This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos DDNS unable to determine IP address behind NAT

Hello,

We have a Sophos firewall (SFOS 19.0.0 GA-Build317) behind a NAT router, and there is an issue with dynamic DNS on the firewall that shows a failed/unknown update when the NATed public IP option is selected. It already checked with two different DNS providers: Google and Cloudflare.

The DNSD,FQDND and DNSgrabber services are running on the firewall.

The WAN PORT IS PORT2 which DHCP assigned Private IP address and the issue is that at the time of failed resolution showing up with the NATed public IP option selected, , but it works fine when the Port IP option is selected.

The command output from the CSC service in debug is:

# tail -f /log/ddc.log                         
cache{****.net}{mx}           :                                          
cache{****.net}{static}       : 0                                        
cache{****.net}{status}       :                                          
cache{****.net}{warned-min-error-interval} : 0                           
cache{****.net}{warned-min-interval} : 0                                 
cache{****.net}{wildcard}     : 0                                        
cache{****.net}{wtime}        : 30                                       
[2022-07-29 15:37:45Z] DEBUG:    get_ip: using cmd, curl --capath /conf/certific
ate/cacerts/ checkip.cyberoam.com/ --silent -m 30 --interface Port2 repo
rts <undefined>                                                                 
[2022-07-29 15:37:45Z] WARNING:  unable to determine IP address                 
[2022-07-29 15:37:45Z] DEBUG:    sleep 300

While trying to resolve the dynamic domain it is getting resolved to the correct IP address on the cli but showing failed on GUI.

Best regards,

This thread was automatically locked due to age.

0 Bharat J over 2 years ago in reply to Ally

Hi Ally

Ally said:
we already checked with three different service providers: DynDNS, Google and Cloudflare. None of them work.

that would be the reason from

Can you release the configuration from all DDNS services providers and try again attached to the same Interface?

Also try to get the logs status as guided and share the output

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Ally over 2 years ago in reply to Bharat J
Bharat J said:
2. run the command tail -f /log/WINGc.log

Hi Bharat, Here are the output results of the command: tail -f /log/WINGc.log

checking if my firewall is enabled ?
checking if my firewall is enabled ?
checking if my firewall is enabled ?
...

Bharat J said:
to restart WINGc service run below command :

service WINGc:restart -ds nosync

200 OK

As requested, we released the configuration from the DDNS services providers and attached again to the same Interface. Still DDNS status updates shows failed.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 2 years ago in reply to Ally

Hi Ally

Take a look at the following logs as well, to see if you find more information on what might be causing the issue.

applog.log, csc.log, ddc.log, tomcat.log

Regards
Cancel
Vote Up 0 Vote Down

Cancel

0 Ally over 2 years ago in reply to Bharat J

Hi Bharat, we checked the other logs, but it is not clear what could be causing the issue. Thanks.

Here is the output result from applog.log

Aug 02 16:21:11Z Request type = 1 
Aug 02 16:21:11Z apiInterface:versionsupported: true. 
Aug 02 16:21:11Z apiInterface:request mode -> 352. 
Aug 02 16:21:11Z apiInterface:Current ver :::'1900.1' 
Aug 02 16:21:11Z apiInterface:entityjson::::::::network::dynamicdns=HASH(0xa9aeef0) 
Aug 02 16:21:11Z Info:: Transaction will not be rolled back for opcode ddc:update_account. If any operation fails, request is part of multiple request : 
Aug 02 16:21:12Z DDC Client updated successfully.

output from ddc.log:

cache{***.net}{mx}             :                                          
cache{***.net}{static}         : 0                                        
cache{***.net}{status}         :                                          
cache{***.net}{warned-min-error-interval} : 0                             
cache{***.net}{warned-min-interval} : 0                                   
cache{***.net}{wildcard}       : 0                                        
cache{***.net}{wtime}          : 30                                       
[2022-08-02 16:26:33Z] DEBUG:    get_ip: using cmd, curl --capath /conf/certific
ate/cacerts/ checkip.cyberoam.com/ --silent -m 30 --interface Port2 repo
rts <undefined>                                                                 
[2022-08-02 16:26:33Z] WARNING:  unable to determine IP address                 
[2022-08-02 16:26:33Z] DEBUG:    sleep 300                                      
[2022-08-02 16:30:17Z] MSG:      child exited, status=0 pid=10698               
[2022-08-02 16:30:17Z] MSG:      Child exited, Creating new ddclient process    
[2022-08-02 16:30:17Z] MSG:      ddclient process started: '12822'              
[2022-08-02 16:30:21Z] DEBUG:    file /cfs/ddclient/ddclient.conf: file /cfs/ddc
lient/ddclient.conf must be accessible only by its owner.
...
[2022-08-02 16:30:29Z] DEBUG:    get_ip: using cmd, curl --capath /conf/certific
ate/cacerts/ checkip.cyberoam.com/ --silent -m 30 --interface Port2 repo
rts <undefined>                                                                 
[2022-08-02 16:30:29Z] WARNING:  unable to determine IP address                 
[2022-08-02 16:30:29Z] DEBUG:    sleep 300

