Problem with docker om synology and reverse proxy and dns resolver.

[spider7611]

Use in my synology nas in docker. Before it worked good for a year. Now have a problem with it. Don't know where is the problem. So have this docker have adguard docker and in adguard setup dns resolve like this: *.vtuner.com to ycast. **.synology.me If I open in browser ycast. **.synology.me get radiobrowser page, but if I use denon.vtuner.com I get the nas webstation with the World picture. Where is the problem and how can I solve this? In the ycast docer use 32770 port inside and 80 docker port. Of course use reverse proxy so http ycast.*****.synology.me port 80 to http 192.168.1.240 (nas} port 32770 use. Before it is worked good, bit now it isn't. Must do any portforward on my router? Or after my nas update do something, so that's why isn't working? Now on dsm 7.0. Thank you!

[mnasec]

I solved using ycast on Synology with docker without reverse proxy, but with iptables and tcp redirection: just ssh to synology and

iptables -t nat -A PREROUTING -s 192.168.200.9 -p tcp --dport 80 -j REDIRECT --to-port 50006

where 192.168.200.9 is the ip address of my yamaha rx-v777 and port 50006 the port of the docker container running ycast.

Von meinem iPhone gesendet

Am 18.09.2021 um 14:17 schrieb spider7611 @.***>:

 Use in my synology nas in docker. Before it worked good for a year. Now have a problem with it. Don't know where is the problem. So have this docker have adguard docker and in adguard setup dns resolve like this: *.vtuner.com to ycast. **.synology.me If I open in browser ycast. *.synology.me get radiobrowser page, but if I use denon.vtuner.com I get the nas webstation with the World picture. Where is the problem and how can I solve this? In the ycast docer use 32770 port inside and 80 docker port. Of course use reverse proxy so http ycast..synology.me port 80 to http 192.168.1.240 (nas} port 32770 use. Before it is worked good, bit now it isn't. Must do any portforward on my router? Or after my nas update do something, so that's why isn't working? Now on dsm 7.0. Thank you!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Thank your help, but after done this on my receiver get this: "Please go to radiodenon.com for more info about vTuner's full access service." So not working for me. Do you know what is the problem?

[mnasec]

I just have a yamaha, but the concept will be the same. The AV requests a http get to a special host and you need to make shure that this request will be resolved with the ip address of your synology via DNS. So possible you could take a packet capture via your router or a span port at the switch to find out to which host your AV tries to connect to. Then you should modify your dns name resolution for this host to your synology. For the yamaha rx-v777 it was radioyamaha.vtuner.com, radioyamaha2.vtuner.com and www.vtuner.com. Possibe there are same records for Denon.

Von meinem iPhone gesendet

Am 18.09.2021 um 21:00 schrieb spider7611 @.***>:

 Thank your help, but after done this on my receiver get this: "Please go to radiodenon.com for more info about vTuner's full access service." So not working for me. Do you know what is the problem?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Yes this is what I done before. "dns resolve like this: *.vtuner.com" denon.vtuner.com and denon2.vtuner.com But not working. Get always synology webstation site with "world picture".

[mnasec]

i have dsm 7.0 also and letsencrypt certificate, so webstation is listening on Port 80 for my nas also. I have got the same picture like you on Port 80, but with the iptable entry the requests on Port 80 from the source ip of the AV only will be forwarded directly to the external Port of the docker container - this works in my situation. If you start ycast with debug flag - do you see the requests - i suppose not.

Von meinem iPhone gesendet

Am 18.09.2021 um 21:40 schrieb spider7611 @.***>:

 Yes this is what I done before. "dns resolve like this: *.vtuner.com" denon.vtuner.com and denon2.vtuner.com But not working. Get always synology webstation site with "world picture".

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

iptables -t nat -A PREROUTING -s 192.168.1.135 -p tcp --dport 80 -j REDIRECT --to-port 32770 When I send this on ssh and after send this command: "iptables -L" not see this entry. What I doing wrong?

