Windows Home Server - Can't access from inside

[Toddimus]

Windows Home Server - Can't access from inside -- SOLVED

UPDATE:

PROBLEM SOLVED!! The latest version of Merlin's firmware (376.48 Beta 1) fixed this issue. Now I can access my server via https remote access from behind the same router. Thanks Merlin!!

Hi folks,

I recently upgraded to the AC87R and installed the 47 Beta 1 Merlin firmware on both the new AC87R and my older N66U. The N66U is configured as a media bridge, which probably doesn't matter for my question...

I have an HP Mediasmart EX495 server, which I have set up for remote access. It is essentially a WHSv1 box, not the newer WHS 2011 or better. It is now connected to one of the 4 ports on the back of the AC87R. It used to work for remote access (https://<myservername>.homeserver.com/remote), when I had it connected to the N66U in my old house. Now, I can't access the remote HTTPS connection from within my network. I am able to get to it using its local address, but can't get to it using the the remote DDNS name (with or without the 443 port added to the address). I've also tried using my modem's IP addy with the :443 at the end, and it doesn't work either. I have forwarded ports 80, 443 and 4125 in the router's WAN page. I also see that some UPnP ports were configured during setup.

The server's auto configuration page shows that everything is fine and the server is accessible from the web. It thinks everything is fine.

I can access the server from outside my network, using the DDNS name. I just can't get to the remote access page from behind my router. It seems like the router is preventing HTTPS access from within the local network. It used to work with essentially the same configuration I have now. The only real difference is that now it's plugged into the AC87R and there happens to be an N66U in media bridge mode in the system. Like I said, I doubt the media bridge component has much to do with the issue, but I could be wrong.

Any thoughts??

 

[Roylion15]

Hello,
I have exactly the same problem with https (port 443) remote access on a WSE 2012 R2 since i have upgraded from AC66U to AC87R. it works well fine from outside and not always from my local network. Sometimes a reboot of the router solves the problem for a few hours or days. Never had this problem with AC66U.
My Firmware is Merlin 376.46 and the problem was also present with Asus "original" latest firmware.

Thanks in advance for your answers and sorry for my bad English..

 

[Toddimus]

Roylion15, I'm glad I'm not the only one!

Anybody have any ideas to fix this? I've tried as many permutations as I could think of for the DNS server options in both the WAN and LAN tabs.

 

[Toddimus]

239 views and no input? This is a shameless thread bump post. I would love to get this working again!

Anybody have any ideas? I don't know if this is an AC87 issue, or a firmware issue (probably ASUS, not Merlin specific).

 

[VanillaXtract]

I have WHS2011 and I can access via the IP address (192.168.0.2) fine from within my local network. Are you sure your ports are forwarded to the correct IP?

 

[Roylion15]

Hello,
In my case, all needed ports are correctly forwarded manually into the router.
( tested with :http://www.yougetsignal.com/tools/open-ports/)
The problem occurs only if use my public external adress or the Microsoft dyndns adress (https://myname.remotewebaccess.com) from my local network.
The local server IP adress (192.168.1.100) or http://server_name works always fine inside my local network.
Never had this problem with AC66U and i have exactly the same configuration with AC87R.
It's like a "loopback" bug but it's not relative to Merlin because also present in original firmware.

edit : it seems after some tests that there is a problem or conflict with Asus "Smart Access" : Enable the smart Access Switch solves the problem for a long moment (several hours or days) then the problem returns. I place the switch OFF then ON and it works again...

 

[Ronv42]

I have always manually forwarded all ports on my router to my WHS. So far I have tested all week and every time I was able to log into the server via web page using the "nameof your server.homeserver.com" with no issues. I am running a RT-AC87R with 376.47. I don't run any unusual firewall tools or settings such as the smart filters. I just use OpenDNS as my primary DNS source.

 

[RMerlin]

Hello,
In my case, all needed ports are correctly forwarded manually into the router.
( tested with :http://www.yougetsignal.com/tools/open-ports/)
The problem occurs only if use my public external adress or the Microsoft dyndns adress (https://myname.remotewebaccess.com) from my local network.
The local server IP adress (192.168.1.100) or http://server_name works always fine inside my local network.
Never had this problem with AC66U and i have exactly the same configuration with AC87R.
It's like a "loopback" bug but it's not relative to Merlin because also present in original firmware.

edit : it seems after some tests that there is a problem or conflict with Asus "Smart Access" : Enable the smart Access Switch solves the problem for a long moment (several hours or days) then the problem returns. I place the switch OFF then ON and it works again...

AiCloud uses port 443, so the default settings will indeed conflict with your WHS port forwards.

