Author Topic: No-ip DUC -  (Read 8733 times)

Offline brucine

  • Comodo's Hero
  • *****
  • Posts: 1533
Re: No-ip DUC -
« Reply #15 on: December 11, 2010, 04:22:51 PM »
A few observations:

1) My memory goes bad: No-IP DUCS default port is not 7245, but 8245.

2) If we want to understand what goes on, we should know what hardware ensures the internet connexion, if not a router, and if one or several computers are connected as a LAN to this device.

3) And also what programs you intend to run (Concerning Utorrent or more generally speaking whatever p2p software, i am the dumbest guy on earth, but the needed ports and authorizations are well documented in this same forum.)
Note that stealthing ports from CIS is a nasty idea if you are running a p2p client as, by definition, your guest does not know your ip and domain name before connecting, and needs to "see" your computer. (Use the second choice, alerts per ip and port).
If you want to secure such a connexion, No-IP is not relevant, and you should better use a VPN client (call it Hamachi or whatever you like, but i am not sure that CIS likes 5.x Hamachi virtual IPs).

4)Thus, the only reason of wanting a No-IP redirection is being provided a dynamic IP from your ISP, and needing someone to connect to your computer without previously needing to phone or mail your current IP to the said person: as such, my No-IP experience is limited to running a FTP and HTTP server (the former is easier) and to remote desktop with various softwares (VNC, Radmin...) at a time when, running then Windows 2000, Microsoft did not provide such a built-in facility.

5) No-IP mail support has always been very courteous, but as unefficient, probably due to the conjonction of you running a free software and of No-IP support sending you standard answers, they are not in front of your computer(s).
I don't believe that most ISP forbid nowadays connexions to ports 80 and 21, but if so, change your ISP, and it is anyhow very easy to check, as we shall see next, even if you don't read your ISP documentation or ask him anything.

6) Not speaking of a manual, it is not true to state that No-IP does not provide comprehensive help; please link to http://www.no-ip.com/support/, where you shall find not only standard configurations tutorials for most usual situations, but tools to test the previous "ISP theory": http://www.canyouseeme.org/

7) This being said, and in order to make a No-IP connexion work, you need:
-Of course to acquire a domain name at No-IP, let's call it toto.myftp.org
-To run No-IP DUCS as a service if you want to be able to be connected without your intervention
-To define your computer not with a DHCP lease, but with a fixed LAN IP: let's call it 192.168.0.1
-In such a situation, No-IP must redirect to this LAN IP (and NOT the WAN one): for larger chances of success, you need to rewrite your HOSTS file accordingly, e.g.:

192.168.0.1                toto.myftp.org

it might be useful to copy this original HOSTS under X:\WINDOWS\system32\drivers\etc to
X:\WINDOWS\system32 (remember that these files are system and hidden).
Moreover, if some internet connection sharing device exists and if it has a NAT ability, you must:

-redirect all concerned connexions to the local concerned computer.
The most powerful function, if available, is DMZ (DeMilitarizedZone): force it to redirect everything to 192.168.0.1.
If not available, or if you want to keep some interactive applications on other LAN computers, the next one is the Virtual Server function (might, as DMZ and depending upon the device, have other names).
In the example of a FTP server, passive mode, you would have the following rules:

Global Port              Local IP           Local Port         Protocol
8245                      192.168.0.1    8245                TCP
21                          192.168.0.1    21                    TCP
20                          192.168.0.1    20                    TCP

These rules are the same on the firewall side, but shall need some other writings (svchost, browser...): in order to avoid the pain of writing them manually, you should therefore set the firewall to custom, maximal alert level in order for the firewall to automatically ask for these rules; it is better, in this last regard, to disable both the Sandbox and the Trusted Vendors.

In order to test your No-IP connectivity before CIS rules are written, you should of course start to test the No-IP redirection with the firewall temporarily disabled, and next to write these rules after you are sure that the connexion itself works.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek