I am having a problem with Webaccess to my linkstation. Everything else is working eg Media Server, Access Control, Visibility on the network etc. But web access is not happy. If I try and access the external port through the buffalo nas portal it simply times out. If I try and access it internally on the network (with port 9000) any folders I have allowed access to anonymously show up but any others with access control do not. If i try to login it simply keeps prompting me and prompting me for user and password (which I know work fine).
I could NOT set up the firewall automatically even though the route does support UPnP (netgear DGN2000). I have configured external access and re-direction firewall rules to the linkstation on ports 9000 and 1066 (the external port I have configured).
Is there something obvious I have missed eg do I need to open more ports on router??
Hope someone can offer some advice.
I have tried using inherited permissions AND all groups and users the only one that seems to work "Anonymous".
If I map to the shared folders the accounts work and the access control is as expected. Just dont get why this will not apply to the webaccess control.
Just an update have now got a seperate problem that if I add a new share you can see Disk 1. The share I have then added only allows 4GB or so to be put in it and you can delete it.
This is exactly as per another stream...
http://forums.buffalotech.com/buffalo/board/message?board.id=0101&message.id=9859&jump=true#M9859
Like them I have updated to the latest firmware version 1.07 and this has made no difference to the webaccess issue OR the new shared folder problems.
Anyone in Buffalo any clues ??
Some more info for investigation. I have now expanded the firewall rules on the router to include ports 80, 443 and FTP.
FTP works perfectly from outside the network and as expected.
Now that 80 and 443 and I try to access the anonymously shared folders it simply sits and waits forever no error message.
Ignore the last comment I had stupidly set the external port to 9000 so it was getting confused. As soon as I put it back to 1066 went back to the same problem of "broken link" from external.
I have opened the router to allow everything in terms of the firewall rules and it doesnt change anything.
I currently have HTTPS turned off and two folders share one anonymously and one with group access. If I browse internal on port 9000 I can see the anonymously share folder fine. If I try to login "\login" I cant get authorised no matter which user I use. From external I can still get and retrieve data over FTP but web access on port 1066 just gives me a "broken link".
Does anyone now the exact port numbers you need to add to your firewall for webaccess?? Have added 9000, 1066 (my manually configured external port), 80 and 443. Also as above I have opened everything and it still does not work.
Thanks in advance.
So far I didn't use https because it slows the connection down a bit but if your upload it that good- no issue. But lets make it clear. The only port forwarding for web Access you need is [myexternalport] to [IP of LS]:[9000]
My port forwarding is that I usually use from outside something higher than 20 000 (not so often scanned) port 80 on LS is for web interface, port 21 for FTP and to 9000 for web access. So far it works but I kept fw 1.04.
other questions: does the access with user work locally? How did you test access from outside?
The firewall of the router does not allow me to specify a port number all I can do is forward anything coming in on an external port to the IP address of the LS. I have reset the rule to use 25000 but this didnt make a difference.
Local Access does work if I use IP:9000 I can see the shares I have set with anonymous permissions but cant login to see the shares with inherited or group permissions (doesnt matter which I use just doesnt work) - even works with iPhone quite nicely.
I am using a mobile broadband from 3 to test the external connectivity. I have proven FTP works but cannot get webaccess to work.
When I access it from external I can see from the router logs that its re-directing the access but browser(google chrome) returns "link appears to be broken"
I have now done a forced updated with the 4 config options. Fought off the japanese language settings and this has resolved the problem of not being able to create new shares properly.
I have of course lost all data and settings. So I created new share and two new users which I can map to successfully. I enabled web access external port 1066 (linkstation still will not see UPnP router although everything else does) and I still have the same problem.
Externally the link is timing out and internally it all works unless I hit the login button and enter user details which ALWAYS fails (with original or new users).
Either your ISP is blocking port 1066 or your firewall is misconfigured. The Web Access service ALWAYS runs on port 9000 on the Linkstation. The External Port setting merely reports that port to the buffalonas.com server for redirection.
