[SOLVED] Dynamic DNS set up for a home network

Honest Abe · 02-03-2019, 01:36 AM

Greetings LQ,

I am trying to set up dynamic DNS on my PC (not on Router) and I believe that I am hitting a roadblock in terms with network connectivity. I would greatly appreciate any pointers to the right direction, before I start tinkering with the Routers.

Expectation :

I wish to configure Dynamic DNS on my desktop PC, so that I can take an ssh session over the public IP. There are couple of KVMs residing within, which are to be used for practice. So I hope to ssh first to my PC, then start up the KVMs, connect to KVMs via ssh and then continue with practice.

Current Setup :

Attached is a crude netwrok diagram of my home network. Also, here's a Link
(If this uploading site is considered unsafe, please advise which one to use !)

Both routers are wifi capable (so switching is easy). For the rest of this discussion, please treat the PC3 connected (wired) to Router 2 as intended machine.

What I have Done so far:

I started off with this tutorial: https://www.howtogeek.com/66438/how-...ere-with-ddns/
The tutorials used a windows PC client, so I substituted the steps for linux client, followed from here: https://www.dynu.com/DynamicDNS/IPUpdateClient/Linux

brief steps -
1. Created account on dynu and registered my PC's hostname (short name).
2. The updater client is designed for RHEL7 type OS. With minimal tweaks I was able to make it work on my Opensuse Leap 15. (created a soft link for /bin/dynuiuc at /usr/bin/dynuiuc and created the config file). Neither the logs nor the service/journals report any error.
3. A laptop connected to hotspot from mobile (to simulate an outside network) is unable to ping the PC with it's public IP or the DNS (freshly created at Dynu website). Lookup commands failed too.

Questions -

1. I wish to bind ssh port to something different(say 7956) than port 22 and I can make the changes on the PC. What do I need to do (port Forwarding??) on my router (please specify for Router 1 & Router 2 if needed)? [I have not changed the ssh configs yet, so right now it's 22.]

2. Since the DNS records stay with dynu, do I need to use their resolver ? Shouldn't the DNS record be automatically synced to other providers after some time?
(Edit: Okay, I know now that it does. )

3. My home machines have a domain of, you guessed it, example.com. I do not have a kerberos/ldap/dns setup in my home network though, so the domain name is just part of the hostnames at the moment. [However, I may set these up at a later time ]. Since my domain name over public IP is different (say .dynu.xyz), do you sense a problem ahead ?

4. If you have already set this up, could you point me to a better/all-inclusive tutorial ? [I know I am being greedy here

]

Info:

1. PC Kernel version -> 4.12.14-lp150.12.45-default
2. Dynu Client version -> dynuiuc-2.6.2-2.x86_64
3. My short hostname has a '-' hyphen, which should not be much of a concern (right?). Checked here too - https://tools.ietf.org/html/rfc952

Logs:
Unsure what I need to show here, but here's the log from Dyn client.

Code:

Sun Feb  3 11:15:03 2019 [ENGINE] Status Code: No Change
Sun Feb  3 11:18:23 2019 [ENGINE] Checking if IP update is required.
Sun Feb  3 11:18:34 2019 [ENGINE] IP address update initiated.
Sun Feb  3 11:18:34 2019 [ENGINE] Status Code: No Change
Sun Feb  3 11:21:54 2019 [ENGINE] Checking if IP update is required.
Sun Feb  3 11:22:00 2019 [ENGINE] IP address update initiated.
Sun Feb  3 11:22:00 2019 [ENGINE] Status Code: No Change

Service Config:

Code:

# cat /usr/lib/systemd/system/dynuiuc.service
[Unit]
Description=Dynu IP update client daemon

[Service]
Type=forking
PIDFile=/var/run/dynuiuc.pid
ExecStart=/bin/dynuiuc --conf_file /etc/dynuiuc/dynuiuc.conf --log_file /var/log/dynuiuc.log --pid_file /var/run/dynuiuc.pid --daemon
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

client updater config -

Code:

ab-desktop:/home/anirban/Downloads # cat /etc/dynuiuc/dynuiuc.conf
username SOMENAME
password SUPERSECRET
location
ipv4 true
ipv6 true
pollinterval 200
debug false
quiet false

Disclaimer :
No affiliation with Dynu. Just using their free service.

michaelk · 02-03-2019, 06:14 AM

All the updater does is send your public IP address to dynu. When you ping your dynu URL it should resolve to your Home public IP but If your router is not configured to respond to ICMP requests the ping will fail. If your public ip is not being resolved correctly then the dynu client is not configured or working correctly.