[mnasec]

iptables -t nat -L

before setting the iptables, just do a sudo su

Von meinem iPhone gesendet

Am 18.09.2021 um 21:56 schrieb spider7611 @.***>:

 iptables -t nat -A PREROUTING -s 192.168.1.135 -p tcp --dport 80 -j REDIRECT --to-port 32770 When I send this on ssh and after send this command: "iptables -L" not see this entry. What I doing wrong?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Of course used the sudo su. With that command see it: Chain DEFAULT_PREROUTING (1 references) target prot opt source destination REDIRECT tcp -- 192.168.1.135 anywhere tcp dpt:http redir ports 32770 But not working.

On ycast log see this:

2021-09-18 20:02:54,stdout,2021-09-18 20:02:54 INFO: 172.17.0.1   - - [18/Sep/2021 20:02:54] "GET /ycast/ HTTP/1.1"   200 -
--
2021-09-18   20:00:18,stdout,2021-09-18 20:00:18 INFO:    * Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
2021-09-18   20:00:18,stdout, * Debug mode: off
2021-09-18   20:00:18,stdout,   Use a   production WSGI server instead.
2021-09-18   20:00:18,stdout,   WARNING:   This is a development server. Do not use it in a production   deployment.
2021-09-18   20:00:18,stdout, * Environment: production
2021-09-18   20:00:18,stdout, * Serving Flask app "ycast.server" (lazy loading)
2021-09-18   20:00:18,stdout,2021-09-18 20:00:18 DEBUG: Debug logging enabled
2021-09-18   20:00:18,stdout,2021-09-18 20:00:18 INFO: YCast (1.1.0) server starting

on this address http://192.168.1.242:32770/ycast/ get this: -1Dirhttp://192.168.1.242:32770/ycast/radiobrowser/?vtuner=truehttp://192.168.1.242:32770/ycast/radiobrowser/?vtuner=true4Dirhttp://192.168.1.242:32770/ycast/my_stations/?vtuner=truehttp://192.168.1.242:32770/ycast/my_stations/?vtuner=true5

192.168.1.242 this is my nas ip

use this docker: netraams/ycast-docker:latest

[mnasec]

do you have still the reverse proxy config in the application portal in place? In former times i tried it with reverse proxy also, but i did not get it to work, so i deconfigured reverse proxy and ONLY use this one iptable statement, so possible your reverse proxy will get the packet before the nat rule. Try to deconfigure the reverse proxy.

Von meinem iPhone gesendet

Am 18.09.2021 um 22:10 schrieb spider7611 @.***>:

 Of course used the sudo su. With that command see it: Chain DEFAULT_PREROUTING (1 references) target prot opt source destination REDIRECT tcp -- 192.168.1.135 anywhere tcp dpt:http redir ports 32770 But not working.

On ycast log see this:

2021-09-18 20:02:54,stdout,2021-09-18 20:02:54 INFO: 172.17.0.1 - - [18/Sep/2021 20:02:54] "�[37mGET /ycast/ HTTP/1.1�[0m" 200 -

										2021-09-18 20:00:18,stdout,2021-09-18 20:00:18 INFO: * Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
2021-09-18 20:00:18,stdout, * Debug mode: off
2021-09-18 20:00:18,stdout,�[2m Use a production WSGI server instead.�[0m

2021-09-18 20:00:18,stdout,�[31m WARNING: This is a development server. Do not use it in a production deployment.�[0m											2021-09-18 20:00:18,stdout, * Environment: production
2021-09-18 20:00:18,stdout, * Serving Flask app "ycast.server" (lazy loading)
2021-09-18 20:00:18,stdout,2021-09-18 20:00:18 DEBUG: Debug logging enabled
2021-09-18 20:00:18,stdout,2021-09-18 20:00:18 INFO: YCast (1.1.0) server starting

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Deleted the reverse proxy for this docker after your first answer. Must I restart my nas after iptable modification or the reverse proxy deletion?

