Just got a Unifi network setup. Setup a forwarding rule but can't seem to get it to work. Any troubleshooting tips?
If you use a manual port forward rule, make sure the port forward setup on the Channels web UI is set for manual, too.
Also, are you using a security gateway as your router, too? Or just for switches/APs?
Yes I am using a security gateway. I have set the forwarding to manual.
Do other port forwards work? You may be behind a hairpin NAT, and I don't think the hairpinning option is shown in the UniFi Controller, but requires a custom config.json if it is even supported.
You also mentioned you switched not just your router, but also your ISP. Does your ISP block any ports?
I spoke to my ISP. He said “No we don't block but unless you get a static IP, the radio on the roof is providing NAT/DHCP”. Also said the only thing I have to contend with is Double NAT
It shows as closed. I’ve tried manual and automatic. Do I need a static IP from my ISP for remote to work?
No, but it sounds like you may need to do something about the double NAT. Can you set up a DMZ or put their router (not the USG) into a bridge mode?
I'm not fully sure how to go about dealing with double NAT in the UniFi Controller beyond placing the USG in the DMZ of the ISP router, but perhaps the Ubiquiti forums can help: http://community.ui.com. Perhaps try searching their forums for Double NAT.
(I have one client with a USG NATed behind an ISP router, and setting up a DMZ in the ISP router was the only way to get outside access I found. I personally only have UniFi switches and access points, and use either OpenBSD computers or EdgeRouters for my routers/gateways.)
I use an EdgeRouter and have NAT and port forwarding configured there. I returned the ISP wifi router to Comcast and use my own modem, a Netgear CM1000. It is a modem and only that. It doesn't do any routing, just passes a public IP to the EdgeRouter. The EdgeRouter is set up for hardware offloading, so I can get gigabit speeds from WAN to LAN. Synology NAS does DHCP. And UniFi APs provide WiFi. Not only does it allow me to create a superior network setup, but I don't have to pay my ISP any rental fees for using their equipment.
Follow this on the UniFi controller. It’s just one entry. Substitute the up address to you channels server up address.
I have a Unifi Security gateway doing the routing. I'm on a point to point ISP.
Thats how I have mine setup.. still no luck
Here is the forwarding. And the IP is the correct IP from the mac mini running my channels software.
Since the upstream is using NAT, the port forward has to be added there as well (or a DMZ which will forward all ports to your Unifi).
1 Like
The reply you got from ISP is that they already have router on your roof doing NAT. You need to log in to it and turn this off, or replace it with your own modem that you can easily configure.
2 Likes