Use of hostname instead of IP address for port forwarding source IP

[SKSSF]

Hi--

I have a remote location that rsyncs to a NAS on my local network. I've configured port forwarding to allow the remote location's IP address as the source IP. Unfortunately, the remote location does not have a static IP.

Is there any way to use the remote location's DDNS hostname in place of the source IP? If not, feature request?

Thanks!
Sandheep

 

[ColinTaylor]

Is there any way to use the remote location's DDNS hostname in place of the source IP?

Not really because iptables rules are based on IP addresses not hostnames. Sure, you can enter a hostname as part of an iptables command but it is immediately translated into a fixed IP address.

I guess one way to do it would be to ignore the router's GUI and periodically run a custom script, say once an hour. The script would delete any existing rule and insert a new one based on the DDNS name's current IP address.

 

[SKSSF]

Got it--will check out scripting this--thanks!

 

[Zodzod]

Hi SKSSF,

I have the same request you have. I want to share an FTP server with someone else, they don’t have a static IP but have a DDNS host name I could use. Did you ever get your scripting to work? Would you mind sharing the steps?

thank you!

 

[sbsnb]

That's a tall order. Your script would have to make a DNS query to get the IP. Are you going to run one every hour or something?

Then you have to take that IP, build a port-forwarding rule, and restart whatever services are necessary to have the new rule take effect. Depending on your friend's internet setup, it could still be unworkable (like if he has his computer connected directly to a cable modem and turns his computer off when not using it). He'll get a new IP when he turns his computer on, and won't be able to connect to your FTP server until his DDNS updates, and then until the first time your script runs after his DDNS updates.

I think it would be easier and more secure to issue your friend an OpenVPN certificate to connect to your router via VPN.

 

[Zodzod]

Hi sbsnb,

thanks for the reply.

If I ping my friend's DDNS hostname I can resolve his public IP, I was wondering if it was possible to script the router to first ping the host to get the IP then change the existing port forwarding rule to enter the new IP. Once done I don't know if anything needs to be restarted on the router side. I have tried with the GUI and I didn't have to restart anything, as soon as I modify the rule it is live.

All I need is his public IP address, it doesn't matter how he connects inside his LAN, as I'm only filtering from his public IP. Since ISPs don't change user's public IP very frequently I would run the script once, maybe twice a day?

I hope that makes sense, what are your thoughts?

cheers.

 

[sbsnb]

I have tried with the GUI and I didn't have to restart anything, as soon as I modify the rule it is live.

The GUI restarts the firewall when you press OK on creating/modifying a port forward.