Internet cuts off after seting up fort forwarding and using custom DNS.

[MartinRusnak]

I've got an idea to make my home a bit smarter and wanted to be able to access my home printer from school so I don't have to think about printing resources required by my teachers every time I get home. So I found an unused raspberry pi, set it up, bought public IP from my ISP and got to work. Everything worked fine until I've got stuck and cannot find a solution to the last step required to mark this as done. Every time I set up a port forwarding to my raspberry. Internet stop working. Connections that were made before I set it up still work, but I can't do any new ones (like Discord call is still working or YouTube video is still able to load itself). This behaviour ends only if I change DNS from my Pi-hole and change it to something else like Cloudflare. I first thought that this might be because Pi-hole might use the same port for its services but after I changed the port of the print server a few times I've proven myself wrong. I also tried to set up Pi-hole as a DNS through each device connected, that didn't help either. I should probably mention that if I have my DNS forwarding to pi-hole, pi-hole sees it and responds with "OK, sent to 1.1.1.1"- message that is expected so Pi-hole should not be a problem. 

Router model, if helpfull: Phicomm KE 2P 

 

Sorry if there are some problems with understanding my text. I am not a native speaker. 

[Kilrah]

-> Moved to Networking.

[LIGISTX]

17 minutes ago, MartinRusnak said:

I've got an idea to make my home a bit smarter and wanted to be able to access my home printer from school so I don't have to think about printing resources required by my teachers every time I get home. So I found an unused raspberry pi, set it up, bought public IP from my ISP and got to work. Everything worked fine until I've got stuck and cannot find a solution to the last step required to mark this as done. Every time I set up a port forwarding to my raspberry. Internet stop working. Connections that were made before I set it up still work, but I can't do any new ones (like Discord call is still working or YouTube video is still able to load itself). This behaviour ends only if I change DNS from my Pi-hole and change it to something else like Cloudflare. I first thought that this might be because Pi-hole might use the same port for its services but after I changed the port of the print server a few times I've proven myself wrong. I also tried to set up Pi-hole as a DNS through each device connected, that didn't help either. I should probably mention that if I have my DNS forwarding to pi-hole, pi-hole sees it and responds with "OK, sent to 1.1.1.1"- message that is expected so Pi-hole should not be a problem. 

Router model, if helpfull: Phicomm KE 2P 

 

Sorry if there are some problems with understanding my text. I am not a native speaker. 

I would be very weary or exposing a print server to the internet… that’s a recipe for getting pwned. If you have a pi, just set up a VPN and VPN into your home network to print, or set up split tunneling. You can also use dynamic DNS (duckDNS is pretty popular) to give your dynamic IP a URL - no need to pay your ISP any extra money.

 

As far as the rest, I am not sure. 

[MartinRusnak]

8 hours ago, LIGISTX said:

I would be very weary or exposing a print server to the internet… that’s a recipe for getting pwned. If you have a pi, just set up a VPN and VPN into your home network to print, or set up split tunneling. You can also use dynamic DNS (duckDNS is pretty popular) to give your dynamic IP a URL - no need to pay your ISP any extra money.

 

As far as the rest, I am not sure. 

Yea, print server is just a suface, also I want to made it way so it wont print without password and token so It should be save. Even if I wouldn't figure out how to do it. I also would like to make a private could server, where I could upload stuff and wouldn't need to worry about loosing them in case my laptop goes mad.. There are more things that would require public IP so I just decided to pull the trigger and gain expirience, but sadly I can't since I can't even figure out how port forwarding works

[LIGISTX]

13 hours ago, MartinRusnak said:

Yea, print server is just a suface, also I want to made it way so it wont print without password and token so It should be save. Even if I wouldn't figure out how to do it. I also would like to make a private could server, where I could upload stuff and wouldn't need to worry about loosing them in case my laptop goes mad.. There are more things that would require public IP so I just decided to pull the trigger and gain expirience, but sadly I can't since I can't even figure out how port forwarding works

If you use duckDNS it will make your dynamic IP whatever you want, and it will auto update. You can make it MartinRusnak.duckDNS.com (off hand I forget if that is the URL duckDNS provides, but you get the point) and it will always forward to your dynamic public IP.

 

As far as needing a password and token…. I am pretty sure print servers are notoriously easy to break into. They are not meant to be public facing. Anything exposed to the internet should really be wrapped by by a VPN/SSL tunnel unless it’s EXPLICITLY BUILT to be public facing. If you have the ability to work with a raspberry pi, look into WireGuard. Set up a VPN, open ports for the VPN, and then you will effectively be on your home LAN when you VPN in. That will secure everything, reducing threat surface, and you will gain the functionality your looking for. You could then set up a SMB network share on your r-pi with say an external hard drive, and you would able to access that over the VPN just like you could when at home on the same LAN. 

