Synology NAS unreachable from LAN

Nesland · Nov 24, 2019

Synology NAS unreachable from LAN

Good morning,

following the router reboot carried out by swisscom on 11.21.2019, I am experiencing this anomaly in my internal network, and I am unable to resolve it.

I have a Synology NAS which is correctly visible from an external network, both via DDNS, and via the chosen domain, and via Sinology’s QuickConnect, and via the smartphone apps if it uses the air network.

I can easily connect to the server via direct IP both from outside and inside the LAN, but the problem arises when from inside the network I try to connect to the server using the server name (until Wednesday I was able to connect) and the same thing happens smartphone apps cannot find the server when it is connected to the wifi network.

all the ports of the services present on the NAS are correctly forwarded on the router, the server has a static IP within the network and is also correctly configured in the router.

the name of the server is Nesland.ch and the port for accessing http is 5000, while for https it is 5001 but if I try to connect it gives me a connection refused.

The server logs show no connection attempts by PCs on the network other than those entering the direct server IP.

I have not made any changes to the server or router settings on my side, and the same configuration with the same ports and rules has been active for over 10 years… but since Thursday, all external users of the server see it correctly as before , while users of the internal network are unable to access it unless they enter the direct IP address 192.168.1.192.

Checked firewall and there are no blocks in this regard.

Swisscom Internet Box plus router

internal ip 192.168.1.1

Synology 214play

internal ip 192.168.1.105

Connection address:

https://nesland.ch:5001/

Do you know how to solve it?

DomiP · Nov 24, 2019

Good evening

The issue is currently a major problem in communities of all three languages. The problem is that I personally don’t have this problem.
To continue, could you share the current firmware version of the Internet box? A screenshot or numbers are enough. You can find the page here http://192.168.1.1/#system/settings/firmware

I already have a hypothesis, which is slowly hardening. So we can continue.

Greetings and see you then.
Dominik

Nesland · Nov 24, 2019

Installed firmware version: 10.03.36/10.03.48/01507

it seems to be a hairpinning problem according to my skills on the subject (and also according to the wireshark trace)

If you need further information I am at your complete disposal

DomiP · Nov 24, 2019

Hello, good evening

I have the same firmware version and everything works perfectly. I just tried this, as another community user had problems with this case.

Since I assume that the NAS is connected to the Internet via Internet port forwarding, for the first time I would recommend creating a backup of the current configuration.

So you can try asking support on 0800800800 to play an older version or try installing a beta version via the internet box beta channel. The beta page is available here: [https://www.swisscom.ch/de/privatkunden/hilfe/internet/firmware-facilities-for-your-internet-box/popup-firmware1.html#T=3d8c2af1-f30e-] (https://www.swisscom.ch/de/privatkunden/hilfe/internet/firmware-facilities-for-your-internet-box/popup-firmware1.html#T=3d8c2af1-f30e-) 451a-9132-0b164673831c & TS = _NGUFl6ubCQtbj6ivnTa7qyhEQgYrETt0wO86uaUL6M

Unfortunately, I only found the page in German, as my main language is German.

I would only recommend installing the beta version if you are also a “pro” and know how to troubleshoot or install an older version.

Hope you can solve it.
Greetings,
Dominik

Nesland · Nov 24, 2019

Backup of the configuration already performed and existing, the number 0800800800 cannot downgrade the firmware (according to what they said, unless an impractical outsourcer responded).

the link provided, even if truncated, takes you to the firmware page, except that for my router (internet box PLUS) there are no BETA versions 😉

I can easily solve any problems, working in the IT field

DomiP · Nov 24, 2019

So, as I understand it, Swisscom cannot downgrade?

In that case, if I were you, I would call again tomorrow and request the second level department at technical services. I don’t know if they speak Italian there, but they are definitely more “competent” and can offer you a solution.

The second level is generally available Monday to Friday, 8am to 5pm.

Greetings,
Dominik

Nesland · Nov 25, 2019

Good morning Domi,

Here is the result of today’s conversation: 1h 8min….

Swisscom DOES NOT carry out the Downgrade;

they offered me to talk to the myservice service at pagamento, (swisscom installs a new firmware that creates hairpinnin problems and I HAVE to pay for the service to solve the problem?!?!?!);

Spoke to them too… and it turns out they CANNOT downgrade because they don’t have the old firmware versions for my router (which is currently still being sold)…

They simply told me that I will have to wait for the new version of the firmware in the next few days (days, months,???) and that in the meantime they can’t do anything, the systems in the internal network DO NOT see each other if you use their URL, but only via IP, as things currently stand, swisscom routers do not manage hairpins.

So in the end:

Swisscom updates the router FW by changing internal parameters which change the internal network configurations,

Swisscom asks to pay for a troubleshooting service (for something they admittedly caused)

and finally Swisscom tells you that it can’t do anything about it and that you have to wait hoping that the next update will solve the problem…

Now if I did the same thing, as IT manager in my company…. I would be fired immediately and I would also have to pay for the damages caused…

Considering that BEFORE the forced update, everything was working without problems, what course of action do you recommend?

Gaetano

PatrickB2 · Nov 25, 2019

Hi everyone,

Thanks for your posts, I’m looking internally to see if I can find any information.

Currently the recognized problems are DynDNS services

As soon as I know more I’ll let you know.

Greetings

Patrick

DomiP · Nov 25, 2019

Hello Gaetano and Patrick :v_hand:

I would react like this if I were you! Once again, it is typical that Swisscom Hotline Support reacts this way.

