Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder for multiple LAN IP?

    DHCP and DNS
    3
    11
    2.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bigzaj
      last edited by

      I have a couple of IP cameras and want to have access both over WAN and while on LAN using the same address.  Based on what I've read on the forum I setup multiple host overrides for each camera (e.g. camera1.dyndns.org, etc.) and enabled multiple hosts within my dynamic dns service as well as multiple dynamic dns logins within pfsense.

      I guess my question is, is there a more elegant solution that does not involve 5 different dynamic dns hosts, 5 different logins and 5 overrides?

      Currently all cameras share the same port, but I can give each their own.

      I had no luck getting NAT reflection to work (most likely because I have no idea what to do there).

      Thanks.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Sure. The more ellegant solution is IPv6.

        1 Reply Last reply Reply Quote 0
        • B
          Bigzaj
          last edited by

          Is there anyway to use the domain override as opposed to host override if I have a range of IP's to look at with different ports for each as opposed to having a different hostname and subsequent different DDNS?

          override mydns.org to IP 192.168.10.40
          override mydns.org to IP 192.168.10.41
          etc
          etc
          etc

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            No. A/AAAA/CNAME knowns nothing about ports. Plus I don't get why exactly you need a DynDNS entry for each. You need exactly ONE for your public WAN IP.

            1 Reply Last reply Reply Quote 0
            • B
              Bigzaj
              last edited by

              DNS Forwarder using a host + domain points to one IP.  I setting the destination as the gateway and 0.0.0.0 but it did not work.  I've read some about Hairpin NAT but unsure how to set that up in pfsense or if it is the right method.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                I really have no idea what are you inventing there. We have been talking about DynDNS. You need exactly ONE that matches your external WAN IP if it's dynamic. No idea what's the hairpin NAT here all of a sudden. And why are you messing with gateways? Stop over-engineering absolutely trivial stuff.

                1 Reply Last reply Reply Quote 0
                • B
                  Bigzaj
                  last edited by

                  I'm not sure what you mean by inventing things here.  Let me lay out the issue as maybe I've fumbled through it thus far.

                  I have multiple LAN IP addresses with different ports open on them: xx.xx.xx.41:4001; xx.xx.xx.42:4002, etc.

                  When NOT on LAN i can access them simply with a DDNS address and the various ports using NAT rules forward to the appropriate LAN IP: me.ddns.org:4001 -> xx.xx.xx.41:4001

                  My issue is that when on LAN, I want to continue using the me.ddns.org:4001 to redirect to xx.xx.xx.41:4001, me.ddns.org:4002 to redirect to xx.xx.xx.41:4002 so that I don't have to change settings.

                  Maybe I'm misinterpreting the host and domain override, but it appears to be one internal IP per host/domain unless I can stack the same rule just changing IP's and let the ports figure it out?

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    OMG…. You create as many host overrides as needed on your LAN. One per your DDNS hostname. It takes about 10 seconds each... And I already told you that DNS does NOT do ports. Period. If you do not want to deal with this, your options are:

                    • Get more IPv4 IPs from your ISP
                    • Get IPv6 working
                    • NAT reflection
                    1 Reply Last reply Reply Quote 0
                    • B
                      Bigzaj
                      last edited by

                      OMG… I can't create multiple host overrides for the same host which brings us all the way back to the first question where I need multiple Ddns hosts.

                      Host1.ddns.org redirect to LAN xx.xx.xx.41
                      Host2.ddns.org redirect to LAN xx.xx.xx.42

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        Just just have no clue what you are doing… WTH would you do any such thing? You use the DDNS hostname from WAN. You use local hostname from LAN. If you are not willing to, then yeah you need multiple DDNS hostnames. During the time you wasted here discussing how much it bothers you to do a couple of minutes job, you could have set this up for about 1000 hosts. Noone here really cares that you cannot be bothered to set up whopping 5 hostnames.

                        Bye.

                        1 Reply Last reply Reply Quote 0
                        • P
                          phil.davis
                          last edited by

                          To be clear for you, if you want to use the same host name from inside and outside your network for each camera, and each camera has a different IP address inside your network (kind of a necessary!) then you need multiple DDNS names:
                          Host1.ddns.org
                          Host2.ddns.org
                          …

                          From the outside all names names resolve to your public IP address. Then your port forwards are set up to forward a particular port to a particular internal IP address + port combination.
                          From the inside you make a host override for each name that points directly to the inside IP address.

                          Another partly-tricky way would be to put the cameras on a separate OPT1 interface. Then on LAN make port forwards (like you do already on WAN) that forward the various ports on LAN-IP to the various camera IP-address+port on OPT1. Then you can use just 1 DDNS name, resolving from the outside to public WAN IP, and from inside to LAN-IP.

                          The other issue is security of web-cams on the public internet - it really would be more secure to use a VPN connection with certificates... and then conect to the cameras across the VPN.

                          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.