What's new

Opening ports for DDNS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wired

Occasional Visitor
As the title says, using DDNS to access a service on my network. I have port forwarding setup for the port/IP and it shows as forwarded in the connection logs. The device in question is using a static IP and service running and listening on port x. Problem is if I go to any of the port checkers, it shows the port as closed. Is there something else I need to do in order to get the port to show open?
 
There are two ports involved in port forwarding: the open port on the router, and the port packets will be forwarded to on the LAN. Make sure you're testing the open port on the router and no the one on the LAN, unless they're the same.
 
As with all port forwarding, the first thing to do is make sure you have a *public* IP on the WAN and not a *private* one. Many ppl are behind ISPs using CGNAT, which is private. A private IP can NOT be remotely accessed.
 
Is there an easy way to determine if CGNAT is the issue? My NAS has its own DDNS and I’m able to access it without doing the whole forwarding thing. Granted I’m using their build in forwarding service via one of their apps.

so checking the site portchecker.co it shows a different address than is shown on the router main page
 
You can't necessarily compare what some other application does for its own remote access purposes, to your own port forwarding. For example, something like Teamviewer (a remote access tool) doesn't depend on port forwarding. Instead, it establishes an *outbound* connection to one of their relay servers. Then when you attempt to remotely access a device on your network, it tunnels itself back in over the outbound connection. Many applications do this precisely to avoid port forwarding issues w/ NAT routers. I have no idea whether this applies to your NAS.

If your ISP is using CGNAT, then as it states in that link I provided, the WAN ip will be in the 100.64.0.0/10 network (e.g., 100.64.99.102).

so checking the site portchecker.co it shows a different address than is shown on the router main page

That's not a good sign.
 
I figured out why it was showing two address. The client I was checking from was connected through the VPN. My router address is not in the tunnel. ‍

Thought someplace I read if using policy routing to exclude the router for things like time sync, etc. could be wrong though. Seems to be happening a lot lately
 
Last edited:
When dealing w/ a problem like this, it helps to have the *full* picture. You initially said nothing about having an active OpenVPN client on the router. Any clients bound to the VPN will have their replies from remote access over the WAN, routed back over the VPN! And that's a violation of the firewall rules. Specifically, RPF (reverse-path filtering). RPF *requires* the point of ingress to and egress from the network use the same gateway.
 
That was my mistake in not providing a ‘full’ description of the topology. Apologize. The client in question though that I was trying to use was not in the tunnel. The client I was checking port status was though. I’ll continue reading before making another posting error. I do appreciate everyone knowledge on here.
 
It wasn't so much a "posting error" as it was more of a reasonably important piece of missing information :)

Similarly, the thread title is misleading as "Opening ports for DDNS" reads to me like you are trying to open a port to get DDNS to work. Your actual question has little or nothing to do with DDNS, but is more of a simple port forwarding issue.

I presume that internally on your network the service is actually accessible on the port in question?

Is the inbound port that you forwarded the same as the outbound (to your local IP) or different (sometimes that can be a problem)?

Have you actually tried to access the app from a legitimately remote client or are you assuming that since the port scanner said closed that it wouldn't work?
 
On the title, noted. Can see how that didn’t accurately describe the issue. Yes, internally I can connect; or rather I can ping the address/port and get a reply.

The port forward section, both the source and destination ports are the same. I ran netstat from device and it shows it’s listening on that port.

I did assume because it said the port was closed that it was going to fail. I realized my mistake when I was trying to test from a client, on the same network, but that was in a tunnel. Wouldn’t have figured that one out if not for @eibgrad comment about me having different WAN addresses; so I had to figure out why.

Initially my external connection was through cellular, then I tried on a different WiFi than my own.

However, after reading everyone responses I think I get it. there’s a reason why you all are ‘very senior, and part of the furniture’ :)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top