Local domain names will not interfere with the dynu url so that should not be a problem.

Is your extended network on the same subnet as your main router? That would make things easy. You need to forward in your gateway router the desired ssh port to your pc3 IP address. I suggest setting a address reservation in your dhcp server.

Honest Abe · 02-03-2019, 07:16 AM

Thanks for your attention, michaelk.

I do have some progress. At least the name resolution is working.

I went at the IP/hostname with simple nmap scan and it reported this -

Code:

Nmap done: 1 IP address (0 hosts up) scanned in 2.36 seconds
           Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

So either, it's not working, or bully for my ISP (a deeper scan would take hours !) !!

Quote:

Is your extended network on the same subnet as your main router? That would make things easy. You need to forward in your gateway router the desired ssh port to your pc3 IP address. I suggest setting a address reservation in your dhcp server.

Yes, the initial plan was 2 different subnets, but constant niggles have made me choose simplicity, so now the subnet of Router 1 is extended over Router 2.
My DHCP is dished by the the Router 1, and which would be the gateway too. I'll try it out and report.

Honest Abe · 02-10-2019, 09:50 AM

Update -

CHecked both my routers. I can't seem to find an option to open ports for ssh or manually open a non standard port and map it to incoming port 22.

Looking at endian for possibilities, but most likely I'll drop this.

michaelk · 02-10-2019, 10:11 AM

The posted image looks ok. You should be able to select any port number. Did you try updatating the router and testing the configuration? The public port is incoming and private port is what it gets remapped to. When testing you need to specify the public port.

ssh -p 8081 user@dyndns.url

Honest Abe · 02-12-2019, 12:59 AM

@michaelk, of course I tried that ! And a portscan says that the port is already being used by something else - (scanned from an outside network)

Code:

# nmap -v -p 8081 -sV  -sS -T4 -Pn MyDynu.dns
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-12 12:12 IST
NSE: Loaded 43 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 12:12
Completed Parallel DNS resolution of 1 host. at 12:12, 0.16s elapsed
Initiating SYN Stealth Scan at 12:12
Scanning MyDynu.dns (XX.XXX.XX.xxx) [1 port]
Completed SYN Stealth Scan at 12:12, 1.05s elapsed (1 total ports)
Initiating Service scan at 12:12
NSE: Script scanning XX.XXX.XX.xxx.
Initiating NSE at 12:12
Completed NSE at 12:12, 0.00s elapsed
Initiating NSE at 12:12
Completed NSE at 12:12, 0.00s elapsed
Nmap scan report for MyDynu.dns (XX.XXX.XX.xxx)
Host is up.
Other addresses for MyDynu.dns (not scanned): fd00:0:b:33::31cf:302e
rDNS record for XX.XXX.XX.xxx: broadband.xxxxx.xx

PORT     STATE    SERVICE         VERSION
8081/tcp filtered blackice-icecap

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.37 seconds
           Raw packets sent: 2 (88B) | Rcvd: 0 (0B)

On the physical machine, I don't see 8081 being used (or listening to), but this was reported -

Code:

#getent services 8081 
sunproxyadmin     8081/tcp

This 'might' be my VPN provider though, and in any case, internal port 8081 shouldn't be a problem.
I'll try a few other things and report.

ondoho · 02-12-2019, 02:02 AM

just an aside:

Quote:

Originally Posted by Honest Abe

A laptop connected to hotspot from mobile (to simulate an outside network)

this isn't necessarily enough (assuming the hotspot is still provided by one of your routers).
you need to go fully outside to for testing, either by using mobile broadband or using somebody elses hotspot.
in addition to local tests.

