Port forwarding not working.

[Marcos8760]

I'm trying to host a website with support for https for my home assistant instance but i am unable to forward ports 80 and 443. I am using an Asus RT-AC88U access point/router and a Motorola MB7220 modem. My ISP is Xfinity.

 

Please help.

[whispous]

Have you used these ports forwarded before?

[Marcos8760]

15 minutes ago, whispous said:

Have you used these ports forwarded before?

No i haven't. I've only been able to port forward port 8123 (home assistant's default port.)

[whispous]

49 minutes ago, Marcos8760 said:

No i haven't. I've only been able to port forward port 8123 (home assistant's default port.)

Are you aware of the risks involved with hosting a website open to the internet from your machine? Is this a dedicated server or just one of your everyday computers?

[LIGISTX]

1 hour ago, Marcos8760 said:

I'm trying to host a website with support for https for my home assistant instance but i am unable to forward ports 80 and 443. I am using an Asus RT-AC88U access point/router and a Motorola MB7220 modem. My ISP is Xfinity.

 

Please help.

Most ISP’s block 80 and 443. 
 

Why do you need to forward these ports though? If you were able to forward 8123 for HA, why do you want to forward your own site?

 

But if you really want to do this, just set up WireGuard and tunnel in. Once the VPN is connected, you will be able to go to your internally hosted site as if you were on the LAN. Much more secure, and much more useful. 

[Marcos8760]

3 hours ago, whispous said:

Are you aware of the risks involved with hosting a website open to the internet from your machine? Is this a dedicated server or just one of your everyday computers?

its in a VM (Hyper-V) and yes ofc i am aware of the risks

[Marcos8760]

2 hours ago, LIGISTX said:

Most ISP’s block 80 and 443. 
 

Why do you need to forward these ports though? If you were able to forward 8123 for HA, why do you want to forward your own site?

 

But if you really want to do this, just set up WireGuard and tunnel in. Once the VPN is connected, you will be able to go to your internally hosted site as if you were on the LAN. Much more secure, and much more useful. 

Xfinity isnt supposed to block 80 and 443. its not in their blocklist. not only that but forwarding 25565 for a minecraft server ALSO doesnt work. i need 80 and 443 to be forwarded to use google assistant with home assistant.

[LIGISTX]

3 hours ago, Marcos8760 said:

Xfinity isnt supposed to block 80 and 443. its not in their blocklist. not only that but forwarding 25565 for a minecraft server ALSO doesnt work. i need 80 and 443 to be forwarded to use google assistant with home assistant.

Hmm, I am not sure. I know folks who used to have issues with pet forwarding with xfinity. But that was ages ago. 

[whispous]

8 hours ago, Marcos8760 said:

its in a VM (Hyper-V) and yes ofc i am aware of the risks

Are you forwarding it to the IP of the VM or of the Host?

[Marcos8760]

9 hours ago, whispous said:

Are you forwarding it to the IP of the VM or of the Host?

i am forwarding to the vm. not the host.

[Marcos8760]

14 hours ago, LIGISTX said:

Hmm, I am not sure. I know folks who used to have issues with pet forwarding with xfinity. But that was ages ago. 

yeah and all those people are using xfinity hardware. im not.

[LIGISTX]

11 minutes ago, Marcos8760 said:

yeah and all those people are using xfinity hardware. im not.

No, they had their own router… I’m sorry to inform you, but your telepathy needs work  .

 

If your opening the ports in your router and you can’t actually hit those ports from outside your network with either a port scan or hosting a simple webpage on them for testing purposes, it’s almost certainly the ISP blocking the traffic… 

 

Maybe spin up nginx or something just to test, host a hello world on port 80, and see if you can get to it from an external IP. I am not a web dev, so I don’t readily know how to do this. But I’m sure it would be pretty simple to set that up as a test. 

[LIGISTX]

16 minutes ago, Marcos8760 said:

yeah and all those people are using xfinity hardware. im not.

A quick google suggests it’s the modem that’s blocking it. You have your own modem I assume?

[Alex Atkin UK]

37 minutes ago, Marcos8760 said:

i am forwarding to the vm. not the host.

Is the VM on a NAT or Bridged network adapter?

 

Just thinking if its NAT then maybe the VM isn't allowing access to privileged ports?

[Marcos8760]

1 hour ago, LIGISTX said:

A quick google suggests it’s the modem that’s blocking it. You have your own modem I assume?

Yes, i do have my own modem, as said in the original post. 

[LIGISTX]

15 minutes ago, Marcos8760 said:

Yes, i do have my own modem, as said in the original post. 

Have you actually verified the ports are open via port scan? 
 

Are you running HA OS, or within a docker container? Is there a firewall blocking the ports, such as UFW for Ubuntu as an example?

[Marcos8760]

11 minutes ago, LIGISTX said:

Have you actually verified the ports are open via port scan? 
 

Are you running HA OS, or within a docker container? Is there a firewall blocking the ports, such as UFW for Ubuntu as an example?

yes i have verified the ports with a port scan.

 

I am running HA OS on Hyper-V and there isn't a firewall between it and the router. One of my friends is having this same issue on completely different hardware. Not only that but even enabling DMZ doesn't fix it. Considering what you've said, im thinking its either the ISP or modem.

[LIGISTX]

1 hour ago, Marcos8760 said:

yes i have verified the ports with a port scan.

