Port forwarding for two My Clouds

I have two My Clouds. I’d like to be able to access them both remotely in port forwarding mode.

I setup up a ‘game/application’ port forwarding rule on my router, for TCP/UDP and ports 80 and 443, and applied that rule to one device, and used the manual remote access configuration for Cloud Access for that device. After toggling the cloud access switch off and back on, this is now working in port forwarding mode.

Now for the second device. Figuring I can’t use ports 80 and 443 again, I created another rule using ports 8080 and 8443 (forwarding to 8080 and 8443), applied it to the second device, and used these ports in the manual remote access configuration.

But the second device can’t establish a port forwarding connection.

Any suggestions as to what I’m doing wrong?

Thanks.

I assume your using the various WD My Cloud mobile/desktop app for remote access, both My Cloud devices have unique names, and you’ve enabled UPnP on the broadband router/gateway. If so, what happens if you set both My Cloud device’s, Cloud Access Option to Automatic?

Otherwise I would think the port forwarding to different ports on the second My Cloud should work but as with everything else with the My Cloud I’m not surprised it doesn’t.

Try to avoid 80/443/8080, these are the common ports targeted. If you got targeted maybe after a successful port scan, your nas will get lots of port/get request from bots. Worst if they knew it’s a MyCloud, you’ll get lots of php api request that will make your nas crawl

Back to you topic, somehow if both is set to automatically using UPnP will cause conflicts. I’ve seen this before. So you did the right thing by doing it manually. What you’ve done is correct. I assumed the internal IP/hostname forwarding for the 2nd device is correct. Did you also tried toggling the cloud access on the 2nd device? That usually do the trick. Else let’s see some screenshots from your router page.

Edited: There should be also some logs on your router for debugging the NAT/PAT/UPnP…

I don’t have UPnP control of the router enabled, as I think it’s a potential security risk. So I can’t use ‘Automatic’ mode.

Both devices have IP addresses set up in the router that are active and stable, and the router recognises both devices by name (yes, they’re different names), and the port forwarding rules are applied by name to these devices.

The two port forwarding rules are defined identically in the router, apart from the specific ports used.

And yes, having defined the manual configuration of the second MyCloud, I toggled the cloud access; no joy. It’s resolutely showing relay mode.

Having said that one device was accessible in port forwarding mode, and one in relay mode, I tried remote access this morning, having made the changes last night, and I now cannot access the port forwarded one (the relay mode one is still accessible). This is the same device that I’ve been struggling with for some time; when I first installed OS3 firmware on it, I wiped it completely, and put some test data on it, set up the port forwarding, and was able to access it successfully. Then, with no intentional changes on my part, remote access failed. It seemed to be the access toggle that got access working again. So it may be that there is a problem with maintaining that port forwarding remote access, as it appears to have died on me again…

I’ll enable logging on the router, and see if that shows me anything useful.

Thanks.

Prompted by another user, I’ve just tested remote access to the port forwarded device.

And it’s dropped off the network again (‘Network connection failure (905)’).

The other, relay mode device is still visible.

I might think it’s due to my IP address changing, but my router has been up for days now, and not reset, and my IP stays static unless my router reboots and gets a new IP from my ISP.

Time to check those router logs…

That looks strange. Even with ISP IP changing, the firewall/NAT/PAT/forwarding rules should stick. Unless your Clouds fail to update itself with the WD DDNS on IP changes. I’ve made up sort of a WD DDNS force auto update perl script for someone in this forum due to his ISP IP changes too frequently. But that was quite long ago before OS3 and I’m still on the older v4 (not sure if OS3 is still using the WD unique DDNS, the one that you see when you send a link via email from WD app)

Try to first confirm if the ISP IP really changed before and after you noticed the issue. Just Google “what is my ip” before and after.

If the IP remains the same, it’s time to review the router logs. What’s your router brand/model anyway?

Just checked my router (Technicolor 582n). Uptime is 25 hours. I’m beginning to think it is a router re-boot/IP issue. The router tells me its IP address; no need for Google queries.

I’ll re-enable cloud access, and monitor accessibility vs router reboot/IP address changes.

No joy today, so I checked the Dashboard again.

I noticed that it wasn’t saying ‘port forwarding connection established’, but something about the network being available.

Cloud access off/on. Now port forwarding established again.

Router doesn’t seem to have rebooted.

Will try again and continue to monitor.

Can you try another port such as ssh if it is enable on your devices?
Have a strong password set, and try port forwarding such as 22 and 8022 or whatever you want, as long as they are different for each device. Then try it from the internet without depending on WD’s apps or site for remote access.

Not that will resolve the issue but just curious to see the results without dependencies on WD.

Apologies, I’m confusing issues here…

There are two problems:

I) using different ports for two MyClouds
ii) intermittent access using port forwarding

I’ve been trying to track down the intermittent access recently, and I suspect it’s due to router re-boot causing a new IP allocation to my router. Toggling cloud access does seem to be a fix for this, but it’s unfortunate that reboots cause this problem, when relay mode doesn’t. If relay mode can cope with change of IP address, why can’t port forwarding mode?