[mnasec]

no after a reboot the nat statement is gone, so it is configured only during runtime.

iptables -t nat -L -v shows your the number of packets and bytes, processed by this rule.

possible just for a test stop your webstation, possible binding on port 80

netstat -nap | grep :80 | more

Von meinem iPhone gesendet

Am 18.09.2021 um 22:25 schrieb spider7611 @.***>:

 Deleted the reverse proxy for this docker after your first answer. Must I restart my nas after iptable modification or the reverse proxy deletion?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Chain DEFAULT_PREROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- any any 192.168.1.135 anywhere tcp dpt:http redir ports 32770

netstat -nap | grep :80 | more tcp 0 0 0.0.0.0:8086 0.0.0.0: LISTEN 3039/docker-proxy tcp 0 0 0.0.0.0:8000 0.0.0.0: LISTEN 12075/nginx: master tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 12075/nginx: master tcp 0 0 192.168.1.242:41818 192.168.1.183:8002 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:59390 192.168.1.207:8009 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:32878 192.168.1.160:80 TIME_WAIT - tcp 0 0 192.168.1.242:41816 192.168.1.183:8002 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:41002 192.168.1.105:80 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:41814 192.168.1.183:8002 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:42008 192.168.1.104:80 ESTABLISHED 21596/python3 tcp 0 0 192.168.1.242:52046 192.168.1.165:80 ESTABLISHED 21596/python3 tcp6 0 0 :::8000 ::: LISTEN 12075/nginx: master tcp6 0 0 :::80 ::: LISTEN 12075/nginx: master udp 0 0 127.0.0.1:800 0.0.0.0: 9104/statd

[spider7611]

Stopped the webstation nothing changed. Not working. :(

[mnasec]

hmm … with

tcpdump -i eth0 host and port 80

you shoud see the requests from your AV at the ethernet interface on your nas when you start the AV to access vtuner. Do you see there packets?

Von meinem iPhone gesendet

Am 18.09.2021 um 22:51 schrieb spider7611 @.***>:

 Stopped the webstation nothing changed. Not working. :(

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

See lot of this continuosly:

3:01:34.770168 IP 192.168.1.135.http > 192.168.1.242.56076: Flags [.], ack 557, win 65535, length 0 23:01:34.776086 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [S], seq 3377874683, win 26880, options [mss 8960,sackOK,TS val 213099693 ecr 0,nop,wscale 7], length 0 23:01:34.776420 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [S.], seq 3078096, ack 3377874684, win 65535, options [mss 1460], length 0 23:01:34.776464 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 1, win 26880, length 0 23:01:34.778232 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [P.], seq 1:206, ack 1, win 26880, length 205: HTTP: GET /goform/formNetAudio_StatusXml.xml HTTP/1.1 23:01:34.778557 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [.], ack 206, win 65330, length 0 23:01:34.780280 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 1:18, ack 206, win 65535, length 17: HTTP: HTTP/1.0 200 OK 23:01:34.780305 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 18, win 26880, length 0 23:01:34.780876 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 18:40, ack 206, win 65535, length 22: HTTP 23:01:34.780895 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 40, win 26880, length 0 23:01:34.781197 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 40:58, ack 206, win 65535, length 18: HTTP 23:01:34.781215 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 58, win 26880, length 0 23:01:34.781524 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 58:83, ack 206, win 65535, length 25: HTTP 23:01:34.781543 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 83, win 26880, length 0 23:01:34.781800 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 83:122, ack 206, win 65535, length 39: HTTP 23:01:34.781818 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 122, win 26880, length 0 23:01:34.782077 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 122:124, ack 206, win 65535, length 2: HTTP 23:01:34.782096 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 124, win 26880, length 0 23:01:34.782453 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 124:171, ack 206, win 65535, length 47: HTTP 23:01:34.782473 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 171, win 26880, length 0 23:01:34.782940 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 171:180, ack 206, win 65535, length 9: HTTP 23:01:34.782963 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 180, win 26880, length 0 23:01:34.783297 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 180:197, ack 206, win 65535, length 17: HTTP 23:01:34.783318 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 197, win 26880, length 0 23:01:34.783646 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 197:214, ack 206, win 65535, length 17: HTTP 23:01:34.783676 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 214, win 26880, length 0 23:01:34.783975 IP 192.168.1.135.http > 192.168.1.242.56078: Flags [P.], seq 214:231, ack 206, win 65535, length 17: HTTP 23:01:34.783995 IP 192.168.1.242.56078 > 192.168.1.135.http: Flags [.], ack 231, win 26880, length 0

