Local domain name for cameras

[mlee2]

I have an unusual situation that maybe someone can help me with...
Am using Asus RT-AC66U router with Asuswrt_Merlin firmware. I have 16 local cameras that I view from home, and also on the road over the internet. I have a DDNS service to resolve my wan ip to my domain name over the internet. I need my router to be able to resolve the same domain name while on my home network without having to change all the settings of my camera viewer software. Each camera is assigned a static ip address on my local network, and each uses a unique port number. While over the internet, each camera connects by specifying "mydomainname : port". How can I configure my router to do this while at home on my local network without having to change all the settings in my camera software?? Any help would be most appreciated!

 

[coxhaus]

You need a local static DNS. That way your local DNS will resolve to the local private IP instead of the internet public IP. If Asus does not support this feature then you can run a local DNS like Microsoft or another.

 

[mlee2]

Thanks for the reply. I have added a hosts.add file in the configs folder of the router with all 16 IP addresses pointing to the same dns name that seems to work, but not sure this is the most efficient way to do it, or if it would be better so somehow add a script using dnsmasq? Any input would be appreciated.

 

[ColinTaylor]

@coxhaus's solution sounds promising but I think I see a problem.

If I understand you correctly you are using port forwarding to redirect incoming traffic to different IP addresses depending on the incoming port number. So for example, mydomainname:8000 might go to 192.168.1.50:80 and mydomainname:8001 might go to 192.168.1.51:99.

Because you're not simply mapping 1 external address to 1 internal address I don't think DNS alone will provide the solution.

Ideally you'd want to use NAT loopback. Do you have any options in the router to change the NAT loopback method?

 

[ColinTaylor]

I have added a hosts.add file in the configs folder of the router with all 16 IP addresses pointing to the same dns name

The hosts file works the other way around. The names point to IP addresses. If you have multiple identical names pointing to different IP addresses it will only return the first one return all of them (see below).

 

[coxhaus]

@coxhaus's solution sounds promising but I think I see a problem.

If I understand you correctly you are using port forwarding to redirect incoming traffic to different IP addresses depending on the incoming port number. So for example, mydomainname:8000 might go to 192.168.1.50:80 and mydomainname:8001 might go to 192.168.1.51:99.

Because you're not simply mapping 1 external address to 1 internal address I don't think DNS alone will provide the solution.

Ideally you'd want to use NAT loopback. Do you have any options in the router to change the NAT loopback method?

You are correct in 1 name to 1 IP. I would think he could structure it so it is maybe camera1, camera2, etc. since he does not have backwards port forwarding.

NAT loopback works but exists in higher end gear.

 

[ColinTaylor]

NAT loopback works but exists in higher end gear.

NAT loopback is present in Asuswrt as well. I remember that Merlin used to provide two different techniques for NAT loopback, Asus' and his own. If something didn't work with one you could try the other. I don't use Melin's latest firmware so I don't know if that 2nd option is still there. It might work dependent on having hardware acceleration disabled.

 

[mlee2]

Thanks for the input, Guys. Yes, port forwarding is being used to redirect traffic to a specific ip address based upon port number.
Yes, Asuswrt Merlin does have NAT loopback, but I'm not sure how to use it...
The host.add file does allow my camera software to see all cameras on my local network, but just not sure if it is the most efficient way, or if it might cause some conflicts, etc in other ways... All 16 IP addresses of the cameras are pointing to a single domain name...

 

[coxhaus]

If you have NAT loopback then you should use it. I have never used Asus routers just motherboards.

 

[ColinTaylor]

Can you show us the contents of the hosts.add file. I'm having trouble understanding how that could work.

Yes, Asuswrt Merlin does have NAT loopback, but I'm not sure how to use it...

It just means that you type in your external DDNS name and it works from within your LAN. What options do you have regarding NAT loopback?

 

[john9527]

It just means that you type in your external DDNS name and it works from within your LAN. What options do you have regarding NAT loopback?

Just an FYI.....the Merlin NAT Loopback is no more in the Merlin 384 branch. Removed due to too many potential conflicts with iptables marks in the new code.

 

[ColinTaylor]

Just an FYI.....the Merlin NAT Loopback is no more in the Merlin 384 branch. Removed due to too many potential conflicts with iptables marks in the new code.

