INTERACT FORUM
More => Old Versions => JRiver Media Center 25 for Windows => Topic started by: tij on August 28, 2019, 10:30:40 am
-
It seems I am sitting behind double NAT (one NAT at ISP and one NAT at my home router) ... my home router has IP address that does not match public IP address that web sites telling me I have ... every time I disconnect my home router and reconnect it to ISP, it gets a new IP address from my ISP
Since I cannot do port forwarding on ISP router ... does this mean I cannot access my JRiver content from outside?
-
Did you ask your ISP? They should be able to help.
-
What works around here is to tell them you have a IP-based security camera you want to be able to watch, they take you more seriously then instead of talking about music/video stuff. :D
-
I will try camera trick ... see how it goes
Ps. Any other stuff I can use without ISP intervention? ... maybe VPN?
-
Had the same issue, I told my ISP that I had a server app that I needed to hit inside my network and they cut me over no problem.
But the camera is a good backup!
-
Out of curiosity ... why MC does not support upnp port forwarding like some games? ... security reasons?
-
Perhaps someone with JRiver will respond.
But UPNP will/could work for your home router, but it will not affect the ISP router, and you're behind a second NAT you said. To make the initial discovery discovery and establish a session they would probably have to use an arbitration server and STUN. I don't know if anything like that has been looked into.
You have a higher chance of success getting your ISP to make an accommodation.
-
I would ditch the ISP router and replace it with something you can run DDWRT on. There's ways you can use VPNs easy over it. Much safer than port forwards.
If You can't put their modem/router in "bridge" mode and have it act like a dumb modem. Than connect your new router and be able to have more flexibility.
I recommend getting a Netgear R7000 or Linksys WRTACS1900 and putting DDWRT. It was solid on the ACS1900. Night and day compared to stock FW.
-
I would ditch the ISP router and replace it with something you can run DDWRT on. There's ways you can use VPNs easy over it. Much safer than port forwards.
I'm not sure it's safer.
-
More control over it. My Meraki MX64 has an awesome VPN config and I have very nice user controls.
You can track a lot more.. I can manage my VPN to the same extent as my network with the access control policies that my firewall has. each user has their own policies.
just connecting regular way leaves stuff open and you don't have as much insight to who is doing what.
-
Never work with VPN ... do I need to subscribe to VPN service? ... or have VPN “apps” on server and client?
-
Your router has to support it. Or you can roll a server.
-
I don't have much to contribute, but I will say that in my experience DD-WRT is pretty great (I have it with my ISP's router/modem working as a modem in bridge mode), in my opinion. That's what I run on my router and it's rock solid stable.
I'd consider it safer than using just the ISP's router, because I haven't seen many firmware updates for those over the years. With DD-WRT there's beta updates every few days (I tend to update every couple months).
-
do I need to subscribe to VPN service? ...
No. Subscription VPNs are for outbound connections where you wish to connect to a remote location using encryption and hide your real location/identity etc.
or have VPN “apps” on server and client?
Your router would run a VPN service/server, and your remote Client device would need to have a VPN Client App or hardware to connect to it. Then your remote device acts as if it is on your LAN.
-
It needn't be as difficult as it sounds to use VPN. Some home routers come with VPN server software built in, and the client is freely available. Synology RT2600AC is one example that is very full featured.
-
I haven't seen many ISP routers that have a VPN Endpoint though. Usually, they just support VPN passthrough, which means you still need a VPN Server somewhere on your LAN.
That's why router firmware like DD-WRT is so popular. They provide the VPN Endpoint in the router itself, which is always on and uses little power. They tend to support Wake from WAN much better as well, so provide the VPN Endpoint and wake the MC Server as required.
-
To recap ... my internet setup is
Internet - ISP (with public IP) - ISP NAT and DHCP - ISP router/modem at my home (with private dynamic IP) - modem NAT and DHCP - my Serve
Well ... as expected ... my ISP told me politely to get loss when I ask them to assign me static IP and farward port on their public address to my router
They told me if I wanted that (or public IP assign to me) ... then I should get their corporate plan (much more expensive than what I am paying now)
So I considered setting up VPN server on my server (narrowed it down to softether) ... but then that would require my clients to set up their devices for VPN (which is fine) ... but then all their traffic would be redirected to my server unless (as I understand it) I do split tunneling on their devices ...
Then I noticed my Plex server was able to punch through NATs with UPnP ... opening my router config shows that Plex requested router to port farward via UPnP ... and since I can access Plex from internet now ... I guess my ISP also enabled their UPnP on their routers
So for now I will use Plex to connect to my library from Internet
And last ... could JRiver team consider asking routers to forward port via UPnP ... so much simpler if ISP supports it
-
I understand your public IP address changes every time you reconnect to your ISP.
If you learn your current, public IP address by using whatismyipaddress.com, are you able to connect to your JRiver server that way? You need to have your home router set to forward the ports properly, of course.
If you can, then you should be able to use a service like dyndns.org (dyn.com) to access your ever-changing-ip-address by a never-changing-name. They Dyn service is probably built into your router. Dyn server will update your name with you new ip address when it changes.
Try it.
-
I understand your public IP address changes every time you reconnect to your ISP.
If you learn your current, public IP address by using whatismyipaddress.com, are you able to connect to your JRiver server that way? You need to have your home router set to forward the ports properly, of course.
If you can, then you should be able to use a service like dyndns.org (dyn.com) to access your ever-changing-ip-address by a never-changing-name. They Dyn service is probably built into your router. Dyn server will update your name with you new ip address when it changes.
Try it.
the problem is … I don't get public IP address … ISP assigns me private IP address … 10.xx.xx.xxx (that's outside IP address of my modem/router) … so effectively I am sitting behind ISP NAT … and then my router has NAT (so devices on my LAN have address 192.168.x.xxx) … aka double NAT
not sure DDNS can get through double NAT
and as I mentioned previously my ISP refuses to forward port on their router … bastards lol
BUT … it seems my ISP allows UPnP request for port forwarding (Plex manage to get through with UPnP) … it is much easier to set up too (if router and ISP support it) … no need to manually setup port forwardin on router … so can JRiver consider implementing UPnP port forwarding request to router :)
-
Crap ... Plex might not be using UPnP to get through my double NAT situation ... I disable UPnP on my router ... and still Plex clients somehow able to get to my server through internet :/
-
Perhaps its using Plex Relay?
https://support.plex.tv/articles/216766168-accessing-a-server-through-relay/
It has severe bandwidth limitations, naturally, since its basically a proxy.
Their trouble shooting guide only says that for "Carrier-Grade NAT" (ie. ISP NAT) the only option is to get a public IP from them.
-
Tij, I know you're behind double NAT. I understand these things. I used to run an ISP.
Afraid.org can also be used as an alternative to Dyn, as Dyn is being killed by Oracle next year. These services use URL GETs to identify your external address, and can work behind double NAT. It depends what flavor of NAT your ISP is running, and you won't know until you test. As I said, your home router must still be configured to forward the ports.
Try.
-
Tij, I know you're behind double NAT. I understand these things. I used to run an ISP.
Afraid.org can also be used as an alternative to Dyn, as Dyn is being killed by Oracle next year. These services use URL GETs to identify your external address, and can work behind double NAT. It depends what flavor of NAT your ISP is running, and you won't know until you test. As I said, your home router must still be configured to forward the ports.
Try.
will try ddns this weekend ... router has setting for it for sure ... cross my finger and prey till then
thx for the tip