Hey guys. I am a new in HA and I am trying to configure DuckDNS on mi HA with no luck.
I have 2 routers. The first, a ZTE F680, and a second, wired to the first one, a Xiaomi Mi Router 4A, with fixed IP 192.168.1.128. All my devices are connected to the Xiaomi Router, including the raspberry with a fixed IP 192.168.2.2.
Here I forwarded external port 443 to 192.168.1.128:443 (Xiaomi Router), and from there, to 192.168.2.2:443 (Raspberry). I am not sure if this is correct or there is a better way to do this (like DMZ?)
I used to run with two routers as well and this is pretty much what I did, and mine worked, though my second router did allow me to forward port 80 also (though as I suspected and have since proven, you don’t need 80 after set up (had certs renewed 3 times since without intervention and without port 80) Still not sure about initial set up though (next time I rebuild I’ll skip that step to check).
So can you connect locally to your HA instance on 192.168.2.2:8123 ??? (this will show nginx is running ok)
Did you reboot BOTH routers ??? (AND then check status to see if they are still showing 443 as forwarded ?)
I suspect that your problem lies with your routers (or at least the port forwarding through them) as my tests using your yougetsignal shows ALL commonly used ports closed but my 443 is open.
Don’t tell me, but have you checked what your first router (ZTE F680) WAN address is ? AND is this what DuckDNS is aimed at ?
Can you ping this WAN address from your terminal ? (just pinged mine with < 1ms response which shows it supports hairpin).
Have you checked with your ISP whether they implement CGNAT ? (NAT layering within their systems)
One of my issues with my old routers was that none of them supported enough fixed IP addresses. So I bought a Draytek Vigor (never looked back) Not suggesting that this is your issue but can you move your pi to have just 1 router (between your LAN and the outside world (just to test)) then swap to the other and see if it is one of them (or both) ???
I can connect HA through 192.168.2.2:8123, so I guess NGINX is running properly
I did reboot both routers and all configuration was OK. Ports were still forwarded and static IPs were saved and assigned to each device
The WAN address is the same in DuckDNS than in whatismyip.com, but I cant find it in the F680 settings
I pinged that WAN and got an average of 20ms (a bit high, isnt it?)
And finally, I have just googled my ISP and yes, it does implements CGNAT… (Which now makes sense considering the response time for the ping). I have just contacted them to fix this.
It seems all my headaches and frustration were because of CGNAT. So… I’ll try all again when I have a public IP. Sorry if this was too obvious, I am learning from zero as I go.
I’ll let you guys know if this was the only problem and if I can make it work.
You know a LOT more now than you did. given what you found out you at least know YOU didn’t make any stupid mistakes (I’ve made loads ! )
And the CGNAT thing , well if they “solve it” you should be good, if not … when is your contract up ? can you switch providers ? failing ALL that you may just have to go nabu casa (which has a LOT to recomend it)
(I’ve made loads ! )
, well if they “solve it” you should be good, if not … when is your contract up ? can you switch providers ? failing ALL that you may just have to go nabu casa (which has a LOT to recomend it)