DNS Forwarder for multiple LAN IP?

  • I have a couple of IP cameras and want to have access both over WAN and while on LAN using the same address.  Based on what I've read on the forum I setup multiple host overrides for each camera (e.g. camera1.dyndns.org, etc.) and enabled multiple hosts within my dynamic dns service as well as multiple dynamic dns logins within pfsense.

    I guess my question is, is there a more elegant solution that does not involve 5 different dynamic dns hosts, 5 different logins and 5 overrides?

    Currently all cameras share the same port, but I can give each their own.

    I had no luck getting NAT reflection to work (most likely because I have no idea what to do there).


  • Banned

    Sure. The more ellegant solution is IPv6.

  • Is there anyway to use the domain override as opposed to host override if I have a range of IP's to look at with different ports for each as opposed to having a different hostname and subsequent different DDNS?

    override mydns.org to IP
    override mydns.org to IP

  • Banned

    No. A/AAAA/CNAME knowns nothing about ports. Plus I don't get why exactly you need a DynDNS entry for each. You need exactly ONE for your public WAN IP.

  • DNS Forwarder using a host + domain points to one IP.  I setting the destination as the gateway and but it did not work.  I've read some about Hairpin NAT but unsure how to set that up in pfsense or if it is the right method.

  • Banned

    I really have no idea what are you inventing there. We have been talking about DynDNS. You need exactly ONE that matches your external WAN IP if it's dynamic. No idea what's the hairpin NAT here all of a sudden. And why are you messing with gateways? Stop over-engineering absolutely trivial stuff.

  • I'm not sure what you mean by inventing things here.  Let me lay out the issue as maybe I've fumbled through it thus far.

    I have multiple LAN IP addresses with different ports open on them: xx.xx.xx.41:4001; xx.xx.xx.42:4002, etc.

    When NOT on LAN i can access them simply with a DDNS address and the various ports using NAT rules forward to the appropriate LAN IP: me.ddns.org:4001 -> xx.xx.xx.41:4001

    My issue is that when on LAN, I want to continue using the me.ddns.org:4001 to redirect to xx.xx.xx.41:4001, me.ddns.org:4002 to redirect to xx.xx.xx.41:4002 so that I don't have to change settings.

    Maybe I'm misinterpreting the host and domain override, but it appears to be one internal IP per host/domain unless I can stack the same rule just changing IP's and let the ports figure it out?

  • Banned

    OMG…. You create as many host overrides as needed on your LAN. One per your DDNS hostname. It takes about 10 seconds each... And I already told you that DNS does NOT do ports. Period. If you do not want to deal with this, your options are:

    • Get more IPv4 IPs from your ISP
    • Get IPv6 working
    • NAT reflection

  • OMG… I can't create multiple host overrides for the same host which brings us all the way back to the first question where I need multiple Ddns hosts.

    Host1.ddns.org redirect to LAN xx.xx.xx.41
    Host2.ddns.org redirect to LAN xx.xx.xx.42

  • Banned

    Just just have no clue what you are doing… WTH would you do any such thing? You use the DDNS hostname from WAN. You use local hostname from LAN. If you are not willing to, then yeah you need multiple DDNS hostnames. During the time you wasted here discussing how much it bothers you to do a couple of minutes job, you could have set this up for about 1000 hosts. Noone here really cares that you cannot be bothered to set up whopping 5 hostnames.


  • To be clear for you, if you want to use the same host name from inside and outside your network for each camera, and each camera has a different IP address inside your network (kind of a necessary!) then you need multiple DDNS names:

    From the outside all names names resolve to your public IP address. Then your port forwards are set up to forward a particular port to a particular internal IP address + port combination.
    From the inside you make a host override for each name that points directly to the inside IP address.

    Another partly-tricky way would be to put the cameras on a separate OPT1 interface. Then on LAN make port forwards (like you do already on WAN) that forward the various ports on LAN-IP to the various camera IP-address+port on OPT1. Then you can use just 1 DDNS name, resolving from the outside to public WAN IP, and from inside to LAN-IP.

    The other issue is security of web-cams on the public internet - it really would be more secure to use a VPN connection with certificates... and then conect to the cameras across the VPN.

Log in to reply