ProScan Connection through No-IP

[rjdj2000]

Sorry in advance if this is posted somewhere and I did not find it through the search above. Spent about an hour searching here and other places for answer but have yet to come up with one. So last evening I switched ISP from cable to fiber. That all works fine and dandy but I have found out that the fiber does not have static IP. So I went searching and in my router there are DDNS settings and I looked at what was available and went with No-IP. Got the account there all set up and everything seems to be working as I put in 1.1.1.1 like was said in no-ip online then to do an update request in router. Did that and now it updated but it is not showing my ISP IP. Say my ISP IP is 24.134.161.28 via what's my ip but it is showing on my router and no-ip as 192.169.89.253 (these are not real numbers BTW)

I know everything worked before the switch and I have done port checks and all ports are basically blocked from the ISP except 80. So that is where I figured going the DDNS route would fix the issues and still allow me to see things on the outside from my home. I have used my DDNS hostname in Proscan and left the port as it was but it still won't connect. If anyone has any ideas, I am all ears and I do know enough about networking to get myself into trouble which is where I'm at.

Jeff

 

[jtwalker]

I’m guessing your router is not configured properly to retrieve your external IP and if it is really fetching a 192.x.x.x IP it would be your internal network IP.

Try downloading and installing the DUC client from NO-IP and run it on your pc. It will get your public IP and update your DDNS entry with proper IP on a regular interval.

 

[rjdj2000]

I’m guessing your router is not configured properly to retrieve your external IP and if it is really fetching a 192 IP it would be your internal network IP.

Try downloading and installing the DUC client from NO-IP and run it on your pc. It will get your public IP and update your DDNS entry with proper IP on a regular interval.

I am not sure as here is where to put it in the router:


I used the values provided by No-IP for the hostname. I just logged into No-IP and on the hostname it is showing my external IP there. It is just on my router it is showing the 192 IP

 

[jtwalker]

Hmmm, not sure I follow. But if NO-IP is showing your external IP then you should be golden.

If you want to PM your DDNS name I will ping it from my location and let you know what it returns.

 

[rjdj2000]

PM sent

When I log into No-IP through browser, it is showing the ISP address. When I look in my router it is showing the 192 address for internet. Maybe that is what is screwing things up and I should use the DUC client instead of doing it through the router like shown above.

 

[buddrousa]

I think you are confusing the WAN Address 24.134.161.28 and your LAN Address 192.xxx.xxx.xxx
WAN Address = Internet.
LAN Address = Addresses in your Home.

 

[rjdj2000]

I think you are confusing the WAN Address 24.134.161.28 and your LAN Address 192.xxx.xxx.xxx
WAN Address = Internet.
LAN Address = Addresses in your Home.

Sent you a PM as don't want to post the picture I am sending on here.

 

[ProScan]

I have done port checks and all ports are basically blocked from the ISP except 80. So that is where I figured going the DDNS route would fix the issues and still allow me to see things on the outside from my home.

It's usually the other way around. Port 80 and 443 are blocked and the others should be available. Would you double check that.

Before going the DDNS route, the port has to be forwarded in the router. Setup the router port forwarding with the port, the server is using and the IP address of the computer running the server. I see you have a BCD536HP so a common mistake I've seen is using the IP address of the scanner and not the computer.

Use Open Port Check Tool -- Verify Port Forwarding on Your Router to test that the server can be seen from the outside.

 

[rjdj2000]

It's usually the other way around. Port 80 and 443 are blocked and the others should be available. Would you double check that.

Before going the DDNS route, the port has to be forwarded in the router. Setup the router port forwarding with the port, the server is using and the IP address of the computer running the server. I see you have a BCD536HP so a common mistake I've seen is using the IP address of the scanner and not the computer.

Use Open Port Check Tool -- Verify Port Forwarding on Your Router to test that the server can be seen from the outside.

Bob,

Everything worked fine when I was on cable modem, so I know ports are configured correctly. After going to fiber, there is no connections and jtwalker, in pm's, asked if this was CGNAT type ISP and then it dawned on me that it was as I researched this last year when I got onto fiber the first time. So the DDNS route isn't going to do me any good either, I thought it would but jt has a CGNAT ISP as well and has yet to get anything to work on it. So I am probably going to have to just bite the bullet and get a static IP with this provider to get around the CGNAT setup. Once I get that, things 'should' return to normal.

Jeff

 

[BinaryMode]

You don't have to bite the bullet at all. Look into ZeroTier. It's in essence a reverse VPN. It'll bypass NAT and there's no port forwarding needed which WILL increase your attack surface. It's like the Cloudflared daemon called Cloudflare tunnel to host a website WITHOUT opening a port. Very cool and I use it. By that I mean ZeroTier and Cloudflare Tunnel for various server level stuff. Read the ZeroTier documentation and scout out some YouTube videos. Also, ZeroTier is cross platform. So computer or phone they have you covered. If you're a massive computer nerd like I am and use OPNsense for your router you can install the ZeroTier plug-in.

ZeroTier - Wikipedia

en.wikipedia.org

 

[rjdj2000]

You don't have to bite the bullet at all. Look into ZeroTier. It's in essence a reverse VPN. It'll bypass NAT and there's no port forwarding needed which WILL increase your attack surface. It's like the Cloudflared daemon called Cloudflare tunnel to host a website WITHOUT opening a port. Very cool and I use it. By that I mean ZeroTier and Cloudflare Tunnel for various server level stuff. Read the ZeroTier documentation and scout out some YouTube videos. Also, ZeroTier is cross platform. So computer or phone they have you covered. If you're a massive computer nerd like I am and use OPNsense for your router you can install the ZeroTier plug-in.

Well after speaking to three different people from my ISP, it appears now the Static IP is $45 a month. Last time I talked with anyone on install was Tuesday 5/13 and they started service that evening. Not sure if I made the correct decision on going fiber. Anywho.... I looked into this ZeroTier. From the looks of it, I could install it on a Raspberry pi that is on my wired network and then by having it on other devices, I should be able to gain access like I want. Or at least the one video on YT described it that way. Will have to take some fiddling around to get it on there and hopefully it will work on a pi 3b+ as my 4 is in use elsewhere. I do have a mac mini that is near the router, I think it is wired on a switch just after the router though. If I can get it on there and work like the Pi, then I wouldn't need the pi on there.

Will have to mess with it this weekend and see how it goes. Hopefully I can get it to work as I know about enough networking to get myself into trouble quick....

 

[BinaryMode]

It's interesting your provider is using CGNAT. I have fiber and they have bought their own ASN which not only has IPv4 addresses, but IPv6 addresses.

To my knowledge, Proscan does not run on Mac. Or on a ARM CPU for that matter. The ZeroTier client needs to be on the computer you want access. But like I said, with something like OPNsense, ZeroTier can be installed as a plug-in so now the whole network can be exposed.