 1 TB SSD for Games - - Corsair RM850x - - Sound BlasterX EA-5 - - EK Supremacy Evo - - XT45 X-Flow 420 + UT60 280 rads - - EK Full Cover GPU Block - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 64 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - 10TB WD Red for expendable data - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone Xs - 2018 MacBook Air

Link to comment
Share on other sites

Link to post
Share on other sites

If you still want to gain some experience, you could create a web server that let's you upload certain files to get printed. This page would have authentication.

 

For port forwarding, you would need it for any approach (web server, vpn, print server, etc). could you share a screenshot of your router's port forward config?

 

Link to comment
Share on other sites

Link to post
Share on other sites

On 12/3/2021 at 3:22 PM, mtz_federico said:

If you still want to gain some experience, you could create a web server that let's you upload certain files to get printed. This page would have authentication.

 

For port forwarding, you would need it for any approach (web server, vpn, print server, etc). could you share a screenshot of your router's port forward config?

 

Hi, thank you for the advice with the print server, I'll think about it.
Sure thing I could send you a screen, here it is. 

image.png

Link to comment
Share on other sites

Link to post
Share on other sites

On 12/5/2021 at 3:49 AM, MartinRusnak said:

Hi, thank you for the advice with the print server, I'll think about it.
Sure thing I could send you a screen, here it is. 

image.png

the config looks good, I would just recommend only allowing TCP or UDP, depending on what is being used.

 

Which print server are you using?

is there a tutorial that you followed?

 

Also, how many devices do you have connected? and how much are they used?

I am looking at your routers spec sheet, and might not be able to handle too many connections.

Link to comment
Share on other sites

Link to post
Share on other sites

7 hours ago, mtz_federico said:

the config looks good, I would just recommend only allowing TCP or UDP, depending on what is being used.

 

Which print server are you using?

is there a tutorial that you followed?

 

Also, how many devices do you have connected? and how much are they used?

I am looking at your routers spec sheet, and might not be able to handle too many connections.

Ahh, mate sorry, But I think that you are not understanding the problem. No offence, I appreciate your advice, but my current problem is that I can't use my Pi-hole as DNS since it just decides to cut off my connection to WAN whenever I set DNS to any local IP. My local DNS is a Pi-hole, an open-source project, with the goal to make managing LAN traffic easier and block unwanted websites. In most cases mainly adverts, but in my case also NSFW sites or sites that could potentially scam my parents. The problem is not that I can't connect to my print server, it is with the connection of my house to the internet. My house cannot communicate with anything outside my LAN.

I answer you so I don't offend you, but I don't think we're moving to the right deriction. I have got total of 17 devices connected to my network. Only 4 of them require communication to the internet at high speeds - My PC, two TVs, and my smartphone. Everyone of them, exept for phone, is connected with RJ-45 (aka. Twisted pair networking cable, LAN cable). 

Link to comment
Share on other sites

Link to post
Share on other sites

16 hours ago, MartinRusnak said:

Ahh, mate sorry, But I think that you are not understanding the problem. No offence, I appreciate your advice, but my current problem is that I can't use my Pi-hole as DNS since it just decides to cut off my connection to WAN whenever I set DNS to any local IP. My local DNS is a Pi-hole, an open-source project, with the goal to make managing LAN traffic easier and block unwanted websites. In most cases mainly adverts, but in my case also NSFW sites or sites that could potentially scam my parents. The problem is not that I can't connect to my print server, it is with the connection of my house to the internet. My house cannot communicate with anything outside my LAN.

I answer you so I don't offend you, but I don't think we're moving to the right deriction. I have got total of 17 devices connected to my network. Only 4 of them require communication to the internet at high speeds - My PC, two TVs, and my smartphone. Everyone of them, exept for phone, is connected with RJ-45 (aka. Twisted pair networking cable, LAN cable). 

No offence taken. I understand your situation well, I am just trying to understand why the print server is preventing Pi-hole's DNS queries from working.

 

Pi-hole is not working when you run the print server and you have to change your device's DNS to something else. If the print server is not running does the issue still happen? if it continues then we can focus on something else.

 

I am assuming that pi-hole is running on the same pi as the print server.

and what upstream DNS is pihole using?

 

 

btw, the reason I asked about your devices is because every device connected to the internet has to setup connections via the router. If there are many connections the router might not be able to handle new connections. In this situation the print server could be doing something sketchy or the port forwarding could be doing something.

Link to comment
Share on other sites

Link to post
Share on other sites

On 12/7/2021 at 3:12 PM, mtz_federico said:

Pi-hole is not working when you run the print server and you have to change your device's DNS to something else. If the print server is not running does the issue still happen? if it continues then we can focus on something else.

Well, the more correct definition would be that Pi-hole stops working every time there's a port forwarded to the print server, and when there is set up DNS pointing to Local IP at the same time.

