Random behavior of port forwarding after upgrade to V1.12 - Identified as wrong local IP lookup by aruljohn.com

[cr1cr1]

Hi,
I've been using Gargoyle very successfully for quite a long time. I had V1.6.0 running on a WNDR3700v2.
I upgraded yesterday my router to V1.12 without preserving settings. Then I have updated the following files with my previous config from the backup file : hosts, ethers, firewall and qos_gargoyle. I did not just copy the files, I updated the content, keeping the fresh headers / configs if they were any.
I then updated all other configs (dynamic dns, wireless config, passwd, plugins, etc. ) manually with the screenshots I had made for all config screens.
Everything seemed to be working fine: checked dyn dns IP update process, access to internal servers (Domoticz home automation in particular) from outside using port forward...
Nothing else was updated (Internal network config, server...)

This morning, I tried to access my Domoticz server from outside (mobile phone not on wifi) and it did not work. I checked the Gargoyle logs. I only found a message that raised my attention :
daemon.warn dnsmasq[8706]: possible DNS-rebind attack detected: mydomainname

The message was not timely correlated though. I also checked the dyn dns : correct IP address. Correct routing from outside.

After a few minutes, it worked again. Without having changed any config. I was just looking at the logs.

Since then, I remarked that sometime it goes through, sometime not.

What could be the issue? V1.6 was very stable for me. Should I fine-tune something to prevent this DNS-rebind attack detection? Could this be related / explained that it comes back working after a while?

Thanks for any help

[RomanHK]

Because you use many Gargoyle services, it's probably going to be low on memory, because Gargoyle v1.12 (OpenWrt 18.06) takes up more system resources - that's my diagnosis, but maybe I'm wrong.

[cr1cr1]

Device status :
Device Name:WNDR3700-Gargoyle
Gargoyle Version:1.12.0
Model:NETGEAR WNDR3700v2
Device Configuration:Gateway
Memory Usage:30.5MB / 58.6MB (52%)
Connections:398/16384
CPU Load Averages:0.07 / 0.02 / 0.00 (1/5/15 minutes)

I also checked with top and free. Still 15Megs of free memory:
root@WNDR3700-Gargoyle :/etc/config# free
total used free shared buffers cached
Mem: 60100 45372 14728 452 3960 10000
-/+ buffers/cache: 31412 28688
Swap: 0 0 0

[ispyisail]

Then I have updated the following files with my previous config from the backup file.................

This is always going to be a risk

Reset again and try one step at a time or try only with the GUI

We don't really support non-GUI functions.

[cr1cr1]

OK thanks, I'll do that if I can't fix it with the above first attempt.
At least, DHCP config should be just fine with the files ethers & hosts, right?

My first attempt is to rebuild the config files by saving the GUI data with null modifications.

[cr1cr1]

Hi there!
I just found what the issue is. No fix yet though. Logs show:
Sun Apr 19 11:46:25 2020 daemon.info ddns_gargoyle[30622]: Checking whether update needed:
Sun Apr 19 11:46:25 2020 daemon.info ddns_gargoyle[30622]: service provider=ovh.com
Sun Apr 19 11:46:25 2020 daemon.info ddns_gargoyle[30622]: domain=home.crc10.com
Sun Apr 19 11:46:26 2020 daemon.info ddns_gargoyle[30622]: Successfully retrieved local ip from url: https://aruljohn.com
Sun Apr 19 11:46:26 2020 daemon.info ddns_gargoyle[30622]: local IP = 10.20.xx.xx
Sun Apr 19 11:46:26 2020 daemon.info ddns_gargoyle[30622]: remote IP = 77.202.xx.xx

Basically, it has updated my Dynamic DNS service with an IP address that is not correct. The right one should be 77.202.x.x

I looked further back into the logs and sometimes, the address is properly identified, sometimes not (10.20.x.x) and then it updates the dyn dns with this wrong address.

How to make sure my external IP address ("local") is properly identified (it hasn't changed since 15 days, and I did not have this issue with Gargoyle V1.6.0 dyn dns management). It seems that aruljohn.com sometimes identifies a wrong local IP address.

[Lantis]

Yea, his website doesn't work and is not interested in fixing it for us. I'm not sure if the error is intentional or not.

This post: viewtopic.php?p=53270#p53270
deals specifically with blocking "checkmyip". You would need to adjust this for blocking "aruljohn".

This site has been removed in the lastest versions of Gargoyle.

[cr1cr1]

Thanks a lot Lantis for the confirmation.
What was V1.6.0 using as local IP lookup service? It was working perfectly for me. Was it checkmyip.com ?
If so, where could I change the service being used in V1.12?

PS.: Congrats again all the maintainers of Gargoyle, great tool!
Cheers from France.

[Lantis]

It uses about 15 different sites in a round robin fashion.
It may be sending an older header which makes it work in 1.6.x, unsure.

If it can't get a response, it tries another one. Of course it does not know the difference between a response that is incorrect, and a correct response. They're both valid.

You can't change where it is checking, this is baked into the software. If you wanted to recompile it, you could of course change it then.

[cr1cr1]

OK thanks.
I've found a workaround as my ISP provider box firmware now works with my DynDNS provider - was not the case before...
So I'm disabling it in Gargoyle.