New Modem: No Longer Externally Accessible

Hi all,

I just upgraded my internet package which meant I had to install a new modem supplied by my ISP. The modem is an all-in-one but I put it into Bridge Mode which ensures it acts strictly as a modem. I then connected it to my existing router thinking I wouldn’t need to change any of my configuration.

Well, I was mostly right: All my devices connected to the wifi seamlessly. My hass-box is set up with a wired connection to my router. The static IP was correctly assigned and I can access HASS via SSH and the config via Samba.

Here’s the issue: HASS is no longer accessible outside my local network which means my frontend is down (accessible via HTTPS through duckdns + let’s encrypt) and my google assistant integration is down. DuckDNS sees the correct external IP address.

Can anybody point me in the right direction? Thanks!

What does your owned router show as an IP for WAN/internet? Is the modem accessible at all via IP while in bridge mode?

My old modem didn’t have a config accessible via a browser so not sure how to answer your question.

The new one does and is accessible via both the internal (10.0.0.1) and external IP.

The modem is assigning a different IP to my router than I am used to. 1.0.0.XXX vs. 192.168.1.1. Maybe that’s the issue? Do I have to change anything in my DuckDNS config or modem config?

Sounds like a double NAT issue even though you say it should be in bridge mode, you may need to work with your ISP to ensure your modem is truly in bridge mode.

10.0.0.0 is one of the 3 classes of internal/private IPs

Check your ISP isn’t blocking any ports.

you can find your real IP by visiting WhatIsMyIP.
Note that many home ISP’s only hand out one IP, hence you cannot use bridge mode.
(Often corporate’s get an IP-range)
In that case, you could go for MAC-spoofing though…

You don’t need any IP when you bridge a modem (or we don’t here anyway.) All the modem does here is establish the VDSL link and all auth is done by the router. One IP.

I was already wondering why he called it a modem, as I forgot that many countries still use a modem :stuck_out_tongue:
(got rid of mine about 20 years ago), so apologies for referring to LAN bridging :stuck_out_tongue:

Then you are one of the lucky who have FTTH. Cable (Docsis) and xDSL always use a modem.

The ISP hasn’t changed. They simply provided me with a new modem when I upgraded my package. I’ll ask them about port blocking but I don’t think that’s the issue.

I’m at a loss. When I disable the DuckDNS add-on, I can access my instance locally. As soon as I switch it on to enable external access, it doesn’t work. My configuration hasn’t changed… All I get when I try to access it via my DuckDNS subdomain is “Unable to connect to Home Assistant”.

Update: I forwarded port 8123 and my instance is now available externally using that port (xxx.duckdns.org:8123). Making progress… Port 443 is also forwarded but I still cannot access it on that port (xxx.duckdns.org). I used canyouseeme.org and it cannot see 443. I called my ISP and they confirmed they DO NOT block this port. Still stuck…

So I ended up forwarding port 443 to HASS 8123 and that resolved the issue. Any reason why forwarding 443 to 443 wouldn’t work?

I stupidly assumed that you had 443 forwarded to 8123… what do you think would happen if you forward 443 to 443 and nothing is listening on 443??? (Answer: the result you were getting)

If you forward port 443 to 443, you need something in your local network that forwards 443 to your HA port 8123, a reverse proxy like nginx or caddy.

2 Likes