DDNS not working properly on Flint 2

Routers
1

For some reason, my DDNS has stopped working. Router is a Flint 2 behind ISP router. However, the ISP router completely in IP Passthrough mode, therefore the Flint 2 is properly receiving the WAN IP from the ISP router.

GL-iNet DDNS test shows that the WAN IP is properly being resolved, but upon trying to visit the domain name, I am getting an error stating xxxxxxx.glddns.com refused to connect (ERR_CONNECTION_REFUSED).

I’ve tried other solutions such as power cycle on both routers, dnsflush commands, turning DDNS on and off again, all to no avail.

Any thoughts or advanced troubleshooting I should try?

2

hi,
Could you run following commands to check whether DDNS is working and the WAN IP is updated for the domain accurately? And could you access the WAN IP instead of xxxxx.glddns.com to ensure WAN IP is reachable.

ps | grep ddns
cat /tmp/log/ddns/glddns.log
nslookup xxxxx.glddns.com
3

Is there any way we can get a letsencrypt certificate for the gl ddns included in the mt6000? Today I use duckdns.

4

Am I running those commands via SSH?

When I type the WAN IP into the address bar, I get an NS URL error saying cannot connect to host. But when I try a DNS lookup, the WAN IP is being resolved properly.

5

Yes, running them via ssh on Flint 2.

6

I ran the command and the proper WAN IP is showing up in all of the results.

7

How do you know that the connection fails?
Is remote access enabled?

8

Screenshot 2023-12-27 at 7.45.27 AM

This is the error that I get. I have remote access via HTTPS enabled in the Security settings. I don’t have ping from WAN on, so maybe that’s why I can’t use the WAN in the address bar, but the domain itself doesn’t work even though the DNS is being resolved according to dnslookup.

image
image691×358 16.1 KB

9

So if you enable ping, can you ping your WAN address?

10

I can ping the WAN IP via Terminal, but I am still unable to access the WAN IP from the address bar in browser. It still refuses to connect.

Is there anything I need to do in regards to opening ports? Don’t know if this matters, but I do have one device in the DMZ.

11

DMZ usually means that all connection will get forward to this device. This could be the issue. Try disabling DMZ.

12

Thank you so much!! That was the issue. So I guess my final question is, what can I do to keep my PS5 NAT type as open? That was my only reason for putting it in the DMZ.

13

You could create some port forwardings using luci.
I found a list of needed ports:
Add a new Port using the following details:
TCP: 1935, 3478-3480
UDP: 3074, 3478-3479

14

Should I use the Port Forwards tab or the Open Ports on Router tab? This particular area is within the GL-iNet software, not luci:

image

15

You can, but the GL GUI does not support ranges. So you have to enter all ports one by one.

Luci does not have this restriction.
But for those approx 10 ports it should be OK with GL GUI. And Port Forward.

17

Thank you admon!! One last question, not sure if you can help with this. Do you know how I can be able to access the ISP router in the upper level via the IP address in the address bar? It works when I have the WG client off, but not while it’s on. Going to assume this has to do with ports and being on a different network. Any ideas?

18

Guess it’s because of the VPN routes. Could be fixed (maybe) by setting manual routes using luci.

Would simply be OK with it instead of trying to build a solution for it. :sweat_smile:

19

Can I direct message you about this? I appreciate your help so much.

20

Yep, do so. But it should be pretty easy.

1 Like
21

I have to add some more information because it could be waaay easier than I thought, @gcwgill

image
image1330×781 50.1 KB