Unifi USG and external access

Configuration
1

I know it probably has much to do with Homeassistant but reading this post and checking the Unifi integration, I made my jump to Unifi gear. So far I love it but the issues I am having are mind bloggling.

So I ditched my old router and embraced Unifi… Everything was working smoothly on my old router. I was able externally access my Homeassistant thru NGINX, Google Assistant was working and so were the HTML5 notifications, etc.

After I installed my Unifi USG they all came down and I have yet to figure out why it works as intended on my old router and not the newly USG which replaced it.

Right now whenever I try to reach my instance I get any the following error:

  • DNS_PROBE_FINISHED_NXDOMAIN
  • ERR_CONNECTION_TIMED_OUT
  • ERR_ADDRESS_UNREACHEABLE

So far this is my setup:

  • ONT -> USG -> TPLink Unmanaged Switch -> Hassio

I am using the Nginx proxy manager on Hassio, default ports.
I set the port forwarding (80 and 443) to my Hassio (where NGINX is). Every proxy host have valid certificates and show as online.
The port forwarding automatically created the Firewall rules in the USG.

PF
PF1622×367 29.9 KB

wi
wi1739×421 40.8 KB

wo
wo1695×258 19.7 KB

The funny thing is this: If I access it from my own LAN, EVERYTHING WORKS! I’m accessing my external domain from own network! It goes to the internet then back home and works!
But not if I access it from an external network… I tried my phone, friends phone, my office and nada, it just doesn’t work.

Now I am absolutely sure it is not the DNS. I can resolve the hostname to my real IP since now I am on AWS Route53 so no proxy servers in between.

If I go to


or
https://www.whatsmydns.net/#A/

These websites can resolve the hostname to my current public IP address as well.

Tracert

  • From my network it shows one hop to my ISP and that’s it. I can access all the proxy hosts specified in NGINX which includes Homeassistant, Nextcloud, Plex, PiHole, all of them hosted accross several PCs or SBCs.
  • From ANY external networks (over 4G on my phone, someone elses WiFi with my laptop, friends phone, from my office with my work laptop) it makes 14 hops all the way to my ISP and then nothing, it stops at my ISP.

I cleared the cached and flushed the DNS of my devices. Also I did a full restart of everything, my router, AP, clients, etc. Absolutely everything to discard issues with that. I have also tried using Google DNS (8.8.8.8 and 8.8.4.4), Cloudflare (1.1.1.1 and 1.0.0.1) but still no luck.

If I switch to my old router, everything works!

If I bypass NGINX and forward port 80 to my Hassio on 8123 it works if I access it from my own network but not externally. So it ain’t NGINX and it is not the DNS, it is definitely my Ubiquiti USG.

I have no VLANs, no IPS enabled, I have made rules to ACCEPT all from any IPv4 network to any other IPv4 network with no luck… I am really banging my head against the wall, I do not know what to do anymore… MQTT always works somehow (port forwarding 1883 to 1883), PLEX works as I enabled UPnP on the LAN network,

This is remaining firewall settings:

image
image826×1208 62.2 KB

I’d really like some help on this, I have literally went thru everything back and forth for 3 days with no luck.

2

Found the culprit. Port forwarding over other ports work but both 80 and 443 closed/not working for some odd reason.

As soon as I disabled UPnP all my issues went away.

Suggestion: it shouldn’t have been turned on, and if it is, disable that beautiful piece of technology (sarcasm) .

3

I know the thread is old and dead…but I was hoping you might be able to elaborate a bit. You say you disabled UPnP and all of your issues went away. Do you mean the toggle in the Settings/Services/UPnP tab? Because, I’m having a similar issue (albeit with port 443 only…80 seems to work just fine), but my UPnP toggle has been off the whole time. Not sure where else to look.

4

Yes, correct. I disabled UPnP in Settings/Services/UPnP.

Check under Insights/Port Forward Stats for any open ports/activity.

At the very end when I had this issue I ended up reaching UBNT support, after trying quite a few things it turned out something was hijacking port 80/443 (because UPnP is enabled by default), once I disabled UPnP my issues went away.

It caused all the issues described:

  • can reach my instance using my domain name within my LAN but no externally
  • all sorts of errors when trying to access externally
  • intermittent issues when reaching my instance
5

Checking under Insights/Port Forward Stats, I can see the two port forwards that I created to setup Nginx to hassio. Both are under the “User Defined” tab…nothing at all under “UPnP”.

I’m suddenly able to access from outside, even though I don’t believe I’ve changed anything in the proxy host settings, but for whatever reason, the domain is taking me to my USG login instead of my Home Assistant front page. I have to assume the USG is either redirecting, or just completely ignoring the port forward…I’m stumped.

6

I just realized something. Even though I created port forwarding rules (Settings/Routing & Firewall/Port Forwarding) for both ports 80 and 443 to point to home assistant on the same ports, the forwarding doesn’t seem to work properly. I then noticed that on the WAN IN tab (Settings/Routing & Firewall/Firewall/Wan In), there are now two new rules that match my newly created port forward rules. They show enabled, accept, all…but nothing for source or destination.

So, I came back here, and noticed that your picture of that page shows the same.

Am I going to have to create these port forwards as firewall rules instead of port forward rules?

7

Did you get this resolved? I am in the same situation. Upnp is disabled, but i cant get a connection on port 443.

8

I did get everything working, but I don’t remember exactly what my issue was. I had tried several things before I finally got it all to work. I’ve since reinstalled from scratch and was able to get everything working first try. What have you done so far? And what issue are you having, exactly?

1 Like
9

UPnP was in a couple of different places not long ago, in some general network setting and on per network segment. If you’re running on the latest version now everything is under the same place under Gateway -> UPnP. For me disabling it on my network segments solved the issue.

Either way until you describe your problem in more detail, what you’ve done and your current settings it’s hard to tell what could be causing your issues.

1 Like
10

I got it resolved. it was the weirdest thing in unifi. somehow my port forward to 1883 got reassigned to 443. Of course I didnt look there because its been working for 2 years. :slight_smile: Thanks for the reply

11

I am so happy you posted this. I was having issues with port 80 as well. Once I disabled UPnP my problem was solved!