output from tomcat.log:

2022-08-02 12:34:18,384:INFO:CSC - EventBean: { opCode: ddc:update_account, mode
: 352, waitForeResponse: true, requestType: 0, opcodetype: 1, entityId: 14, bean
Name: cyberoam.network.helpers.DDNSAccountHelper, syncalbe: true, comProtocol: u
 }                                                                              
2022-08-02 12:34:18,388:INFO:HFHelper - X-FROWARDED-FOR: 10.0.***.10            
2022-08-02 12:34:18,388:INFO:CSC - UserId: 3, ___username: admin, __currentlylog
gedinuserip: , ___component: GUI                                                
2022-08-02 12:34:18,388:INFO:CSC - Event Bean:{ opCode: ddc:update_account, mode
: 352, waitForeResponse: true, requestType: 0, opcodetype: 1, entityId: 14, bean
Name: cyberoam.network.helpers.DDNSAccountHelper, syncalbe: true, comProtocol: u
 }                                                                              
2022-08-02 12:34:18,388:INFO:CSC - Keys in json: ["ipaddress", "___serverport", 
"___component", "loginname", "extiface", "transactionid", "serviceproviderid", "
accountid", "hostname", "currentlyloggedinuserid", "___serverprotocol", "___user
name", "___meta", "___serverip", "currentlyloggedinuserip"]                     
2022-08-02 12:34:18,391:INFO:CSC - final opcode:                                
opcode apiInterface csc/1.0                                                     
content-type:json                                                               
content-length:424

output from csc.log:

 PAckage ::::network::dynamicdnsMESSAGE   Aug 02 16:32:29Z  [worker:13423]: {"re
quest":{"method":"opcode","name":"apiInterface","version":"1.2","type":"json","l
ength":244,"data":{"mode":2516,"___serverport":4444,"___component":"GUI","APIVer
sion":"1900.1","___serverprotocol":"http","___username":"admin","___initialsetup
":"1","___meta":{"sessionType":1},"___serverip":"192.168.1.0","currentlyloggedin
userip":"10.0.***.10"}}}                                                        
MESSAGE   Aug 02 16:32:30Z  [worker:13365]: {"request":{"method":"opcode","name"
:"get_wizard_flags","version":"1.6","type":"json","length":336,"data":{ "___init
ialsetup": "1", "APIVersion": "1900.1", "___serverport": 4444, "___serverprotoco
l": "http", "___component": "GUI", "___username": "admin", "___cmrequest": 0, "_
__serverip": "192.168.1.0", "mode": 2516, "currentlyloggedinuserip": "10.0.***.1
0", "currentlyloggedinuserid": 3, "___meta": { "sessionType": 1 }, "___cmenabled
": 0 }}}                                      a                                  
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.mandatory): 
failed with -16                                                                 
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.offline): fa
iled with -16                                                                   
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.up2dateoff):
 failed with -16                                                                
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.state): fail
ed with -16                                                                     
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.
ERROR     Aug 02 16:32:30Z  [get_wizard_flags:13365]: nvram_eget(wz.popup): fail
ed with -16                                                                     
WARNING   Aug 02 16:32:30Z  [get_wizard_flags:13365]: Action with NOFAIL Failed.

0 Vivek Jagad over 2 years ago in reply to Ally

Hey Ally, you are using the cloudflare as a service provider, right ?
Can you perform a tcpdump packet capture with the provider's hostname or server IP?
Create and download a packet capture : https://support.sophos.com/support/s/article/KB-000037007?language=en_US
Cancel
Vote Up 0 Vote Down

Cancel