Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic DNS Show local IP

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andreaconfa
      last edited by andreaconfa

      Hi all, i'm new in PFSense.
      I successfully setted up my PFSense Machine with this configuration:

      2 x PPPOE WAN Connections Load Balanced
      1 X LTE BACKUP WAN to use as failover when the wired networks goes down.

      I'm setting up my Dynamic DNS to have the ability to access my network from my wired wans but also, in case it fails, be able to access trought my mobile lte backup (yes, i have a static and dedicated ip also for the lte connection)

      I setted up the Dynamic DNS page to work with the interface "Gateway Load Balance" to let the script retrive always a working ip address.
      When using the two PPPOE connectios the IP address is correctly pushed to the ddns domain but when my connection fail back to the LTE one, my ddns update the ip with the LOCAL ip address of the LTE connection, instead of the public one.

      How can i troubleshoot this problem?
      Thanks
      Attacched some screenshots

      49b73a26-7e1d-449c-8ab5-3b574f58cbc2-image.png

      96699dca-937d-48c5-a8d8-940e97f44bca-image.png

      a3396de9-941b-4531-bf00-0360df79cf5e-image.png

      abb1e746-99c4-4279-8f11-9dbe494c839e-image.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @andreaconfa
        last edited by

        @andreaconfa said in Dynamic DNS Show local IP:

        When using the two PPPOE connectios the IP address is correctly pushed to the ddns domain but when my connection fail back to the LTE one, my ddns update the ip with the LOCAL ip address of the LTE connection, instead of the public one.

        What do you call "local ip address"?
        And what would the public one be in your opinion?

        Since the dynamic DNS status is showing the IP colored green, this is the IP the outside/public world sees. So what's wrong?
        You can recheck it by going to whatsmyip.com or something like that with an internal browser.

        1 Reply Last reply Reply Quote 0
        • A
          andreaconfa
          last edited by

          @viragomann said in Dynamic DNS Show local IP:

          is the IP the outsid

          Hi, 190.10.3.3 is the local PfSense IP on the wan interface connected to the LTE modem.

          See screenhots:
          91c46dc8-6e4f-4480-b6c7-efc1aedc276e-image.png

          In fact, my LTE ip is:
          65cedd73-194d-4329-a0d4-0fc0999b081d-image.png

          1 Reply Last reply Reply Quote 0
          • A
            andreaconfa
            last edited by

            The issue is very similar to this: https://forum.netgate.com/topic/138216/dynamic-dns-client-can-t-determine-public-ip-from-behind-nat-router

            My log :

            Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
            Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): 190.10.3.3 extracted from local system.
            Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS (my.hostname.ddns): running get_failover_interface for lan. found em0
            Oct 7 20:24:54	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): _update() starting.
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: HTTP/2 200
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: date: Thu, 07 Oct 2021 18:24:54 GMT
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: cache-control: max-age=60
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: expires: Thu, 07 Oct 2021 18:25:53 GMT
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: vary: Accept-Encoding
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: content-language: fr
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-request-id: 0A6EB4C6:8BB8_332611C8:01BB_615F3B75_11C385:2ABE2
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-request-id: 33440FF6:D89A_C063418B:01BB_615F3B75_BD06:7A78
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-iplb-instance: 42098
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cdn-pop: rbx
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cdn-pop-ip: 51.68.XX.XX/27
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-request-id: 1034879603
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: x-cacheable: Not cacheable: no cache
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header: accept-ranges: bytes
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header:
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Header:
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Response Data: good 190.10.3.3
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): _checkStatus() starting.
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: Dynamic DNS ovh-dynhost (my.hostname.ddns): 190.10.3.3 extracted from local system.
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_opt2ovh-dynhost'my.hostname.ddns'0.cache: 190.10.3.3
            Oct 7 20:24:55	php-fpm	347	/services_dyndns_edit.php: phpDynDNS (my.hostname.ddns): (Success) IP Address Changed Successfully! (190.10.3.3)
            
            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by stephenw10

              I assume it's actually behind CGN, which is common on LTE connections?

              You say you have a static IP on LTE though, that is NAT'd to it?

              If that was a private IP the client would use IP lookup to find the public IP but that is a public IP. I expect it to be in 100.64.0.0/10 if it is CGN.

              Usually you can't forward traffic through CGN so you wouldn't be able to connect inbound anyway.

              I also note you have the same gateway IP on both PPPoE connections which might give you routing issues.

