Jump to content

NAT Loopback or NAT Reflection to access DDNS?


Recommended Posts

I use No-IP's DDNS service to access my security cameras remotely. Remote access is working fine via the Ports (configured via UPNP), but I am unable to reach the cameras using the same address when I am on the LAN. I believe this requires NAT loopback or NAT Reflection on the router.

 

Any option to get this configured or use another work around on the R1?

Link to comment
Share on other sites

The local addresses work, but then I have to change the URL if I am on LAN vs off. My old router allowed me to use the same ddns.net address with appropriate ports for both on/off LAN.

 

It might also be possible to achieve this with Static DNS entries. Not sure if the R1 supports that, but I will take a look today.

 

The crazy thing is, I can actually reach the R1 from LAN using my server.ddns.net URL, but if I add any ports (i.e. server.ddns.net:8155), then I get a site can not be reached message.

 

Could this be a port forwarding issue?

 

The ports work of I use the local.address:8155 from the LAN or if I use the server.ddns.net:8155 address from the internet, so it looks like all the port forwarding is correct.

 

This is my last obstacle to getting the Netduma working with 100% wife approval, so really trying to figure it out, so I don't have to return it :-(

Link to comment
Share on other sites

Thanks Fraser. I tried enabling WAN access in Misc Settings, but that did not work. I am already using OpenDNS for my DNS, so I don't want to change to a different DNS server, just add entries to the Host file for the specific cameras that need to be accessed.

 

Otherwise I think NAT Loopback is required. Any idea if that is something coming in the new OS?

Link to comment
Share on other sites

Thanks Fraser. I tried enabling WAN access in Misc Settings, but that did not work. I am already using OpenDNS for my DNS, so I don't want to change to a different DNS server, just add entries to the Host file for the specific cameras that need to be accessed.

 

Otherwise I think NAT Loopback is required. Any idea if that is something coming in the new OS?

 

Odd because as long as I port forward I can access mine on or off LAN using my DDNS.

 

Last time I saw this happen, it was the ISP modem/router combo unit.

 

As for being able to access the R1's interface through your DDNS address, that's a security issue so make sure you turn on password protection in the R1's settings.

Link to comment
Share on other sites

What DDNS service are you using?

 

I have Ethernet going straight from my FiOS ONT into the Netduma R1, so there is no other modem or router in play.

 

The strange thing is, I can access the R1 interface from LAN using the DDNS URL, but if I try to add a Port # to the DDNS URL, then I get a page not found. So it is resolving the URL, but not forwarding the ports?

Link to comment
Share on other sites

What DDNS service are you using?

 

I have Ethernet going straight from my FiOS ONT into the Netduma R1, so there is no other modem or router in play.

 

The strange thing is, I can access the R1 interface from LAN using the DDNS URL, but if I try to add a Port # to the DDNS URL, then I get a page not found. So it is resolving the URL, but not forwarding the ports?

 

No-ip but that doesn't matter... Did you open the right ports on your R1? I had to do it manually

Link to comment
Share on other sites

  • Administrators

Thanks Fraser. I tried enabling WAN access in Misc Settings, but that did not work. I am already using OpenDNS for my DNS, so I don't want to change to a different DNS server, just add entries to the Host file for the specific cameras that need to be accessed.

 

Otherwise I think NAT Loopback is required. Any idea if that is something coming in the new OS?

 

I've added it to the ideas list. Probably not something that would be implemented straight away but might be something we add in later.

Link to comment
Share on other sites

No-ip but that doesn't matter... Did you open the right ports on your R1? I had to do it manually

 

I am using No-IP as well, and the cameras are accessible via the ports from outside the network, but not when I am on the LAN. UPNP added the Port forwarding rules for the cameras, but I have also tried adding them manually and still the same result. The Cameras are assigned Static IP addresses outside the R1's DHCP range, could that have any impact?

 

Is this what your No-IP address looks like that you are able to access from LAN? 

 

yourserver.ddns.net:8155

Link to comment
Share on other sites

  • Administrators

I am using No-IP as well, and the cameras are accessible via the ports from outside the network, but not when I am on the LAN. UPNP added the Port forwarding rules for the cameras, but I have also tried adding them manually and still the same result. The Cameras are assigned Static IP addresses outside the R1's DHCP range, could that have any impact?

 

Is this what your No-IP address looks like that you are able to access from LAN? 

 

yourserver.ddns.net:8155

 

Normally I would say no that wouldn't have an impact. However, there was an issue the other day with a PC outside the DHCP range not showing up on network monitor and congestion control not affecting it. So try setting the static IPs to within the DHCP range and see if the issue is resolved - I've already marked this bug to be checked in DumaOS.

