Cannot successfully connect to dynamic DNS setup

Problem Description
I have setup the freedom box and created a freedombox.rocks domain.
Unfortunately I cannot connect to the domain as it just times out.
I have made the freedombox internal IP as main DMZ on router.
I have port forwarded: 443 & 80
I have attempted to connect to the domain on a phone not linked to the same network too.

Lastly I changed the ip address in gnudip to point to google, that worked so I believe the issue is entirely on my end with some configurations.

Steps to Reproduce

  1. sign up for domain https://gnudip.datasystems24.net/
  2. connect to domain e.g ‘mydomain.freedombox.rocks’

Expected Results
connect to freedom box home page

Actual results
web browser timeout
" This site can’t be reached
mydomain.freedombox.rocks took too long to respond"

Information

  • FreedomBox version: Debian GNU/Linux 10 (buster) and FreedomBox version 20.12.1.
  • Hardware: Olimex freedombox home server kit
  • How did you install FreedomBox?: pre-installed hardware, via troubleshooting I have flashed the SD card a few times.
1 Like

Check the following:

  1. Your ISP provides you with an external IP address. This is the WAN IP address in your router. See list of private IP addresses and make sure your WAN IP address is not one of those.
  2. Check that your WAN IP address matches the IP set on mydomain.freedombox.rocks.

If the above is proper, things should work even if Dynamic DNS configuration is incorrect.

Thanks for the prompt response.
The IP addresses line up and are not within the private IP address ranges.

I used dig command to verify freedombox.rocks is the same as my curl ipinfo.io IP address.

Thanks

You can try:

  • Try to turn of DMZ and just use port forwarding. Sometimes, DMZ does not work well.
  • Temporarily connect FreedomBox directly to Internet instead of via router. See if it resolves the problem. Then dig further into route configuration.
  • All the while keep trying from external network using your mobile instead of from within the network (some routers don’t handle this case well).

Thanks for the information.

  • I tried to turn off the DMZ this did not work.

  • I am unsure how to interface with the freedom box once I connect it directly to the internet. Currently it is a device connected to my router so I can type in its internal IP address to access it. I tried plugging in a USB to USBC from freedombox to my laptop however I am not sure if there’s specific commands I need to input etc.
    Will I not need to input my ISP details to the freedom box once its connected directly?

Thanks sorry this is a bit outside my knowledge zone.

In case your router is a consumer grade device that supports providing some kind of public or guest network access (unprivileged internet access (sharing) pre-configurations), such LAN network ports or WLANs may not allow incoming port forwardings. Contrary to what makes sense, the port forwarding may only work to devices on to the “internal” network. (And you would need an additional router to really shield off (firewall) any real internal device from that “internal” (actually publicly accessible) network that gets configured with public port forwardings.)

Thanks for the information.

Are you suggesting that I use a different router…?

No. (Or not necessarily.)

[WIth some routers] … port forwarding may only work to devices on [i.e.connected to] the “internal” network…

Just possibly try that, if it applies.

Ok thanks,
Attached is a screenshot of my current port forwarding setup.
I believe the ports are forwarded to the internal IP of the freedom box. (192.168.1.4)
Please let me know if I am misguided here thanks for the assistance.

Looks ok.

If that is the internal, assigned IP of your freedombox, these should work for you locally:
http://192.168.1.4
https://192.168.1.4

Yes they do sir.

However when I type in my public IP address I am not forwarded to that internal IP address.

From my understanding that’s what the DMZ and port forwarding are supposed to help with.

Thanks.

Did you get the chance to test accessing the domain from an external network, as Sunil suggested?

Yeah I my attempts have been from other devices off the network.

It just times out per the original post.

Are you certain you have a publicly-accessible IPv4 address?

I had the same problem because I did not have a publicly-accessible IP address but rather was behind a carrier grade NAT.

In my case I solved the problem by switching my internet service provider to one that offered a public IPv4.

No I am not entirely certain.

This carrier grade NAT sounds like it could be the problem. Upon looking into it certain gaming services show B-C grade NAT types on my network despite router configurations!
Currently my NAT filtering is set to ‘open’

I will call my ISP and ask a few questions and see if anything can be done on their end.
Thank you for the information!

Does the dynamic DNS service really return private network IPs?

It may be more useful to redirect to a page or FAQ item that explains this is problem and the solutions that exist.

If I recall correctly, the DDNS service will give you the IP address of the “master router” of the ISP running the carrier-grade NAT (and not the private network IP).

The CGN issue was the biggest obstacle in using my FreedomBox and it would be very useful to update the manual to explain the problem, how to detect it, options for getting around it, etc.

My previous ISP provided an IPv6 address and I tried to set that up to connect to my server, but there were too many issues and so I eventually I switched to an ISP that offered a public IPv4 address (if you are in Germany, I can recommend easybell: https://www.easybell.de/).

Yeah, sounds right.
So, the only idea I currently have that might allow a freedombox to detect a CGN would be if a private IP assigned to the local router can be detected, i.e. UPNP or simmilar?

If it helps I see from Wikipedia that the block 100.64.0.0/10 (100.64.0.0 to 100.127.255.255, netmask 255.192.0.0) is allocated for CGN scenarios.

@axell Checking my router’s IPv4 address is how I detected that I was behind a CGN. At the following post, Sunil offers some suggested ways around a CGN to access the FreedomBox.

Ok so in the end it was the CG NAT!

I signed up for a static IP and everything worked immediately after, wow.

Thanks so much for your help!