Port is open, but can't access it via external IP address

6

3

I have RavenDB running on localhost:8080. I would like to make it externally accessible, just as a test (ignore security concerns for now).

To do so, I configured my router to forward external port 8080 to internal port 8080 of 192.168.0.101 (which is the internal IP address of my machine, as determined by the IPv4 entry of ipconfig /all).

According to an external port checker, port 8080 is open (external IP is masked):

enter image description here

However, when I go to ExternalIp:8080, I'm unable to connect. In contrast, InternalIp:8080 works fine.

Given that the port appears to be open, but I can't connect externally, are there any tools or ways of diagnosing where the blockage is happening?

Additional Possibly Relevant Info

  • I have Windows Firewall, but turning it off makes no difference.
  • Router is Archer C5, modem is Motorola SB6121.
  • My ISP only blocks a couple ports, and 8080 is not one of them.
  • My external IP is dynamic, but changes very infrequently, and I made sure to use the right one :)

DumpsterDoofus

Posted 2015-10-15T15:57:16.943

Reputation: 707

1if the port shows as "open" to a external port scan, then you have your three 'P's: a running process, listening on an known port, with a pathway to access it. That means that your port forwarding and service listener configurations are correct, and that a firewall is not blocking the path. So that leaves internal service configuration as the likely vector. Review your service configuration to see if it controls valid IPs, etc. Also, its a long shot, but confirm that your port forwarding rules are pointing to the correct server, not another server at 8080. last, what client are you testing? – Frank Thomas – 2015-10-15T16:12:15.430

Answers

10

There are two possible issues:

1) You need RavenDB running on 192.168.0.101:8080 (or 0.0.0.0:8080). If it's running on localhost, it's not accessible from outside the machine.

2) You need to either access it from outside your LAN or use a router that supports hairpinning. Port forwarding only works from outside of the LAN. Many routers do hairpinning automatically. This is considered best practice per RFC 5382, but many routers still don't.

David Schwartz

Posted 2015-10-15T15:57:16.943

Reputation: 58 310

1Hairpinning is a great point. I had assumed that Op was testing the external connection from outside their LAN, but you are right, there is no indication that that is the case. Good catch. I woudl point out however that if the listener config was set to listen on localhost, the port check tool would return closed, because the port would not be accessible to it. @op, be sure to test external IP connections from outside your LAN, unless you have an enterprise grade router. most commercial SOHO grade routers do not support hairpin NAT. – Frank Thomas – 2015-10-15T19:44:25.113

@FrankThomas: Yeah, I tried hitting ExternalIp:8080 from the machine itself, not from another device, which I guess could be called "hairpinning from itself". I don't know if the router supports hairpinning. Are you and David saying that to be sure, I should try hitting the machine from a different device on a different network altogether (say, from my phone on a wireless connection at a nearby restaurant)? – DumpsterDoofus – 2015-10-15T20:42:05.627

exactly. without hairpin NAT, you cannot connect to the outside interface of your router from a device on the inside interface of the router. a coffee shop or other free wifi would be sufficient to test it (or just call a friend to do it). My guess is, that since your port tests correctly, and the service works for you internally, that everything will work fine. – Frank Thomas – 2015-10-15T20:45:28.427

1It appears hairpinning was the issue, as I was able to access the port using my phone on a 3G network. Thank you! – DumpsterDoofus – 2015-10-16T02:34:23.650

I had the same problem with setting up a ESP8266 server. I tried the external IP from my PC over and over without success. After I read this, I tried to connect to ESP8266 from my phone and it worked. – Jossi – 2016-05-19T22:37:34.970

Asked: 2015-10-15T15:57:16.943

Viewed: 52 618 times

Active: 2016-08-12T19:06:50.087