Link to comment
Share on other sites

I expanded the DHCP range of the R1 to include the cameras IP addresses, and assigned them DHCP reservations. However, I didn't remove their static IP from the cameras configuration (not sure if that matters). I am still unable to access from LAN using the myserver.DDNS.net:8156 address.

 

Yup

 

@ I AM MoD BoX

Do you have those devices set with a Static IP address or are they receiving via DHCP from the R1? Also, can you share what your setup looks like? Do you have another Router/Modem in the mix, or just the R1?

 

My setup is:

FiOS Internet direct from ONT via Cat6 > R1 > Gigabit PoE Switch > IP Cameras

 

Thank you both for your help with this.

Link to comment
Share on other sites

Are the cameras static IPs exactly the same as on the Netduma? 

Yep. I also just went in and changed them all to DHCP, so they are receiving the IP address from the R1, with the reservations I assigned (that match their previous static IP). I can access remotely via the DDNS URL no problem, but locally it doesn't work. I am able to use the local IP address to access while on LAN, but on my last router I was able to use my DDNS URL both locally and remote.

 

The weird thing is, if I plug in myserver.ddns.net from my network (without adding a Port), then I am able to access the R1 interface. However, as soon as I add a Port to the URL, then I get this message in Chrome:

 

This site can’t be reached

MYserver.ddns.net refused to connect.

Link to comment
Share on other sites

Just a thought as it has caused weird issues before, disable turbo mode if you have it enabled. Does that resolve the issue?

 

 

Unfortunately, I already had it disabled. Tried to turn it on/off, still didn't work :-(

 

These are the only settings I have On in MISC Settings
Enable link-local IPv6. X
Enable cookies. X
 
Not sure how I Am MoD Box is getting it to work, b/c I can't think of anything else to try.
Link to comment
Share on other sites

  • Administrators

Hopefully MoD BoX can provide the settings he has for a comparison so you can see if there is anything different. I usually suggest disabling IPv6 in WAN, LAN & Misc but wouldn't have thought it'd cause your issue.

Link to comment
Share on other sites

I expanded the DHCP range of the R1 to include the cameras IP addresses, and assigned them DHCP reservations. However, I didn't remove their static IP from the cameras configuration (not sure if that matters). I am still unable to access from LAN using the myserver.DDNS.net:8156 address.

 

 

@ I AM MoD BoX

Do you have those devices set with a Static IP address or are they receiving via DHCP from the R1? Also, can you share what your setup looks like? Do you have another Router/Modem in the mix, or just the R1?

 

My setup is:

FiOS Internet direct from ONT via Cat6 > R1 > Gigabit PoE Switch > IP Cameras

 

Thank you both for your help with this.

 

I had a rather unique setup, which I no longer use so I can't go into detail about how it worked... But I know it worked... My computer is connected to my R1, my computer has 2 nic cards. The 2nd one was wired to a wireless router upstairs that was feeding a hidden wifi network just for my cameras. This way my computer running the recording software could have direct access over LAN. My computer then was sharing my main connection so when I  needed, I could pull up my cameras remotely over WAN. I don't know if this makes sense to you, it was a complicated setup because I didn't want my R1 handling the massive amount of traffic from the cameras 24/4/365 as it has  killed a few other routers on me in the past.

Link to comment
Share on other sites

  • 1 year later...

Hello,

I'm testing a bit the Netgear Router with DumaOS and see that NAT loopback seems to work... Great.

But apparently the IP address seen by internal devices is the public IP and not the router IP. Which makes it difficult to secure a Synology for example.

On all others brands where I used NAT loopback to access my NAS, it was the IP of the router and I could simply add this in the NAS firewall.

With DumaOS, I need to put the different IP ranges of my internet provider.

What do you think ? Possible to change this so that internal devices will see router IP instead of Public IP ?

Best regards

Link to comment
Share on other sites

  • Administrators

Hello,

I'm testing a bit the Netgear Router with DumaOS and see that NAT loopback seems to work... Great.

But apparently the IP address seen by internal devices is the public IP and not the router IP. Which makes it difficult to secure a Synology for example.

On all others brands where I used NAT loopback to access my NAS, it was the IP of the router and I could simply add this in the NAS firewall.

With DumaOS, I need to put the different IP ranges of my internet provider.

What do you think ? Possible to change this so that internal devices will see router IP instead of Public IP ?

Best regards

 

Hey, welcome to the forum!

 

That's more of a question for Netgear as the Settings is done by them. I can make a note to bring it up with their Development team. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...