Community discussions

MikroTik App
 
Cees2439867
just joined
Topic Author
Posts: 12
Joined: Tue Feb 15, 2022 6:12 pm

DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 11:13 am

I have a NextCloud server that needs to be connected to the internet. Therefore I have connected my domain through A and AAAA record to my home IPv4 and IPv6. Works fine as my internet supplier does not change addresses IP addresses. I use IP/Cloud that works fine! If I request the "DNS Name" in a browser however I see the login screen of the router.

What I would really like is the login screen of my server

At IP/Cloud the "Public Address"of IPv4 and IPv6 is transferred from from ether1, there is no other possibility. To me it seems an great improvement if at IP/Cloud one can specify the MAC address of one of the connected devices to the router could be specified to be able to achieve a stable connection to my server instead of the router itself.

Is there an other way to achieve a stable DDNS for my server?
 
erlinden
Forum Guru
Forum Guru
Posts: 2671
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 12:02 pm

Can you:
  • Please supply the /export file=anynameyoulike (wihtout the serial/public IP/anything else personal)?
  • tell if you have any experience with NAT loopback and port forwarding?
 
Cees2439867
just joined
Topic Author
Posts: 12
Joined: Tue Feb 15, 2022 6:12 pm

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 12:56 pm

Thank you for helping me. Yes I have everything working very well with port forwarding both IPv4 and IPv6 and separate guest network with some help from this forum, great!
Here follows my current configuration:
# feb/16/2023 11:30:09 by RouterOS 7.6
# software id = WFM9-9QNF
#
# model = RB750Gr3
# serial number = CCxxxxxxxx
/caps-man channel
add band=2ghz-b/g/n frequency=2412 name=chan-2MHz-01
add band=2ghz-b/g/n frequency=2462 name=chan-2MHz-11
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2437 name=\
    chan-2MHz-06
add band=2ghz-b/g/n frequency=2447 name=chan-2MHz-08
add band=2ghz-b/g/n frequency=2417 name=chan-2MHz-02
add band=2ghz-b/g/n frequency=2422 name=chan-2MHz-03
add band=2ghz-b/g/n frequency=2427 name=chan-2MHz-04
add band=2ghz-b/g/n frequency=2432 name=chan-2MHz-05
add band=2ghz-b/g/n frequency=2442 name=chan-2MHz-07
add band=2ghz-b/g/n control-channel-width=20mhz frequency=2472 name=\
    chan-2MHz-13
add band=2ghz-b/g/n frequency=2452 name=chan-2MHz-09
add band=2ghz-b/g/n frequency=2457 name=chan-2MHz-10
add band=2ghz-b/g/n frequency=2467 name=chan-2MHz-12
add band=5ghz-a/n/ac frequency=5190 name=chan-5MHz-038
add band=5ghz-a/n/ac frequency=5200 name=chan-5MHz-040
add band=5ghz-a/n/ac frequency=5210 name=chan-5MHz-042
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5220 name=\
    chan-5MHz-044
add band=5ghz-a/n/ac frequency=5230 name=chan-5MHz-046
add band=5ghz-a/n/ac frequency=5240 name=chan-5MHz-048
add band=5ghz-a/n/ac frequency=5180 name=chan-5MHz-036
add band=5ghz-a/n/ac frequency=5260 name=chan-5Mhz-052
add band=5ghz-a/n/ac frequency=5280 name=chan-5Mhz-056
add band=5ghz-a/n/ac frequency=5300 name=chan-5Mhz-060
add band=5ghz-a/n/ac frequency=5320 name=chan-5Mhz-064
add band=5ghz-a/n/ac frequency=5500 name=chan-5Mhz-100
add band=5ghz-a/n/ac frequency=5520 name=chan-5Mhz-104
add band=5ghz-a/n/ac frequency=5540 name=chan-5Mhz-108
add band=5ghz-a/n/ac frequency=5560 name=chan-5Mhz-112
add band=5ghz-a/n/ac frequency=5580 name=chan-5Mhz-116
add band=5ghz-a/n/ac frequency=5600 name=chan-5Mhz-120
add band=5ghz-a/n/ac frequency=5620 name=chan-5Mhz-124
add band=5ghz-a/n/ac frequency=5640 name=chan-5Mhz-128
add band=5ghz-a/n/ac frequency=5660 name=chan-5Mhz-132
add band=5ghz-a/n/ac frequency=5680 name=chan-5Mhz-136
add band=5ghz-a/n/ac frequency=5700 name=chan-5Mhz-140
add band=5ghz-a/n/ac frequency=5745 name=chan-5Mhz-149
add band=5ghz-a/n/ac frequency=5765 name=chan-5Mhz-153
add band=5ghz-a/n/ac frequency=5785 name=chan-5Mhz-157
add band=5ghz-a/n/ac frequency=5805 name=chan-5Mhz-161
add band=5ghz-a/n/ac frequency=5825 name=chan-5Mhz-165
