Reply
New Member
Posts: 14
Registered: ‎10-30-2014
Kudos: 22

Dynamic DNS behind double NAT?

I have a unique situation where I have a USG that sits behind an existing DSL modem (less than ideal and cannot be changed). The DSL modem sits at 192.168.0.1 while the USG sits at 192.168.1.1. The DSL modem assigns the USG a WAN IP of 192.168.0.2 (while the DSL modem gets the actual IP). Is the Dynamic DNS client built into the device smart enough to get the real outside IP, or will it report the internal address that the USG is getting from the DSL modem? 

 

I run Namecheap's DynamicDNS client on a computer that sits behind the USG now, but would much rather this be handled on the router itself. 

Regular Member
Posts: 538
Registered: ‎08-25-2009
Kudos: 93
Solutions: 4

Re: Dynamic DNS behind double NAT?

In my humble opinions, that is a poor implementation of the DYNDNS .

The USG should check how is it seen from the outside, not report its wan IP.
WRT-XX fimrware did that very nicely.

Try setting DYN on the modem. instead of in the USG.
thats what we do.
New Member
Posts: 14
Registered: ‎10-30-2014
Kudos: 22

Re: Dynamic DNS behind double NAT?

I was able to answer my own question by digging through some logs. The USG unfortunately is reporting it's internal IP address, and not the actual WAN address. 

SuperUser
Posts: 13,596
Registered: ‎10-06-2013
Kudos: 4516
Solutions: 1030

Re: Dynamic DNS behind double NAT?

A pure DSL modem has no NAT and is merely an interface between xDSL and ethernet.

UK Comms & Links Engineer.


Come on you lot, Feel free to 'Mark as Solution' At least click the Kudos button. Thanks.


Top Solution Authors Leaderboard
Regular Member
Posts: 538
Registered: ‎08-25-2009
Kudos: 93
Solutions: 4

Re: Dynamic DNS behind double NAT?

I guess he meant a modem/router from the isp.

USG should query a server to find its external ip.
But does not.
New Member
Posts: 14
Registered: ‎10-30-2014
Kudos: 22

Re: Dynamic DNS behind double NAT?

Correct, the telephone company provides a modem/router combo. Unfortunately it cannot be placed in bridge mode. 

Regular Member
Posts: 347
Registered: ‎04-10-2014
Kudos: 150
Solutions: 20

Re: Dynamic DNS behind double NAT?

@dervyyou can enable web lookup for DDNS to get this to work behind a double nat. 

 

Enter configure mode

 

$configure

 

Add the command to use web lookup for your IP address. 

 

# set service dns dynamic interface eth0 web dyndns

  

Commit and Save your changes.

 

# commit
# save

  

Now export the configuration file from the USG and add it to your controller using the instructions in the knowledge base.https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-w...

 

Emerging Member
Posts: 83
Registered: ‎10-19-2015
Kudos: 66
Solutions: 2

Re: Dynamic DNS behind double NAT?

Tip: Never ever use double NAT. 

 

Call you phone company. Ask to get level 2 tech directly.

Tell level 2 tech that you need an modem that can be confgured to bridgemode since you have your own firewall.

If they still cant give you that. Change provider to one that can do this. This will save you ALOT of problem down the road. Period. Man Happy

Veteran Member
Posts: 4,624
Registered: ‎03-11-2013
Kudos: 1403
Solutions: 86

Re: Dynamic DNS behind double NAT?


dervy wrote:

Correct, the telephone company provides a modem/router combo. Unfortunately it cannot be placed in bridge mode. 


Are you sure the pos modem/router from the ISP cannot be replaced? Also, have you checked ther ISP's support forum? You can probably turn off the DHCP on the ISP device

 

R+C

Regular Member
Posts: 347
Registered: ‎04-10-2014
Kudos: 150
Solutions: 20

Re: Dynamic DNS behind double NAT?

While I agree with @onlyalex that dobule NAT should not be used, however, sometimes there is no other option than to use double NAT or change a provider.

 

In my case, The ISP (Frontier Internet) supplied DSL Router/Modem can be configure for bridged mode but it does not work. Based on the ISP and other forumts, Frontier has done something to prevent non-ISP devices from working in bridged mode. Therefore, I'm stuck with double NAT or no internet. 

 

One way to help combat any issues that can come up with double NAT is to set the USG to be the DMZ host and don't connect any other devies to the switch on the DSL router/gateway. 

 

Using the commands that I've posted above, @dervy will be able to get the correct external IP to work with DDNS. 

 

I've been configured this way for years and not had a problem. 

 

One other interesting note... With Frontier, even with an old device that used to support bridged mode, the USG reported a different external IP than what I actually had so I still needed to use commands to get the correct external IP. 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 126
Solutions: 1

Re: Dynamic DNS behind double NAT?

@thesohoguy, thank you for this since i am facing this same issue now.

