Can't open port 80 and 443 on Experia Box V10 (ZTE H369A)

@AndreScala Welcome to our forum. 

I am afraid my knowledge about these products is not good enough. 

Maybe other forum users know what to do, for example @Babylonia? 

First option is to give a fixed IP address by “DHCP Reservation".
Already done as by screenshot.

Next step is to add port forwarding rules 80 and 443 to that given IP address.

There is a complete list already from many regular used services to choose from
by  "Application Configuration".   Also   HTTP (80)   and   HTTPS (443)   are within that list.

Within the top of the menu, you must add the device (with the fixed IP address) + the two rules
HTTP and HTTPS.

Several screen shots can be found about halfway within the first message as of following subject:

• Experia Box V10 - Veelgestelde vragen

Geef een apparaat een vast IP (DHCP Binding)

Klik op het tabblad "Instellingen"

Poorten openen op de Experia Box (IPv4)

In dit voorbeeld gaan we er van uit

For better understanding  < translated by Google >

More or less the same explenation but only as for DHCP reservation + port forwarding:
https://www.synology-forum.nl/the-lounge/kpn-v10-modem-geen-portforwarding-mogelijk-onder-ipv4/msg225219/#msg225219

Keep in mind that today firmware the list of the "Application Configuration" is simplified.
Just one data list to choose from, no separate sections by kind of service.
 

(Apologise for simple explanation, as I have not connected the V10 under normal circumstances.
I do use my own router device, and can not switch back to the V10 now, as several people are using my connection and do use several services).

@Rutger_  @Babylonia 

Thank you for your help.
I took a little drastic measure and set the DMZ to my UDM Pro machine.

So, no  more problems but I’m feeling a little exposed

They should allow us to  ‘ignore’ the router and pass through directly like those that use Fritz!box.

Anyways, it’s working now :)

Thanks

I did the same procedure last week, and the Experia box V10 did what is expected, both for IPv4 and IPv6. Important is that the system connected to the Experia box get’s its IP address via DHCP  fixed with DHCP binding. Do you have access to the NGinx proxied server from the local LAN?  Are there no firewall rules in place somewhere blocking addresses outside the 192.168.2.0/24 range?  

Well, such kind of drastic measure of DMZ maybe can solve your problem of set-up "port forwarding” in the proper way. It also involves a massive security problem, by opening “all" ports to this device.

If you love hackers and malware players into your environment, this is the right way to go.

Since DMZ to a machine is equivalent to opening ALL ports to that machine, I would expect that opening 80 and 443 should be sufficient. There is no need to redefine port 80/443, because HTTP and HTTPS are standard apps in the firmware, and with IPv4 a port can only be forwarded once.  The only thing which worries me: HTTP is defined as port 80 + 443. But opening only HTTP keeps HTTPS closed. Opening standard HTTP + standard HTTPS works. This looks like a problem in the firmware (???)

Since incoming packets contain as source the remote  IP address and as destination the local client address. it makes no sense to do something in UDM  firewall rules with V10  internal or external address.

I don’t know!
The service is provided by Budget and I call them and they redirect me to this forum.

So probably what I’ll do when the contract ends will be change to KPN 1GB connection because is kinda ridicalous when the company were you are paying says that they can´t do nothing about it!!

Ok then, I’ll keep with DMZ.
 

Thanks for the support.

OK, that explains the “App group” radiobuttons in the screenshot. I’ve never seen this in KPNs V10 version. If the UDM has a decent type of firewall blocking everything except…..,  DMZ should not harm.