[spider7611]

what is your ycast docker setup?

[mnasec]

i have build my own docker inage - see issue#13(Add docker image), and switched to the sources of JonnieZG, because it fits better for my yamaha rx-V777 in case of radiobrowser.

in syno nothing special: Local Port 50000, containerport 80, stations.yml mounted als Volumefile

i am a little bit confused of yout tcpdump output … 2 nd packet - 192.168.1.242 -> 192.168.1.135:80 Syn and on 5th packet a get from .242 to 135

Are you shure your nas has 192.168.1.242 and 135 ist the AV?

To be shure your AV has not cached any offiicial ip address for *.vtuner.com, just power the AV complete off (plug out) and on again.

Von meinem iPhone gesendet

Am 18.09.2021 um 23:04 schrieb spider7611 @.***>:

 what is your ycast docker setup?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Yes of course my nas is 192.168.1.242 and my Denon AV: 192.168.1.135

I use Adguard docker too, before use for DNS rewrite to AV. Of course remove this entry too after your first message. Now tryed fully disabled the Adguard but nothing chaged.

Now disconnected the power cable and reconnect it but not changed. When I disconnected in the ycast docker log get this:

2021-09-19 09:12:35,stdout,2021-09-19 09:12:35 INFO: 172.17.0.1 - - [19/Sep/2021 09:12:35] "GET /ycast/ HTTP/1.1" 200 - 2021-09-19 09:12:33,stdout,2021-09-19 09:12:33 INFO: 172.17.0.1 - - [19/Sep/2021 09:12:33] "GET /favicon.ico HTTP/1.1" 404 -

I don't know what is this: INFO: 172.17.0.1 ?

Do you have any idea what can I do? thank your patience

[spider7611]

for thid: iptables -t nat -L -v

Chain DEFAULT_PREROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- any any 192.168.1.135 anywhere tcp dpt:http redir ports 32770

Chain DOCKER 0 0 DNAT tcp -- !docker0 any anywhere anywhere tcp dpt:32770 to:172.17.0.4:80

[mnasec]

did it ever run after DSM 7.0 upgrade? I am not using quickconnect, this could be a main difference between our implementations.

Von meinem iPhone gesendet

Am 19.09.2021 um 09:44 schrieb spider7611 @.***>:

 for thid: iptables -t nat -L -v

Chain DEFAULT_PREROUTING (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- any any 192.168.1.135 anywhere tcp dpt:http redir ports 32770

Chain DOCKER 0 0 DNAT tcp -- !docker0 any anywhere anywhere tcp dpt:32770 to:172.17.0.4:80

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Not used after DSM update. Only every morning Home assistant turned it on and play the last internet radio automatically. But on last friday this last played radio not worked and then go and look after what happend. So I must try to disable quickconnect?

edit: Ok disabled it but nothing change.

In my router must do any portforward?

