Beantwoord

Can't open port 80 and 443 on Experia Box V10 (ZTE H369A)

  • 13 January 2022
  • 10 reacties
  • 833 keer bekeken
AndreScala
Rank

Hi everyone,

I have the ZTE H369A modem/router and I’m not able to open port 80 and 443.

 

To add some context, I have a UDM Pro (the only thing connected to the modem) and I have a Proxmox server running Docker. In Docker I have NGINX and I need to open port 80 and 443 to NGINX be able to get the SSL certificates.

 

So,

  • I tried to open in the modem my UDM Pro IP to the ports (didn’t work)

 

  • Then I tried to add my public IP and open also the ports and didn’t work
  • In the UDM Pro I tried to open the ports and nothing
  • I also have DHCP Binding

  •  

     

Everytime I try to check with portchecker or CanYouSeeMe they are always closed!

I’m trying this for weeks!
I hope that are somewere there a kind person that can help me :innocent:

Kind regards,
Scala

icon

Beste antwoord door NHendriks 20 January 2022, 17:26

Bekijk origineel
Dit topic is gesloten. Staat je antwoord hier niet bij, gebruik dan de zoekfunctie van de Community of stel je vraag in een nieuw topic.

10 reacties

Rutger van KPN
Rank
Reputatie 7
Badge +15

@AndreScala Welcome to our forum. 

I am afraid my knowledge about these products is not good enough. 

Maybe other forum users know what to do, for example @Babylonia:innocent:

Blij met een antwoord? Geef een like! Is een bericht het beste antwoord op je vraag? Markeer het dan als oplossing.
B
Rank
Reputatie 7
Badge +10

First option is to give a fixed IP address by “DHCP Reservation".
Already done as by screenshot.

Next step is to add port forwarding rules 80 and 443 to that given IP address.

There is a complete list already from many regular used services to choose from
by  "Application Configuration".   Also   HTTP (80)   and   HTTPS (443)   are within that list.

Within the top of the menu, you must add the device (with the fixed IP address) + the two rules
HTTP and HTTPS.

Several screen shots can be found about halfway within the first message as of following subject:

 

Geef een apparaat een vast IP (DHCP Binding)

Klik op het tabblad "Instellingen"

 

Poorten openen op de Experia Box (IPv4)

In dit voorbeeld gaan we er van uit

 

For better understanding  < translated by Google >

More or less the same explenation but only as for DHCP reservation + port forwarding:
https://www.synology-forum.nl/the-lounge/kpn-v10-modem-geen-portforwarding-mogelijk-onder-ipv4/msg225219/#msg225219

Keep in mind that today firmware the list of the "Application Configuration" is simplified.
Just one data list to choose from, no separate sections by kind of service.
 

(Apologise for simple explanation, as I have not connected the V10 under normal circumstances.
I do use my own router device, and can not switch back to the V10 now, as several people are using my connection and do use several services).

Glasvezel (TFT) - Synology RT6600ax - met „IPTV routed mode“ ondersteuning - handleiding zie: https://tinyurl.com/2p8p7bvu
AndreScala
Rank

@Rutger_  @Babylonia 

Thank you for your help.
I took a little drastic measure and set the DMZ to my UDM Pro machine.

So, no  more problems but I’m feeling a little exposed :sweat_smile:

They should allow us to  ‘ignore’ the router and pass through directly like those that use Fritz!box.

Anyways, it’s working now :)

 

Thanks

H
Rank
Reputatie 5
Badge +5

I did the same procedure last week, and the Experia box V10 did what is expected, both for IPv4 and IPv6. Important is that the system connected to the Experia box get’s its IP address via DHCP  fixed with DHCP binding. Do you have access to the NGinx proxied server from the local LAN?  Are there no firewall rules in place somewhere blocking addresses outside the 192.168.2.0/24 range?  

B
Rank
Reputatie 7
Badge +10

I took a little drastic measure and set the DMZ to my UDM Pro machine.

So, no  more problems but I’m feeling a little exposed :sweat_smile:

Well, such kind of drastic measure of DMZ maybe can solve your problem of set-up "port forwarding” in the proper way. It also involves a massive security problem, by opening “all" ports to this device.

If you love hackers and malware players into your environment, this is the right way to go.

Glasvezel (TFT) - Synology RT6600ax - met „IPTV routed mode“ ondersteuning - handleiding zie: https://tinyurl.com/2p8p7bvu
H
Rank
Reputatie 5
Badge +5

Since DMZ to a machine is equivalent to opening ALL ports to that machine, I would expect that opening 80 and 443 should be sufficient. There is no need to redefine port 80/443, because HTTP and HTTPS are standard apps in the firmware, and with IPv4 a port can only be forwarded once.  The only thing which worries me: HTTP is defined as port 80 + 443. But opening only HTTP keeps HTTPS closed. Opening standard HTTP + standard HTTPS works. This looks like a problem in the firmware (???)

Since incoming packets contain as source the remote  IP address and as destination the local client address. it makes no sense to do something in UDM  firewall rules with V10  internal or external address.

 

 

AndreScala
Rank

I don’t know!
The service is provided by Budget and I call them and they redirect me to this forum.

So probably what I’ll do when the contract ends will be change to KPN 1GB connection because is kinda ridicalous when the company were you are paying says that they can´t do nothing about it!! :thinking::rolling_eyes:

NHendriks
Rank
Reputatie 7
Badge +11

I don’t know!
The service is provided by Budget and I call them and they redirect me to this forum.

So probably what I’ll do when the contract ends will be change to KPN 1GB connection because is kinda ridicalous when the company were you are paying says that they can´t do nothing about it!! :thinking::rolling_eyes:

That's indeed kind of weird. The V10 of Budget also runs on a different firmware than a KPN V10 does.

 

And about the DMZ, in my opinion, setting the UDM as DMZ is fine, all incoming traffic will be redirected to the UDM and have no other way of reaching other devices. The UDM has a decent built in firewall so it should be fine. I am using the same set-up but with a KPN V10 and a TP Link TL-ER605. I like the DMZ for dual-NAT setups so I don't have to open the ports twice. 

Maybe the port forwarding is not working properly because 80 and 443 are already defined as app in the V10 but I'm not sure. Have you tried the built in apps of the V10?

Voormalig KPN storings- en installatiemonteur in de regio Nijmegen. Tegenwoordig werkzaam als freelance monteur antennebouw en reisblogger.
AndreScala
Rank

Ok then, I’ll keep with DMZ.
 

Thanks for the support.

:thumbsup:

H
Rank
Reputatie 5
Badge +5

OK, that explains the “App group” radiobuttons in the screenshot. I’ve never seen this in KPNs V10 version. If the UDM has a decent type of firewall blocking everything except…..,  DMZ should not harm. 

 

 

De Kennisbank

Heb je vragen over diensten, producten of wil je weten hoe je modeminstellingen verandert? Vind het antwoord op de meest gestelde vragen in onze Kennisbank
Forumvoorwaarden