Synology target both from LAN & externally?

Hello,

I’m having trouble finding a way to use Synology as Duplicati target for a laptop which is half the time in the same LAN as Synology, other times external to the LAN. E.g., SFTP works fine in local LAN, either using the Synology’s local ip, e.g. 192.168.1.53, or externally bound ip to my router, e.g. xxx.yyy.zzz.123. However, if I use instead the web address bound the external ip, e.g. myhomenetwork.duckdns.org, Duplicati complains: “Failed to connect: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond”.

I guess one solution could be to have the web address name bind to the local ip when the laptop is connected to the local LAN, otherwise use the external ip address. Is there a way to do this without running one’s own DNS server? And why does the SFTP work when using the external ip address directly but not when using the corresponding name? nslookup on the same Win10 machine does resolve to the correct external ip.

Am I overthinking this? How can I have Synology target accessible by Duplicati both from LAN and externally (for the same machine)?

Martti

Do you have port forwarding correctly set on your router?

Update - yes, just tried. I can access the SSH on Synology from an external computer with my home network’s DynDNS web address. It is just that when connected to the same LAN as Synology, Duplicati does not accept the web address, but wants the ip address instead. Both local and external ip-addresses do work.

(Yes, I think so. TCP is forwarded to the port I chose on Synology for the SSH. Since the external ip-address works, doesn’t that also suggest port forwarding is ok?)

It sounds like your router can’t figure out NAT loopback. So although it works externally the router refuses to route your traffic back into the local network when it gets an internal request to connect to it’s public facing IP.

This sounds like a similar issue that prompted me to post this topic:

For me, while I could always use the external reference that basically meant that I was backing up at my broadband speeds rather than my LAN speeds.

I haven’t tested this theory yet but one potential workaround might be a --run-script-before script that figures out if the destination is available on the local LAN then adjusts the server and port values as necessary.

Theoretically the destination can be adjusted by setting the DUPLICATI__REMOTEURL in the script, though I’m not sure about setting the port. And, again, I haven’t actually tested this yet. :wink:

1 Like

I can recommend using WebDAV with Synology. Single port to forward and it works fine from lan/internet ant is super easy to setup.

EDIT:
I would probably solve IP / router problem:
Option 1: Local dns server with internet hostname
Option 2: User harpin / masqarade for accessing LAN device from lan via public IP (depending on router options). I could help with Mikrotik

That will not solve his IP / router issues I believe.
I agree webdav is an easy setup.

Thanks for all the suggestions! The problem has probably nothing to do with Duplicati as such. I have the same issue with WebDAV.

I have Fritzbox as my router and it uses “DNS Rebind Protection”, which I thought was the problem: “FRITZ!Box suppresses DNS responses that refer to IP addresses in its own home network (DNS rebind protection).” One can add a list of domain names for which DNS rebind protection should not apply, however, adding my domain name to the list does not help. Anyway, not sure how this is related to “NAT lookback” (or is it) which apparently might fix this.

I guess my only choice is run my own DNS-server, which I wanted to avoid. It would be nice to have Duplicati be able to detect whether a local target is available and only if not, then use an alternative url.

If you can enable NAT loopback on the router, it should work. I use that for my NAS box and have a public DNS name that always resolves to the external IP. When I am on the LAN, the router just reroutes the traffic back in, and I get LAN speeds, no need to do anything special.

Yes, unfortunately Fritzbox 5490 does not seem to support NAT loopback. I thought disabling the DNS rebind protection for my ddns domain name would have done it. Alas not. Need to find some other solution.