Have this in my router upnp: upnpclient:80 | 192.168.1.242 | 80 | 80 | TCP

[mnasec]

upnp does not play a role here - it is just for automaticsly opening port 80 from the whole internet to your synology :-) if you like, possible needed for letsencrypt.

i took a look at the tcpdump, the packets seems to show connections from the nas to the AV, But as i know only the AV creates active a http session to the ycast server. so for me it seems that the network packets from the AV will not reach the NAS. Please check the dns records of denon. vtuner.com and denon2.vtuner.com. Both needs to point to the ip address of your nas: 192.168.1.242. Btw in the first post you wrote 192.168.1.240 - possible a typo or you have the wrong address :-)

If this is ok, you may disconnect you denon from your net, give your client the ip address of the AV and try to connect to http://denon.vtuner.com - you should see this access in tcpdump and iptables -v and also, if debug is set to on on the ycast console/log. And of cause you should reach the ycast server under url denon.vtuner.com.

for additional analyse you may extend the tcpdump command by -s 65535 -w dump.pcap and write the packets into a file and then view it with wireshark - if you like. But for me it seems that the packets are not arriving your nas.

Btw. for me it does not make a difference whether you switch your AV on by button, or API call like Homeassist or in my case with openhab. The AV will do a DNS lookup and then send a http get and in the several responses from the ycast server the url will be send from ycast to the AV and them the AV sends a get to the music url out to the internet So your problem starts near the time you remembered it.

Von meinem iPhone gesendet

Am 19.09.2021 um 12:33 schrieb spider7611 @.***>:

 Not used after DSM update. Only every morning Home assistant turned it on and play the last internet radio automatically. But on last friday this last played radio not worked and then go and look after what happend. So I must try to disable quickconnect?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

"Please check the dns records of denon. vtuner.com and denon2.vtuner.com. Both needs to point to the ip address of your nas" I don't know how to do that. Now if I open this 2 adress in browser go to real vtuner page. Before with reverse proxy take me to the synology webstation page with the Earth picture,

"192.168.1.242. Btw in the first post you wrote 192.168.1.240 - possible a typo or you have the wrong address :-)" yes, this is a mistake. This is the good ip: 192.168.1.242

My AV settings with DHCP ON: Ip: 192.168.1.135 Subnet: 255.255.255.0 Default gateway: 192.168.1.1 Primary DNS: 192.168.1.242 - (NAS IP) Secondary DNS: 192.168.1.242 - (NAS IP)

Somebody in another issues write this: "Hi, I didn't pay attention if it is related to the AVR's favorite addition, but I realized that the port 80 was not free anymore. I guess the update of Synology DS somehow modified mustache files...

So I reinstalled everything from scratch... And now it is working fine!" Maybe the DSM update do something wrong? What you think? Is it possibel to repair somewho? I don't want to reinstall everything...

[mnasec]

depending on your operating system, open a cmd.exe or a bash shell and enter:

nslookup denon.vtuner.com

This should be resolved to 192.168.1.242 and NOT the official ip address, assuming, your client also uses the dns server on your nas.

Von meinem iPhone gesendet

Am 20.09.2021 um 08:09 schrieb spider7611 @.***>:

 "Please check the dns records of denon. vtuner.com and denon2.vtuner.com. Both needs to point to the ip address of your nas" I don't know how to do that. Now if I open this 2 adress in browser go to real vtuner page. Before with reverse proxy take me to the synology webstation page with the Earth picture,

"192.168.1.242. Btw in the first post you wrote 192.168.1.240 - possible a typo or you have the wrong address :-)" yes, this is a mistake. This is the good ip: 192.168.1.242

My AV settings with DHCP ON: Ip: 192.168.1.135 Subnet: 255.255.255.0 Default gateway: 192.168.1.1 Primary DNS: 192.168.1.242 - (NAS IP) Secondary DNS: 192.168.1.242 - (NAS IP)

Somebody in another issues write this: "Hi, I didn't pay attention if it is related to the AVR's favorite addition, but I realized that the port 80 was not free anymore. I guess the update of Synology DS somehow modified mustache files...

