I am trying to set up dynamic DNS as my ISP offers dual stack setup, CGNAT ipv4 and dynamic public ipv6.
My setup is as follows
Gateway Router: Brume 2
AP: Eero 6 (in bridge mode to avoid double NAT )
Jellyfin server : on my windows Pc connected to my router
When I try to use the xxxx.glddns.com followed by the port numbe it does not redirect to my Jellyfin service. However I am able to access it if I use the ipv6 address of the PC followed by the port number. I have set up port forward on router but I still can access services through the dns domain. Could someone suggest if I have misunderstood the concept of Dynamic DNS and it would only point to router to access it remotely and not the he devices behind it or have I done something wrong in my setup.
Dynamic Domain Name Service (Dynamic DNS or DDNS) is a service used to map a domain name to the dynamic IP address of a network device.
Yeah, you got one part of it in place, the DDNS, so remote clients can connect to the WAN IP of your Brume 2 should/when said WAN IP ever change. Now you need to 'get into' your LAN. The most secure way is to do that with a VPN. CGNAT on the IPv4 precludes you from using a straightforward 'WireGuard Server' or OpenVPN setup as opening ports on the Burme 2 will still be blocked upstream by your ISP. Unfortunately GL.iNet doesn't have full support for IPv6 (see GL GUI -> System -> Network). You'll have to go with an 'overlay'/'software defined network' VPN technology like ZeroTeir or TailScale. The latter is easier to set up on a GL device but the binary on 'em isn't up to date. See below for a possible solution.
Thanks your reply. A couple of follow up questions for my learning. I was able to access my PC using IPv6 address remotely, as I allowed packets as I set up the traffic rules in place ? Also is the port forward not working in this case because it only work on ipv4 and not IPv6.
Is this a question or a statement? If you're not using a VPN of some type & you've opened ports on the WAN side you're setting yourself up to be breached by malicious actors. The firewall defaults to 'REJECT' all unsolicited traffic by default; poking holes to let it accept non-VPN related packets is as bad an idea as trying to swim with sharks after pouring the chum bucket into the water.