I just installed a mesh WiFi network in addition to my ISP-provided router that could barely reach upstairs. I had some locally hosted services set up as per Mediabox. All containers were set up with my machine IP(?) 192.xxx.x.xx and were working great inside my network, which is all I wanted to do while I’m learning. I noticed today that if I connect via the other, mesh WiFi network that this IP can’t be accessed, despite it being the same machine. What’s going on?

All advice much appreciated as I am (obviously) a self hosting novice!

  • drdisgust@lemmy.one
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Hello,

    From your post and other comments it sounds like you’re under double NAT when connected to the deco access points.

    In order to solve this, go to the deco app. Go to more -> advanced -> operation mode and change it to access point mode.

    This will stop the main deco acting as a router and will hand over DNS, DHCP, routing and other such things to the main router, thus keeping your docker containers and devices connected to the deco’s on the same network

    Hope that helps!

    • 1111@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Hello! I for sure have a double NAT problem - after writing this post I went to connect my xbox to the new mesh WiFi and it told me this was the issue, but I had no idea how to fix it until all of the great advice on here. Your instructions were spot on and now everything is working as expected! :)

      Do you have any thoughts on if I should stop the ISP router from broadcasting its 2.4 and 5GHz networks now? They seem redundant, but I saw that turning the router into modem mode will prevent me from using all it’s Ethernet ports :/

      • drdisgust@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Hello again,

        Ah I did not realise your ISP router had a modem mode, this gives us another avenue to approach the problem, as far as I see it there are three options

        1. Have a look at your ISP routers settings there may be a way to disable just the wireless radios without putting it in modem mode, depends on the router though and without the model I am unsure if its doable on your router. This would mean you still use your ISP router for routing, DHCP, DNS etc. but the WiFi connection comes from the decos.

        2. Depending on your model of deco you probably have a spare ethernet port or two on the main deco (that’s plugged into the ISP router) if that’s the case you could buy a cheap unmanaged switch, something along the lines of this: https://amzn.eu/d/dJ3tq1P this will plug into one of the spare ethernet ports on the Deco and act as an ‘extender’ so you can plug multiple devices into the switch and then the switch into the deco. Then you would reverse what you did on the first post, by gong to the deco app More -> Advanced -> operation mode and selecting WiFi router, after this go to your ISP router unplug all the ethernet devices apart from the deco (and make sure the deco is in port 1) and enable modem mode. This means your ISP router is now a dumb modem and all routing, DHCP, DNS etc is handled by the deco (so if you ever want to port forward it will all be handled by the decos via the deco app and you no longer use your ISP routers admin page). This will still have all your devices on one flat network as it is now and will avoid the double NAT issue.

        3. You do nothing, as long as your not noticing WiFi degradation when your near the ISP router in theory it should cause no issues. If you do choose this option I recommend you go to on the deco app More -> Network Optimisation and run through that, this will make the decos try and find a wifi channel that is not busy, meaning it will in theory put your decos on a different chanel to the ISP router and attempt to avoid clashing.

        Let me know if you have anymore questions but if you not, hope that helps!

  • railsdev@programming.dev
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    I’m guessing that both routers are running DHCP and/or running NAT at the same time. You need only one to do all that (the one attached to the WAN/Internet) and the other needs to act as a switch only (usually called access point mode).

    Not sure about all the mesh stuff, but traditionally you’d switch off all the routing functions of the second router and connect it to the other router via the LAN ports. Again, DHCP and actual routing would need to be turned off on the “secondary” routers.

    If all these “routers” (really we should be calling them access points to distinguish which function we’re referencing) are part of the same mesh networking system I’d imagine they’d take care of these issues on their own though, so more details about the network topology would be necessary to be helpful.

    • 1111@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Yo! Based on some of the other answers this seems spot on. I guess the problem is that I was kinda running two routers, when really I wanted the mesh system to act as a series of access points for the original network. I don’t know - but I can confirm that turning the mesh system into ‘Access Point Mode’ fixed this issue for me

  • med@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Can you give us some more details about how your network, mesh and machines are setup?

    Are you trying to access the containers from the machine they’re running on, or from a different machine?

    Is the container host moving between different AP’s, or is it on ethernet?

    What IP address do you get when connected to the different access points? Does it change?

    Are your access points in Access Point only mode, or are they acting as routers? What brand/model?

