Dynamic DNS from behind NAT

Tony_Burton · November 3, 2005, 6:55am

I would like to set up a dns-update client on my Mikrotik, which is behind a NAT gateway. The command line works fine when I do it manually.

How can I find the current public IP address of my gateway in a script?

Tony

Eugene · November 3, 2005, 8:53am

Where should the script run?
On the client you have no way to get gateway’s public IP address, unless some really strong magic is employed.

Tony_Burton · November 3, 2005, 9:01am

It can be done by checking the response from a web service such as http://www.whatismyip.com but I haven’t worked out how to do this on RouterOS. There’s nothing magic about it.

Eugene · November 3, 2005, 9:08am

Sure, it’s nothing magic in perl, but think of it in terms of RouterOS scripting

Tony_Burton · November 3, 2005, 9:30am

The commands from a bash shell would be:

> wget http://www.whatismyip.com
> grep displaycopy index.html | cut -d"'" -f2
> rm -f index.html

Any ideas how this could be done in RouterOS?

Eugene · November 3, 2005, 10:57am

I’d say it’s impossible. You need some workaround for this. Do you have control over NAT gw? What OS does it run?

lastguru · November 3, 2005, 12:12pm

I am known to be the greatest magician of 'em all

can your gateway have a dns name (any name, for example, literally “my.domain”)? on any dns server, even in itself. the main point is to get it to reply its IP with dns protocol. if it is possible to do that, then make the MT resolve DNS through that host (you can configure it as a secondary dns).

to get the wanted IP, ping the dns address from the MT, then lookup the IP in the “/ip dns cache” table

Tony_Burton · November 4, 2005, 8:44pm

I am really after a generic solution that will work from behind any NAT. I have had some success with telnet:

> /system telnet ipid.shat.net 80

After establishing a connection I request the IP address page:

GET http://ipid.shat.net/iponly/ HTTP/1.0

Please note the extra line feed after the command.

This replies with the HTML of a web page containing my public IP address. Is there any way of parsing the address from the rest of the text?

changeip · November 4, 2005, 9:12pm

Is the public IP not on the mikrotik at all? Not sure if you can’t get your public ip because the mikrotik is behind another NAT other than itself.

Sam

Tony_Burton · November 4, 2005, 9:22pm

That’s right, the Mikrotik router is behind another NAT gateway. Otherwise the solution would be really simple.

changeip · November 4, 2005, 9:24pm

I’m trying to make a super sweet new process for detecting your IP address… you simply query a hostname and you always get your IP back. Of course you run into problems when you use a resolver but if you can query a dns server directly then it would help you.

Sam

Tony_Burton · November 4, 2005, 10:01pm

Thanks Sam, your assistance is very much appreciated.

Tony

Tony_Burton · November 12, 2005, 2:29am

Hi Sam,

Have you made any progress on the new process for detecting my IP address?

Tony

changeip · November 12, 2005, 5:26am

I have not yet… might be a few weeks as I’m trying to finish up the new client software first. I will post an update when I get something.

Thx

hecklertm · November 21, 2005, 3:49pm

Have you considered trying to customize the login.html built into hotspot user authentication webservice so that the login page when accessed attempts to do a form post to a page on another webserver (normally this is done when you use an external authentication server). That other webserver’s http logs should show originating ip address of the router in it when it made the request.

If you have a script on a server periodically browse to the router’s hotspot login page, it will then kick off that form and thereby create another entry in the remote webservers http log, which can subsequently be checked by some other scripted means of your choice on that server and make necessary updates… What do you think?

changeip · November 21, 2005, 5:59pm

I think it might be easier for us to simply create a special IP record that when we see it come in we throw it out and detect your remote address … ie, with /tool dns-update you send us ip as 127.0.0.99 and we throw that out and detect your remote it … something like that . Let me think more about this and will setup something more formally.

Thx,
Sam

hecklertm · November 22, 2005, 2:16am

That should work as long as your tool logs the originating ip address of the computer which sent the update. It would be much easier and would stay within the scope the DDNS tool. Sounds like it has good potential.

changeip · November 22, 2005, 5:06am

Until something else comes up better we have implemented a special ip to use; 127.0.0.255. When sending your Dynamic DNS updates you can send 127.0.0.255 and we will ignore that entry and default to your detected IP address. Please be aware that if you are going thru any proxyies or natted devices that we will see that machines IP. In most cases this is the expected result.

Another reason why ChangeIP.com ddns is better than the others : )

hecklertm · November 22, 2005, 5:42am

Hey, that’s’ great! Thanks for adding it in. I bet it will come in handy for many people in time.

Tony_Burton · November 23, 2005, 5:43pm

Thanks for doing this Sam. I realise that it is an interim measure because you probably don’t want people hitting your site every 5 minutes with an update using 127.0.0.255. Just how often will you allow updates using 127.0.0.255?

Tony