Skip to main content
HashnodeGaurab Wagle

Command Palette

Search for a command to run...

How I Had SSH Access But No Internet. Port forwarding 80 into server, cuts off the internet in server

Published
3 min read
G
Gaurab Wagle

Before, Let's learn how to forward ports from your router to server and server to your websites

MikroTik Router's login page:

Go to : IP > Firewall > NAT

Things to remember while doing port forwarding:

  1. We need to write the rules for Firewall and NAT ( Network Address Transalation)

  2. NAT: is the rule we write for actual port forwarding. Listen to port 'x' in router and pass it to port 'y' in server.

  3. Firewall rule should be written to tell our router to allow all traffic on this port which we just opened.

NAT rule, that forwards port 80 to 80:

In General tab ( the first image), write the port your router wants to open,
In Action tab ( second image), write the port you want to forward to server.

Since I was using tailscale to ssh the server ,

Problem: When I port forward 80-80, there was no internet access to the internet.

When you install Tailscale, it tries to be helpful by managing your network settings. It does this by taking over your server’s DNS (Domain Name System).

If you look at your /etc/resolv.conf file, you’ll see it has been hijacked:


~$ cat /etc/resolv.conf
# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN
nameserver 100.100.100.100
search tail259a0b.ts.net

The Conflict: Tailscale points your server to 100.100.100.100—its internal "MagicDNS" resolver. This is great for finding other machines on your private network (like my-laptop.ts.net), but if your Tailscale admin settings aren't configured with a "Global Nameserver," your server suddenly forgets how to find the real internet.

The Solution:

To fix this, you need to give your server a "phonebook" it can actually read. We want to keep Tailscale for our SSH access but stop it from blocking the rest of the internet.

Step 1: Tell Tailscale to Back Off First, run this command to tell Tailscale to stop forcing its own DNS settings on the system:

💡
tailscale up --accept-dns=false

Step 2: Manually Set Global Nameservers Now, we edit the DNS configuration file. Open it with: sudo nano /etc/resolv.conf

Delete the internal Tailscale IP or move it to the bottom. Add the world-standard Google and Cloudflare DNS IPs at the very top:

//new config
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 100.100.100.100
search tail259a0b.ts.net

Step 3: Test the Connection Now, try to reach the outside world again: ping google.com

If you see bytes flying back, you’ve won. Your server can now see your private network via Tailscale and fetch your code from GitHub at the same time.

More from this blog

G

Gaurab Wagle

12 posts