So I reinstalled everything from scratch... And now it is working fine!" Maybe the DSM update do something wrong? What you think? Is it possibel to repair somewho? I don't want to reinstall everything...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

In cmd.exe on my windows get this: nslookup denon.vtuner.com

Server: UnKnown Address: 192.168.1.242

Non-authoritative answer: Name: denon.vtuner.com Address: 8.38.76.252

nslookup denon2.vtuner.com Server: UnKnown Address: 192.168.1.242

Non-authoritative answer: Name: denon2.vtuner.com Address: 154.27.73.59

[mnasec]

that is the problem, they point to internet addresses, so the AV will do the requests against the official ips and not against your nas and so it will not work. So you need to modify your dns server, so that the names will be resolved with the ips of your nas. But keep in mind, the records will be cached by AV, so after the dns change - power completly off by switching the power cable.

Von meinem iPhone gesendet

Am 20.09.2021 um 08:57 schrieb spider7611 @.***>:

 In cmd.exe on my windows get this: nslookup denon.vtuner.com

Server: UnKnown Address: 192.168.1.242

Non-authoritative answer: Name: denon.vtuner.com Address: 8.38.76.252

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Ok, so how can I do that? Where is my dns server? In my router or nas? Use adguard in docker, maybe there need do something? (before here do the dns rewrites denon.vtuner.com to ycast. **.synology.me) Sorry I'm not an expert. :)

[mnasec]

your dns server seems to be at 192.168.1.242, your nas - somewere should at Port 53 a DNS Server running. At this Server you need to create the missing records for denon.vtuner.com and denon2.vtuner.com, possible a A Record with ip address 192.168.1.242.

Von meinem iPhone gesendet

Am 20.09.2021 um 11:15 schrieb spider7611 @.***>:

 Ok, so how can I do that? Where is my dns server? In my router or nas? Use adguard in docker, maybe there need do something? (before here do the dns rewrites denon.vtuner.com to ycast. **.synology.me) Sorry I'm not an expert. :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

I'm lost now. But what about the synology firewall? I don't see there the 53 port or 80 port. If I enable these ports in ssh get this nslookup denon.vtuner.com Server: 8.8.8.8 Address: 8.8.8.8#53

Non-authoritative answer: Name: denon.vtuner.com Address: 8.38.76.252 is it better or not? :)

[mnasec]

you missed the requirements from milaqs README.md:

DNS entries

You need to create a manual entry in your DNS server (read 'Router' for most home users). The *.vtuner.com domain should point to the machine YCast is running on. Specifically the following entries may be configured instead of a wildcard entry:

Yamaha AVRs: radioyamaha.vtuner.com(and optionally radioyamaha2.vtuner.com) Onkyo AVRs: onkyo.vtuner.com (and optionally onkyo2.vtuner.com) Denon/Marantz AVRs: denon.vtuner.com(and optionally denon2.vtuner.com) Grundig radios: grundig.vtuner.com, grundig.radiosetup.com (and optionally grundig2.vtuner.com and grundig2.radiosetup.com) In your setup the denon names are resolved into the official ip addresses and NOT i to the NAS ip addresses, so the denon does NOT request the NAS and so ycast, to get the urls, it connects to the official sites and this is the main problem in your setup.

In DHCP you configured the NAS as DNS server and the NAS uses 8.8.8.8. (google DNS) as forwarder, but you need to modify this config, so that the *.vtuner.com requests will be resolved into the ip address of your NAS.

Von meinem iPhone gesendet

Am 20.09.2021 um 13:56 schrieb spider7611 @.***>:

 I'm lost now. But what about the synology firewall? I don't see there the 53 port or 80 port. If I enable these ports in ssh get this nslookup denon.vtuner.com Server: 8.8.8.8 Address: 8.8.8.8#53

Non-authoritative answer: Name: denon.vtuner.com Address: 8.38.76.252 is it better or not? :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Not missed. In my first post write it it was work good for about a year. Not used too much but it was ok. After DSM update changed something and now not working. I know how it is working or how is must to working: when my AV want to open the denon.vtuner.com we want to redirect my ycast docker on my nas and that do the rest. When it is worked I use Adguard DNS rewriter and reverse proxy. But you told you have this command "iptables -t nat -A PREROUTING -s 192.168.200.9 -p tcp --dport 80 -j REDIRECT --to-port 50006" and not use reverse proxy and anything else. Tryed it and removed the reverse proxy entry and remove from adguard dns rewrite entry, but for me not worked. Now I lost.

