Asus AC88U loopback, Dnsmasq and Port Forwarding

Ionesco

Occasional Visitor
Hi everybody, and thanks in advance for your help.

I have put a sensor in my mailbox, and I receive notifications when I got a mail (with HomeKit and IFTTT). But, I want to receive a picture from my outdoor camera when the mailbox is opened. So, I've found so local url that give me that snapshot : 192.168.1.78/code/snapshot.jpg.

It works well when I'm inside my local network. But when I'm outside, I can't get the picture. So I have configured a dynamic DNS and a port forwarding. Here is the result : myname.com:3141/code/snapshot.jpg.
It works perfectly from outside my network. But when I'm inside, it doesn't because of the loopback, I think.
(I though my Asus AC88U would success to manage it, but it doesn't)

So, I tried to play with Dnsmasq in order to "redirect" this address to my local IP when I'm inside the network.
In my Dnsmasq.conf file, I tried :
address=/myname.com/192.168.1.78
And it works if I enter this url : www.myname.com/code/snapshot.jpg (so, without the port)

BUT, as I want a unique URL in my automatisation, I can't forget the port !
So I tried :
address=/myname.com:3141/192.168.1.78

And it doesn't work ... I presume Dnsmasq can't read the port ?

Is there a way to succeed ?

Thank you !
 

dave14305

Part of the Furniture
DNS does not care about ports, so you don’t need it in dnsmasq.conf (do not want it either).

Is 3141 a port forward to 80 or 443? When on your LAN your request won’t be routed, it will be switched since you are returning a local IP, so if you want to use the same url, you would need something listening on port 3141 on 192.168.1.78.
 

Ionesco

Occasional Visitor
What do you mean by "something listening on port 3141 on 192.168.1.78" ?

Oh, ok, I get it. As my "redirection" will join 192.168.1.78:3141, something should listen ... But how ?
 

ColinTaylor

Part of the Furniture
So I have configured a dynamic DNS and a port forwarding. Here is the result : myname.com:3141/code/snapshot.jpg.
It works perfectly from outside my network. But when I'm inside, it doesn't because of the loopback, I think.
(I though my Asus AC88U would success to manage it, but it doesn't)
This (NAT loopback) works for me so I don't know why it doesn't for you.

As my "redirection" will join 192.168.1.78:3141, something should listen ... But how ?
As Dave said, dnsmasq cannot redirect ports. To use port 3141 with IP address 192.168.1.78 you would need to configure the camera to listen on that port.
 

Ionesco

Occasional Visitor
Sadly, that's not possible, I can't configure the camera (Netatmo Presence), it's a closed system.
 

Ionesco

Occasional Visitor
I don't know why the Loopback doesn't work, maybe because my router is after an internet box (configured in DMZ). I know that the Internet Box (Livebox 4) has a loopback fonction, but to configure it, I have to make a NAT forward from 80 to 80 on the concerned equipment. But, as my internet box is on 192.168.0.X network, and all others equipments are on 192.168.1.X, I can't active the internet box loopback function.
 

ColinTaylor

Part of the Furniture
Yes the loopback would have to be done on the Internet Box as that is the device that has the IP address associated with myname.com. (NAT loopback is not the same as port forwarding)
 

ColinTaylor

Part of the Furniture
Yes I had already seen that link (with google translate ;)).

At the beginning it makes a general statement about NAT loopback ("Le loopback c'est la possibilité, depuis son réseau interne, d'accéder à une ressource du LAN en utilisant l’IP WAN externe du routeur ou son DNS associé, de chez soi comme à l'extérieur").

But then everything that follows is just a description of how to setup port forwarding (which is also necessary). The "activate" box is to activate the port forwarding rule.

There is nothing in those instructions about activating NAT loopback specifically. But I wouldn't expect there to be, either the router supports it or it doesn't. It's the same as on the Asus, there's no specific option to enable or disable NAT loopback.
 

Ionesco

Occasional Visitor
I agree with you. So, loopback should be already "activated" on the internet box (as on my AC88U with Merlin).
If loopback is supported by my internet box and my router, I don't get why it doesn't work :(
 

ColinTaylor

Part of the Furniture
What do your port forwarding rules look like?

I'd guess that on the Livebox it is:

3141 -> 3141 (Asus_WAN_IP)

and on the Asus it is:

3141 -> 80 (192.168.1.78)

EDIT: corrected port number
 
Last edited:

Ionesco

Occasional Visitor
On the Livebox, I'm in DMZ, so I don't have particular port forwarding.
On the Asus, I have 3134 -> 80 (192.168.1.78
 

ColinTaylor

Part of the Furniture
The Asus address, as seen from the box internet, is 192.168.0.3. But when I go directly to this address, I have a 404.
That's expected. You should not get a response.
When I want to go to my router, I use 192.168.1.1.
That's also correct.

Well that's good. At least that is working.

Sorry, I keep mis-typing the port number as 3134 instead of 3141. Is 3141 the correct port?

Maybe try turning off the DMZ on the Livebox temporarily and creating an explicit port forwarding rule. Maybe there's a difference.
 

Ionesco

Occasional Visitor
It's 3141, but I just copied your mistake ;)

OK, I'm pretty surprised by what happen next !

I tried to turn off DMZ. Then, I add a NAT rule on my Internet box : 3141 to 3141 (192.168.0.3)
I also delete my dnsmasq line where myname.com redirect to 192.168.1.78.

And now, and it's pretty weird, this url works from inside and outside the network : myname.com/code/snapshot.jpg
Without the port ! And I don't get why !! Because the snapshot is located on 192.168.1.78. If I'm outside the network, the myname.com = my WAN IP , there is no reason that it lead to the camera IP without port ...

Assuming that dnsmasq is already in use (I just restart the dnsmasq service, I don't have rebooted the router), so from inside the network, I get it. But it doesn't explain why it works from outside.

Do you understand something ? o_O
 

ColinTaylor

Part of the Furniture
No I don't understand why that is happening. I would,

a) use the external IP address instead of the DDNS name for testing. Just to eliminate DNS as an issue

b) reboot both routers before testing to ensure that the changes have been removed/applied correctly
 

Ionesco

Occasional Visitor
a) I tried with external IP, it works too
b) I'm pretty afraid of rebooting, as it works as I want now ;), but I will
 

Ionesco

Occasional Visitor
Oh, I think I understand !
I've made some tests before, and I still have a NAT rule on my Asus router : 80 to 80 (192.168.1.78).
I don't know if it true, but if I don't put port in my URL, as it's HTTP, it listen on 80, right ?

So, if it is, you were right about DMZ, it was interfering with loopback.

Knowing that, I tried externalIP:3141/code/snapshot.jpg, and it works (outside and inside). But myname.com:3141/code/snapshot.jpg doesn't (it works outside only). Strange

Edit 2 : it seems that my dnsmasq still working, it explain why myname.com:3141/code/snapshot.jpg doesn't work inside
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top