Networking Setup for NuNet Appliance
Proper network configuration is essential for the NuNet Appliance to function correctly, especially if you're providing compute resources or deploying workloads. This guide covers port forwarding, DNS, NAT, UPnP, and port requirements.
Understanding Port Forwarding
Port forwarding allows external devices on the internet to connect to services running on your local network. For compute providers, this is essential because:
- External peers need to connect to your appliance to send workloads
- Deployments need to be accessible from outside your local network
- The NuNet network needs to route traffic to your appliance
How Port Forwarding Works
When you enable port forwarding on your router:
- External Request: A request comes from the internet to your public IP address on a specific port (e.g., port 443)
- Router Forwarding: Your router forwards that request to your appliance's local IP address
- Service Response: Your appliance processes the request and sends a response back through the router
Without port forwarding, external devices cannot reach your appliance, even if it's running correctly on your local network.
Port 443 Requirement
Port 443 is the standard port for HTTPS traffic and is required for NuNet deployments to be accessible externally.
Why Port 443 is Required
- HTTPS Access: Port 443 enables secure HTTPS connections to your deployments
- External Accessibility: Allows external users and services to access your deployed workloads
- Standard Protocol: Port 443 is the standard for secure web traffic and is typically allowed through firewalls
Local Deployments and Port 443
Important: If you're deploying to your own machine (local deployment), you're acting as a compute provider for yourself. This means:
- Port 443 must be open and forwarded to your appliance
- Your router must forward external port 443 to your appliance's local IP on port 443
- Without port forwarding, local deployments may fail or be inaccessible
Even though the deployment is "local" to you, the NuNet network still needs to route traffic to your appliance, which requires proper port forwarding.
Setting Up Port Forwarding
Step 1: Find Your Appliance's Local IP Address
- From the Dashboard: Check your appliance dashboard for the Local IP address
- From VirtualBox: Check the network settings or appliance console
- From Router: Check your router's connected devices list
Your appliance's local IP will typically be in the range 192.168.x.x or 10.x.x.x.
Step 2: Access Your Router Configuration
- Open a web browser
- Enter your router's IP address (commonly
192.168.1.1or192.168.0.1) - Log in with your router's admin credentials
- Navigate to Port Forwarding or Virtual Server settings
Step 3: Configure Port Forwarding
Create a new port forwarding rule with the following settings:
- Service Name: NuNet Appliance (or any descriptive name)
- External Port:
443 - Internal Port:
443 - Protocol: TCP (or Both/TCP+UDP)
- Internal IP Address: Your appliance's local IP address (e.g.,
192.168.1.100) - Enable: Yes/On
Save the configuration and allow the router to apply the changes.
Step 4: Verify Port Forwarding
Use port checker websites (listed below) to verify that port 443 is open and forwarded correctly.
NAT and UPnP
Understanding NAT
NAT (Network Address Translation) allows multiple devices on your local network to share a single public IP address. Your router uses NAT to:
- Translate between your local IP addresses and your public IP
- Route incoming traffic to the correct device on your network
- Provide a layer of network security
UPnP (Universal Plug and Play)
UPnP is a protocol that allows devices to automatically configure port forwarding on your router without manual setup.
Enabling UPnP on Your Router
To enable UPnP:
- Access Router Settings: Log into your router's admin interface
- Find UPnP Settings: Look for "UPnP" in Advanced Settings, Network Settings, or Firewall settings
- Enable UPnP: Toggle UPnP to "Enabled" or "On"
- Save Settings: Apply and save the configuration
Note: Some routers enable UPnP by default, while others require manual activation. Check your router's documentation for specific instructions.
UPnP vs Manual Port Forwarding
- UPnP: Automatic configuration, easier setup, but may have security considerations
- Manual Port Forwarding: More control, more secure, but requires manual configuration
For NuNet Appliance, either method works, but manual port forwarding is recommended for more reliable and secure operation.
DNS and Proxying
DNS in NuNet
DNS (Domain Name System) in NuNet allows deployments to be accessed via human-readable names instead of IP addresses.