The port forwarding using different ports is on the back burner at the moment… Whilst I’m monitoring the dropout behaviour, I could start looking into the alternative port forwarding ports problem. I don’t fancy exposing my SSH port to the world, as I can’t do this quickly, try remote access and close it down again, as I have no means of remote access at home.

there are some options, it will depend how much you would like to deal with it.

• The easier one, if you have a cell phone, try an app which has SSH/SFTP/SCP access, such as ES File Explorer or even CLI for SSH such as this. Don’t connect your cell phone the Wifi/LAN and test the access to your devices once the rules are defined on the FW. All from home and remove the FW rules as soon as you are done testing.

• The other options, RDP to a home system. Easier one to deal with probably is Chrome Remote desktop and it is secure using SSL.

Some extra info…
For long term and remote access via ssh/scp/sftp, which is what I do for my NAS and I am far from being a Linux expert, you can expose ssh to the internet, which I do at home. However, if you or anyone ever decides to do so, it is strongly recommended you do not allow Root to SSH remotely. Instead, create a non-root regular user with a strong password and allow that user to login remotely instead.

The least you depend on proprietary apps/software, the better you will be long term, as migration to any NAS will be a breeze + no dependencies on them. Example…

• SSH/SFTP/SCP for remote access via a non-root user
• Win: robocopy scripts either run manually or in scheduler for backups and syncs. Or Windows backup tools.
• OSx/Linux: rsync scripts and cron jobs

And the scripts can be anything you want, from basic but functional to very complex and fancy.

Thanks for that; I’ll have a ponder.

I agree entirely about not relying on proprietary apps; I have no WD apps on my PC, i don’t use SmartWare on the device, and only use the MyCloud app on my tablet for remote access. Given how flaky that access appears, an alternative is worth investigating.

if you have a cell phone

I don’t have a smart phone; that’s what I meant about no remote access at home.

In spite of starting my career developing the GSM specification, and then developing enabling technology for Vodafone’s initial GSM network rollout, I’m a bit of a Luddite when it comes to mobile phones…

Spotted that I had lost access to the port-forwarded cloud.

Checked my router: it had rebooted and been assigned a different IP address.

I can still get to the cloud working in relay mode.

So, how does relay mode work, but port forwarding mode not work; surely both modes need to know the IP address of my router? And if it’s changed, how does relay mode figure out how to connect…?

What model/brand router are you using? Could be entirely a router problem and not a my cloud problem as some times routers, like those from broadband providers, can ■■■■ at port forwarding properly.

It’s a Technicolor 582n, but I don’t think that’s the problem: port forwarding works fine for BubbleUPnP Server

As I said above; there are two problems here: port forwarding failing for one device (8080/8443), forcing it to use relay mode, and port forwarding mode (80/443) dropping out when my router gets a new IP.

I fully agree not to reply on proprietary apps. Like @Shabuboy has pointed out, SSH/SFTP/SCP are great alternatives. You can enable FTPS too which is the fastest among those three mentioned with minimal encryption. Plain RsyncD and FTP if you don’t care about encryption. If you open all these to the internet, do secure your nas. Since MyCloud doesn’t have any kind of blocking defense, you can install my hostsdeny.pl script here http://teanazar.com/2015/10/securing-wdmycloud-ssh-ftp-remote-access/. This script blocks the originating IP mask after the predefined failed attempts. Easy to install on the MyCloud even if you opted the “Self Unlock” mechanism.

Back to your issues, I also don’t think router is the issue. I believe it’s MyCloud that doesn’t update itself with the server when your IP changed. Also for the 2nd MyCloud that doesn’t even go into relay mode I think it’s somehow conflicting with your 1st MyCloud that got into relay mode. Sorry I got not much details on this as it’s been long since I used OpenVPN (LAN->WAN gaming era).

I’ve seen this port forwarding issue after IP changes before on previous firmware and I have a quick fix for it but not sure if it still works on OS3. Also my ISP now seems to lease undetermined static IP for many months now even after several fiber ONT reboots so I can’t test on mine. Let me know if you want me to check on yours. If there’s not much changes in how OS3 does the IP updates, you should probably see a positive reply below during normal operation or otherwise if your IP changes and the update doesn’t kick in:

ping $(hostname).device$(cat /tmp/dynamicconfig.ini 2>/dev/null|grep ID|sed 's/.*"\(.*\)"/\1/g').wd2go.com;

Yes, that’s what I think. It looks like relay mode manages to update itself, but port forwarding mode doesn’t.

It also struck me that, when the router re-boots, the MyClouds also reboot. Both MyClouds report that they have established external connections (relay mode for one, port forwarding for the other). But it looks like the port forwarding status is actually incorrect, and cloud access must be disabled and re-enabled in order to get port forwarding to re-establish correctly.

I think I’ve bottomed that problem out as far as I can; now time to report the problem to Support.

Also for the 2nd MyCloud that doesn’t even go into relay mode I think it’s somehow conflicting with your 1st MyCloud that got into relay mode.

They’re supposed to be using different ports, using different port forward rules at my router, one rule set allocated to each device (by MAC). But I’ll try turning off cloud access for the ‘working’ port forwarding device, and set the other one to use the standard 80/443 ports, and swapping router rule allocation, and see how that goes.