Dynamic DNS + Port forwarding (Internal access issues)



  • Hi,

    getting my new setup up and running at home and I encountered an issues that I really don't understand, if someone with more experience could share some light it would be highly appreciated.

    Current setup have a new PFsense Box + FreeNAS box + Switch + AP on a 100/25 connection.

    I setup Dynamic DNS last night, and everything seen to be working great, then I setup port forwarding for a single server (SABnzb), SABnzb is running on the FreeNAS box under a jail with its own IP on port 8086.

    I went ahead and try from 'OUTSIDE' my network and I can access the server using <public ip="">:8086 & <dynamic dns="" url="">:8086

    Everything working as intended so far…

    Now, here is the issue I don't seen to understand...

    from 'INSIDE' my network, I can access the server using <public ip="">:8086, <internal ip="">8086, <hostname>:8086 however using <dynamic dns="" url="">:8086 doesn't work, it try to load for a while and then time out.

    My limited understanding of this is that using the dynamic DNS URL, it would send traffic to the dynamic DNS provider server, that would resolve to my public Ip and then it will hit my server using my public IP, which work if I type it directly. Is this just completely wrong?

    Thanks
    Mat</dynamic></hostname></internal></public></dynamic></public>



  • Do you have access to public DNS from inside?
    Try a nslookup.

    It's also possible that it takes a view hours till the public DNS is updated if your dynamic DNS name is new set up.



  • @viragomann:

    Do you have access to public DNS from inside?
    Try a nslookup.

    It's also possible that it takes a view hours till the public DNS is updated if your dynamic DNS name is new set up.

    Thank you for the reply, however if that would be true i wouldn't be able to access the server using the Dynamic URL from outside the network either…. right?

    I don't think that is the issue

    nslookup works from inside the network, it's pointing to my public ip

    I'm trying Split DNS  as seen on this post but not luck so far (https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F)

    So I just noticed that from 'INSIDE' the network if i go to the <dynamic url="">without any port, it does forward to PFsense webconfigurator, however as soon as I use any port (8080 for sabnzbd or 8086 for Sickbread) it just doesn't resolve

    I'm a little lost, doesn't make sense to me</dynamic>



  • I'm trying Split DNS  as seen on this post but not luck so far

    Are you even using pfSense as DNS for your clients?  Are you using Resolver or Forwarder?  Post screens of your config.



  • Ok so I disable everything and started fresh.

    I can't explain why wasn't working, however split DSN is working now.

    However, i'm not sure how is going to work if i have more than 1 service running on a different IP.

    Right now the SPlit DNS is redirecting my <dynamic url="">to the SABNZB server IP. Port forwarding 8080 from WAN to LAN.

    How about if I have let's say owncloud running in a different IP on port 8082, if I use my <dynamic url="">:8082 from outside the network it will work but cannot do another "host overwrite" on DNS forwarder.</dynamic></dynamic>



  • OK that would be a problem.  DNS doesn't care about ports, so you would still need something to redirect to the correct system.  You may have to settle for using different internal names, like owncloud.yourdomain.com and sabnzb.yourdomain.com.  Can you not run ownCloud on your SABNZB box, along with SickBeard too?


  • LAYER 8 Global Moderator

    yeah its always best to use different host names for different services, as KOM correctly stated dns doesn't care about ports.  You should be able to setup multiple dyndns for different names as well, servicea.publicdns.tld and then use the same overrides internally.  Also if possible good idea to get rid of the :port in the url and use the native port for the serivce.. Makes it easier ;)

    You can use a reverse proxy in pfsense to forward based on fqdn and not have to worry about the ports.



  • Thank guys.

    I do have different hostnames already, but I didn't think on doing multiple dynamic dns hostnames, that may be easier.

    Also I was thinking on using a reverser proxy for SSL termination on owncloud, so may as well go ahead set it up to handle everything else


Log in to reply