[mtz_federico]

If you still want to gain some experience, you could create a web server that let's you upload certain files to get printed. This page would have authentication.

 

For port forwarding, you would need it for any approach (web server, vpn, print server, etc). could you share a screenshot of your router's port forward config?

 

[MartinRusnak]

On 12/3/2021 at 3:22 PM, mtz_federico said:

If you still want to gain some experience, you could create a web server that let's you upload certain files to get printed. This page would have authentication.

 

For port forwarding, you would need it for any approach (web server, vpn, print server, etc). could you share a screenshot of your router's port forward config?

 

Hi, thank you for the advice with the print server, I'll think about it.
Sure thing I could send you a screen, here it is. 

[mtz_federico]

On 12/5/2021 at 3:49 AM, MartinRusnak said:

Hi, thank you for the advice with the print server, I'll think about it.
Sure thing I could send you a screen, here it is. 

the config looks good, I would just recommend only allowing TCP or UDP, depending on what is being used.

 

Which print server are you using?

is there a tutorial that you followed?

 

Also, how many devices do you have connected? and how much are they used?

I am looking at your routers spec sheet, and might not be able to handle too many connections.

[MartinRusnak]

7 hours ago, mtz_federico said:

the config looks good, I would just recommend only allowing TCP or UDP, depending on what is being used.

 

Which print server are you using?

is there a tutorial that you followed?

 

Also, how many devices do you have connected? and how much are they used?

I am looking at your routers spec sheet, and might not be able to handle too many connections.

Ahh, mate sorry, But I think that you are not understanding the problem. No offence, I appreciate your advice, but my current problem is that I can't use my Pi-hole as DNS since it just decides to cut off my connection to WAN whenever I set DNS to any local IP. My local DNS is a Pi-hole, an open-source project, with the goal to make managing LAN traffic easier and block unwanted websites. In most cases mainly adverts, but in my case also NSFW sites or sites that could potentially scam my parents. The problem is not that I can't connect to my print server, it is with the connection of my house to the internet. My house cannot communicate with anything outside my LAN.

I answer you so I don't offend you, but I don't think we're moving to the right deriction. I have got total of 17 devices connected to my network. Only 4 of them require communication to the internet at high speeds - My PC, two TVs, and my smartphone. Everyone of them, exept for phone, is connected with RJ-45 (aka. Twisted pair networking cable, LAN cable). 

[mtz_federico]

16 hours ago, MartinRusnak said:

Ahh, mate sorry, But I think that you are not understanding the problem. No offence, I appreciate your advice, but my current problem is that I can't use my Pi-hole as DNS since it just decides to cut off my connection to WAN whenever I set DNS to any local IP. My local DNS is a Pi-hole, an open-source project, with the goal to make managing LAN traffic easier and block unwanted websites. In most cases mainly adverts, but in my case also NSFW sites or sites that could potentially scam my parents. The problem is not that I can't connect to my print server, it is with the connection of my house to the internet. My house cannot communicate with anything outside my LAN.

I answer you so I don't offend you, but I don't think we're moving to the right deriction. I have got total of 17 devices connected to my network. Only 4 of them require communication to the internet at high speeds - My PC, two TVs, and my smartphone. Everyone of them, exept for phone, is connected with RJ-45 (aka. Twisted pair networking cable, LAN cable). 

No offence taken. I understand your situation well, I am just trying to understand why the print server is preventing Pi-hole's DNS queries from working.

 

Pi-hole is not working when you run the print server and you have to change your device's DNS to something else. If the print server is not running does the issue still happen? if it continues then we can focus on something else.

 

I am assuming that pi-hole is running on the same pi as the print server.

and what upstream DNS is pihole using?

 

 

btw, the reason I asked about your devices is because every device connected to the internet has to setup connections via the router. If there are many connections the router might not be able to handle new connections. In this situation the print server could be doing something sketchy or the port forwarding could be doing something.

[MartinRusnak]

On 12/7/2021 at 3:12 PM, mtz_federico said:

Pi-hole is not working when you run the print server and you have to change your device's DNS to something else. If the print server is not running does the issue still happen? if it continues then we can focus on something else.

Well, the more correct definition would be that Pi-hole stops working every time there's a port forwarded to the print server, and when there is set up DNS pointing to Local IP at the same time.

 

On 12/7/2021 at 3:12 PM, mtz_federico said:

I am assuming that pi-hole is running on the same pi as the print server.

Incorrect, Print server Pi and Pi-hole pi are 2 separate Raspberries.