- Dynamic DNS (DDNS): Provides persistent URLs for your deployments
- DNS Names: Custom names you can assign to your deployments (e.g.,
my-deployment.nunet.io) - Organization Requirement: DDNS functionality requires organization membership
Proxying
NuNet uses proxying to route traffic to your deployments:
- DMS Proxy: The Device Management Service acts as a proxy for your deployments
- Port Mapping: The proxy maps external ports to your deployment containers
- Network Routing: Traffic is routed through the NuNet network to reach your appliance
How DNS and Proxying Work Together
- DNS Resolution: A user accesses
my-deployment.nunet.io - DNS Lookup: The DNS system resolves the name to your appliance's public IP
- Proxy Routing: The DMS proxy routes the request to the correct deployment container
- Port Forwarding: Your router forwards port 443 to your appliance
- Container Access: The request reaches your deployment container
Network Flow Diagram
The following diagram illustrates how network traffic flows from external users to your NuNet Appliance:
flowchart TD
A[External User/Service] -->|HTTPS Request on Port 443| B[Internet]
B -->|Public IP:Port 443| C[Your Router]
C -->|Port Forwarding Rule| D[Appliance Local IP:443]
D -->|DMS Proxy| E[Deployment Container]
F[ISP] -->|Provides Public IP| C
G[Router NAT] -->|Translates IPs| C
H[UPnP or Manual Config] -->|Configures Forwarding| C
I[DNS Resolution] -->|Resolves Domain Name| B
J[Organization DDNS] -->|Provides DNS Names| I
style A fill:#e1f5ff
style E fill:#c8e6c9
style C fill:#fff9c4
style D fill:#fff9c4
Port Checker Websites
Use these websites to verify that your port forwarding is working correctly and that port 443 is open:
- CanYouSeeMe.org - Simple port checker
- PortChecker.co - Check if ports are open
- YouGetSignal.com - Port forwarding tester
- PortForward.com - Port checker tool
How to Use Port Checkers
- Find Your Public IP: Check your router's status page or use a service like
whatismyip.com - Enter Port 443: In the port checker, enter port 443
- Run Check: Click "Check Port" or similar button
- Verify Results:
- Open: Port forwarding is working correctly
- Closed/Filtered: Port forwarding is not configured or blocked
Note: Make sure your NuNet Appliance is running when you check the port. The port will show as closed if the appliance isn't running or if the service isn't listening on that port.
Troubleshooting Network Issues
Port 443 Shows as Closed
If port 443 shows as closed:
- Verify Appliance is Running: Ensure your NuNet Appliance is running and the service is active
- Check Port Forwarding Rule: Verify the rule is configured correctly in your router
- Check Firewall: Ensure your router's firewall allows port 443
- Verify Local IP: Confirm your appliance's local IP hasn't changed
- Restart Router: Sometimes a router restart is needed for changes to take effect
ISP Blocks Port 443
Some ISPs block port 443 or require you to request it be opened:
- Contact ISP: Call your ISP's support line
- Request Port Opening: Ask them to open port 443 for your connection
- Business Account: Some ISPs only allow port forwarding on business accounts
- Alternative Ports: In some cases, you may need to use alternative ports (though this requires additional configuration)
NAT Issues
If you're behind multiple layers of NAT (e.g., carrier-grade NAT):
- Request Public IP: Ask your ISP for a public IP address
- Business Connection: Consider upgrading to a business internet connection
- VPN Solution: Some users use VPN services to get a public IP
Questions to Ask Your ISP
If you've tried everything and port forwarding still isn't working, contact your ISP with these questions:
-
"Do you block port 443 on residential connections?"
- Some ISPs block certain ports on residential plans
-
"Do I have a public IP address, or am I behind carrier-grade NAT?"
- Carrier-grade NAT prevents port forwarding from working
-
"Can you provide me with a public IP address?"
- You may need to request a static public IP
-
"Do I need a business account for port forwarding?"
- Some ISPs restrict port forwarding to business accounts
-
"Are there any firewall rules blocking incoming connections on port 443?"
- Your ISP may have firewall rules blocking the port
-
"Can you open port 443 for my connection?"
- Some ISPs can manually open ports upon request
-
"What are the requirements for port forwarding on my connection type?"
- Different connection types (DSL, cable, fiber) may have different requirements
-
"Is UPnP supported on my connection?"
- Some ISPs disable UPnP support
Best Practices
For Compute Providers
- Dedicated Connection: Consider using a dedicated internet connection for compute provision
- Static IP: Request a static public IP address from your ISP
- Business Account: Business internet accounts often have fewer restrictions
- Monitor Port Status: Regularly check that port 443 remains open
- Backup Connection: Have a backup internet connection if possible
For All Users
- Verify Before Deploying: Check port status before attempting deployments
- Keep Router Updated: Ensure your router firmware is up to date
- Document Configuration: Keep a record of your port forwarding settings
- Test Regularly: Periodically verify that port forwarding is still working
Related Topics
- Compute Provider Role - Understanding compute provider requirements
- Deploying Ensembles - Deployment process
- DDNS Not Working - Troubleshooting DDNS issues
- Resource Conflicts - Managing resource conflicts
- Support Process - Getting additional help