Duckdns url inside LAN

abseiler · December 16, 2022, 5:41am

Hi everyone!

I am new to OpenWrt. I have managed to install it on a Linksys WRT 1200ac. I've configured the connection to my ISP and the wireless network. I've figured out almost everything, except the following:

I need to access a web app hosted on a Raspberry Pi inside my LAN, using a Duckdns domain name and a specific port, from both outside and inside of my network. For this, I've created a rule in Network > Firewall > Port Forwards. (Source zone: wan; External port:8123; Destination zone: lan; Internal IP address: 192.168.1.156 (Raspberry Pi); Internal port:8123). I am able to connect from outside the LAN using the Duckdns URL, but not from the inside (ERR_CONNECTION_REFUSED).

I've unchecked the " Discard upstream responses containing [RFC1918] addresses" option in Network > DHCP & DNS > General Settings
I've unchecked the "Do not forward reverse lookups for local networks." option in Network > DHCP & DNS > Advanced Setting
I've added the Duckdns hostname in Network > DHCP & DNS > Hostnames

...but without any luck.

Can you please help me solve this?

Thank you!

frollic · December 16, 2022, 5:44am

What IP does your dns serve the clients, for the FQDN, on the LAN side?

And are you sure your browser is using your dns when surfing? By default, most won't.

abseiler · December 16, 2022, 5:48am

Hi! Thanks for your reply! If I ping for example the Duckdns URL from inside my network it will ping the external IP, which is ok.

If I put the Duckdns URL with no port I can access the OpenWRT web interface. Only when I put the port I get the ERR_CONNECTION_REFUSED in the browser.

frollic · December 16, 2022, 5:51am

Is it?
What IP and host name did you add the hosts on the router?

That's because you're getting the ddns ip back from the public dns, not the overriden local one.

On the LAN side, the FQDN should return the targets LAN ip, not the WAN ip of the router.

abseiler · December 16, 2022, 6:00am

Initially, in the Hostnames, I added the public IP. After reading your reply I changed it to the internal IP of my Raspberry Pi and it's working! Thank you!

I thought that the Duckdns needs to be associated with the router and then it will forward the request to the local machine based on the forwarding rules. Is it possible to use the same Duckdns subdomain to access a different internal machine (on a different port)?

Thank you again for your help!

frollic · December 16, 2022, 6:13am

From WAN, yes, just forward different ports to different local IPs and/or ports.
On LAN, not as easy, since the traffic isn't passing any router/firewall, where you can control where it's going.

abseiler · December 16, 2022, 6:18am

Thank you! I really appreciate it!

stangri · December 16, 2022, 7:47am

I don't use luci that much, but on my router I do:

/etc/config/dhcp:

config dnsmasq
	list address '/mydomain.dyndns.org/192.168.1.15'

And it works to have mydomain.dyndns.org resolve to 192.168.1.15 for any LAN client.

For the ports, I don't remember the details, but the fakeinternet package has a few FW rules to help route specific domains to a different IP and then request to that IP forwarded to a specific port on the router's IP. Maybe you can use something similar.

abseiler · December 17, 2022, 8:33am

Thank you! I've done it via GUI, as [frollic] suggested and it worked. I will play a little bit with the cli to get familiar, too. Thanks!

system · December 27, 2022, 8:34am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.