Author Topic: Web access works over cell, but not through router  (Read 1455 times)

Krydos

  • Calf
  • *
  • Posts: 4
Web access works over cell, but not through router
« on: September 07, 2020, 03:11:03 PM »
I've searched for like an hour and I can't find the solution to my problem so I'm making a post. It's probably something super simple that I'm overlooking.

I have a Buffalo Terastation 1400R in my server cabinet. It has a static IP, and a domain name. It's working perfectly fine, and all of the data is there, and all the NFS shares are still working, but for some reason I can no longer access the web interface through my home router. Oddly enough I can access it through my cell phone as long as it isn't connected to my home router's wifi though. The same cell phone refuses to connect if it's going through the home router. I've tried on multiple computers and multiple browsers within the home router network. It always gives xx.xx.xx.xx refused to connect in the browser. I've opened a command prompt on the same computer within the home router network and ran the command

telnet xx.xx.xx.xx 80

and it works, and I can see it gets data from the NAS on port 80. That means it's not blocked in a firewall, or blocked by my ISP, or anything. It's also odd because it used to work just fine from my home internet connection. I think it may have been a firmware update on the NAS is when it stopped working. At the time I assumed the NAS just needed a reboot because the web access wasn't working, but all the NFS shares were still working. I finally got around to rebooting it yesterday and the web access still doesn't work.

Any ideas of what to try next?

Krydos

  • Calf
  • *
  • Posts: 4
Re: Web access works over cell, but not through router
« Reply #1 on: September 08, 2020, 01:19:11 AM »
If anyone is curious, I think the issue might be with the SSL certificate. The NAS isn't responding on port 443 at all anymore for some reason even though a valid SSL certificate is installed, and SSL used to work. I have been trying Chrome and Firefox on all of my computers with http and https and both say connection refused through these browsers. On a whim I decided to try Microsoft Edge *cringe* and for whatever reason that browser works. Maybe Chrome and Firefox remember that SSL used to work on this IP, or these browsers are blocking the non-secure connection for some reason but Edge doesn't block it? I'm not a browser expert so this is odd to me that only mobile Safari and Edge work.

Anyways, there is a firmware update available, so I'm going to try installing that next, but not tonight. I'll install the firmware update tomorrow and update you all if I figure anything else out.

1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
Re: Web access works over cell, but not through router
« Reply #2 on: September 08, 2020, 09:05:08 AM »
There are DNS and routing related reasons this could be failing depending on your exact setup.

If you are trying to connect via domain name (both resolving to WAN address) in both cases: It could be that your router isn't set up to properly route traffic addressed to your WAN IP from within your LAN. This is the case on my network as well and is pretty normal for most types of router. I believe I could set up a rule in mine to make this work but I've never looked into it.

If you're connecting via ip/hostname for the local connection: It could be that your SSL cert is specific to https://yourdomain.com (it's specific to some url) then attempting to connect to http://192.168.2.222 etc would receive an SSL error.

There could be other reasons for the failure too (I've never used this feature) but I see these types of problems with similar things frequently.

Krydos

  • Calf
  • *
  • Posts: 4
Re: Web access works over cell, but not through router
« Reply #3 on: September 08, 2020, 01:09:35 PM »
Thanks for the reply. The domain name and DNS is definitely set up right. My computer resolves the IP correctly from the domain name.

The issue seems to be that the NAS is no longer responding on port 443, and I have no idea why. Usually if you connect to an IP address like xx.xx.xx.xx:443 you will get a certificate error because you're not connecting to the domain name in the certificate, but browsers allow you to use the certificate anyways after a warning about it not being secure. The 1400R won't even do that because port 443 is completely closed and non-responsive for some reason.

Like I said last night, I'm going to try getting it on to the latest firmware, and see if that helps. I'll post back after that is done. Thanks again.

Krydos

  • Calf
  • *
  • Posts: 4
Re: Web access works over cell, but not through router
« Reply #4 on: September 08, 2020, 02:39:17 PM »
Well, the firmware upgrade didn't fix it, but I did figure out what the problem is.

If I generate the ssl certificate with le64.exe from https://github.com/do-know/Crypt-LE/releases it doesn't work. The 1400R responds that it imported the certificate and key successfully, but then port 443 goes silent and refuses to connect.

If I generate the ssl certificate with https://zerossl.com/ it does work, and port 443 starts accepting connections again.

This is really odd to me because they are both free 2048 bit certificates from Let's Encrypt. I have no idea why one works and the other doesn't, but using the certificate from ZeroSSL got it working again, so I guess I'll just keep doing that from here on out. Hopefully this information helps someone else in the future with this same issue. Thanks for reading.