    How are the mesh access points connected - powerline, ethernet, wifi meshing?

    • 1111@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Sure thing! I’ll answer everything as best I can.

      The machine is a single laptop running Mint. All the docker containers are being served from this machine, and during this testing I was trying to access them all from that same machine. I observed the containers were up and running properly with docker stats cmd and I saw they were accessible over the original IP when using the ISP WiFi.

      The access points are TP Link Deco, it’s 3 units, the first of which is connected via ethernet to my ISP provided router (Virgin Media Superhub). I believe they are WiFi meshing. I can’t tell too much more about how they work ‘under the hood’ as the setup was very… ‘consumer friendly’ and didn’t cover much technical detail

      When I connect to this network and run ifconfig it looks like the IP changes in the last few digits. I thought if I used that IP with appropriate ports I might be able to view my servers, but that was not the case.

      • med@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        If you’re starting the mediabox setup on the isp network, it’s doing local natting with iptables, based on the IP that it resolves from the hostname. Probably would need to shut down and re-up to walk between the deco’s and the isp wifi domains.

        I agree with the other comments, looks like you might be in a double NAT scenario - fortunately for you, I think I know how to fix it, seeing as we’re both running deco’s!

        You want to go into the smartphone app, go to ‘More’ at the bottom right, (as opposed to ‘Network’), Advanced > Operation Mode > Access point.

        Be aware this will cause a disruption, and anything connected to them will need to be reconnected so it gets dhcp/ip addressing from the isp router rather than the deco.

        The other alternative is, if they’re already in AP mode, it might be recognizing the deco SSID as a separate network to your ISP’s router, and randomizing your mac address (for anonymity across airports and hotels and such). Then, with your original mac address holding the first IP in lease, your ‘new’ mac address gets a different one. Check your mac with ip link too when connected to the two different networks, and see if you can find an option to set it manually for both networks, or just use your default one for those networks.

        I’d love to hear how you get on, I’ve been putting off building this exact solution (mediabox) from scratch, had no idea there was a project set up to run it all

        • 1111@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Hi!

          The hostname thing is weird. I was able to navigate to the hostname in my browser which successfully showed the mediabox landing page (I believe this is ‘Homer’), but all the links on there were pointing to the machine IP. If I changed the address to be hostname:32400, maybe it would have worked, but I didn’t try that. I guess homer should route to a machine IP not a localhost so as when you land there from another device it properly routes to the machine which can serve the apps.

          Aside: Do you (or anyone reading!) know how you do that thing where you alias your machine IP to an arbitrary name? I’m sure I did it once upon a time with ‘bonjour’(?), but I don’t recall any more than that.

          Anyway, turning the deco’s onto access point mode solved everything :)

          Regarding mediabox - there seems to be a few good projects like this, they are actually incredible and super helpful for a learning perspective. I started with YAMS which actually has miles better documentation and is super helpful for setting up the services. Mediabox seems to assume you know a bit more about how the *arrs work. It sets up the containers and the folder structures really nicely, but for a novice like myself it took some time to get all the applications configured.

          It’s been a fun project though!

          • med@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Sweet! Yeah, I’m guessing that the iptables-mangle and landing page link setup relies on getting that IP before populating the page, and that it’s not reactive to changing IP address. It might have worked if you were disconnecting networking all together, and joining a different network, but with the wonky way wifi roaming actually works, the mediabox management scripts probably never noticed there was a need to re-trigger.

            You’re looking for mdns! Depends on which distro you’re on. For apt based stuff like mint, look for mdns (used to be libnss-mdns on raspberry pis, guessing it’s the same for mint? It’ll install avahi zeroconf stuff if it’s not there already. Check the service is running, then ping $HOSTNAME.local - replace with whatever your host name is.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    AP WiFi Access Point
    DNS Domain Name Service/System
    IP Internet Protocol
    NAT Network Address Translation

    4 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

    [Thread #118 for this sub, first seen 8th Sep 2023, 06:35] [FAQ] [Full list] [Contact] [Source code]

  • CmdrShepard@lemmy.one
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Does this setup have you running two separate routers? AFAIK this is an issue since they can assign conflicting IPs. Typically when using your own router combined with an ISP modem/router combo, you’re supposed to set the ISP device into pass-through mode so that it isn’t doing anything but forwarding the traffic to your personal router.