/interface bridge
add comment="Gast gebruik" name=bridge-gast
add admin-mac=DC:2C:6E:56:8F:52 auto-mac=no comment="Prive gebruik" name=\
    bridge-prive
/caps-man datapath
add bridge=bridge-gast client-to-client-forwarding=no local-forwarding=no \
    name=gast
add bridge=bridge-prive client-to-client-forwarding=yes local-forwarding=yes \
    name=prive
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security-prive
add authentication-types=wpa2-psk encryption=aes-ccm name=security-gast
/caps-man configuration
add channel=chan-2MHz-06 country=netherlands datapath=prive \
    datapath.client-to-client-forwarding=yes .local-forwarding=yes mode=ap \
    name=2GHz-huiskamer-prive security=security-prive ssid=xxxxxxxxPrive
add channel=chan-2MHz-06 country=netherlands datapath=gast mode=ap name=\
    2GHz-huiskamer-gast security=security-gast ssid=xxxxxxxxGast
add channel=chan-5MHz-040 country=netherlands datapath=prive \
    datapath.client-to-client-forwarding=yes .local-forwarding=yes mode=ap \
    name=5GHz-huiskamer-prive security=security-prive ssid=xxxxxxxxPrive-5G
add channel=chan-5MHz-040 country=netherlands datapath=gast \
    datapath.client-to-client-forwarding=no .local-forwarding=no mode=ap \
    name=5GHz-huiskamer-gast security=security-gast ssid=xxxxxxxxGast-5G
add channel=chan-2MHz-13 country=netherlands datapath=prive \
    datapath.client-to-client-forwarding=yes .local-forwarding=yes mode=ap \
    name=2GHz-slaap-prive security=security-prive ssid=xxxxxxxxPrive
add channel=chan-2MHz-13 country=netherlands datapath=gast mode=ap name=\
    2GHz-slaap-gast security=security-gast ssid=xxxxxxxxGast
add channel=chan-5Mhz-060 country=netherlands datapath=prive \
    datapath.client-to-client-forwarding=yes .local-forwarding=yes mode=ap \
    name=5GHz-slaap-prive security=security-prive ssid=xxxxxxxxPrive-5G
add channel=chan-5Mhz-060 country=netherlands datapath=gast mode=ap name=\
    5GHz-slaap-gast security=security-gast ssid=xxxxxxxxGast-5G
/disk
set sd1-part1 name=OPSLAG
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp-pool-prive ranges=192.168.88.10-192.168.88.254
add name=dhcp-pool-gast ranges=192.168.10.10-192.168.10.254
/ip dhcp-server
add address-pool=dhcp-pool-prive interface=bridge-prive name=dhcp-prive
add address-pool=dhcp-pool-gast interface=bridge-gast name=dhcp-gast
/ipv6 dhcp-server
add address-pool="" interface=ether1 name=ipv6-dhcp-server
/port
set 0 name=serial0
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=2GHz-huiskamer-prive \
    name-format=identity radio-mac=DC:2C:6E:13:22:77 slave-configurations=\
    2GHz-huiskamer-gast
add action=create-dynamic-enabled master-configuration=5GHz-huiskamer-prive \
    name-format=identity radio-mac=DC:2C:6E:13:22:78 slave-configurations=\
    5GHz-huiskamer-gast
add action=create-dynamic-enabled master-configuration=2GHz-slaap-prive \
    name-format=identity radio-mac=DC:2C:6E:EF:7D:E6 slave-configurations=\
    2GHz-slaap-gast
add action=create-dynamic-enabled master-configuration=5GHz-slaap-prive \
    name-format=identity radio-mac=DC:2C:6E:EF:7D:E7 slave-configurations=\
    5GHz-slaap-gast
/interface bridge port
add bridge=bridge-prive comment=defconf interface=ether2
add bridge=bridge-prive comment=defconf interface=ether3
add bridge=bridge-prive comment=defconf interface=ether4
add bridge=bridge-prive comment=defconf interface=ether5
add bridge=bridge-prive interface=MikroTik_AC3_Slaapkamer-1
add bridge=bridge-prive interface=MikroTik_AC3_Slaapkamer-2
add bridge=bridge-prive interface=MikroTik_AC3_Huiskamer-1
add bridge=bridge-prive interface=LAN
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment="Private Network" interface=bridge-prive list=LAN
add comment=Internet interface=ether1 list=WAN
add comment="Guest Network" interface=bridge-gast list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment=Prive interface=bridge-prive network=\
    192.168.88.0
add address=192.168.10.1/24 comment=Gast interface=bridge-gast network=\
    192.168.10.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.120 client-id=1:b8:27:eb:31:8c:5d mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive
add address=192.168.88.135 client-id=1:30:cd:a7:ba:3b:8e mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive
add address=192.168.88.140 client-id=1:dc:2c:6e:13:22:72 mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive use-src-mac=yes
add address=192.168.88.130 client-id=1:b8:27:eb:a4:8:2c mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive
add address=192.168.88.110 client-id=1:dc:a6:32:5c:3f:39 mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive
add address=192.168.88.25 client-id=1:5c:a6:e6:0:3c:e2 mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive use-src-mac=yes
add address=192.168.88.100 client-id=ff:cb:39:a:c7:0:2:0:0 mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive use-src-mac=yes
add address=192.168.88.141 client-id=1:dc:2c:6e:ef:7d:e1 mac-address=\
    xx:xx:xx:xx:xx:xx server=dhcp-prive
add address=192.168.88.160 mac-address=xx:xx:xx:xx:xx:xx server=dhcp-prive \
    use-src-mac=yes
/ip dhcp-server network
add address=192.168.10.0/24 comment=dhcp-gast dns-server=8.8.8.8,8.8.4.4 \
    gateway=192.168.10.1
add address=192.168.88.0/24 comment=dhcp-prive dns-server=192.168.88.120 \
    gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers="192.168.88.120,2001:1c03:5c07:a800:2840\
    :352c:7ac9:5440,fe80::f0af:fd93:f374:bba9"
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add address=cc210f041ef4.sn.mynetname.net list=WAN-IP
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="Block traffic from gast to prive" \
    dst-address=192.168.88.0/24 src-address=192.168.10.0/24
add action=drop chain=forward comment="Block traffic from prive to gast" \
    dst-address=192.168.10.0/24 src-address=192.168.88.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin gast netwerk" \
    src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment="Hairpin prive network" \
    src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment=Http dst-address-list=WAN-IP \
    dst-port=80 protocol=tcp to-addresses=192.168.88.100 to-ports=80
add action=dst-nat chain=dstnat comment=Https dst-address-list=WAN-IP \
    dst-port=443 protocol=tcp to-addresses=192.168.88.100 to-ports=443
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip smb
set enabled=yes interfaces=bridge-prive
/ip smb shares
add directory=OPSLAG name=OPSLAG
/ip smb users
set [ find default=yes ] name=gast
/ipv6 address
add address=::de2c:6eff:fe56:8f52 eui-64=yes from-pool=pool-ipv6 interface=\
    bridge-prive
add address=::dc2c:6eff:feef:7de6 eui-64=yes from-pool=pool-ipv6 interface=\
    bridge-gast
/ipv6 dhcp-client
add add-default-route=yes interface=ether1 pool-name=pool-ipv6 request=\
    address,prefix use-peer-dns=no
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=xxxx:xxxx::/32 comment="defconf: documentation" list=bad_ipv6
add address=xxxx:xxxx::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=xxxx::/16 comment="defconf: 6bone" list=bad_ipv6
add address=xxxxxxxxxxxx.sn.mynetname.net list=WAN-IP
add address=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 comment=\
    "Hover Fixed Address" list=hover
/ipv6 firewall filter
add action=accept chain=forward comment="http to Hover" dst-address=\
    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 dst-port=80 protocol=tcp
add action=accept chain=forward comment="https to Hover" dst-address=\
    xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 dst-port=443 protocol=tcp
add action=accept chain=forward comment="http to Domoticz" disabled=yes \
    dst-address=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 dst-port=80 \
    protocol=tcp
add action=accept chain=forward comment="https to Domoticz" disabled=yes \
    dst-address=2001:1c03:5c07:a800:c5dc:56cf:ed86:8af9/128 dst-port=443 \
    protocol=tcp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=MikroTik_RB750GR3
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 4:15 pm

Admittedly unhelpful advice: The only proper solution is to tell ISP to stop doing stupid things and keep static addresses.

DDNS is just hotfix with various problems. But if it's unavoidable, it's probably best/easiest to use some independent DDNS on server itself.
 
Cees2439867
just joined
Topic Author
Posts: 12
Joined: Tue Feb 15, 2022 6:12 pm

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 4:29 pm

That is an idea I had not thought of or concidered yet. certainly going to search in that direction! Thanks.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 6:01 pm

It shouldn't be difficult, luckily I don't need it myself, so my experience is limited, but at first sight there are different tools ready for the job (e.g. ddclient). And if you're using own domain (as it seems you do), then if there's some API for its DNS, you can do it without relying on any other party.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 11:43 pm

MT DDNS in the 3 years that I use it, only failed for 2 days (Problem with MT related DDNS domain)
MT IP/Cloud DDNS was fine for 99.99% of the time.
For the rest it doesn't matter what device does the DDNS update.
I use the NAS (Synology for its Nextcloud in Docker container) to do it for the NO-IP set DDNS (NO-IP requires monthly reset for the free DDNS registration)
Only one DDNS name can be maintained in the NAS. I needed some more.
So I added (copied from somewhere from Internet ) the following script in de MT, to refresh the NO-IP DDNS: (EDIT the <> fields with the proper data)
This MT with script can be anywhere in the LAN. (It is behind NAT, does NAT etc .... it retrieves and uses the public IP , just as MT IP/Cloud does)
The DDNSes point to the public IP. I can use any DDNS set here for any purpose, actually one is used for another MT doing the VPN server HUB function, with DDNS fallbacks to IP/Cloud.
#Dynamic DNS Update Script for No-IP DNS behind nat
# Set needed variables
:local username "<my NO-IP user name>"
:local password "<my NO-IP password>"
:local host "<my hostname with NO IP>.ddns.net"
:global previousIP
# print some debug info
:log info ("Update No-IP DNS: username = $username")
:log info ("Update No-IP DNS: hostname = $host")
:log info ("Update No-IP DNS: previousIP = $previousIP")
#
# behind nat - get the public address using dyndns url http://checkip.dyndns.org
/tool fetch mode=http address="checkip.dyndns.org" src-path="/" dst-path="/dyndns.checkip.html"
:delay 2
:local result [/file get dyndns.checkip.html contents]
:log info "dyndns result = $result"
# parse the current IP result
:local resultLen [:len $result]
:local startLoc [:find $result ": " -1]
:set startLoc ($startLoc + 2)
:local endLoc [:find $result "</body>" -1]
:local currentIP [pick $result $startLoc $endLoc]
:log info "No-IP DNS: currentIP = $currentIP"
:if ($currentIP != $previousIP) do={
:log info "No-IP: Current IP $currentIP is not equal to previous IP, update needed"
:set previousIP $currentIP
:local url "http://dynupdate.no-ip.com/nic/update/?myip=$currentIP&hostname=$host"
:log info "No-IP DNS: Sending update for $host"
/tool fetch url=$url user=$username password=$password mode=http dst-path=("no-ip_ddns_update.txt")
:log info "No-IP DNS: Host $host updated on No-IP with IP $currentIP"
:delay 2
:local result [/file get "no-ip_ddns_update.txt" contents]
:log info "Update Result = $result"
} else={
:log info "No-IP: update not needed "
}
# end
 
pe1chl
Forum Guru
Forum Guru
Posts: 10529
Joined: Mon Jun 08, 2015 12:09 pm

Re: DDNS for my server with IP/Cloud?

Thu Feb 16, 2023 11:55 pm

It appears that all of the responses above have completely misunderstood what is the issue...
It is not related to IP Cloud DDNS, it is not related to the updating of DDNS, the OP even told us he has a static address and basically only uses DDNS to get a name mapped.

Where he goes wrong is when he wants to direct the traffic to an internal server. That is NOT done by changing something in the DNS, it is called "port forwarding".

Probably it is all a misunderstanding: he is trying to access his DNS name from the inside, where it does not work due to the lack of hairpin NAT (which you would not want to have in this case)...
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 3124
Joined: Mon Apr 08, 2019 1:16 am

Re: DDNS for my server with IP/Cloud?

Fri Feb 17, 2023 12:05 am

I thought this port-forwarding was already solved ...
.
tell if you have any experience with NAT loopback and port forwarding?
Thank you for helping me. Yes I have everything working very well with port forwarding both IPv4 and IPv6
/ip firewall nat
add action=masquerade chain=srcnat comment="Hairpin gast netwerk" \
    src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment="Hairpin prive network" \
    src-address=192.168.88.0/24
add action=dst-nat chain=dstnat comment=Http dst-address-list=WAN-IP \
    dst-port=80 protocol=tcp to-addresses=192.168.88.100 to-ports=80
add action=dst-nat chain=dstnat comment=Https dst-address-list=WAN-IP \
    dst-port=443 protocol=tcp to-addresses=192.168.88.100 to-ports=443
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
.
.
The only proper solution is to tell ISP to stop doing stupid things and keep static addresses.
Monthly fee x 20 with my ISP, when fixed public IP (business account) is wanted ..... AFAIK, couldn't find cheaper option
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DDNS for my server with IP/Cloud?

Fri Feb 17, 2023 2:24 am

Well, it's confusing. I mistakenly read it as "Works fine as long as my internet supplier does not change addresses IP addresses." Looking at OP's older threads (and I participated there too, who would have thought :)), that's not the case ("My internet provider does not change the prefix of my IPv6 address (nor my IPv4 address) as long as I keep the same equipment."), only problem could be with RouterOS that could sometimes change IPv6 subnets on interfaces, but even that shouldn't happen if one isn't fiddling with config too much. But then I don't know what's the point of DDNS, because I can also see that at addresses (IPv4/6) pointed to by DDNS hostname is also another domain, so using DDNS just to have some hostname is not necessary.

@bpwl: I don't like business decisions of some ISPs. Paying extra for public IPv4 address, oh well, there's not enough of those and it prevents wasting them on people who don't need them that much. Paying extra for static address? No, just no, if they have some public one they can give me, then making it dynamic is just intentionally cripling the service in order to squeeze more money from customers. Even worse is blocking incoming connections, because "home users don't need to run servers". Hell no! Fortunatelly it doesn't usually happen where I live.
 
Cees2439867
just joined
Topic Author
Posts: 12
Joined: Tue Feb 15, 2022 6:12 pm

Re: DDNS for my server with IP/Cloud?

Fri Feb 17, 2023 11:35 am

@sob and other reactions.
My internet service provider is usually stable. Some days ago I was, with my mobile phone trying to connect to my server to do a lookup. It failed....because my IPS changed the IPv4 and IPv6. That's why I started to get interested in securing the connection by using DDNS. After further exploration I come to the conclusion that it is quite complicated to realise DDNS for both IPv4 and IPv6. I agree with your comments about ISP's.
Sorry about the confusion I may have caused.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: DDNS for my server with IP/Cloud?

Sat Feb 18, 2023 1:02 am

I wouldn't say it's complicated. It's slightly different. If you have only IPv4, then with typical setup you have one public address on router, so it's one hostname and it covers all internal servers you might have. MikroTik's DDNS works and it's just few clicks. If you add IPv6, then every device has own address and you'd either need predictable and reliable way how to know it beforehand, to make some centralized updates (but you can't do it with current RouterOS), or you have to do updates from every device. And since they are behind NAT, they are in worse position to detect IPv4 changes. So it needs some more work, but complicated is probably too strong word.

Who is online

Users browsing this forum: mszru, rodrigojavier, tobcon and 49 guests