In my opinion, this problem is an error caused by the Swisscom software or hardware and not by the customer himself.

I would suggest calling back and requesting a second level directly. If they were unable to help you, they should replace your current Internet Box - perhaps they could even give you the latest Internet Box, which is definitely bug-free.

Alternatively, we recommend that you consult Support for directions on how to reach MyService Advisor, which may resolve your issue. If it turns out that the fault falls on Swisscom, it could be said that you do not need to pay a fee.

I don’t know how this is exchanged at Swisscom, but this is what our company does with support requests. I also had this problem once and the Swisscom employee offered me this approach - usually it depends on the employee.

Keep me updated - it’s still a special topic.

Maybe Patrick can help a little… 😅

Greetings,
Dominik

Nesland · Nov 25, 2019

Thank you for your interesse on the matter.

@PatrickB2

If it helps you, the problem is called Hairpin, which is when a HOST within a network searches for another HOST within the same network using its public IP or domain name.

example:

Host A: internal ip 192.168.1.101 external domain name: sitename.ch / external ip swisscom

Host B: internal IP 192.168.1.102 external IP: the one assigned by swisscom.

if I go from B to A using the direct internal IP, the connection occurs on the open and correctly forwarded ports (in this case 443), if I do a reverse lookup from A to B using the direct IP, same thing, perfect connection .

both A and B regularly access the internet.

if I try to go from B to A via the sitename.ch or via the external IP address on the same port, the connection is rejected by the router.

if I do a reverse lookup from A to B using the public IP assigned by swisscom, the connection is rejected by the router.

in practice the hairpin allows you to accept requests from your IP to your IP on the specified ports (in practice the connection returns to itself ideally like a U or hairpin, hairpin in English).

@DomiP

regarding the various routers currently in use at swisscom, they all currently have the same firmware version, except the internet box3, but it would be useless to request a router change where the problem also exists on that firmware version, it would have to be tested first, and it would be one waste of material to send a new router when the current one works well (except for the problem generated by the latest update).

Where possible, I am at your complete disposal both for tests and for information, even by telephone.

At the moment I am encountering the same problem not only in the residential sector, but also in the corporate sector where we have a swisscom business center as a router and a NAS as a backup.

PatrickB2 · Nov 25, 2019

Here I am, I have clarified this problem internally.

With the new R10.3 FW on InternetBox Plus and Standard the NAT Loopback no longer works.

They’re working on it, as soon as I have more info I’ll let you know.

Greetings

DomiP · Nov 25, 2019

Hello everyone,

as Patrick had already mentioned, the error falls on Swisscom in the internal area. I think now Swisscom, as well as second level support, have noticed and is under discussion, an emergency update or perhaps an update, which contains the old system parts shipped. The fact that in reality every router is practically the same, I would also say that the Centro Business is soon back up and running properly.

@PatrickB2 - in the German-speaking forum there are many colleagues with practically the same topic - can we now hope for an emergency solution such as a downgrade or upgrade in a short time?

Greetings,
Dominik

PatrickB2 · Nov 25, 2019

We rarely do downgrades, as in new firmware there are always improvements to the bug fixes software.

There doesn’t seem to be a big impact at the moment, so even the Hotline hardly knows what we’re talking about, an internal announcement will still be activated.

I’ll keep you informed as soon as the new FW is available (I’ll try to upload it to you if necessary).

Greetings

Nesland · Nov 27, 2019

@PatrickB2

Hi Patrick,

from a purely economic perspective for Swisscom, given that the problem concerns the standard internet box and the internet box plus:

Is it worth waiting for the development of a specific firmware with the necessary corrections in a short time?

or

Is it worth replacing the affected routers with newer models where this problem does not occur?

I ask you these two questions because the continuation of this outage, although not caused voluntarily by Swisscom, is creating inefficiencies for the users I manage, and they have asked questions regarding the timing.

Best regards

Gaetano

PatrickB2 · Nov 28, 2019

Hi @Nesland,

with firmware updates these so-called Bugs can happen, even if they shouldn’t.

The developers are working on it and a new firmware will definitely be released in the next few days.

Since it is not a problem with great impact, it was decided not to do any rollback, certainly for people like you who use these functions is annoying and I apologize on behalf of Swisscom.

It is therefore best to wait for the new software to arrive.

As mentioned, as soon as I have an official/stable version in hand I will try to get it to you.

Greetings

Patrick

Nesland · Dec 9, 2019

@PatrickB2

EDIT:

I confirm that the firmware version installed a few moments ago on the router is the

Firmware version installed: 10.03.50/10.03.48/01507

and after having performed all the relevant tests, I can confirm that the router is stable, the NAT loopback works again as before, and that the Hairpinning problem has been solved.

I thank Swisscom in your person and DomiP for managing to diagnose/get to the bottom of this insidious situation.

Thank you.

PatrickB2 · Dec 9, 2019

@Nesland wrote:

@PatrickB2

EDIT:

I confirm that the firmware version installed a few moments ago on the router is the

Firmware version installed: 10.03.50/10.03.48/01507

and after having performed all the relevant tests, I can confirm that the router is stable, the NAT loopback works again as before, and that the Hairpinning problem has been solved.

I thank Swisscom in your person and DomiP for managing to diagnose/get to the bottom of this insidious situation.

Thank you.

Thank you so much for your input and still checking after the last FW.

Personally I thought it was only solved with FW 10.4.*, better this way

😎

Good continuation