Honest Abe · 02-12-2019, 10:02 PM

@Ondoho, Thanks for your attention.
I shared my Mobile's 4G connection via hotspot. That's a different provider than my broadband provider.

Right now, I am waiting for a new router, for upgrading my home network and see if the issues are rectified.

Will keep posted.

Honest Abe · 02-16-2019, 02:50 AM

update -

Reserved DHCP address in the new Router & set a port forward rule too. My external port is defined as 22222, which should redirect to internal port 22.

Still, no connection (& a few expletives) !!

Code:

# nmap -v -p 22222 -sV  -sS -T0 -Pn MyDynu.dns
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 13:19 IST
NSE: Loaded 43 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 13:19
Completed Parallel DNS resolution of 1 host. at 13:19, 0.00s elapsed
Initiating SYN Stealth Scan at 13:19
Scanning MyDynu.dns (XX.XXX.XX.xxx) [1 port]
SYN Stealth Scan Timing: About 50.00% done; ETC: 13:29 (0:05:00 remaining)
Completed SYN Stealth Scan at 13:34, 900.14s elapsed (1 total ports)
Initiating Service scan at 13:34
NSE: Script scanning XX.XXX.XX.xxx.
Initiating NSE at 13:34
Completed NSE at 13:34, 0.00s elapsed
Initiating NSE at 13:34
Completed NSE at 13:34, 0.00s elapsed
Nmap scan report for MyDynu.dns (XX.XXX.XX.xxx)
Host is up.
Other addresses for MyDynu.dns (not scanned): IPV6 ADDR
rDNS record for XX.XXX.XX.xxx: broadband.xxxx.xx

PORT      STATE    SERVICE    VERSION
22222/tcp filtered easyengine

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 900.92 seconds
           Raw packets sent: 2 (88B) | Rcvd: 0 (0B)

# ssh -p 22222 -o PasswordAuthentication=yes USER@MyDynu.dns -vvvv
OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "MyDynu.dns" port 22222
debug2: ssh_connect_direct
debug1: Connecting to MyDynu.dns [XX.XXX.XX.xxx] port 22222.
debug1: connect to address XX.XXX.XX.xxx port 22222: Connection timed out
debug1: Connecting to MyDynu.dns [IPV6 ADDR] port 22222.
debug1: connect to address IPV6 ADDR port 22222: Network is unreachable
ssh: connect to host MyDynu.dns port 22222: Network is unreachable

michaelk · 02-16-2019, 05:22 AM

Have you tried connecting using your public IP address?
Does pinging your dyndns url resolve to your public IP address?

Honest Abe · 02-17-2019, 05:02 PM

Yes the DNS url is resolving to correct public IP since Day 1.

And I am trying to access it from a laptop connected to my Mobile's 4G hotspot, which should emulate a different network.

michaelk · 02-17-2019, 05:38 PM

Just for reference can PC1 or any other PC on your network login in to PC3 via ssh?

Honest Abe · 02-17-2019, 07:45 PM

In my test scenario I have already checked that no matter how I tried -

A. PC1 can't connect to PC3 from an outside network. The port is reported as filtered and just to be sure of my understandings I checked thistoo. This is same for key based auth attempts and PW based auth attempts.

B. PC1 can connect to PC3 from same network and generally uses key based authentication. But password based works too.

My network skills/understandings are somewhat flimsy, but I think the port is the filtered at the hardware level. I will try once again to see if I can possibly use a different port, but not very hopeful. Anything else that you can think of ?

michaelk · 02-17-2019, 08:00 PM

I was specifically asking about your LAN and not from outside but it appears not to be a LAN problem.

Your gateway router still might not be configured correctly to forward traffic.
Some ports could be automatically filtered by the your ISP.

allend · 02-23-2019, 08:12 AM

Looking at the output in post #9 suggests that port 22222 is open on the router, but ssh cannot complete the connection.
Perhaps silly question, but is sshd running on the target PC?
Perhaps try setting the router to pass port 22222 to the target PC and set sshd to listen on that port.
Check that any firewall on the target PC is allowing the incoming connection. (Check 'dmesg' for records of blocked connections.)