ddns后端口转发不能用

[justsee233]

作为二级设备，内网lan设备能用，但是通过一级路由端口映射后，就不能使用了，有公网ipv4

[rozhuk-im]

Please use English.
I suggest that issue is in your network configuration.

[justsee233]

Please use English.
I suggest that issue is in your network configuration.

Ipv4 public network address, set port forwarding on the main router, and then install msd_lite on the secondary router, it can only be used in the LAN, and cannot be played on the external network. The same setting uses udpxy and everything is normal

[rozhuk-im]

1. Check listen address in msd_lite config
2. Use tcpdump on router with msd_lite to debug network issue.

[windybird]

1. Check listen address in msd_lite config
2. Use tcpdump on router with msd_lite to debug network issue.

Please use English.
I suggest that issue is in your network configuration.

Ipv4 public network address, set port forwarding on the main router, and then install msd_lite on the secondary router, it can only be used in the LAN, and cannot be played on the external network. The same setting uses udpxy and everything is normal

Yes,the same to you

[billzbc]

This code checks the flags of the HTTP request and returns a 403 Forbidden status code if the requested Host is not local.
这段代码检查HTTP请求的标志位，如果请求的Host不是本地的，就返回403 Forbidden状态码。

src/msd_lite.c line 611

if (0 == (req->flags & HTTP_SRV_RD_F_HOST_IS_LOCAL)) {
	resp->status_code = 403;
	return (HTTP_SRV_CB_CONTINUE);
}

[rozhuk-im]

All hosts names will be "local" if you have in config: <hostname>*</hostname> it is set in default/example config.
https://github.com/rozhuk-im/msd_lite/blob/master/conf/msd_lite.conf#L37C4-L37C26

[szNightFury]

All hosts names will be "local" if you have in config: <hostname>*</hostname> it is set in default/example config. https://github.com/rozhuk-im/msd_lite/blob/master/conf/msd_lite.conf#L37C4-L37C26

Hi,

I’m experiencing an issue where accessing msd_lite from an external network still results in a 403 Forbidden error, despite having * set in the config file as recommended. The configuration should allow all hostnames to be treated as local, but the problem persists. Could there be any additional configurations or steps that I’m missing to allow external access without encountering the 403 error?

Thanks for your help!

[rozhuk-im]

Share your config, I will check.

[szNightFury]

Share your config, I will check.

For context, I have configured port 7088 for msd_lite and set up port 80 for another internal service running Nginx. When performing internal network penetration through port 7088, accessing it from an external network results in a 403 Forbidden error. However, internal network penetration through other ports, such as port 80 for Nginx, works fine.

Here is the current mds_lite configuration:

<?xml version="1.0" encoding="utf-8"?>

<!--
 Sizes in kb, time in seconds
-->

<!--
<skt> <rcvLoWatermark>XXXX</rcvLoWatermark> - DOES NOT WORK on Linux!
man socket(7):
...
The select(2) and poll(2) system calls currently do not respect the SO_RCVLOWAT
setting on Linux, and mark a socket readable when even a single byte of data is
available.
...
-->


<msd>
	<log>
		<file>/root/msd_lite/msd_lite.log</file>
	</log>

	<threadPool>
		<threadsCountMax>1</threadsCountMax> <!-- 0 = auto -->
		<fBindToCPU>yes</fBindToCPU> <!-- Bind threads to CPUs. -->
		<fCacheGetTimeSyscall>yes</fCacheGetTimeSyscall> <!-- Cache gettime() syscalls.. -->
		<timerGranularity>100</timerGranularity> <!-- 1/1000 sec -->
	</threadPool>


<!-- HTTP server -->
	<HTTP>
		<bindList>
			<bind><address>0.0.0.0:7088</address><fAcceptFilter>y</fAcceptFilter></bind>
			<bind><address>[::]:7088</address></bind>
		</bindList>