In my NAS network setup need change or firewall maybe or I dont know. What I'm try now on my Synology - Network - General page only see default gateway tick off the manual dns entry which was 8.8.8.8 and 8.8.4.4 Now in ssh get this error: nslookup denon.vtuner.com ;; connection timed out; no servers could be reached

[mnasec]

well lets describe it this way:

First the AV tries to find out the ip address of denon.vtuner.com The response from your dns server, possible adguard or any other dns resolver or dns server should respond with the ip address of your NAS for denon.vtuner.com Then the AV tries to connect to the ip address of the denon.vtumer.com, in your case with ip address 192.168.1.242 After this http request reaches your NAS the reverse proxy OR the NAT redirect will forward the request to the outbound port of the docker container. Then ycast will do the rest.

But without the right name resolution into the ip address of your NAS, the denon will NEVER send the http request to your NAS, it will send the request to the official ip address of denon.vtuner.com and your NAS will never see the request, as you see in your cade.

So you need both, a right name resolution and reverse-proxy OR name-resolution and iptable redirect. On my setup i never got reverse proxy in DSM6.x with ycast working, but iprables worked TOGETHER with the right name resolution, so that a ping to denon.vtuner.com will ping the ip address of the NAS

Von meinem iPhone gesendet

Am 20.09.2021 um 15:48 schrieb spider7611 @.***>:

 Not missed. In my first post write it it was work good for about a year. Not used too much but it was ok. After DSM update changed something and now not working. I know how it is working or how is must to working: when my AV want to open the denon.vtuner.com we want to redirect my ycast docker on my nas and that do the rest. When it is worked I use Adguard DNS rewriter and reverse proxy. But you told you have this command "iptables -t nat -A PREROUTING -s 192.168.200.9 -p tcp --dport 80 -j REDIRECT --to-port 50006" and not use reverse proxy and anything else. Tryed it and removed the reverse proxy entry and remove from adguard dns rewrite entry, but for me not worked. Now I lost.

In my NAS network setup need change or firewall maybe or I dont know. What I'm try now on my Synology - Network - General page only see default gateway tick off the manual dns entry which was 8.8.8.8 and 8.8.4.4 Now in ssh get this error: nslookup denon.vtuner.com ;; connection timed out; no servers could be reached

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Ok, I know how should it work. But not work... Go back and make the ycast docker again. With local port: 32770 and docker port: 80 Start the contener ok. Setup the adguard again and in my router DHCP server site setup the adguard primary and secondary dns: 192.168.1.199 (use adgard with macvlan thats why not my nas ip that ip.) Ok, adguard working. Then make reverse proxy: ycast.myname.synology.me on http with port 80 to http 192.168.1.242 port 32770 so after when I type in browser ycast.myname.synology.me I see the radiobrowser site fine -1Dirhttp://ycast.myname.synology.me/ycast/radiobrowser/?vtuner=true ect. ok. Then in adguard at DNS rewrite page set this: *.vtuner.com to ycast.myname.synology.me and here is th problem. When I type anything.vtuner.com get that synology webstation with earth picture.

So what you think, it not sould working this setup? Or where I do a mistake?

[mnasec]

the .vtuner.com should be resolve to the LOCAL ip address of the NAS, not the EXTERNAL ip …synology.me. When it is correct from the dns part, nslookup should resolve .vtuner.com to 192.1681.242 in your case. The url the denon tries to reach is denon.vtuner.com and your reverse proxy reacts at the exact url …synology.me only - or are you doing a rewrite of the whole url at the reverse proxy? - from my knowledge it only reacts on the exact name you set synology.me and not denon.vtuner.com. Neither the reverse proxy catch denon.vtuner.com nor the ip address for the dns name denon.vtuner.com points to the internal ip of the NAS and so iptable could not match. And so the normal WebPage of your NAS is shown.

