Any way to get AiCloud features working on a Double NAT?

[nfshp253]

Yes, I've attempted to connect to the router multiple times, but so far it seems like something's stopping any packets from getting through. I've even disabled the firewall on the ONR entirely. I've checked the DDNS address and it's still valid and pointing to my current public IP address.

 

[eibgrad]

BTW, on a side note (once you hopefully get this working), you shouldn't be exposing port 3389 (RDP) on the WAN anyway.

Microsoft has had one vulnerability after another w/ that thing for years. At the very least, NEVER expose the well-known ports to the WAN (21, 22, 23, 80, 443, 1194, etc.). Instead, obscure them w/ something like 11289, 23104, etc. Most hackers will only seek out the well-known ports and move on if nothing is available, NOT probe the entire port range.

But even in the case of RDP and an obscured port, I would only allow access over a VPN given its history of being hacked.

 

[eibgrad]

Speaking of obscured ports, perhaps your ISP *is* blocking well-known ports (not likely, but at this point, I'm out of ideas). Granted, I wouldn't expect 8443 to be blocked. But maybe the ISP has a defined limited range they're willing to accept, say 10000-19999. Again, very unlikely, it's NOT the norm, but perhaps worth asking the ISP.

If all the relevant entries in the PREROUTING table of the NAT table show zero packet counts, there *has* to be a problem upstream of the ASUS router. Either the primary router is NOT forwarding packets to the ASUS for some reason, packets are never reaching the primary router for some reason, you do NOT have a public IP on the primary router, you're referencing the wrong public IP, or perhaps your outbound remote access is being blocked on the remote client device.

I can't think of much else that could be preventing the remote access.

P.S. If you want one of us to try accessing the GUI or RDP server remotely (even though we'll get locked out by username/password), at least we'll know if *we* can reach it, even if you can't for some reason. Just send a PM w/ the public IP and port (in case you changed it).

 

[nfshp253]

Oh that's not good to hear. I've been using 3389 for the past 3 years on another network before I moved to my current residence and was issued this annoying ONR. I'm guessing the DMZ might not actually be functioning? I'll send you a PM with the DDNS and port.

 

[eibgrad]

Oh that's not good to hear. I've been using 3389 for the past 3 years on another network before I moved to my current residence and was issued this annoying ONR. I'm guessing the DMZ might not actually be functioning? I'll send you a PM with the DDNS and port.

Works for me! I just got prompted for the username/password!

 

[nfshp253]

Huh, interesting. That means that the DMZ and DDNS on the ONR is working. I managed to connect too, but I still can't get to the WebUI or access the FTP files on the ASUS. Any ideas where to start on this? Do I need to forward more ports?

 

[eibgrad]

Huh, interesting. That means that the DMZ and DDNS on the ONR is working. I managed to connect too, but I still can't get to the WebUI or access the FTP files on the ASUS. Any ideas where to start on this? Do I need to forward more ports?

FYI, I'm able to reach your GUI as well (8443).

 

[eibgrad]

Your remote access is working. You have some other issue going on there that's preventing access to YOU alone. I have no idea what that is.

P.S. I assume you're NOT trying to access from inside the LAN while still referencing the public IP. That may NOT work unless the primary router supports NAT loopback. You *must* be on the internet side of the WAN, such as the cellular network of your smartphone.

 

[nfshp253]

That is strange. I've just tried doing it on my own computer (on the same network) and it's giving me a connection timed out error. Using my phone's 4G, I'm getting a network connection was lost.

 

[eibgrad]

That is strange. I've just tried doing it on my own computer (on the same network) ...

Do NOT use NAT loopback! You must be on the internet side of the primary router's WAN!

 

[eibgrad]

To complete the picture, I just got prompted to accept the fingerprint of your FTP server using SFTP w/ WinSCP as well. It's ALL working.

 

[nfshp253]

Oh it's working for me too. Seems like my iPhone was deciding to use Wifi to assist the weak 4G connection even though Wifi was off. So now I've got RDC and FTP working, do you think it's possible to get the actual AiCloud web interface to work? Or Samba access via the DDNS address?

 

[eibgrad]

Oh it's working for me too. Seems like my iPhone was deciding to use Wifi to assist the weak 4G connection even though Wifi was off. So now I've got RDC and FTP working, do you think it's possible to get the actual AiCloud web interface to work?

I don't use AiCloud, so I don't now what's required. But I did find the following.

ASUS AiCloud - Cloud Disk

I have just started exploring this feature so thought i'd share my experience in case it helps others. ASUS AiCloud 2.0 keeps you connected to your data via an Internet connection. It links your home network and online storage service and lets you access your data through the AiCloud mobile app...

www.snbforums.com

 

[nfshp253]

I seem to have gotten it to work on port 443. Thanks!