              Steve

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ooops missed your edit there.

                Don't use a public subnet on the LAN side of the LTE router if that's not actually your IP.

                Steve

                A 1 Reply Last reply Reply Quote 0
                • A
                  andreaconfa @stephenw10
                  last edited by andreaconfa

                  @stephenw10 my lte connection is not under NAT, in fact with my edgerouter I’m able to connect to the devices hosted on my home.

                  From the settings i see that if the connection is PPPOE is not possible to change the ip address of the interface, in fact the two shown ip is not even in the subnet of the router's.

                  So you think that the lte connection is not getting the wan ip because I’m using a public subnet? I have to try using 192.168.x.x ?

                  If i run the curl command on the pfsense console i get the correct wan ip of the lte connection: curl http://checkip.dyndns.org/

                  f2da0fa0-db83-481c-bee7-25f041e5e4ae-image.png

                  1 Reply Last reply Reply Quote 0
                  • A
                    andreaconfa
                    last edited by andreaconfa

                    Good News! I changed the local ip of the LTE router to 192.168.103.1 and now pfsense is updating the DDNS with the correct WAN ip.

                    Another question if you can help me.
                    As i said before i have two VDSL connection that i want to use in load-balancing mode and a third one (the LTE) that i want to use only as a failover when both VDSL connection goes down.

                    Is this the correct configuration?
                    6deb7e85-920d-40d2-bfec-fa967d47fa3b-image.png

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Your LTE is behind NAT. If it wasn't curl http://checkip.dyndns.org/ would be reporting the same IP the pfSense sees ion the interface. It might be 1:1 NAT if you can connect in that way.
                      Anyway, yeah, setting it to a private IP causes the dyndns client to look for the external IP rather than use the interface address.

                      Yes, that will work for load-balancing. There's no need to put LTE in tier 5 it will work exactly the same in tier 2.
                      Be aware that you can only use that load-balance group in policy routing rules. You can' use that as the default system gateway. That can only be a specific gateway or a failover group.

                      Steve

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        andreaconfa @stephenw10
                        last edited by

                        @stephenw10 sorry i don't understand exaclty this

                        Be aware that you can only use that load-balance group in policy routing rules. You can' use that as the default system gateway. That can only be a specific gateway or a failover group.
                        

                        I setted up my balancing/failover group as default group

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          You can't use a load-balancing group as the system default gateway in System > Routing > Gateways. Where is says: Select a gateway or failover gateway group to use as the default gateway.
                          The wording there was changed because it's a common mistake.
                          To actually balance the load across several WANs you need to use policy based routing rules:
                          https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

                          Steve

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            andreaconfa @stephenw10
                            last edited by andreaconfa

                            @stephenw10 said in Dynamic DNS Show local IP:

                            e the load across several

                            can you explain me how to make the load balancing work correctly? now in the default gateway i setted up the load balancing group and it appears to work correctly. For example, in speedtest, i reach the sum of the two connection. during for example an http download i got the download of 1 connection, but then if another client start to download something, he get full speed too by using automatically the other wan connection.

                            I also have this rule in the lan out setting of the firewall ec30066c-0a89-425d-83ef-631346476a57-image.png

                            What is the correct setting for the default gateway? 0bb2fcd8-8fee-45dc-a16e-a342cb0af7d6-image.png

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              The top screenshot there is the correct (and only) way to do it. That will be loadbalancing your traffic from hosts on the LAN.

                              The default gateway should be only a specific gateway or a failover group.
                              If you enter a load-balance group there the firewall will cycle though the gateways in it if they go down but does not actually load-balance traffic. Rge default gateway if only ever 1 WAN at a time.

                              Steve

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                andreaconfa @stephenw10
                                last edited by

                                @stephenw10 so what i have to do? i have to make another group only for failover and put that in the default gateway? First Connection Tier 1, Second Connection Tier 2 and Third Connection LTE Tier 3 and put that in the default gateway?

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Since you are using a correctly configured policy routing rule for LAN traffic you do not have to do anything.
                                  Anything not caught by that policy rule, such as traffic from the firewall itself, will use the default gateway. Just be aware that with that set to the load-balancing group as it is traffic will use one of the two PPPoE WANs that are in tier 1. It will not use both and there is no way to specify which one it will use. It will simply switch to the other one if one goes down or to the LTE if both go down. That setup is probably fine for your use.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.