@AndreScala Welcome to our forum.
I am afraid my knowledge about these products is not good enough.
Maybe other forum users know what to do, for example @Babylonia?
First option is to give a fixed IP address by “DHCP Reservation".
Already done as by screenshot.
Next step is to add port forwarding rules 80 and 443 to that given IP address.
There is a complete list already from many regular used services to choose from
by "Application Configuration". Also HTTP (80) and HTTPS (443) are within that list.
Within the top of the menu, you must add the device (with the fixed IP address) + the two rules
HTTP and HTTPS.
Several screen shots can be found about halfway within the first message as of following subject:
Geef een apparaat een vast IP (DHCP Binding)
Klik op het tabblad "Instellingen"
Poorten openen op de Experia Box (IPv4)
In dit voorbeeld gaan we er van uit
For better understanding < translated by Google >
More or less the same explenation but only as for DHCP reservation + port forwarding:
https://www.synology-forum.nl/the-lounge/kpn-v10-modem-geen-portforwarding-mogelijk-onder-ipv4/msg225219/#msg225219
Keep in mind that today firmware the list of the "Application Configuration" is simplified.
Just one data list to choose from, no separate sections by kind of service.
(Apologise for simple explanation, as I have not connected the V10 under normal circumstances.
I do use my own router device, and can not switch back to the V10 now, as several people are using my connection and do use several services).
@Rutger_ @Babylonia
Thank you for your help.
I took a little drastic measure and set the DMZ to my UDM Pro machine.
So, no more problems but I’m feeling a little exposed
They should allow us to ‘ignore’ the router and pass through directly like those that use Fritz!box.
Anyways, it’s working now :)
Thanks
I did the same procedure last week, and the Experia box V10 did what is expected, both for IPv4 and IPv6. Important is that the system connected to the Experia box get’s its IP address via DHCP fixed with DHCP binding. Do you have access to the NGinx proxied server from the local LAN? Are there no firewall rules in place somewhere blocking addresses outside the 192.168.2.0/24 range?
I took a little drastic measure and set the DMZ to my UDM Pro machine.
So, no more problems but I’m feeling a little exposed
Well, such kind of drastic measure of DMZ maybe can solve your problem of set-up "port forwarding” in the proper way. It also involves a massive security problem, by opening “all" ports to this device.
If you love hackers and malware players into your environment, this is the right way to go.
Since DMZ to a machine is equivalent to opening ALL ports to that machine, I would expect that opening 80 and 443 should be sufficient. There is no need to redefine port 80/443, because HTTP and HTTPS are standard apps in the firmware, and with IPv4 a port can only be forwarded once. The only thing which worries me: HTTP is defined as port 80 + 443. But opening only HTTP keeps HTTPS closed. Opening standard HTTP + standard HTTPS works. This looks like a problem in the firmware (???)
Since incoming packets contain as source the remote IP address and as destination the local client address. it makes no sense to do something in UDM firewall rules with V10 internal or external address.
I don’t know!
The service is provided by Budget and I call them and they redirect me to this forum.
So probably what I’ll do when the contract ends will be change to KPN 1GB connection because is kinda ridicalous when the company were you are paying says that they can´t do nothing about it!!
I don’t know!
The service is provided by Budget and I call them and they redirect me to this forum.
So probably what I’ll do when the contract ends will be change to KPN 1GB connection because is kinda ridicalous when the company were you are paying says that they can´t do nothing about it!!
That's indeed kind of weird. The V10 of Budget also runs on a different firmware than a KPN V10 does.
And about the DMZ, in my opinion, setting the UDM as DMZ is fine, all incoming traffic will be redirected to the UDM and have no other way of reaching other devices. The UDM has a decent built in firewall so it should be fine. I am using the same set-up but with a KPN V10 and a TP Link TL-ER605. I like the DMZ for dual-NAT setups so I don't have to open the ports twice.
Maybe the port forwarding is not working properly because 80 and 443 are already defined as app in the V10 but I'm not sure. Have you tried the built in apps of the V10?
Ok then, I’ll keep with DMZ.
Thanks for the support.
OK, that explains the “App group” radiobuttons in the screenshot. I’ve never seen this in KPNs V10 version. If the UDM has a decent type of firewall blocking everything except….., DMZ should not harm.