Port Forwarding Issues

[daviden]

I am running pihole on my network in a docker container on my Ubuntu server computer. I was port forwarding so I could host a Minecraft server and I realized, after failing to get the ports accessible, that both my main gaming PC and my server computer report the same public IP address on sites like ipchicken or canyouseeme.org. I believe this is a symptom, not a cause, but regardless I can't get any external connections through using that public IP address. I've checked the query logs in the pihole web interface and don't see any corresponding blocked request. I don't really know what to do or where to look. Thanks for any help.

[YoungBlade]

You'll want to set up port forwarding on your router so that it sends traffic to the right computer based on the port the traffic is on.

 

Let's say you tell others that you put the Minecraft server on port 12345 - you'll then tell your router to route traffic on that port to the appropriate computer.

[manikyath]

that's how routing works. your residential internet connection only has one public IP address, each of them has a unique addres on your LAN, and the router routes the traffic to the right place trough a method called "NAT".

 

you need to forward the port on whatever device is handling NAT, which is usually either your router or modem.

 

[Kisai]

They are behind Network Address Translation. Which is a technology that's been a part of "internet sharing" since Windows 98, though there were programs before that.

 

If you are trying to open ports, you need to change the computers themselves to have a static IP address behind the router so that when you connect to port XXXX it sends it always to the same IP behind the router.

 

type "arp -a" on your command line to figure out what machines are locally visible, and make sure that your ip address (ipconfig or ifconfig depending on the OS) has the software firewall allowed to access those ports.

 

 

So basically:

PC on the internet connects to port 420 -> Router sends traffic from port 420 -> 192.168.1.42:420

 

I don't know what port minecraft is on, or which direction you're trying to connect, but your public IP address is going to be the same IP address from everything on your network in most cases. If you are simply connecting to a server within your own network, you must use the local IP address, not the publicly visible one.

[daviden]

1 minute ago, Kisai said:

They are behind Network Address Translation. Which is a technology that's been a part of "internet sharing" since Windows 98, though there were programs before that.

 

If you are trying to open ports, you need to change the computers themselves to have a static IP address behind the router so that when you connect to port XXXX it sends it always to the same IP behind the router.

 

type "arp -a" on your command line to figure out what machines are locally visible, and make sure that your ip address (ipconfig or ifconfig depending on the OS) has the software firewall allowed to access those ports.

 

 

So basically:

PC on the internet connects to port 420 -> Router sends traffic from port 420 -> 192.168.1.42:420

 

I don't know what port minecraft is on, or which direction you're trying to connect, but your public IP address is going to be the same IP address from everything on your network in most cases. If you are simply connecting to a server within your own network, you must use the local IP address, not the publicly visible one.

I know the server has a static IP, and I've even used it before for Minecraft specifically. I port forwarded the same way I do for everything else. I guess I need to check firewall settings or something to see whats up. To the best of my memory, before I added pihole everything worked fine, so I'll look there first. I wasn't aware that public IPs were identical for the machines on a local network, although in retrospect that seems obvious.

[daviden]

Update 1:

 

So after some more investigation I've found a some things:

1. My pihole is likely not related to this issue

2. I'm not convinced this is a firewall issue, because this machine runs on Ubuntu which doesn't even have a firewall on by default (but I did try enabling it and allowing the necessary ports anyway which still didn't work)

3. When checking the port on a port checking website, the connection times out rather than simply being blocked or refused. This seems important.

4. When I enable DMZ host on my router for that machine, the port then (and only then) becomes accessible. Obviously not a solution, but it seems telling.

5. I've found that when people ask about the timing out error on other forums they often allude to them having gotten a new router recently which is the case for me. This also seems important.

 

I don't really know how to put these pieces together. All the information I've found is either inconclusive or doesn't really address my issue.

 

[daviden]

Update 2:

 

Very interesting discovery. When I enable DMZ, the port opens just fine UNTIL I actually try to join the server in Minecraft. The port will stay open indefinitely up until the moment I actually try and join the server. This is very confusing to me. I'm still considering some firewall issue, but I just can't image what it could be.