 

I have the dyndns service setup via the GUI which doesn't require referencing any network ports but when I enter your suggestion I get

 

KKG@ubnt# commit
At least one service must be set to send DDNS updates for eth0

I will try eth1 to see if that helps but in the mean time, can you please tell me the command to revert the first attempt.  I need to 'undo' it for my next commit to try.

 

Thanks

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 126
Solutions: 1

Re: Dynamic DNS behind double NAT?

I found the discard command to back out my first attempt with eth0.

 

In my manual browsing of the /etc/ddclient files I saw that my entry was using eth2 so I used your command suggestion with that.

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 126
Solutions: 1

Re: Dynamic DNS behind double NAT?

I created the config json file and put it in the sites/default directory on my CK.

 

Created a temp port fowarding rule just to force a reprovision and it seems to be working.

 

I see some warnings about using a config json for an item that is also done via GUI...  Now that I have that config.json for DDNS, shall I remove it from the UI?

Regular Member
Posts: 347
Registered: ‎04-10-2014
Kudos: 150
Solutions: 20

Re: Dynamic DNS behind double NAT?

I did not change the UI. If you update the UI, the change may not take place as the config.gateway.json will override it. 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 126
Solutions: 1

Re: Dynamic DNS behind double NAT?

[ Edited ]

thesohoguy wrote:

@dervyyou can enable web lookup for DDNS to get this to work behind a double nat. 

 

Enter configure mode

 

$configure

 

Add the command to use web lookup for your IP address. 

 

# set service dns dynamic interface eth0 web dyndns

  

Commit and Save your changes.

 

# commit
# save

  

Now export the configuration file from the USG and add it to your controller using the instructions in the knowledge base.https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-w...

 


FYI, here is my config file for reference since it took me a while to get all of the matching braces correct.

 

Location on a CK is /srv/unifi/data/sites/<site name, for me it is "default">/config.gateway.json

 

{
        "service": {
                "dns": {
                        "dynamic": {
                                "interface": {
                                        "eth2": {   <-- I forget how I found out the proper interface to use. for me it was eth2
                                                "service": {
                                                        "dyndns": {
                                                                "host-name": [
                                                                        "<your domain>"
                                                                ],
                                                                "login": "<your login>",
                                                                "password": "<your pw>",
                                                                "server": "api.dynu.com"  <-- confirm this for your provider
                                                        }
                                                },
                                                "web": "dyndns"
                                        }
                                }
                        }
                }
        }
}

 

New Member
Posts: 12
Registered: ‎03-16-2010
Kudos: 7

Re: Dynamic DNS behind double NAT?

Facing the same issue recently and not wanting to loose the flexibility of the UI,
I found a solution on what you have to include to your config.gateway.json file,

so as to preserve the ability to change Service, Hostname,Username,Password using the Controller UI.

 

On your Controller UI (In my case UC-CK)
Service: dyndns
Hostname: Your_Hostname
Username: Your_Username
Password: Your_Password
Server: members.dyndns.com

Note: You can change them at any time using your Controller UI

 

Copy paste and save the following code as your config.gateway.json file:

 

{
	"service": {
		"dns": {
			"dynamic": {
				"interface": {
					"eth0": {
						"web": "checkip.dyndns.com",
						"web-skip": "Current IP Address: "
					}
				}
			}

		}
	}
}


This config.gateway.json file must be put in to a specific folder on your controller.
For me using a UC-CK, the path is:
/srv/unifi/data/sites/site_name  (in my case the site_name is "default")
In other HW Controllers, the site name may me a randomly generated string located at: 
[UniFi base]/data/sites/random_string

Not to forget, for the above a Unifi Security Gateway 3P was used,
along with a US-8-150W, a UC-CK, and a UAP-EDU

Regards,
Dimitrios Pallis

PS. I would love to know that you have similar success.

 

Member
Posts: 240
Registered: ‎11-28-2016
Kudos: 126
Solutions: 1

Re: Dynamic DNS behind double NAT?

Very interesting Pallis.

 

I think in my post above yours the result is that my entire json data overwrites what is in the GUI.  Your suggestion is that you can just tweak the 'web' part via json and keep the UI.

 

I look forward to trying it soon!

Regular Member
Posts: 434
Registered: ‎12-21-2016
Kudos: 51
Solutions: 7

Re: Dynamic DNS behind double NAT?

Thank you for this great post, this finally helped me with my USG behind a Telekom Speedport router using double-NAT

New Member
Posts: 11
Registered: ‎06-26-2017
Solutions: 1

Re: Dynamic DNS behind double NAT?

This worked for me. I have my USG as DMZ host because I had no other option. Thanks to you I'm now able to get my external IP set on the ddns.net provider.

New Member
Posts: 21
Registered: ‎03-12-2016

Re: Dynamic DNS behind double NAT?

This is very cool. Will this work exactly the same for any other DDNS provider? I use 'afraid' instead of dyndns

Reply