When setting up port forwarding, the WAN or Internet side TCP port needs to be set to the External Port in the Web Access settings, the IP address needs to be set to the IP of the Linkstation, and the Local or LAN side port needs to be set to 9000:
[Internet] --> WAN TCP port "Web Access External Port" --> [Router] --> LAN TCP port 9000 --> IP address of LS --> [Linkstation]
Colin137, I have a DGN200 Netgear route which doesnt allow you to port forward that specifically. What it does is allow you to create a service (called mine LinkSys) and a port range 9000-9001 (with 9001 being the new external port). I then set an inbound Firewall Rule redirecting any internet traffic on these ports through to the IP address of the LS. What I cant do is set their destination port.
When I access the LS externally I can see the firewall rule fire and allow the traffic through. But I still get a broken link.
Colin137, I have just set my external port on the linksys to 9000. My theory was that without a destination port specified the router is passing through on the same port (so its connecting to the linksys on whatever I say my external port is).
Sure enough when I try to connect now I get the webaccess bar at the top and the login link. What I dont get is a view of the test HELLO folder I have shared anonymously. If I click login it simply prompts me over and over not matter what account I use (this is just like it does internally and 2nd problem mentioned in this thread).
I can provide the link and the login for you to look but obviously not on the thread.
Sorry for the blast of updates but have found something further. When I created the Hello test folder I made it read only and disabled the access restrictions (trying to prevent anything stopping access).
However by re-enabling the access restriction the webaccess has jumped to life and I can now see the folder over the internet!! (so external access problem fixed). That leaves the permissions problem as I still have to set Web Access to anonymous for this to work.
So current state of play is:-
- With External Port Set to 9000 and Shared Folders with Access Restrictions ENABLED but with Web Access set to Anonymous I can browse the folder (read only) over the internet.
- If I change Web Access Security to anything other than Anonymous it does not allow access and continually prompts me for login which doesnt work with any user account.
Still working as per previous post cant seem to get the login to work over webaccess. The permissions and uses configured work fine over mapped drives and FTP (Eg you can only see and save where you are supposed to).
But cannot login to webaccess with any account. HTTPS is not enabled.
willgee so whats your problem exactly is it the same as mine eg access works but only when using anonymous permissions?
maybe worse than you - I cannot even get anonymous to work remotely... i have tried several different configurations (anonymous, inherited, turn off SSL, etc) and none of them seem to even want to connect from a remote perspective. I can only get web access when I try through my internal network but thats not exactly the point. was wondering if it was my router FW but i dont think that is it as I have ssh server that works just fine.
BTW, does anyone know if the LS can host an SSH server?
willygee, if it works locally, then the Linkstation is functioning correctly. You may have two routers in a line, what we call "Double-NATing". Check the WAN side ip of your router. SSH is not an option that we support, and the standard statement applies: modification of the device's hardware or software will void your warranty.
prycej, this reminds me... does webaccess work locally for you? Access it by <http:// or https://><LAN ip address of Linkstation><colon>9000/, for example:
http://192.168.11.150:9000/ or for ssl, https://192.168.11.150:9000/
colin, thanks for pointing that out. i changed my dsl modem to "bridge" mode, wireless router to PPPoE, hoping this will disable the double NAT-ing (guessing you were suggesting this although i guess that wasn't totally clear). UPnP no longer works though.
still cant get it to work for remote access (accessing via VPN out of home network, then back in). local still works. it seems when i hit the buffalonas site, it just hangs for a while then gives a connection error. i figured what you said made sense in that port forwarding was somehow not working right but i think i have made the right changes and still no go.
if there are suggestions i would appreciate it.
port forward settings:
inbound port:25000 - 25000, Type: TCP, Private IP Addy: 192.168.1.10, Private Port: 9000 - 9000
Thanks.
Have you set up logging on the router eg do you see the re-direct from external re-directed?
My problem for external access was my router and its inability to port forward properly (it forwarded on the same port you couldnt change it) so I had to change my external port to 9000 so it forwarded to the correct one.
ok so just wanted to share my findings:
prycej, I changed the port forward to 9000 and it worked. The setup is with Inherited Permissions and SSL (although Chrome seems to want to reject).
