0

I am trying to set up a public web server. My RPI is connected to the router through a Ethernet cable. I've set up Apache and can access it locally at my RPI's IP address (http://192.168.x.x).

I port forwarded port 80 to my Raspberry Pi as in the picture. So now in theory I should be able to access my router's IP address with port 80 in a browser and that should redirect it to the RPI's local address, but it's not working. What am I missing?

enter image description here

asked Aug 1, 2016 at 13:56
2
  • That depends what you mean by "my router's IP address" -- if you mean the local 192.186.x.x then no. If you mean your public address, then maybe. You should include more details of what happens when you try: Does the connection time out or is it refused right away? If the latter, what exactly does it say? Commented Aug 1, 2016 at 15:13
  • Thanks for your reply. By "router's IP address" I mean my public IP address 87.115.xxx.xx I got from whatismyip.com. When I try to connect it just times out after a while.. Commented Aug 1, 2016 at 18:24

3 Answers 3

0

When I try to connect it just times out after a while... What am I missing?

This implies one of two things:

  • The router is forwarding it, but for whatever reason, it is to the wrong local address, and nothing has it or whatever does is dropping the packets (which would be unusual). If this is the case, you will likely be able to see evidence of the fact using a tool like Wireshark from a computer plugged into the router with an ethernet cable. While you can use it on an encrypted WLAN, there are some complications which make it awkward and prone to uncertainty (if your WLAN is not encrypted, then you don't need to use the eth cable).

  • Your ISP does not allow incoming traffic on port 80, and enforces this from the outside by dropping the packets. However, while not allowing the connection may be common, the proper way to do this would be for their upstream router to explicity reject them, which would not cause a time out; your browser would indicate that immediately with a clear message about "not permitted" or "administratively prohibited". Simply ignoring the packets, which can lead to a timeout, would be a strange thing to do because it increases internet congestion, particularly for the node that's actively dropping things.

You could try testing the latter premise by using a random high port number (e.g., 23456) instead of 80. There are still means by which their upstream router could prevent the connection, but they are less likely. If it still doesn't work, ask them about their policy.

You should probably do these connection tests from a phone or something else on an external network. Finally, if you got that IP this morning and are trying this from work or something, home service generally does not include a static address for your router so it may easily have changed. You will have to check immediately after verifying your external address (and, note, since you probably don't have a static one, you can't rely on that beyond a short time frame, perhaps 4 - 24 hours).

answered Aug 1, 2016 at 20:02
0

You should have a fixed IP address for your Raspberry (static or DHCP with fixed MAC - IP allocation). This address comes in the first "to" field. the first "from"should be your gateway address. with IPv4 could be like

from to protocol from to 
192.168.0.1 192.168.0.2 TCP 80 80
answered Aug 1, 2016 at 14:31
3
  • Thanks for your reply. It won't let me add IP addresses in the fields, only ports. Commented Aug 1, 2016 at 14:38
  • Check if they have a manual or contact your broadband provider. It doesn't sound logic to put 2x from and 2xto ports. the router also need to know to what IP the traffic should be forwarded. not just the port. maybe you just can add the last octet that you forward from octet 1 to 2... this is just an assumption.. Commented Aug 1, 2016 at 14:44
  • @Bra1n I've deleted your comment here since I can't move them and while it seems relevant to the question it has little to do with this answer. @ Joe It doesn't seem particularly weird that the router uses MAC addresses directly since if you want to assign a static IP, you'd have to arrange that with the router as well...using a MAC address. So this methodology is actually more flexible in that it allows for a dynamically assigned address and saves the user some configuration hassles. Commented Aug 1, 2016 at 16:01
0

There is another possibility which I see on my home ISP, that is there are two levels of NAT and I only get to configure the last one (in my house). When I make connections outbound, the address I appear to be coming from is not the WAN address on the modem here, but is the external address of a NAT box at the location (more than an hours drive away) where the ISP connects to the outside.

I figured all of this out by logging into a machine out on the net and doing some tests from there. I'm not sure what other resources exist to do these tests if you don't have access to an outside server.

answered Aug 3, 2016 at 7:32

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.