 

[Toddimus]

Thanks for the input folks! I had the AiCloud turned off, and it still didn't work.

@Ronv42 ... interesting! I manually configured the ports too, but I can't get it to work. Out of curiosity, do you set anything in the "local port" field, or just the "Port Range" field and the "local port" field is blank? I've tried it both ways and it still didn't work for me. Also, are you using the AiCloud features? I haven't tried OpenDNS. Maybe that's the ticket??

 

[sinshiva]

iirc, QoS conflicts with nat loopback or something?

i was able to get things working by adding the following to /jffs/scripts/firewall-start

iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 192.168.1.20 -p tcp --dport 80 -j SNAT --to `nvram get wan0_ipaddr`

should be self-expanatory

 

[Ronv42]

Out of curiosity, do you set anything in the "local port" field, or just the "Port Range" field and the "local port" field is blank? I've tried it both ways and it still didn't work for me. Also, are you using the AiCloud features? I haven't tried OpenDNS. Maybe that's the ticket??

I left the local port field blank when setting up the forwarding rules. Also I am not using AiCloud features.

OpenDNS is one of the best DNS services out there. I have never had issues with them serving up a stale IP address when my carrier changes my IP address for my modem.

One thing you may want to check if NAT acceleration is turned on with your router. I have had issue with some custom coded NAT rules when it was on.

 

[Toddimus]

@sinshiva & Ronv42

Thanks for the ideas. I'll give them a shot.

-Todd

 

[Toddimus]

SOLVED!!

Quick update...

The latest version of Merlin's firmware (376.48 Beta 1) fixed this issue. Now I can access my server via https remote access from behind the same router.

 

[Ronv42]

Glad to hear that it's working for you now....too bad Microsoft has discontinued the WHS product line. It was the most robust NAS a person can build.

 

[beetlez]

Glad to hear that it's working for you now....too bad Microsoft has discontinued the WHS product line. It was the most robust NAS a person can build.

I've flashed my AC87U with 376.48_1, but I can't access my machines from behind the router using the ddns name. I supposed the NAT loopback is not working.

Any settings that I need to tweak to get it work?

 

[RMerlin]

I've flashed my AC87U with 376.48_1, but I can't access my machines from behind the router using the ddns name. I supposed the NAT loopback is not working.

Any settings that I need to tweak to get it work?

NAT loopback has been extensively discussed in the last week in this forum - a search would have pointed you at the reason and also the solution. For simplicity's sake:

376.48_3 (20-Nov-2014)
   - FIXED: NAT loopback was broken on MIPS devices
            (backported Asus fix from 376_3626)

 

[roylion15]

solved here ...

Quick update...

The latest version of Merlin's firmware (376.48 Beta 1) fixed this issue. Now I can access my server via https remote access from behind the same router.

Idem here, 376.48_1 solves the problem with remote web access on port 443 with server 2012 Essentials from my local network.

 

[beetlez]

NAT loopback has been extensively discussed in the last week in this forum - a search would have pointed you at the reason and also the solution. For simplicity's sake:

376.48_3 (20-Nov-2014)
   - FIXED: NAT loopback was broken on MIPS devices
            (backported Asus fix from 376_3626)

Thanks RMerlin, I did search before posting and I'm aware 376.48_3 has some fixes for NAT loopback.

However, 376.48_3 is not available for AC87U (yet). I was wondering maybe 376.48_1 does not have NAT loopback for AC87U.

Anyway, any idea when will 376.48_3 be available for AC87U?

 

[RMerlin]

Thanks RMerlin, I did search before posting and I'm aware 376.48_3 has some fixes for NAT loopback.

However, 376.48_3 is not available for AC87U (yet). I was wondering maybe 376.48_1 does not have NAT loopback for AC87U.

Anyway, any idea when will 376.48_3 be available for AC87U?

The NAT loopback bug was only on MIPS-based routers. The NAT loopback works fine on the AC87U, tested with my own router.

There was no code change in 376.48_3 for ARM routers (those use a newer version of iptables without the parsing issue that affected MIPS devices).

 

[beetlez]

The NAT loopback bug was only on MIPS-based routers. The NAT loopback works fine on the AC87U, tested with my own router.

There was no code change in 376.48_3 for ARM routers (those use a newer version of iptables without the parsing issue that affected MIPS devices).

Hi RMerlin, any idea how do I go about solving the NAT loopback on my AC87U?

When I first flash it with this firmware, it does not work. Then I left it running for a few hours, magically it works. Then few hours later, it does not work again.

Are there any settings that I need to tweak? Any logs to check for signs of misconfiguration?