 

On 12/7/2021 at 3:12 PM, mtz_federico said:

and what upstream DNS is pihole using?

Pi-hole is set to send everything not matching its database to to Cloudflare DNS at 1.1.1.1
I have also tried to port forward devices other than RBp and I had the same results - the internet was cutting off.

 

Thank you for your explanation of your question. I was unaware of that.

[mtz_federico]

38 minutes ago, MartinRusnak said:

Incorrect, Print server Pi and Pi-hole pi are 2 separate Raspberries.

This means that it is most likely related to the router have you tried changing the print servers port to something below 1023 and having the port forward rule be tcp only?

 

If you have the port forward rule on the router but the print server is off, does the issue still occur?

I have never seen anything like this, your router is probably doing something weird.

 

I hate this question but, have you tried ... restarting your router?

[MartinRusnak]

On 12/8/2021 at 5:09 PM, mtz_federico said:

This means that it is most likely related to the router have you tried changing the print servers port to something below 1023 and having the port forward rule be tcp only?

 

If you have the port forward rule on the router but the print server is off, does the issue still occur?

I have never seen anything like this, your router is probably doing something weird.

 

I hate this question but, have you tried ... restarting your router?

I did try all of the above and then it hit me. 
O MY GOD I - am - so - dumb.

So... I had a static IP set on my router... And since I bought a public one.. it has been changed. Making the one i set incorrect. So after my router got the packets from pi-hole requesting it to send to, for example, to google.com, my router forwarded the request to my ISP's IP and since it was nonexistent anymore. It had no other choice other than to wait for it since it didn't know that it can't get any response... That is why my already established connections worked. That is also it thought that internet is fine. Since it could ping it's whatever it is pinging to test it.  The router already had the IP of the server it needed to communicate with. 

To be honest, I am not 100% that this was the main problem since I tried to also tweak some settings py-hole itself, but I am like 95% sure since Pi-hole responded every time.

 

Yea, if I also wouldn't be lazy and just reset the router, it would also start working since I would notice that I need to set up a static IP. I just didn't want to lost my device nicknames saved to the router so I didn't even try 

 

Can I just request someone to tell me if this is possible? I'm studying IT, but not exactly networking so I might not be right how networking actually works.

Thank you

[MartinRusnak]

13 hours ago, MartinRusnak said:

I did try all of the above and then it hit me. 
O MY GOD I - am - so - dumb.

So... I had a static IP set on my router... And since I bought a public one.. it has been changed. Making the one i set incorrect. So after my router got the packets from pi-hole requesting it to send to, for example, to google.com, my router forwarded the request to my ISP's IP and since it was nonexistent anymore. It had no other choice other than to wait for it since it didn't know that it can't get any response... That is why my already established connections worked. That is also it thought that internet is fine. Since it could ping it's whatever it is pinging to test it.  The router already had the IP of the server it needed to communicate with. 

To be honest, I am not 100% that this was the main problem since I tried to also tweak some settings py-hole itself, but I am like 95% sure since Pi-hole responded every time.

 

Yea, if I also wouldn't be lazy and just reset the router, it would also start working since I would notice that I need to set up a static IP. I just didn't want to lost my device nicknames saved to the router so I didn't even try 

 

Can I just request someone to tell me if this is possible? I'm studying IT, but not exactly networking so I might not be right how networking actually works.

Thank you

Taking back.. It worked for a few minutes and now it stopped working again... I have no idea why it should stop working by itself so I guess I have to change router firmware. It may be not working as it should since it hasn't received any updates due to Phicomm going out of business in 2018.

[mtz_federico]

12 hours ago, MartinRusnak said:

Taking back.. It worked for a few minutes and now it stopped working again... I have no idea why it should stop working by itself so I guess I have to change router firmware. It may be not working as it should since it hasn't received any updates due to Phicomm going out of business in 2018.

Bummer.

 

I am not sure if that could be the reason why, but it is probably related.

 

Check if your router supports OpenWRT, you might save some money

[MartinRusnak]

11 hours ago, mtz_federico said:

Bummer.

 

I am not sure if that could be the reason why, but it is probably related.

 

Check if your router supports OpenWRT, you might save some money

It supports it, but I can't install it through the software "update router" option. I need to disassemble it and solder some kind of console reader to its motherboard (TTL -> USB) so I can tell it to get in panic mode and take the first software it sees.. somewhere? somehow? Never done this before, but at least I can gain some experience. I mean, the TTL reader was pretty cheap and could be useful in the future. So far from what I have found on the internet, I don't need to care at what voltage my TTL converter works since I won't plug the voltage pins anyway, only data.  Anyway, I'm really confused, wish me luck