 

I am running HA OS on Hyper-V and there isn't a firewall between it and the router. One of my friends is having this same issue on completely different hardware. Not only that but even enabling DMZ doesn't fix it. Considering what you've said, im thinking its either the ISP or modem.

I wish I had better info or advice. I personally have not tried to use google assistant with HA, so I have not had to deal with this at all. I wonder if it’s an issue with HA itself. 

[Marcos8760]

2 minutes ago, LIGISTX said:

I wish I had better info or advice. I personally have not tried to use google assistant with HA, so I have not had to deal with this at all. I wonder if it’s an issue with HA itself. 

i know for a fact that it isn't home assistant. i cant port forward 25565 to host a minecraft server on a completely different PC. I used to be able to. maybe the ISP pushed an update to the modem that broke it? (as far as i'm aware that's how modem firmware updates work (source: motorola))

the modem has no modifiable settings so i dont know what i would do if it is the modem. my router should be port forwarding. i've had issues with netgear routers in the past with port forwarding that were fixed when i got an asus router. port forwarding worked for a bit then it just broke.

[LIGISTX]

15 minutes ago, Marcos8760 said:

i know for a fact that it isn't home assistant. i cant port forward 25565 to host a minecraft server on a completely different PC. I used to be able to. maybe the ISP pushed an update to the modem that broke it? (as far as i'm aware that's how modem firmware updates work (source: motorola))

the modem has no modifiable settings so i dont know what i would do if it is the modem. my router should be port forwarding. i've had issues with netgear routers in the past with port forwarding that were fixed when i got an asus router. port forwarding worked for a bit then it just broke.

Hmm. But didn’t you say port forwarding HA itself for use with mobile client is working?

 

Are you using a Dynamic DNS provider? Is it updating correctly if so? I have had issues with my dynamic DNS provider before which caused me to chase issues that didn’t exist for at least a week. Fun times. 

[Marcos8760]

1 minute ago, LIGISTX said:

Hmm. But didn’t you say port forwarding HA itself for use with mobile client is working?

 

Are you using a Dynamic DNS provider? Is it updating correctly if so? I have had issues with my dynamic DNS provider before which caused me to chase issues that didn’t exist for at least a week. Fun times. 

basically all i want to do is host a homeassistant instance on my own domain with https and all that stuff. so literally all i want to do is port forward ports 80 and 443. i have previously used duckdns for my site but i want to move it to my own domain.

[LIGISTX]

26 minutes ago, Marcos8760 said:

basically all i want to do is host a homeassistant instance on my own domain with https and all that stuff. so literally all i want to do is port forward ports 80 and 443. i have previously used duckdns for my site but i want to move it to my own domain.

You would still need a DNS forwarder to get a domain to resolve to your home IP address. And seeing as our home IP’s change… this is why you need a dynamic DNS client like duckDNS, or many others. 
 

The reason I ask… what IP address are you trying to use to do this setup? Are you using an IP, or a domain? Obviously for testing, using your IP will be fine, but if you are using a domaine (which you should do anyways, both so you can actually remember the domain in your human brain, but also so you get dynamic IP resolution), make sure your dynamic DNS is set up correctly and actually forwarding to your current IP address. Again, I hadn’t realize my Dynamic DNS crapped the bed and chased my tail for a solid week… all because my domaine was forwarding to an IP address that was extremely similar to my actual IP address, but not actually correct. So on a quick glance it looked good, but turns out I was trying to hit some random IP address that was not mine, thus the ports obviously were not actually open. 

[Marcos8760]

4 minutes ago, LIGISTX said:

You would still need a DNS forwarder to get a domain to resolve to your home IP address. And seeing as our home IP’s change… this is why you need a dynamic DNS client like duckDNS, or many others. 
 

The reason I ask… what IP address are you trying to use to do this setup? Are you using an IP, or a domain? Obviously for testing, using your IP will be fine, but if you are using a domaine (which you should do anyways, both so you can actually remember the domain in your human brain, but also so you get dynamic IP resolution), make sure your dynamic DNS is set up correctly and actually forwarding to your current IP address. Again, I hadn’t realize my Dynamic DNS crapped the bed and chased my tail for a solid week… all because my domaine was forwarding to an IP address that was extremely similar to my actual IP address, but not actually correct. So on a quick glance it looked good, but turns out I was trying to hit some random IP address that was not mine, thus the ports obviously were not actually open. 

In the end obviously i want to use a domain, but im not even there yet. i have yet to get port forwarding working on any port other than 8123. I'm not even trying to work with a domain right now. i just need to port forward ports 80 and 443 and need to know if the problem is my router, modem, or ISP.

[LIGISTX]

20 minutes ago, Marcos8760 said:

In the end obviously i want to use a domain, but im not even there yet. i have yet to get port forwarding working on any port other than 8123. I'm not even trying to work with a domain right now. i just need to port forward ports 80 and 443 and need to know if the problem is my router, modem, or ISP.

I understand. I’m just trying to determine how your attempting to connect. Based on this answer, your hardcoding your current IP address, and not using a dynamic DNS provider or domain, correct?

[Marcos8760]

4 minutes ago, LIGISTX said:

I understand. I’m just trying to determine how your attempting to connect. Based on this answer, your hardcoding your current IP address, and not using a dynamic DNS provider or domain, correct?

yes. for now i am just working with my ip. nothing else.