# WebDAV External Access Troubleshooting Guide ## Problem WebDAV works on intranet but fails from external networks with "Connection refused" error. ## Common Causes and Solutions ### 1. Service Bound to Localhost Only **Symptom:** Service only listens on `127.0.0.1` or `::1` instead of all interfaces. **Solution:** - **Apache:** Change `Listen 127.0.0.1:5006` to `Listen 0.0.0.0:5006` or `Listen *:5006` - **Nginx:** Change `listen 127.0.0.1:5006;` to `listen 0.0.0.0:5006;` or `listen *:5006;` - **Other services:** Ensure binding to `0.0.0.0` or `*` instead of `localhost`/`127.0.0.1` **Check:** ```bash netstat -tuln | grep 5006 # or ss -tuln | grep 5006 ``` If you see `127.0.0.1:5006` or `::1:5006`, the service is only accessible locally. ### 2. Firewall Blocking Port 5006 **Solution:** **UFW (Ubuntu/Debian):** ```bash sudo ufw allow 5006/tcp sudo ufw reload ``` **firewalld (CentOS/RHEL):** ```bash sudo firewall-cmd --permanent --add-port=5006/tcp sudo firewall-cmd --reload ``` **iptables:** ```bash sudo iptables -A INPUT -p tcp --dport 5006 -j ACCEPT sudo iptables-save ``` ### 3. Router Port Forwarding Not Configured **Solution:** 1. Access your router's admin panel 2. Navigate to Port Forwarding / Virtual Server settings 3. Add rule: - **External Port:** 5006 - **Internal IP:** Your NAS IP address (e.g., 192.168.1.100) - **Internal Port:** 5006 - **Protocol:** TCP 4. Save and apply changes ### 4. Router Firewall Blocking Incoming Connections **Solution:** - Check router firewall settings - Ensure port 5006 is allowed for incoming connections - Some routers have separate WAN firewall rules ### 5. ISP Blocking Port 5006 **Solution:** - Some ISPs block certain ports - Try a different external port (e.g., 5007, 8080) - Update port forwarding to use the new port ### 6. Service Not Running or Crashed **Check service status:** ```bash # For systemd services systemctl status webdav # or systemctl status apache2 # or systemctl status nginx # Check if process is running ps aux | grep -i webdav ``` **Restart service:** ```bash sudo systemctl restart webdav # or sudo systemctl restart apache2 # or sudo systemctl restart nginx ``` ### 7. NAS-Specific Configuration **Synology NAS:** 1. Control Panel → External Access → Router Configuration 2. Enable port forwarding for port 5006 3. Control Panel → Security → Firewall 4. Ensure port 5006 is allowed **QNAP NAS:** 1. Network & Virtual Switch → Port Forwarding 2. Add rule for port 5006 3. Security → Firewall → Allow port 5006 **Other NAS:** - Check NAS admin panel for port forwarding/firewall settings - Ensure WebDAV service is enabled and configured for external access ## Diagnostic Steps 1. **Run the diagnostic script:** ```bash chmod +x diagnose_webdav.sh sudo ./diagnose_webdav.sh ``` 2. **Test local connection:** ```bash curl -k -X PROPFIND https://localhost:5006 # or curl -k -X PROPFIND https://127.0.0.1:5006 ``` 3. **Test from internal network:** ```bash curl -k -X PROPFIND https://:5006 ``` 4. **Test from external network:** ```bash curl -k -X PROPFIND https://jimmygan.myds.me:5006 ``` 5. **Check if port is reachable externally:** ```bash # From external network telnet jimmygan.myds.me 5006 # or nc -zv jimmygan.myds.me 5006 ``` ## Quick Fix Checklist - [ ] Service is bound to `0.0.0.0:5006` (not `127.0.0.1:5006`) - [ ] Firewall allows port 5006 - [ ] Router port forwarding configured (External 5006 → Internal NAS IP:5006) - [ ] Router firewall allows incoming connections on port 5006 - [ ] WebDAV service is running - [ ] Tested local connection (works) - [ ] Tested internal network connection (works) - [ ] External connection still fails → Check ISP/port blocking ## Additional Notes - **DDNS:** Your domain `jimmygan.myds.me` appears to be a DDNS service. Ensure it's properly configured and pointing to your current external IP. - **HTTPS:** Since you're using HTTPS, ensure SSL certificate is valid and the service is configured for SSL/TLS. - **IPv6:** The error shows IPv6 connection attempts. If your router/NAS doesn't support IPv6 properly, you may need to disable IPv6 or configure it separately.