Public network access LAN network setup Tutorial

Why I write this article ?

Because I have some test environment or Applications running on my Home server, the problem is when I leave the LAN net work, everything become unaccessible. That’s a very big problem and here’s a solution to solve this problem.

Network topology

home.msft.vip——>192.168.3.200 ????

DDNS on R2S(optional)

NOTE

• if you have an static public IP address from network provider just skip this step and add a A record withIP address and domain.

• For my own scenario, I don’t have static public IP address from China Unicom，the Public address changes time to time，DDNS is for this case, it will update changed IP and A record with domainon Tencent Cloud.

https://github.com/Tencent-Cloud-Plugins/tencentcloud-openwrt-plugin-ddns

Install Tencent ddns plugin on openwrt

# Install tencent ddns plugin
wget http://openwrt-tencentddns-1301800460.cos.ap-guangzhou.myqcloud.com/luci-app-tencentddns_0.1.0-1_all.ipk
opkg install luci-app-tencentddns_0.1.0-1_all.ipk

Configure Tencent ddns plugin

• make sure r2s WAN portal use PPPoe

  

• access token create ：https://console.dnspod.cn/account/token/token

• make sure you have your own domain : https://console.dnspod.cn/dns/list

• Configure :

After about steps, you should have a domain which point to your public IP from network provider.

Configure network port forwards (DMZ)

All network traffics from your domain with forward to 192.168.4.5. For most cases, that’s it. BUT 192.168.4.5 actually is my router , so I have to set another port forward on my router .

Network port forwards (DMZ) on R2S

[root@r2swrt:08:45 PM ~] # vim /etc/config/firewall
config redirect
	option target 'DNAT'
	option src 'wan'
	option dest 'lan'
	option src_dport '1-65535'
	option dest_ip '192.168.4.5'  # target 
	option dest_port '1-65535'
	option name 'DMZ'
	option family 'ipv4'
	list proto 'tcp'
	list proto 'udp'
	list proto 'icmp'
	[root@r2swrt:08:45 PM ~] # /etc/init.d/firewall restart

Or use web UI:

Now all network traffic from Public domain will been forwarded to router, last thing we have to do is configure another port forward to the real my real server.

Configure port forward on router(Xiaomi)

Fanal work and validate

jason@MacbookPro  ~  nslookup home.msft.vip
Server:		192.168.5.1
Address:	192.168.5.1#53

Non-authoritative answer:
Name:	home.msft.vip
Address: 10.1.15.251

jason@MacbookPro  ~  ssh root@home.msft.vip
Last login: Sat Nov 11 22:05:34 2023 from 192.168.3.106
[root@home ~]# hostname -i
192.168.3.200

Improvement

As you can see there are some limits when use Tencent DDNS Plugin: only can update one sub domain each time.

ddns-go Plugin could fix this problem and could update multiple domains one time , let’s get started:

Install ddns-go (any server is fine)

https://github.com/jeessy2/ddns-go/releases

# 
mkdir /mnt/ddns/ && cd /mnt/ddns/ && https://github.com/jeessy2/ddns-go/releases/download/v5.6.6/ddns-go_5.6.6_linux_x86_64.tar.gz 
tar zxvf ddns-go_5.6.6_linux_x86_64.tar.gz 
# install and Register to service
./ddns-go -s install "-l" ":9877" "-f" "60" "-cacheTimes" "5" "-c" "/mnt/ddns/ddns-go.yaml"
# make sure service is running
systemctl status ddns-go.service

Go to webUI to configure

Note

How we got IP addr, I try to update same ip from r2s server which have installed Tencent ddns and use command to get it. For different devices and different network, you have to test the command meet your own requires. below is my output which is correct.

[root@homesrv /mnt/ddns]# ssh root@r2s 'ifconfig pppoe-wan | grep Mask | cut -d: -f2 | cut -d" " -f1'
10.1.112.196

After all setting update complete then don’t forget to save your changes. Wait a few seconds, then check the logs:

[root@homesrv /mnt/ddns]# nslookup gfn.msft.vip
Server:		192.168.4.1
Address:	192.168.4.1#53

Non-authoritative answer:
Name:	gfn.msft.vip
Address: 10.1.112.196

[root@homesrv /mnt/ddns]# nslookup dav.msft.vip
Server:		192.168.4.1
Address:	192.168.4.1#53

Non-authoritative answer:
Name:	dav.msft.vip
Address: 10.1.112.196