Problem using DynDNS



  • My ISP is implementing carrier-grade NAT (double NAT), so basically the internet-facing NIC of my pfsense box has a private IP address. I know that using dynDNS is useless for this kind of setup buy what I don't understand is why the "cached IP address" showing under Services -> dynDNS is the public IP of the ISP and not the private IP assigned to my NIC?

    Does the dynDNS service of pfsense only detect the actual external IP address?



  • BUMP!


  • Rebel Alliance Developer Netgate

    If pfSense detects a private IP on WAN, it will query an external IP lookup service to determine your actual external IP address at the time.



  • @jimp:

    If pfSense detects a private IP on WAN, it will query an external IP lookup service to determine your actual external IP address at the time.

    Oh ok, I understand now. Thanks.

    Is there any solution to this carrier-grade NAT problem when I host a server internally?


  • Rebel Alliance Developer Netgate

    With carrier-grade NAT you most likely cannot receive any inbound server traffic.

    The ISP would have to forward ports from the actual public IP to your CGN/WAN IP and then pfSense could forward them in from there.



  • @jimp:

    With carrier-grade NAT you most likely cannot receive any inbound server traffic.

    The ISP would have to forward ports from the actual public IP to your CGN/WAN IP and then pfSense could forward them in from there.

    That's what I thought. And most probably we can't request that from the ISP. So the only way to do this is to request for a public WAN IP from them?


  • Rebel Alliance Developer Netgate

    Yes, that's probably correct, but it depends on your ISP.



  • Is this one of the major ISPs?  Just curious.  Hope it's not a trend to get rid of individually assigned public IPs.



  • @Finger79:

    Is this one of the major ISPs?  Just curious.  Hope it's not a trend to get rid of individually assigned public IPs.

    Nope, this is one of the ISPs in the Philippines but I heard that there are some major US ISPs that do this also.



  • It is a trend - lots of regions/countries are running short of IPv4 public address space from their allocations. Here in Nepal we had a WiMax provider recently who did not even use the Carrier-Grade-NAT reserved space. We got an address like 10.20.n.n !!! Bad luck if your company happened to have picked 10.20.0.0/16 for their internal private network. Now this WiMax provider has got some public IP address space and we have got our own public IP.
    Same has happened on the 3G mobile phone system - they just don't have enough IPv4 public address to give out 1 to every phone that asks. So sometimes we get CGN addresses. If I want to use a router with 3G dongle and have an OpenVPN server on it to allow remote connections back to a small office/home office then sometimes it works (mobile phone carrier DHCP gives a real public IP and DynDNS name is set to that and all is good) and sometimes it does not (gets a CGNat IP, DynDNS name is set to the ISPs eventual front-facing public IP and of course that does not port forward back to me!)
    If you want to provide remote access to stuff, then you have check with the ISP when you sign up that your plan comes with a real public IP.


Log in to reply