		<hostnameList> <!-- Host names for all bindings. -->
			<hostname>*</hostname>
		</hostnameList>
	</HTTP>


	<hubProfileList> <!-- Stream hub profiles templates. -->
		<hubProfile>
			<fDropSlowClients>no</fDropSlowClients> <!-- Disconnect slow clients. -->
			<fSocketHalfClosed>no</fSocketHalfClosed> <!-- Enable shutdown(SHUT_RD) for clients. -->
			<fSocketTCPNoDelay>yes</fSocketTCPNoDelay> <!-- Enable TCP_NODELAY for clients. -->
			<fSocketTCPNoPush>yes</fSocketTCPNoPush> <!-- Enable TCP_NOPUSH / TCP_CORK for clients. -->
			<precache>4096</precache> <!-- Pre cache size. Can be overwritten by arg from user request. -->
			<ringBufSize>1024</ringBufSize> <!-- Stream receive ring buffer size. Must be multiple of sndBlockSize. -->
			<skt>
				<sndBuf>512</sndBuf> <!-- Max send block size, apply to clients sockets only, must be > sndBlockSize. -->
				<sndLoWatermark>64</sndLoWatermark>  <!-- Send block size. Must be multiple of 4. -->
				<congestionControl>htcp</congestionControl> <!-- TCP_CONGESTION: this value replace/overwrite(!) all others cc settings: cc from http req args, http server settings, OS default -->
			</skt>
			<headersList> <!-- Custom HTTP headers (sended before stream). -->
				<header>Pragma: no-cache</header>
				<header>Content-Type: video/mpeg</header>
				<header>ContentFeatures.DLNA.ORG: DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=01700000000000000000000000000000</header>
				<header>TransferMode.DLNA.ORG: Streaming</header>
			</headersList>
		</hubProfile>
	</hubProfileList>


	<sourceProfileList> <!-- Stream source profiles templates. -->
		<sourceProfile>
			<skt>
				<rcvBuf>512</rcvBuf> <!-- Multicast recv socket buf size. -->
				<rcvLoWatermark>48</rcvLoWatermark> <!-- Actual cli_snd_block_min if polling is off. -->
				<rcvTimeout>2</rcvTimeout> <!-- STATUS, Multicast recv timeout. -->
			</skt>
			<multicast> <!-- For: multicast-udp and multicast-udp-rtp. -->
				<ifName>eth1.48</ifName> <!-- For multicast receive. -->
			</multicast>
		</sourceProfile>
	</sourceProfileList>
</msd>

Thanks for your help!

[rozhuk-im]

What URL do you send to msd?
Do you redirect external connections to 127.0.0.1?

In code only 2 places that return 403 error:

1. Wrong host name.
2. Connection to loopback (127.0.0.1 / ::1) from non loopback. In that case in syslog will be message: syslog(LOG_NOTICE, "HACKING ATTEMPT: %s set in host header loopback address.", straddr);

[szNightFury]

What URL do you send to msd? Do you redirect external connections to 127.0.0.1?

In code only 2 places that return 403 error:

1. Wrong host name.
2. Connection to loopback (127.0.0.1 / ::1) from non loopback. In that case in syslog will be message: syslog(LOG_NOTICE, "HACKING ATTEMPT: %s set in host header loopback address.", straddr);

• Steps I've Taken:
  • Mapped internal 0.0.0.0:7088, 127.0.0.1:7088, or 192.168.31.1:7088 (which is my router's IP address) to external port 8088 by using FRP or NPS.
  • When I try to access http://mydomain.com:8088/stat or http://mydomain_ip:8088/stat from an external network, I receive a 403 Forbidden error.
  • Accessing http://192.168.31.1/stat on the internal network works, I notice that the HTTP error count increases.
  • I'm not sure how to check the syslog properly; I looked in the /var/log/ directory on the router but didn't see any relevant logs, and I didn't find any output from the command msd_lite -c msd_lite.conf

Thank you for your help!