I just setup UrBackup on my unRAID box using Docker so I can keep our machines backed up (keep the wife happy). Our desktop is working great, I just want to make sure I set everything up correctly for our laptops. Since the won’t always be home, I have the UrBackup site published to the internet using the LinuxServer.io Letsencrypt container, TCP port 55415 forwarded to my unRAID box for backups from remote UrBackup clients, and the Internet Name set to the Dynamic DNS name I have configured for at home. Decided to try testing it with a couple of remote clients I have access to. Neither one will connect, is the port UDP instead of TCP?
UrBackup does use TCP 55415 for internet connections.
If you monitor your traffic an idle connection looks like:
# tshark -i ens3 -f “port 55415”
Capturing on ‘ens3’
1 0.000000000 172.30.1.138 → 172.30.1.12 TCP 83 52460 → 55415 [PSH, ACK] Seq=1 Ack=1 Win=2044 Len=29
2 0.000142246 172.30.1.12 → 172.30.1.138 TCP 83 55415 → 52460 [PSH, ACK] Seq=1 Ack=30 Win=237 Len=29
3 0.066461694 172.30.1.138 → 172.30.1.12 TCP 60 52460 → 55415 [ACK] Seq=30 Ack=30 Win=2044 Len=0
4 60.011122540 172.30.1.138 → 172.30.1.12 TCP 83 52460 → 55415 [PSH, ACK] Seq=30 Ack=30 Win=2044 Len=29
5 60.011330605 172.30.1.12 → 172.30.1.138 TCP 83 55415 → 52460 [PSH, ACK] Seq=30 Ack=59 Win=237 Len=29
6 60.072348130 172.30.1.138 → 172.30.1.12 TCP 60 52460 → 55415 [ACK] Seq=59 Ack=59 Win=2044 Len=0
6 packets captured
I set my windows laptop firewall to block inbound UrBackup traffic when connected via wifi. In setting this up I found:
- The DNS entry must result in the correct IP address (I needed a split DNS setup to resolve to the internal IP)
- The firewall must allow TCP 55415 to the server. In my case there were two firewalls involved.
- The client must be configured with the correct server DNS
- The client must use the correct “Internet auth key” (see client internet tab on server settings)
- The server needs “Enable internet mode” set.
In my case I first cleared the “Allow client-side changing of settings” so all settings are from the server. I then connected locally to introduce the client, force the settings from the server and perform initial backups. Once that completed I blocked traffic on the laptop firewall to force internet mode.
It could be my work firewall causing the issue. Although I’m 99% sure it isn’t set to block unknown connections (I’ll have to check since I’m the one that takes care of it). My DNS is handled by my home router where I have an entry pointing the subdomain name to the local IP of my unRAID box (I love enterprise grade hardware at home).
Server is configured with “Enable internet mode” set, and a correct DNS name. Clients have that name, correct port & correct “Internet auth key”. Plus the port shows open. I’ll try again tomorrow (I’ll bring my laptop with).