In my setup i use an dns overwrite for radioyamaha.vtuner.com to the internal ip of the NAS and the iptable command and it worked since beginning.

Ithink adguard changes the ip address to the external ip of your router (layer3 change), but not the url from denon.vtuner.com to ycast…synology.me (at layer 7 of the OSI model). Because adguard is a dns server/resolver running at udp/53 - it is not a transparent proxy and so is not able to rewrite the url.

hope this helps

Von meinem iPhone gesendet

Am 20.09.2021 um 20:35 schrieb spider7611 @.***>:

 Ok, I know how should it work. But not work... Go back and make the ycast docker again. With local port: 32770 and docker port: 80 Start the contener ok. Setup the adguard again and in my router DHCP server site setup the adguard primary and secondary dns: 192.168.1.199 (use adgard with macvlan thats why not my nas ip that ip.) Ok, adguard working. Then make reverse proxy: ycast.myname.synology.me on http with port 80 to http 192.168.1.242 port 32770 so after when I type in browser ycast.myname.synology.me I see the radiobrowser site fine -1Dirhttp://ycast.myname.synology.me/ycast/radiobrowser/?vtuner=true ect. ok. Then in adguard at DNS rewrite page set this: *.vtuner.com to ycast.myname.synology.me and here is th problem. When I type anything.vtuner.com get that synology webstation with earth picture.

So what you think, it not sould working this setup? Or where I do a mistake?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

When I type sdsfhvshf.vtuner.com in browser in adguard see this:

State: Rewrite DNS server: https://dns10.quad9.net/dns-query Answercode: NOERROR Answer: CNAME ycast.myname.synology.me (ttl=10) A: my.public.ip (ttl=240)

So I don't know waht it is mean.

If I changed the rewrite to my nas local ip 192.168.1.242 The result is:

State: Rewrite Answercode: NOERROR Answer: A: 192.168.1.242 (ttl=10)

But the result is same.

Will try again ip table command.

[mnasec]

so if a nslookup denon.vtuner.com will be resolved into 192.168.1.242 you are on the right way. Remember, that the denon AV possible caches the dns response, so after the change a complete power off (cable) could be possible, that the denon will do a ew dns query instead of using the cached name resolution.

Von meinem iPhone gesendet

Am 20.09.2021 um 22:00 schrieb spider7611 @.***>:

 When I type sdsfhvshf.vtuner.com in browser in adguard see this:

State: Rewrite DNS server: https://dns10.quad9.net/dns-query Answercode: NOERROR Answer: CNAME ycast.myname.synology.me (ttl=10) A: my.public.ip (ttl=240)

So I don't know waht it is mean.

If I changed the rewrite to my nas local ip 192.168.1.242 The result is:

State: Rewrite Answercode: NOERROR Answer: A: 192.168.1.242 (ttl=10)

But the result is same.

Will try again ip table command.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Now it is working perfectly. WOW What I do: remove the reverse proxy and do the ip table command. Restart AV and everything perfect. First time thats why not working this because remove the reverse proxy AND from adguard the dns rewrite entry too. :( Thank you very much your patience and perseverance. Only have last question: How to set ip table command automatically after nas restart?

[mnasec]

fine that it worked now :-) i did not automate the ip table command, there are several ideas in the synology forums, but to keep it also working after an update of the DSM version i would prefer a skript and a triggered task based on the syo gui task scheduler, user defined skript, running at the boot-up under user root.

But to be shure i did not test it if it will work till now.

Von meinem iPhone gesendet

Am 20.09.2021 um 22:34 schrieb spider7611 @.***>:

 Now it is working perfectly. WOW What I do: remove the reverse proxy and do the ip table command. Restart AV and everything perfect. First time thats why not working this because remove the reverse proxy AND from adguard the dns rewrite entry too. :( Thank you very much your patience and perseverance. Only have last question: How to set ip table command automatically after nas restart?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[spider7611]

Perfect. Thank You!