Configuring DDNS with two routers fails due to lack of a bridge.
Configuring DDNS with two routers fails due to lack of a bridge.
Hi all, I'll try my best to explain the configuration I have here. What I'm trying to achieve is: Be able to access my apache server using DDNS as I was before (When using only one router). So, I have an ISP modem/router that cannot go to bridge (the reason is not relevant). He receives the fiber cable from ISP and has 4 LAN ports (and all the things a normal router has) Also, I have a TPLINK router that is the one I use to everything inside my network. For the sake of simplicity, I'll call them ISP and TPLINK from now on. ISP is connect via PPPoE and has his internal IP as 192.168.15.1. DHCP, wifi, is all OFF (I just want this to be the one who receives the internet, it's for the better). TPLINK is connected via LAN1 to ISP, he is configured to receive a static IP, 192.168.15.100 (from gateway 192.168.15.1). DHCP, wifi, is all ON (He will be the one who I'll use to manage my internet). TPLINK has his internal IP as 10.0.0.1 and DHCP is serving from 10.0.0.10 -> 10.0.0.249 All my computers, mobiles, servers are connected to this TPLINK and the internet is working flawless, top max connections and no issues. I have 2 services I expose to the internet (Plex and Apache). TPLINK has port forward configuration for those (10.0.0.10 32400 <-> 32400, this is for Plex for example) They were not working, but yesterday I went to the ISP and enabled the DMZ pointing to TPLINK (192.168.15.100). Plex started to work. The issue is, Apache is configured to open if I go to my DDNS and use it: mypage.ddns.net:20080 TPLINK has the port forward as well (10.0.0.30 20080 <-> 80) I thought DMZ should make this work as well, but it's not. Also, the DDNS is updated with my current IP (I made it manually to test). My questions are: - Who, of the two, should be configured to update the DDNS configuration? (So I can have always the external IP updated correctly there?) - How can I configure so the Apache starts to work? - DMZ is the best idea for this? (or should I do port forward as well at the ISP?) (I'm asking it even for Plex that is current working with DMZ) Thanks!!!
I wouldn't suggest placing routers in direct line-of-sight configurations, as this often leads to issues where the second router can't function correctly. Typically, the ISP's router should connect to a device provided by the customer instead. If that's not possible, consider routing a single port from the ISP router to the second router. Should that not work, you may need to open and forward ports manually. When trying to reach services from outside, you'll likely have to open ports on both devices—such as 80 and 443—and route them through the internal router, then map those back to the service running on the computer. Regarding DDNS, it hinges on the service provider. If updates are needed every time the ISP changes its IPv4 address, you'll need to adjust an A record twice, which can take up to two days for propagation, depending on the DNS TTL. This is why the process varies based on the service's requirements. For SSL services, managing certificates is necessary since they expire when the IP address changes by design. If you manage your own domain, you can update DNS entries yourself whenever the computer's IP shifts, which tends to be more cost-effective than using a DDNS provider. It's worth noting that DDNS is essentially standard DNS with a short TTL, and providers periodically verify the service's presence by sending challenge requests.
I will do this through plain double NAT (without DMZ): - at ISP (start with one :80 port for simplicity), 192.168.15.100 :80 - at TPLINK 80 <-> 10.0.0.30 : 80 after this: your external IP: 80 properly responds from outside start work (and it is normal (but no ideal) configuration), you can add your strange 20080, DDNS
If you're using two routers that each handle its own firewall, opening a tunnel directly behind the second one from the outside might seem unnecessary. You could simply configure the second router in switch or bridge mode instead, avoiding extra complexity. The TPLINK can share ISP IPs over TPLINK Wi-Fi. Two NAT devices can work, but if they don't, troubleshooting becomes difficult and stressful.
I understand your perspective, but I reside in Brazil, and things are quite different... The problem with using the ISP as a bridge is that sometimes connections drop, Wi-Fi doesn't respond well, and apps like Netflix or Instagram behave oddly—videos may not load. I'm talking about 500mb fiber internet. It seems they enforce certain rules, possibly throttling PPPoE connections instead of your MAC address. What I know is that with the new setup (router acting as a router without DHCP or Wi-Fi), everything runs smoothly at full speed. Regarding port 20080, in Brazil ISPs block common web ports like 80 and 443 for regular users, only allowing business customers. This situation is really frustrating. I've tried using ISP (20080 ↔ 20080) TPLINK (20080 ↔ 80) but still can't access my Apache site. The Plex ISP (32400 ↔ 32400) works perfectly now—removed the DMZ and used a single port forward.