1. Home
  2. Cisco Systems
  3. dyndns ip update desn't work

dyndns ip update desn't work

I have a 877w with ios 12-4.15T6. I don't know if it is a bug of this particular ios, but the ip of my dyndns is never updated.

Here is my config:

no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging buffered 4096 ! no aaa new-model clock timezone MET 1 clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 ! crypto pki trustpoint TP-self-signed-xxxx enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-xxxxxx revocation-check none rsakeypair TP-self-signed-xxxxxxx ! ! crypto pki certificate chain TP-self-signed-xxxxxxx certificate self-signed 01 nvram:IOS-Self-Sig#E.cer dot11 syslog ! dot11 ssid ArmorReti vlan 1 authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 xxxxxxxxx ! ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.12 ! ip dhcp pool sdm-pool1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 195.186.1.111 195.186.4.111 lease infinite ! ip dhcp pool STATIC-1 host 192.168.1.2 255.255.255.0 client-identifier 0100.12dc.5c47.6b client-name AladinoVoip ! ip dhcp pool STATIC-2 host 192.168.1.3 255.255.255.0 client-identifier 0100.0129.d1a5.83 client-name Armor ! ip dhcp pool STATIC-3 host 192.168.1.4 255.255.255.0 client-identifier 0100.14bf.62ca.d9 client-name NSLU2 ! ip dhcp pool STATIC-4 host 192.168.1.5 255.255.255.0 client-identifier 0100.1731.c2ee.97 client-name Amelia ! ip dhcp pool STATIC-5 host 192.168.1.6 255.255.255.0 client-identifier 0108.1073.0dcd.b0 client-name Vale ! ip dhcp pool STATIC-6 host 192.168.1.7 255.255.255.0 client-identifier 0100.2100.6593.7f client-name Maggi ! ip dhcp pool STATIC-7 host 192.168.1.8 255.255.255.0 client-identifier 0100.16fe.7b43.70 client-name HP-rw6815 ! ip dhcp pool STATIC-8 host 192.168.1.9 255.255.255.0 client-identifier 0100.1d0f.b59d.5f client-name Crema-wifi ! ip dhcp pool STATIC-9 host 192.168.1.11 255.255.255.0 client-identifier 0100.0c6e.a800.62 client-name Crema-eth ! ! ip name-server 195.186.1.111 ip name-server 195.186.4.111 ip inspect log drop-pkt ip inspect name Firewall cuseeme ip inspect name Firewall dns ip inspect name Firewall ftp ip inspect name Firewall h323 ip inspect name Firewall https ip inspect name Firewall icmp ip inspect name Firewall imap ip inspect name Firewall pop3 ip inspect name Firewall rcmd ip inspect name Firewall realaudio ip inspect name Firewall rtsp ip inspect name Firewall esmtp ip inspect name Firewall sqlnet ip inspect name Firewall streamworks ip inspect name Firewall tftp ip inspect name Firewall tcp ip inspect name Firewall udp ip inspect name Firewall vdolive ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ip ddns update method sdm_ddns1 HTTP add http://galerio: snipped-for-privacy@members.dyndns.org/nic/updatesystem=dyndns&hostname=&myip= remove http://galerio: snipped-for-privacy@members.dyndns.org/nic/updatesystem=dyndns&hostname=&myip= ! ! multilink bundle-name authenticated ! ! username xxxxxxxxx privilege 15 password 0 xxxxxxxx ! ! archive log config hidekeys ! ! ! bridge irb ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode adsl2+ ! interface ATM0.1 point-to-point description $ES_WAN$ pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers tkip ! ssid ArmorReti ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root world-mode dot11d country IT both ! interface Dot11Radio0.1 encapsulation dot1Q 1 native bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 no ip address ip tcp adjust-mss 1452 bridge-group 1 ! interface Dialer0 ip ddns update hostname galerio.dyndns.org ip ddns update sdm_ddns1 ip address negotiated ip access-group 101 in ip mtu 1492 ip nat outside ip inspect Firewall out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname xxxxxxxxxxxxxxxxxx ppp chap password 0 pianta ! interface BVI1 ip address 192.168.1.1 255.255.255.0 ip access-group 102 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip nat inside source list 1 interface Dialer0 overload ip nat inside source static udp 192.168.1.2 5060 interface Dialer0 5060 ip nat inside source static tcp 192.168.1.2 5060 interface Dialer0 5060 ip nat inside source static udp 192.168.1.3 9 interface Dialer0 9 ip nat inside source static tcp 192.168.1.3 4711 interface Dialer0 4711 ip nat inside source static tcp 192.168.1.3 7395 interface Dialer0 7395 ip nat inside source static udp 192.168.1.3 8457 interface Dialer0 8457 ip nat inside source static udp 192.168.1.3 35238 interface Dialer0 35238 ip nat inside source static tcp 192.168.1.3 35238 interface Dialer0 35238 ip nat inside source static tcp 192.168.1.3 81 interface Dialer0 81 ip nat inside source static tcp 192.168.1.3 5900 interface Dialer0 5900 ip nat inside source static tcp 192.168.1.3 6346 interface Dialer0 6346 ip nat inside source static udp 192.168.1.3 6346 interface Dialer0 6346 ip nat inside source static tcp 192.168.1.4 4712 interface Dialer0 4712 ip nat inside source static udp 192.168.1.4 5672 interface Dialer0 5672 ip nat inside source static udp 192.168.1.4 4665 interface Dialer0 4665 ip nat inside source static tcp 192.168.1.3 5800 interface Dialer0 5800 ip nat inside source static tcp 192.168.1.3 36433 interface Dialer0 36433 ip nat inside source static tcp 192.168.1.3 6348 interface Dialer0 6348 ip nat inside source static udp 192.168.1.3 6348 interface Dialer0 6348 ip nat inside source static tcp 192.168.1.3 15698 interface Dialer0 15698 ip nat inside source static udp 192.168.1.3 15698 interface Dialer0 15698 ip nat inside source static tcp 192.168.1.3 6347 interface Dialer0 6347 ip nat inside source static udp 192.168.1.3 6347 interface Dialer0 6347 ip nat inside source static tcp 192.168.1.4 5662 interface Dialer0 5662 ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 101 remark *** Traffico abilitato ad entrare nel router da internet