 

On 12/7/2021 at 3:12 PM, mtz_federico said:

I am assuming that pi-hole is running on the same pi as the print server.

Incorrect, Print server Pi and Pi-hole pi are 2 separate Raspberries.

 

On 12/7/2021 at 3:12 PM, mtz_federico said:

and what upstream DNS is pihole using?

Pi-hole is set to send everything not matching its database to to Cloudflare DNS at 1.1.1.1
I have also tried to port forward devices other than RBp and I had the same results - the internet was cutting off.

 

Thank you for your explanation of your question. I was unaware of that.

Link to comment
Share on other sites

Link to post
Share on other sites

38 minutes ago, MartinRusnak said:

Incorrect, Print server Pi and Pi-hole pi are 2 separate Raspberries.

This means that it is most likely related to the router have you tried changing the print servers port to something below 1023 and having the port forward rule be tcp only?

 

If you have the port forward rule on the router but the print server is off, does the issue still occur?

I have never seen anything like this, your router is probably doing something weird.

 

I hate this question but, have you tried ... restarting your router?

Link to comment
Share on other sites

Link to post
Share on other sites

On 12/8/2021 at 5:09 PM, mtz_federico said:

This means that it is most likely related to the router have you tried changing the print servers port to something below 1023 and having the port forward rule be tcp only?

 

If you have the port forward rule on the router but the print server is off, does the issue still occur?

I have never seen anything like this, your router is probably doing something weird.

 

I hate this question but, have you tried ... restarting your router?

I did try all of the above and then it hit me. 
O MY GOD I - am - so - dumb.

So... I had a static IP set on my router... And since I bought a public one.. it has been changed. Making the one i set incorrect. So after my router got the packets from pi-hole requesting it to send to, for example, to google.com, my router forwarded the request to my ISP's IP and since it was nonexistent anymore. It had no other choice other than to wait for it since it didn't know that it can't get any response... That is why my already established connections worked. That is also it thought that internet is fine. Since it could ping it's whatever it is pinging to test it.  The router already had the IP of the server it needed to communicate with. 

To be honest, I am not 100% that this was the main problem since I tried to also tweak some settings py-hole itself, but I am like 95% sure since Pi-hole responded every time.

 

Yea, if I also wouldn't be lazy and just reset the router, it would also start working since I would notice that I need to set up a static IP. I just didn't want to lost my device nicknames saved to the router so I didn't even try 

 

Can I just request someone to tell me if this is possible? I'm studying IT, but not exactly networking so I might not be right how networking actually works.

Thank you 😄

Link to comment
Share on other sites

Link to post
Share on other sites

13 hours ago, MartinRusnak said:

I did try all of the above and then it hit me. 
O MY GOD I - am - so - dumb.

So... I had a static IP set on my router... And since I bought a public one.. it has been changed. Making the one i set incorrect. So after my router got the packets from pi-hole requesting it to send to, for example, to google.com, my router forwarded the request to my ISP's IP and since it was nonexistent anymore. It had no other choice other than to wait for it since it didn't know that it can't get any response... That is why my already established connections worked. That is also it thought that internet is fine. Since it could ping it's whatever it is pinging to test it.  The router already had the IP of the server it needed to communicate with. 

To be honest, I am not 100% that this was the main problem since I tried to also tweak some settings py-hole itself, but I am like 95% sure since Pi-hole responded every time.

 

Yea, if I also wouldn't be lazy and just reset the router, it would also start working since I would notice that I need to set up a static IP. I just didn't want to lost my device nicknames saved to the router so I didn't even try 

 

Can I just request someone to tell me if this is possible? I'm studying IT, but not exactly networking so I might not be right how networking actually works.

Thank you 😄

Taking back.. It worked for a few minutes and now it stopped working again... I have no idea why it should stop working by itself so I guess I have to change router firmware. It may be not working as it should since it hasn't received any updates due to Phicomm going out of business in 2018.

Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, MartinRusnak said:

Taking back.. It worked for a few minutes and now it stopped working again... I have no idea why it should stop working by itself so I guess I have to change router firmware. It may be not working as it should since it hasn't received any updates due to Phicomm going out of business in 2018.

Bummer.

 

I am not sure if that could be the reason why, but it is probably related.

 

Check if your router supports OpenWRT, you might save some money

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, mtz_federico said:

Bummer.

 

I am not sure if that could be the reason why, but it is probably related.

 

Check if your router supports OpenWRT, you might save some money

It supports it, but I can't install it through the software "update router" option. I need to disassemble it and solder some kind of console reader to its motherboard (TTL -> USB) so I can tell it to get in panic mode and take the first software it sees.. somewhere? somehow? Never done this before, but at least I can gain some experience. I mean, the TTL reader was pretty cheap and could be useful in the future. So far from what I have found on the internet, I don't need to care at what voltage my TTL converter works since I won't plug the voltage pins anyway, only data.  Anyway, I'm really confused, wish me luck 😄

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×