User profile for user: JamesWat
JamesWat Author
User level: Level 1
8 points

Port forwarding time capsule

I have web server on my private network at ip address 10.0.1.204 on port 456. I am able to access this on my private network without problem. I have set this in the DHCP reservations for the TimeCapsule and this also seems to be working. I should mention the webserver is connected via ethernet.

My time capsule is acting as my modem using ppoe, my internet is also working without problem.

I am attempting to have my webserver available from outside my private network.

I have updated my timecapsule software to the most recent (7.7.8).

I have tried the following:

  1. In airport utility i have set port mapping as such:
    1. Public TCP port(s) 456
    2. public UDP port(s) 456
    3. Private IP address: 10.0.1.204
    4. Private TCP port(s) 456
    5. Pricate UDP port(s) 456
  2. On the internet-> nat tab the enable NAT port mapping protocol is enabled.
  3. On the nat tab I have tried both having the default host filled in and blank.

I have had no success.

Where to from here?

I can certainly provide any more details you need, I am a c programmer by trade.

thanks James

Airport Time Capsule 802.11ac

Posted on Mar 1, 2017 11:13 PM

Reply
7 replies
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Mar 2, 2017 2:23 AM in response to JamesWat

Does your TC have a public IP address on the WAN side? No double NAT.


Did you set the server IP in the TC dhcp reservations? Even if you set a static address on the device it can still be worthwhile making sure the TC is aware of the address.


Beyond that it starts to get tricky.


The usual method of testing is to see if telnet can at least access.


eg https://kb.acronis.com/content/7503


This must be tested from a WAN connection.. like your tethered phone.


You will of course use the WAN IP address not local IP.


If telnet cannot at least make some sort of connection.. even if it fails then it is possible something else is wrong.

Reply
User profile for user: JamesWat
JamesWat Author
User level: Level 1
8 points

Mar 2, 2017 2:23 AM in response to LaPastenague

Hi LaPastenague thanks for your help.

LaPastenague wrote:


Does your TC have a public IP address on the WAN side? No double NAT.


Yes. my public ip is 45.115.71.132


LaPastenague wrote:


Did you set the server IP in the TC dhcp reservations? Even if you set a static address on the device it can still be worthwhile making sure the TC is aware of the address.


The ip is in the reservations on the TC and is not set as static on the device


LaPastenague wrote:


The usual method of testing is to see if telnet can at least access.


I installed telnetd on the server and was able to connect to it on port 23 from my local network. I port mapped port 23 to the device. When i attempted connecting from wan it tried connecting but never did.

Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Mar 2, 2017 5:32 AM in response to JamesWat

I would request Apple remove your public IP if it is static.. don't want those things sitting on forum.


If it is dynamic it won't matter so much.


Seems like you are doing something wrong.


Do you have a ping responder turned on in the server?


That is helpful until you get things working.


What about local firewall on the server not allowing remote access??


From WAN do a traceroute to your public IP. It might not resolve but it should get to your ISP main router.


From the server do a traceroute out to google DNS .. anywhere.. Does it show other private IP addresses in the way on the ISP side.


Your address doesn't resolve for me.

If it is dynamic has it already changed?

Reply
User profile for user: JamesWat
JamesWat Author
User level: Level 1
8 points

Mar 2, 2017 4:35 AM in response to LaPastenague

Thanks again LaPastenague, i really do appreciate your help. I have answered all your questions, in the order that i think are most relevant.


LaPastenague wrote:


From the server do a traceroute out to google DNS .. anywhere.. Does it show other private IP addresses in the way on the ISP side.


This proved interesting. It looks like there might be some other private ips. (10.99.128.1 19.124.41.*) I don't really know what that means though as far as my connection goes, or how to get around it. Here is a copy of the output: http://pastebin.com/41iJg1xk

LaPastenague wrote:


From WAN do a traceroute to your public IP. It might not resolve but it should get to your ISP main router.


I have done this but i am not sure how useful it is, the last 15 or so steps are ***. Certainly it resolves the address. Output is here: http://pastebin.com/0dQzuWGU

LaPastenague wrote:


I would request Apple remove your public IP if it is static.. don't want those things sitting on forum.


If it is dynamic it won't matter so much.


...


Your address doesn't resolve for me.

If it is dynamic has it already changed?

The address is dynamic, but has not changed. I am not too concerned about people knowing my public ip, but thanks for the concern.

LaPastenague wrote:


What about local firewall on the server not allowing remote access??


Shouldn't have. It is a standard linux apache install. The only thing i changed (and if i can get it to work i will probably change it back) was the port because i thought my isp might block incoming connections on port 80.

LaPastenague wrote:


Do you have a ping responder turned on in the server?


Yes, but it doesn't respond from WAN. The TC responds from pings internally (10.0.1.1) but not to pings on 45.115.71.132. I assume this is by design.

Reply
User profile for user: LaPastenague
LaPastenague
User level: Level 9
67,262 points

Mar 2, 2017 2:10 PM in response to JamesWat

Ok.. skymuster is via satellite and it is always made in such a way to prevent you running servers on your end.

I guessed that was the case from your ping times in the traceroute.


This is not unusual .. this is standard for any satellite Internet service.. or wireless as well.


It means you will have to host the website in a data centre.


For your personal remote access you can use an App like teamviewer which should allow you remote access to the server by opening link through the proxy server. But that is not something you can use even for a test setup of your weather data.


Nice work Aus Gov.

56K dial up modems should be fine for everyone.. worked ok before they entered parliament.. Why would anyone need more?? Pretty much as far as most of those guys understand Internet.

If public servants need faster internet they can sit in the local McDonalds and use free wifi. Just ask Barnaby!!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Port forwarding time capsule

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up