Port Forwarding not possible| open but closed | ZyXEL VMG1312-B10A

michuvon
michuvon Posts: 2  Freshman Member
edited December 2020 in Smart Home Product
I have posted the same question over here in the Nextcloud forum, but I think my problem is router related, and so I'm coming to post this here as well.
_________________________________________
I use a Raspberry Pi with Nextcloud Server, and I'm getting absolutely insane as I simply cannot open the ports and access from the Internet.

  • Local access works well, no issue.
  • I use a ZyXEL VMG1312-B10A Router.

If I open ports manually, by loging into the router I cannot reach the NCP from the Internet,


(I'm aware that on the screenshot it's deactivated.)

...and the ports are shown as closed:




If I enable UPnP in the router and use the nextcloud tool to open the ports automatically, I succeed and can reach the server from the Internet.






But I should "disable" UPnP as it poses a security risk.

If I do that, the ports are closed again, and I cannot access the server from the Internet.


What is going on?
My guess is that this is simply not possible with this router and I'd better buy another router.

Any suggestions?


Answers

  • tonygibbs16
    tonygibbs16 Posts: 290  Master Member
    Hello @michuvon

    Have you considered using the DMZ settings of the router?

    The user guide available at ftp://ftp.zyxel.com/VMG1312-B10A/user_guide/ talks about them because that is often a way of allowing access to certain services on LAN from the Internet.

    I hope that this is helpful.

    Merry Christmas and Happy New Year.

    Tony
  • michuvon
    michuvon Posts: 2  Freshman Member
    how safe is that? i want to have this home server online 24/7
  • tonygibbs16
    tonygibbs16 Posts: 290  Master Member
    Hello @michuvon

    It has some risk because you are opening ports up from the Internet to be available 24/7, and it is more risk than not opening them at all.

    But there is no thing as total security if you have 2 networks connected together, and even isolated networks can be attacked.

    If you work on the basis of only opening up what you want to be open, using the latest firmware on your router, and and keeping your devices patched and monitoring what is happening, then you could be ok in taking some risk for the purposes of having Internet access to a server.

    Merry Christmas and Happy New Year.

    Tony
  • Mijzelf
    Mijzelf Posts: 1,787  Guru Member
    I don't like the 'Trigger start port' column. Suggests that the port forward has somehow to be triggered. Have you looked at the 'Applications' tab? I'd expect a preconfigured HTTP and HTTPS server here.
  • TiggerLAS
    TiggerLAS Posts: 58  Ally Member

    Just for grins. . . go back into your router,
    and try using ports OTHER than 80 / 443
    for your trigger ports. . .

    For example, try using Port 8080 as your trigger port,
    while keeping port 80 as your destination port.

    Then try accessing your server remotely using   http://<address>:8080