- Contact Us
Answer below in Wiki format.
Answer by Cry Havok · Dec 31, 2009 at 11:05 AM
A (quick) primer on how to access a DVR/mail server/web server/etc from outside your network, with DynDNS.
Device: This may be a computer, a DVR, a web-cam, anything on your network that you can access from your network, but want to be able to access from outside it.
LAN: Your network
WAN: Your connection to your ISP's network
Check the WAN IP address of your router - if it looks like
172.31.x.x then you have what is known as an RFC-1918 IP address (often referred to as private addresses). You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you. Until that is done you won't be able to get anything else working.
The only way to be certain of the WAN IP address is to look at your ISP facing device, your router, or if you have one your ADSL/VDSL modem. You can use one of the many web pages that will tell you what your WAN IP address appears to be. Be warned however that if you are behind a proxy server, or you have one of the RFC-1918 IP addresses referred to above, they will report the wrong IP address and you will waste time trying to get this working.
There are 6 general steps:
If you have a separate ADSL modem and router, or you have multiple routers, what follows isn't enough. You'll also need to forward the same ports from the external network device (ADSL modem or router) to the internal router before forwarding those ports from the internal router to the device you're trying to access.
Create your Dynamic DNS ("Remote Access") hostname or Standard DNS hostname (Standard DNS is for use with your own domain). If asked for an IP address when creating the hostname use the auto-detected value or enter something like
192.0.2.1 - the IP address will be replaced by your update client later.
If you have a dynamic IP address from your ISP, you have to make one basic decision - are you going to do your updating from your router or other device like DVR or camera, or from a computer? Running it from a computer (Windows, Linux or other) can mean that you get better logging and more control, but may result in more network traffic and greater delays in updating changed IP addresses (10 minutes rather than 1 minute). Using a non-approved router or device may mean that it is harder to get it working, or that you get your hostname blocked for unnecessarily updating your IP address information too often.
If you are running your updater on Linux/*BSD or any other non-Windows platform it is generally best to install from a package (whether that be an RPM, a DEB or from ports/portage). That way you should get the required startup scripts and a sample configuration file.
You need to ensure that the device you forward traffic to has a static (aka fixed) IP address. If you don't do this then at some point the IP could change, and you'll be wondering why it's suddenly broken.
There are 2 ways of doing this.
If you go with option (1) make sure that you use an IP address outside of the range your DHCP server is allocating from. If you don't do this you'll end up with a duplicate IP on your network, and things won't work. In the rest of this document I'll use 192.168.0.1 to refer to this IP address.
At this point you should be able to connect to the device, using the chosen IP address, from another computer on the LAN (it is important not to test from the device running the service). Until you get this to work there's no point in going further.
Your first step here is identifying what port(s) you need to forward.
If you access the device with a web browser and a URL that looks like
http://192.168.0.1/ then you'll want to forward port 80/TCP. If it looks like
http://192.168.0.1:3128/ then you'll want to forward the number after the colon (:) - in this case port 3128/TCP.
EMail (SMTP) uses 25/TCP for mail server to mail server communication. Other ports are used for other purposes: 587/TCP is a port for client to server (SMTP), 110/TCP for POP3, 143/TCP for IMAP. Other ports are also used for SSL versions of those services, though most modern software can use TLS instead.
Other ports can usually be found easily by visiting Google, or consulting the appropriate guide (more in a moment).
Now, before you configure your port forwarding there may be a problem. Some routers will not actually forward traffic on the same port as their administrative interface uses, even though they'll happily let you set that up. If this applies to your router it'll be easy to spot - instead of getting the device you expected to see you'll get your router's admin page (or a login prompt for the router).
At this point you have 3 choices:
Now it's time to configure the port forwarding. The manual that came with the router will detail how to do this, but if you've lost it (or don't want to look for it) there's a handy website with guides, and they even provide a program called PFConfig to do it for you.
All you have to do is pick your router, pick the program you want to forward traffic to (or the protocol) and follow the instructions - complete with pictures.
Be aware of problems with the Actiontec MI424WR (and probably other devices). If you configure the port forwarding using the hostname of the device to forward to then you may have problems. You have to use the IP address at all times.
You now need to test from outside your LAN with the DynDNS hostname. The reason for testing from outside your LAN is that not all routers support loopback connections (NAT reflection). There are several ways to test this:
Before you post, take a few minutes to go through the steps above again, checking that you've got it all right. It could be that you've made a typing error in the IP or port, selected UDP when you should have selected TCP, or just forgot to hit save on the router's configuration page.
Now, if you are using a web browser and a port other than port 80, are you remembering to specify the port. For example, if you are using port 8080 then you would enter
http://example.dyndns.org:8080/ in the URL bar of your web browser. Many problems are caused by not specifying the port.
Next, check that the IP address your hostname resolves to is the same as the WAN IP address of your router.
nslookup example.dyndns.org. (inc the trailing dot!)
If it doesn't, wait 10 minutes and check again. If it still doesn't, then check that your update client is working and has updated your hostname with the current WAN IP. If it has, you may need to change your DNS servers (DynDNS, OpenDNS and Google all run free DNS servers) or flush your DNS cache.
If your router has a WAN IP address that looks like 10.x.x.x, 192.168.x.x or 172.16.x.x to 172.31.x.x then you have what is known as an RFC-1918 IP address. You will need to contact your ISP to find out how to get a public IP address, or have traffic routed to you.
Another thing to consider is that some ISPs block incoming traffic on common server ports (or just anything below port 1024). If you're trying to access a web based service (that is, with a web browser), then try forwarding a different port (say 10080) to your device. If that works then your ISP is blocking traffic - WebHop may be one option here. For mail servers the Email Gateway service can help.
Once you've checked all that, search the forum! It's highly likely that your problem isn't unique to you. This means that others have probably posted the solution. You'll save yourself, and others, a lot of time if you spend some time searching first.
Finally, if nothing you've found helps, start a fresh topic for your problem. Posting in a topic somebody else is active in will only confuse matters and increase the chance you'll be overlooked. Please also only start a single topic - opening multiple topics for the same problem will just annoy people.
Remember to provide as much detail as you can - IP addresses, router models, what update software you're using, and what version number it is, what you're trying forward the traffic to and how you've configured the port forwarding - along with anything else you think is relevant (network diagrams can help if you've not got a simple network).
Here is a good starting list of things to provide: