1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus AC88U loopback, Dnsmasq and Port Forwarding

Discussion in 'Routers' started by Ionesco, Oct 9, 2019.

  1. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    Hi everybody, and thanks in advance for your help.

    I have put a sensor in my mailbox, and I receive notifications when I got a mail (with HomeKit and IFTTT). But, I want to receive a picture from my outdoor camera when the mailbox is opened. So, I've found so local url that give me that snapshot : 192.168.1.78/code/snapshot.jpg.

    It works well when I'm inside my local network. But when I'm outside, I can't get the picture. So I have configured a dynamic DNS and a port forwarding. Here is the result : myname.com:3141/code/snapshot.jpg.
    It works perfectly from outside my network. But when I'm inside, it doesn't because of the loopback, I think.
    (I though my Asus AC88U would success to manage it, but it doesn't)

    So, I tried to play with Dnsmasq in order to "redirect" this address to my local IP when I'm inside the network.
    In my Dnsmasq.conf file, I tried :
    address=/myname.com/192.168.1.78
    And it works if I enter this url : www.myname.com/code/snapshot.jpg (so, without the port)

    BUT, as I want a unique URL in my automatisation, I can't forget the port !
    So I tried :
    address=/myname.com:3141/192.168.1.78

    And it doesn't work ... I presume Dnsmasq can't read the port ?

    Is there a way to succeed ?

    Thank you !
     
  2. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,231
    DNS does not care about ports, so you don’t need it in dnsmasq.conf (do not want it either).

    Is 3141 a port forward to 80 or 443? When on your LAN your request won’t be routed, it will be switched since you are returning a local IP, so if you want to use the same url, you would need something listening on port 3141 on 192.168.1.78.
     
  3. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    3141 forward to 80
     
  4. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    What do you mean by "something listening on port 3141 on 192.168.1.78" ?

    Oh, ok, I get it. As my "redirection" will join 192.168.1.78:3141, something should listen ... But how ?
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    This (NAT loopback) works for me so I don't know why it doesn't for you.

    As Dave said, dnsmasq cannot redirect ports. To use port 3141 with IP address 192.168.1.78 you would need to configure the camera to listen on that port.
     
  6. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    Sadly, that's not possible, I can't configure the camera (Netatmo Presence), it's a closed system.
     
  7. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    I don't know why the Loopback doesn't work, maybe because my router is after an internet box (configured in DMZ). I know that the Internet Box (Livebox 4) has a loopback fonction, but to configure it, I have to make a NAT forward from 80 to 80 on the concerned equipment. But, as my internet box is on 192.168.0.X network, and all others equipments are on 192.168.1.X, I can't active the internet box loopback function.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    Yes the loopback would have to be done on the Internet Box as that is the device that has the IP address associated with myname.com. (NAT loopback is not the same as port forwarding)
     
  9. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    Yes I had already seen that link (with google translate ;)).

    At the beginning it makes a general statement about NAT loopback ("Le loopback c'est la possibilité, depuis son réseau interne, d'accéder à une ressource du LAN en utilisant l’IP WAN externe du routeur ou son DNS associé, de chez soi comme à l'extérieur").

    But then everything that follows is just a description of how to setup port forwarding (which is also necessary). The "activate" box is to activate the port forwarding rule.

    There is nothing in those instructions about activating NAT loopback specifically. But I wouldn't expect there to be, either the router supports it or it doesn't. It's the same as on the Asus, there's no specific option to enable or disable NAT loopback.
     
  11. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    I agree with you. So, loopback should be already "activated" on the internet box (as on my AC88U with Merlin).
    If loopback is supported by my internet box and my router, I don't get why it doesn't work :(
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    What do your port forwarding rules look like?

    I'd guess that on the Livebox it is:

    3141 -> 3141 (Asus_WAN_IP)

    and on the Asus it is:

    3141 -> 80 (192.168.1.78)

    EDIT: corrected port number
     
    Last edited: Oct 9, 2019
  13. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    On the Livebox, I'm in DMZ, so I don't have particular port forwarding.
    On the Asus, I have 3134 -> 80 (192.168.1.78
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    Without knowing exactly how the Livebox is doing its loopback we're just guessing in the dark.

    What happens if you try and access the camera from the LAN with http://192.168.0.xxx:3141/code/snapshot.jpg ? Where 192.168.0.xxx is the Asus' WAN IP address.
     
  15. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    The Asus address, as seen from the box internet, is 192.168.0.3. But when I go directly to this address, I have a 404 (I should see the Asus interface, no ? ). When I want to go to my router, I use 192.168.1.1.
    Anyway, I tried http://192.168.0.xxx:3134/code/snapshot.jpg and it works.
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    That's expected. You should not get a response.
    That's also correct.

    Well that's good. At least that is working.

    Sorry, I keep mis-typing the port number as 3134 instead of 3141. Is 3141 the correct port?

    Maybe try turning off the DMZ on the Livebox temporarily and creating an explicit port forwarding rule. Maybe there's a difference.
     
  17. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    It's 3141, but I just copied your mistake ;)

    OK, I'm pretty surprised by what happen next !

    I tried to turn off DMZ. Then, I add a NAT rule on my Internet box : 3141 to 3141 (192.168.0.3)
    I also delete my dnsmasq line where myname.com redirect to 192.168.1.78.

    And now, and it's pretty weird, this url works from inside and outside the network : myname.com/code/snapshot.jpg
    Without the port ! And I don't get why !! Because the snapshot is located on 192.168.1.78. If I'm outside the network, the myname.com = my WAN IP , there is no reason that it lead to the camera IP without port ...

    Assuming that dnsmasq is already in use (I just restart the dnsmasq service, I don't have rebooted the router), so from inside the network, I get it. But it doesn't explain why it works from outside.

    Do you understand something ? o_O
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,453
    Location:
    UK
    No I don't understand why that is happening. I would,

    a) use the external IP address instead of the DDNS name for testing. Just to eliminate DNS as an issue

    b) reboot both routers before testing to ensure that the changes have been removed/applied correctly
     
  19. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    a) I tried with external IP, it works too
    b) I'm pretty afraid of rebooting, as it works as I want now ;), but I will
     
  20. Ionesco

    Ionesco Occasional Visitor

    Joined:
    Oct 9, 2019
    Messages:
    14
    Oh, I think I understand !
    I've made some tests before, and I still have a NAT rule on my Asus router : 80 to 80 (192.168.1.78).
    I don't know if it true, but if I don't put port in my URL, as it's HTTP, it listen on 80, right ?

    So, if it is, you were right about DMZ, it was interfering with loopback.

    Knowing that, I tried externalIP:3141/code/snapshot.jpg, and it works (outside and inside). But myname.com:3141/code/snapshot.jpg doesn't (it works outside only). Strange

    Edit 2 : it seems that my dnsmasq still working, it explain why myname.com:3141/code/snapshot.jpg doesn't work inside
     
    Last edited: Oct 9, 2019