Smart Hub Pro - weird port forwarding problem

Saccheri · ‎03-11-2024

Hi. Just moved from BT to EE with the Smart Hub Pro. A set-up which was working on the BT router, doesn't on the Smart Hub Pro.

The Smart Hub Pro connects to a switch, behind which are two computers. One is a web server and port forwarding rules are setup. From outside the network, everything is working fine - I can connect via my domain name and hit the web server. So port forwarding is working fine.

However, inside my network - the second computer connected to the switch can't connect to the web server using the domain name. I can connect using the raw internal IP address.

Now if I take this computer and plug it directly into another port on the Smart Hub Pro (so no longer going through the switch), I can connect to the web server using the domain name! I've tried lots of switches, managed and unmanaged (to try and rule out any physical port isolation going on) but the behaviour is consistent.

My OCD hates the idea of using raw IPs inside the LAN and domain names outside or running a second cable from the office to the hall - have a missed something basic?

Thanks

XRaySpeX · ‎03-11-2024

What domain name? You aren't given 1, are you? And DDNS is not supported on the EE SH Pro.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

CamtasticVision · ‎04-11-2024

Just wondering if the router is being used for your DNS, I would most certainly change it and try again. Have to wonder why you choose to host your own domain these days as hosting is so cheap, I have two dedicated servers running and even that's not expensive I actually couldn't run one of my servers cheaper per month than the price I would pay for my electric.

XRaySpeX · ‎04-11-2024

@CamtasticVision : The EE SH Pro does not facilitate changing of DNS.

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

CamtasticVision · ‎04-11-2024

He would simply change the DNS on his PC not the router, or he could run his own DNS server or lets face it make an entry in his HOSTS file pointing to the IP

XRaySpeX · ‎04-11-2024

@CamtasticVision : True!

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Mobile Phone & Mobile Broadband or Option 2 for Home Broadband & Home Phone

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

Saccheri · ‎04-11-2024

Thanks for the replies all.

I have my own domain name with scripts on an Ubuntu server to update my Cloudflare DNS entries if the EE router changes WAN IP address. This all works fine. Outside the house, port forwarding is working - and I can reach all the services with my domain name.

The Smart Hub Pro has the WAN connection and one port to a 8 way switch under the stairs. Any computer connected to that switch CAN'T connect to the servers using the domain name. Anything on Wifi can connect and if I connect via another port on the Smart Hub Pro, that also works.

Hardcoding the hosts file on all the laptops and computers should work. Bit of a pain, but an option.

Hosting is generally cheap - unless your son runs a minecraft server with 128GB of RAM and Core i7-13700K!

CamtasticVision · ‎04-11-2024

If they connect via IP it will remove a few ms to not use the DNS, the side effect is they might have a slight edge over the other players 😁

Saccheri · ‎09-11-2024

Right. Think I know what's going on. To recap, I have a domain name and DDNS keeping that in-synch with the router's (dynamic IP address). With the BT homehub, inside my LAN, I can connect to port-forwarded services using this domain name. The Smart Hub Pro drops these packets on the physical port they arrive on.

To try and prove this, I replaced the entire Smart Hub Pro with a firewall appliance running OPNsense. That had the same behaviour 😶

After a week of reading manuals/Wireshark, it seems the behaviour the Smart Hub Pro is doing is correct. Routers are not expecting to see inbound (to the routers public IP) coming from the LAN side of things, so even this firewall appliance was dropping the packets. On the firewall appliance you can set up "NAT reflection" settings to get things working, but that's not the best way to solve this (apparently) - LAN traffic should stay on the LAN etc etc.

So to solve this, I've setup an override in the OPNsense DNS service. So anybody on the LAN using my domain name - get directed straight to the LAN server IP address.

Would I recommend a dedicated firewall appliance/OPNsense over the Smart Hub Pro? No. Its cool and clever, but its been a long week to get it stable and working for me and ended up with mini-server room of flashing lights I'm scared to leave on overnight 🤣

bobpullen · ‎09-11-2024

@Saccheri - in order for the hub to route out/back in to your hosted services it will need to support NAT loopback/hairpinning. I'd expect the Smart Hub Pro to behave the same as your BT hub in this regard to be honest so it's interesting that it doesn't. I have a set up not that disimilar to yours so will make a note to see if I'm able to replicate the problem.

@XRaySpeX wrote:
And DDNS is not supported on the EE SH Pro.

Dynamic DNS is supported on the SH Pro.