**** access-list 101 permit tcp host 63.208.196.96 eq www any log access-list 101 permit udp host 207.46.232.42 eq ntp any access-list 101 permit udp host 192.43.244.18 eq ntp any access-list 101 permit gre any any access-list 101 remark ************************************************************* access-list 101 remark *** ACL port forwarding *** access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq 4711 access-list 101 permit tcp any any eq 7395 access-list 101 permit tcp any any eq 35238 access-list 101 permit tcp any any eq 81 access-list 101 permit tcp any any eq 5900 access-list 101 permit tcp any any eq 6346 access-list 101 permit tcp any any eq 5800 access-list 101 permit tcp any any eq 36433 access-list 101 permit tcp any any eq 6348 access-list 101 permit tcp any any eq 15698 access-list 101 permit tcp any any eq 6347 access-list 101 permit tcp any any eq 5060 access-list 101 permit udp any any eq 5060 access-list 101 permit tcp any any eq 4712 access-list 101 permit tcp any any eq 5662 access-list 101 permit udp any any eq 5672 access-list 101 permit udp any any eq 4665 access-list 101 permit udp any any eq 9 access-list 101 permit udp any any eq 8457 access-list 101 permit udp any any eq 35238 access-list 101 permit udp any any eq 6346 access-list 101 permit udp any any eq 6348 access-list 101 permit udp any any eq 15698 access-list 101 permit udp any any eq 6347 access-list 101 remark ************************************************************* access-list 101 deny ip 0.0.0.0 0.255.255.255 any access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip 169.254.0.0 0.0.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.0.2.0 0.0.0.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 198.18.0.0 0.1.255.255 any access-list 101 deny ip 224.0.0.0 0.15.255.255 any access-list 101 deny ip any host 255.255.255.255 access-list 101 deny icmp any any echo access-list 101 deny ip any any log access-list 102 remark ************************************************************* access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet access-list 102 permit ip any host 192.168.1.1 access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 102 permit ip any host 255.255.255.255 access-list 102 deny ip any host 192.168.1.255 access-list 102 deny udp any any eq tftp log access-list 102 deny ip any 0.0.0.0 0.255.255.255 log access-list 102 deny ip any 10.0.0.0 0.255.255.255 log access-list 102 deny ip any 127.0.0.0 0.255.255.255 log access-list 102 deny ip any 169.254.0.0 0.0.255.255 log access-list 102 deny ip any 172.16.0.0 0.15.255.255 log access-list 102 deny ip any 192.0.2.0 0.0.0.255 log access-list 102 deny ip any 192.168.0.0 0.0.255.255 log access-list 102 deny ip any 198.18.0.0 0.1.255.255 log access-list 102 deny udp any any eq 135 log access-list 102 deny tcp any any eq 135 log access-list 102 deny udp any any eq netbios-ns log access-list 102 deny udp any any eq netbios-dgm log access-list 102 deny tcp any any eq 445 log access-list 102 deny ip any any log access-list 102 remark ************************************************************* dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 sntp server 207.46.197.32 sntp server 192.43.244.18 end
Reply to
Galerio
Loading thread data ...