Thanks for the info John, I didn't know what the current position was.

 

[coxhaus]

I am not sure domain name really helps at the switch level. If I had a bunch of cameras I would want them segmented off in a separate VLAN to limit the broadcast domain and add security access for the camera VLAN.

 

[mlee2]

Can you show us the contents of the hosts.add file. I'm having trouble understanding how that could work.
It just means that you type in your external DDNS name and it works from within your LAN. What options do you have regarding NAT loopback?

Hi Colin. Below is the contents of my hosts.add file, except that I have replaced my actual domain name with "mydomain.com. My nat loopback is set to Asus, which I guess is the default? Other options here are disabled and Merlin. I really appreciate the help!

192.168.1.115 mydomain.com

192.168.1.116 mydomain.com

192.168.1.117 mydomain.com

192.168.1.118 mydomain.com

192.168.1.119 mydomain.com

192.168.1.120 mydomain.com

192.168.1.121 mydomain.com

192.168.1.122 mydomain.com

192.168.1.123 mydomain.com

192.168.1.124 mydomain.com

192.168.1.125 mydomain.com

192.168.1.126 mydomain.com

192.168.1.127 mydomain.com

192.168.1.128 mydomain.com

192.168.1.129 mydomain.com

192.168.1.130 mydomain.com

 

[ColinTaylor]

BTW What firmware version are you running?

OK Looking at the hosts file, it isn't doing what you think it is. If you query "mydomain.com" it will return a list of all the IP addresses. Every time you repeat the query the starting point of the list moves on by one line (with the previous lines wrapping around to the bottom of the list). As most tasks (like URL's, ping, etc.) only want one IP address they will use the first line in the list. So effectively, every time you use "mydomain.com" you get the next IP address in the sequence.

So I can't see this helping for you at all. I'm wondering whether the contents of hosts.add are even being applied to etc/hosts. To confirm can you post the output of:

cd /etc
cat hosts

EDIT: Or just do "nslookup mydomain.com"

C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.115
          192.168.1.116
          192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130


C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.116
          192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130
          192.168.1.115


C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130
          192.168.1.115
          192.168.1.116

 

[mlee2]

BTW What firmware version are you running?

OK Looking at the hosts file, it isn't doing what you think it is. If you query "mydomain.com" it will return a list of all the IP addresses. Every time you repeat the query the starting point of the list moves on by one line (with the previous lines wrapping around to the bottom of the list). As most tasks (like URL's, ping, etc.) only want one IP address they will use the first line in the list. So effectively, every time you use "mydomain.com" you get the next IP address in the sequence.

So I can't see this helping for you at all. I'm wondering whether the contents of hosts.add are even being applied to etc/hosts. To confirm can you post the output of:

cd /etc
cat hosts

EDIT: Or just do "nslookup mydomain.com"

C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.115
          192.168.1.116
          192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130


C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.116
          192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130
          192.168.1.115


C:\Users\Colin>nslookup mydomain.com
Server:  router.asus.com
Address:  192.168.1.1

Name:    mydomain.com
Addresses:  192.168.1.117
          192.168.1.118
          192.168.1.119
          192.168.1.120
          192.168.1.121
          192.168.1.122
          192.168.1.123
          192.168.1.124
          192.168.1.125
          192.168.1.126
          192.168.1.127
          192.168.1.128
          192.168.1.129
          192.168.1.130
          192.168.1.115
          192.168.1.116

...Son of a Gun!! I removed the hosts.add file, and VOLA! The cameras appear (via domain name) in my software! (nat loopback was set to Asus). I set is to disabled, and no go. I tried nat loopback set to Merlin and it also worked!! I had cameras b4 using the Asus router, and never knew of that function, hence never tried it without using IP addresses! My firmware version of my router is Asuswrt-Merlin v 380_69_2, which I believe is the latest. Which would be better for nat loopback, Asus or Merlin?

 

[ColinTaylor]

The answer is always simple (when you know it).

Which would be better for nat loopback, Asus or Merlin?

Whichever works. I can't imagine there's any "performance" implications of one over the other.

 

[mlee2]

The answer is always simple (when you know it).
Whichever works. I can't imagine there's any "performance" implications of one over the other.

Thanks so much for the help! They both work...