So it appears that my router was having an issue port forwarding for some reason (I have the ability to assign both an external and private port but I guess my router was not translating correctly).
gonna mess with some additional settings and see what happens but appreciate the comments.
also, anyone know what the disadvantages of double-natting? i think i read that it slows down connection speeds but I dont really see that now that I am not double NAT-ed. port forwarding was workin for other applications so really wondering what i'm gaining (or losing).
prycej,
Am I to assume that you've gotten everything working once the port forwarding was set up? If so, I'm glad you got it working.
willygee,
I'm glad you got it working. Double-NATing can cause a lot of different issues. Latency and connection speed issues are commonplace, although they're somewhat hard to detect accurately. The big issues are problems port forwarding, and sometimes problems with secure sites like online banking and shopping.
Colin137,
I have got the external access working but the permissions still do not apply correctly. I can only get the device to work with anonymous permissions. This isnt the end of the world but does mean I cant control what people do and dont see eg I either have the option to show something to everyone using anonymous or not show it at all.
Jon.
Jason I know its a long post thread but we've got the t-shirt on that one I am afraid:-
Have tried the webaccess folder with any three of the types of security, have tried with original accounts and accounts created myself. Have tried with different permissions for both the original and new accounts. Have updated the firmware. You can then times the above by 2 as I have tried these with both HTTPS on and off (nothing works with HTTPS on).
Have also tried the above with simple and complex passwords. The accounts always work as they should when mapping drives so I know they are ok and security works its simply looks like when I login to webaccess on /login its simply not doing anything OR not submitting the data.
Thanks.
Its just really annoying the device has worked perfectly other than this. Considering how everything is working (and I have already restored the data twice) I will probably live with it.
Its just really frustrating am sure its just a setting somewhere along the lines..
Quite so, prycej, I'm convinced the problem is with some setting.We've tried everything, as PCPiranha mentioned, so let's start fromscratch and set it up one more time. Please follow these steps exactlyso we can try to isolate what's going on.
Reset the unit to defaults from Maintenence->Initialization.
Log into the web interface, click on User Management, add a user. Name the user "tester", password "tester". Save the user.
Click on Web Access->Folder Setup. Click on a shared folder. Change the dropdown to Allow All Groups/Users.
Clickon Web Access->Service Setup. Set Web Access Service to Enable.Leave HTTPS/SSL on Disable. Set Use BuffaloNAS.com to Enable. Put in aBuffaloNAS.com Name and Key. Set Auto-Configure Firewall (UPnP) toDisable, External port to 9000.
Forward TCP port 9000 tothe IP address of the Linkstation, then try accessing Web Access from aremote machine. When it asks for a username/password, usetester/tester. This should allow you to access the share.
SSH is not an option that we support, and the standard statement applies: modification of the device's hardware or software will void your warranty.
I recently bought two linkstations, one for home one for work. So far I would recommend it to any of my friends, until I googled for SSH support......
Now I'm SERIOUSLY considering returning them. First, SSH support is ESSENTIAL for me (and I find it hard to believe I'm the only one).
I would easily crack the support into the system but I come to your forum and what I see is a representative saying that will void the warranty? Now that is unaceptable! It's the same as Apple or MSFT saying I can't install something in their operative system because it will void warranty. Unacceptable.
We never advertised our units to have SSH nor does it mention it any documentation at any point, so I'm not sure why this is surprising.
Secondly, installing ANYTHING onto your linkstation will indeed void your warranty, be it SSH, Telnet or whatever else.
Likening it to an operating system in your example is more of a straw man than anything else, it's not an operating system, it's firmware, much like a television,or your dvd player uses. Installing services or protocols that aren't approved or come pre-installed by the manufacturer will pretty much void your warranty in any circumstance, this is is not a policy unique to us.
That being said, there is a vibrant and active community out there that does indeed specialize in modifying their NAS's to do all kinds of things they were not designed to do, and you're more than free to do those things. However, don't expect any help regarding those features on our forums or from our tech support, and do again be aware that it does void any warranty.
Hi, I had the same exact issue and realize the Buffalo login is case sensitive, you have to type in your login ID exactly the way you created and the default admin account is not allow to access the Web Access. Hope it works for you.