Solved. the acl was blocking the dns translation of the http address for ddns update. Now it is working well all.

Bye!

Reply to
Galerio

Galerio schrieb:

Remove the remove stanza under the dyndns config. If your router wants to fire this command it is usually not able to reach the target anymore. Also setting the update frequecy limit according to dyndns' abuse policy prevents your account from being closed "interval maximum 28 0 0 0" is strongly recommended.

Reply to
Uli Link

I am not getting any errors, just the "404" after the "DATA START"

When I check the DynDNS web page the ip has NOT been updated. I did find a note on the dyndns forum that the logon password needs to be 6 characters. Mine is.

Any ideas?

Kevin

ADSL#

*Mar 12 06:45:51.178: DYNDNSUPD: Adding DNS mapping for mydomain.homeip.net 64 .229.179.83 server 63.208.196.95 *Mar 12 06:45:51.178: HTTPDNS: Update add called for mydomain.homeip.net 64.22 9.179.83 *Mar 12 06:45:51.182: HTTPDNSUPD: Session ID = 0xC *Mar 12 06:45:51.182: HTTPDNSUPD: URL = 'http://myname: snipped-for-privacy@members.dyndns.org/nic/update&hostname=mydomain.homeip.net&myip=64.229.179.83' *Mar 12 06:45:51.186: HTTPDNSUPD: Sending request *Mar 12 06:45:51.354: HTTPDNSUPD: Response for update mydomain.homeip.net 64.2 29.179.83

*Mar 12 06:45:51.358: HTTPDNSUPD: DATA START

404 *Mar 12 06:45:51.358: HTTPDNSUPD: DATA END, Status is Response data recieved, su ccessfully *Mar 12 06:45:51.358: HTTPDNSUPD: Call returned SUCCESS, update of mydomain.homeip .net 64.229.179.83 succeeded *Mar 12 06:45:51.362: DYNDNSUPD: Another update completed (outstanding=0, total= 0) *Mar 12 06:45:51.366: HTTPDNSUPD: Clearing all session 12 info ADSL#
Reply to
happyboobear

snipped-for-privacy@sympatico.ca schrieb:

You have stateful inspection on the dialer interface.

The dyndns client does source from the dialer interface and so the firewall does not pinhole for the return traffic.

! ip inspect name Firewall tcp router-traffic !

or you have to add a static pinhole to your access-list 101 (works as long the ip address of members.dyndns.org is known, static and does NOT change)

Reply to
Uli Link

On Mar 17, 5:50=A0am, Uli Link wrote:

Yes, I have stateful inspection. But I also have it wide open for dyndns.org with

access-list 111 permit tcp host 63.208.196.95 any access-list 111 permit udp host 63.208.196.95 any

Please don't assume I know what I'm doing :) But, darn I'm close.

Here is my whole config... (passwords and logons changed;)

Building configuration...

Current configuration : 3563 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ADSL ! boot-start-marker boot-end-marker ! logging buffered informational enable password abc123 ! no aaa new-model no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 192.168.0.9 ip dhcp excluded-address 192.168.0.12 ! ip dhcp pool CLIENT import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.2 lease infinite ! ! ip name-server 207.164.234.193 ip name-server 207.164.234.129 ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip ddns update method DynDNS HTTP add http://mylogon: snipped-for-privacy@members.dyndns.org/nic/update%3Fsystem=3Dcustom= dns&hos tname=3D&myip=3D interval maximum 12 0 0 0 interval minimum 12 0 0 0 ! ! partition flash 2 6 2 ! username admin privilege 15 password 0 zoomzoom ! ! ! ! interface Ethernet0 ip address 192.168.0.2 255.255.255.0 ip access-group 122 out ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface Dialer1 ip ddns update hostname mydomain.homeip.net ip ddns update DynDNS host members.dyndns.org ip address negotiated ip access-group 111 in ip mtu 1492 ip nat outside ip inspect myfw out ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 ppp authentication pap chap callin ppp chap hostname b1abcd12 ppp chap password 0 7a1k0abc ppp pap sent-username b1abcd12 password 0 7a1k0abc ppp ipcp dns request ppp ipcp wins request ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 192.168.0.60 22 interface Dialer1 22 ! access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq telnet access-list 111 permit tcp host 63.208.196.95 any access-list 111 permit udp host 63.208.196.95 any access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 122 deny tcp any any eq telnet access-list 122 permit ip any any dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 line vty 0 4 exec-timeout 120 0 password abc123 login local length 0 ! scheduler max-task-time 5000 end

ADSL#

Reply to
happyboobear

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.