Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX65 Port forwarding working: iphone app <-> server in LAN (Cellular). Same NOT working (WiFI)

Solved
MOT
Here to help
‎Oct 14 2019 5:09 PM
‎Oct 14 2019 5:09 PM

MX65 Port forwarding working: iphone app <-> server in LAN (Cellular). Same NOT working (WiFI)

I  am baffled!   I have the Blynk iOS app installed on my iPhone and am connecting to a local Blynk server on a raspberry pi in my network.  If I turn off WiFi, it works perfectly (via cellular):  The Blynk app can connect to the Blynk Server.   If I turn on WiFi it cannot connect!   I'm completely baffled!   I even turned off all firewall rules temporarily and have the same results!  Port forwarding is obviously working as expected, because I CAN connect as expected when WiFi is OFF but cellular is on (and I can use an external port scanner to see that I can "turn-on/off" ports via the forwarding as expected.   But once WiFi is on (whether or not I have Cellular data on/off), it does NOT work.   ?  Help, please, thanks!

-Mike

0 Kudos
Subscribe
1 Accepted Solution
In response to MOT
MOT
Here to help
‎Oct 17 2019 8:50 AM
‎Oct 17 2019 8:50 AM

SOLVED!  

 

Because the other device that I have in my network had always connected properly to its phone app whether or not WiFi was turned-on as long as cellular was on and vice-versa, I refused to consider outside-my-normal pattern of thinking that things ought to work if I simply add port-forwarding to the raspberry pi in an analogous manner. 

But adding the pi seemed to "break" that internal routing from apps-inside-network to devices (including pi) in network.   I finally broke down and captured packets and analyzed with wireshark.   I'm pretty rusty with that tool, but what I discovered looked like a double-nat issue (My MX is in a DMZ on a google fiber box).   Hence, I added port forwarding  (in addition to the DMZ), and now all is well!

 

I do admit that I am still baffled why it worked for the other device  in my network - it has for years!   

But I am happy that all is working, and I apologize for not having done more diligence (wireshark) before posting  in the first place. 

 

An ever-exuberant Meraki fan!

-Mike

View solution in original post

Subscribe
6 Replies 6
MOT
Here to help
‎Oct 14 2019 5:19 PM
‎Oct 14 2019 5:19 PM

Some more information from investigations.

I do NOT think it has to do with cellular, WiFi, as I just did another test, this time with a virtual machine running in the LAN that has a different app that connects to a different internal server.   It experiences the same behavior.  Hence, it is almost as if these apps - though they specify the WAN IP (or FQDN) as their destination, are "smart enough" to know that they are both within the same LAN, but then get confused as to what port to connect to and therefore don't.  

0 Kudos
Subscribe
In response to MOT
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 14 2019 8:38 PM
‎Oct 14 2019 8:38 PM

Are you using a Meraki MR access point?  If so, have you allowed local LAN access?

https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/'Deny_Local_LAN'_settings_in_Cisco_... 

Subscribe
In response to PhilipDAth
MOT
Here to help
‎Oct 15 2019 5:28 AM
‎Oct 15 2019 5:28 AM

Excellent thought, and - yes - I am using an MR32, but all SSIDs are allowed to access local LAN.

0 Kudos
Subscribe
In response to MOT
MOT
Here to help
‎Oct 15 2019 7:41 AM
‎Oct 15 2019 7:41 AM

I rebooted ALL of my networking equipment today (power off and on, in fact).  Now I can no longer connect to the rasperry pi via the app even with WiFi turned off and cellular on, like I could yesterday.   I have to connect specifically to the local IP address of pi on the local wifi.     However, oddly enough, the other device in my network that I have ports forwarded to *IS* still working, but only via its iphone app when connected via cellular and WiFi off (same  as yesterday.)

 

It's as if the port forwarding is flakey, but that doesn't make much sense.   I did update the MX65 firmware just in the last few days, but I have doubts that would have caused a problem...

0 Kudos
Subscribe
In response to MOT
MOT
Here to help
‎Oct 15 2019 10:57 AM
‎Oct 15 2019 10:57 AM

I went to run  an errand and came back after about and hour-and-half,  and COULD connect to the raspberry pi again via cellular like yesterday.  Hence, it  simply took longer after reboot than the other device.  Quite a bit longer, though not likely that entire houf-and-half.

 

Hence, I'm back to a stable, albeit not ideal point:  I can connect to my devices inside  my network by turning off WiFi on my phone, and using cellular.   I provide my dynamic dns name to the phone apps and they resolve successfully and connect to the internal devices - the port forwardiing works.  If I turn on WiFi, too, doing exactly the same fails.

 

 

0 Kudos
Subscribe
In response to MOT
MOT
Here to help
‎Oct 17 2019 8:50 AM
‎Oct 17 2019 8:50 AM

SOLVED!  

 

Because the other device that I have in my network had always connected properly to its phone app whether or not WiFi was turned-on as long as cellular was on and vice-versa, I refused to consider outside-my-normal pattern of thinking that things ought to work if I simply add port-forwarding to the raspberry pi in an analogous manner. 

But adding the pi seemed to "break" that internal routing from apps-inside-network to devices (including pi) in network.   I finally broke down and captured packets and analyzed with wireshark.   I'm pretty rusty with that tool, but what I discovered looked like a double-nat issue (My MX is in a DMZ on a google fiber box).   Hence, I added port forwarding  (in addition to the DMZ), and now all is well!

 

I do admit that I am still baffled why it worked for the other device  in my network - it has for years!   

But I am happy that all is working, and I apologize for not having done more diligence (wireshark) before posting  in the first place. 

 

An ever-exuberant Meraki fan!

-Mike

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.