NAT Portforwarding loopback issue

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
DeonM
DD-WRT Novice


Joined: 08 Oct 2017
Posts: 5

PostPosted: Sat Sep 28, 2019 9:05    Post subject: NAT Portforwarding loopback issue Reply with quote
Hi,
I cannot get NAT portforwarding loopback (hairpin) to work. Portforwarding from the WAN side works as expected. But not from the LAN side.
I have looked through the forum to find answers, but have not found anything that works for me.

I previously ran r39654 on my router, and have tried upgrading to r41174(current running), but am getting the same result.

My router and details are below with whatever I thought to be relivant. I would really appreciate some guidance with this.

Thanks in advance.

Router Name ROUTER
Router Model Asus RT-AC5300
Firmware Version DD-WRT v3.0-r41174 std (09/26/19)
Kernel Version Linux 4.4.194 #1510 SMP Thu Sep 26 11:16:21 +04 2019 armv7l
MAC Address 04:92:26:69:XX:XX
Hostname router
WAN Domain Name wan
LAN Domain Name lan
Current Time Sat, 28 Sep 2019 10:56:05
Uptime 1:43
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 10318
Location: Netherlands

PostPosted: Sat Sep 28, 2019 10:36    Post subject: Reply with quote
Well perhaps stating the obvious, have you enabled it in the GUI (security page: do not tick "Filter WAN NAT redirection")?
_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6532
Location: Romerike, Norway

PostPosted: Sat Sep 28, 2019 11:21    Post subject: Reply with quote
A better way is to use a local dns server (dnsmasq) that resolves the host to the private IP for the LAN.
DeonM
DD-WRT Novice


Joined: 08 Oct 2017
Posts: 5

PostPosted: Sat Sep 28, 2019 12:33    Post subject: Reply with quote
egc wrote:
Well perhaps stating the obvious, have you enabled it in the GUI (security page: do not tick "Filter WAN NAT redirection")?


Filter WAN NAT redirection Unchecked
DeonM
DD-WRT Novice


Joined: 08 Oct 2017
Posts: 5

PostPosted: Sat Sep 28, 2019 12:39    Post subject: Reply with quote
Per Yngve Berg wrote:
A better way is to use a local dns server (dnsmasq) that resolves the host to the private IP for the LAN.


Thanks, I can see that would work (I am using dnsmasq as a DNS server), but the WAN IP address is from DDNS (no-ip). If I need to access the service while I am not on the LAN, how would this help me ?

Is there another way ?
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6532
Location: Romerike, Norway

PostPosted: Sat Sep 28, 2019 12:57    Post subject: Reply with quote
host-record=yourhost.no-ip.com,192.168.1.8

yourhost.no-ip.com will resolve to 192.168.1.8 while on the LAN, but to the public IP by the public DNS server while not on the LAN.
DeonM
DD-WRT Novice


Joined: 08 Oct 2017
Posts: 5

PostPosted: Sat Sep 28, 2019 13:50    Post subject: Reply with quote
Per Yngve Berg wrote:
host-record=yourhost.no-ip.com,192.168.1.8

yourhost.no-ip.com will resolve to 192.168.1.8 while on the LAN, but to the public IP by the public DNS server while not on the LAN.


Thanks, that works. I was concerned that it would intefere with the DDNS process but does not. I presume that is due to the external IP check. The only problem now is that now I cannot obtain the external IP address by pinging from the LAN, but I guess you can't have everything
Very Happy
rotaryracer
DD-WRT Novice


Joined: 24 Aug 2014
Posts: 24

PostPosted: Wed Mar 17, 2021 13:34    Post subject: Reply with quote
Hi guys - I'm trying to solve for a similar issue with NAT loopback and can't seem to get it to work. For the solution referenced here:

Code:
host-record=yourhost.no-ip.com,192.168.1.8

Was that added under Services/Additional Dnsmasq options? I updated accordingly to reference my DDNS domain name and correct internal IP address for the machine I want to point to, but it did not seem to work. I do have Dnsmasq enabled, the router address set as the Local DNS server in Setup, and the Filter WAN NAT Redirection box unchecked.

For reference, this is running on a Archer C7 v2 with r45993.

Any help would be greatly appreciated.

Thanks...

Jason
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6532
Location: Romerike, Norway

PostPosted: Wed Mar 17, 2021 16:51    Post subject: Reply with quote
Does the local clients resolve the fqdn to the local IP address?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Wed Mar 17, 2021 19:01    Post subject: Reply with quote
rotaryracer wrote:
Hi guys - I'm trying to solve for a similar issue with NAT loopback and can't seem to get it to work. For the solution referenced here:

Code:
host-record=yourhost.no-ip.com,192.168.1.8

Was that added under Services/Additional Dnsmasq options? I updated accordingly to reference my DDNS domain name and correct internal IP address for the machine I want to point to, but it did not seem to work. I do have Dnsmasq enabled, the router address set as the Local DNS server in Setup, and the Filter WAN NAT Redirection box unchecked.

For reference, this is running on a Archer C7 v2 with r45993.

Any help would be greatly appreciated.

Thanks...

Jason


Remember, a lot has changed since this thread was started. DNSMasq is NOT necessarily being accessed when you assume it is. Many browsers are now referencing their own preferred DNS servers, by default! Plus we have DoT/DoH solutions too.

That's why many things that used to work w/ DNSMasq in the past will NOT necessarily work today (e.g., DNSMasq based ad blocking) unless you know for *sure* DNSMasq is being referenced.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
DeonM
DD-WRT Novice


Joined: 08 Oct 2017
Posts: 5

PostPosted: Thu Mar 18, 2021 6:44    Post subject: Reply with quote
I used the following syntax,

address=/isearch.babylon.com/173.194.66.102

as described here,

https://wiki.dd-wrt.com/wiki/index.php/Additional_DNSMasq_Options
apacheguy
DD-WRT User


Joined: 26 Jun 2008
Posts: 65

PostPosted: Wed Apr 06, 2022 3:07    Post subject: Reply with quote
After upgrading to 48567 I’m having this exact issue. I already verified that “Filter NAT redirection” is disabled.

The above suggestions don’t work if you run multiple services on the same domain and they route to different hosts.

How do I fix this?
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 1837
Location: All over YOUR webs

PostPosted: Wed Apr 06, 2022 6:41    Post subject: Reply with quote
@apacheguy

Re: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1260551#1260551

First reset your nvram, then reconfigure, if issue persists, then provide screenshots that detail your full setup without omitting any relevant data (feel free to mask any sensitive information out).

Also you should enable syslog on https://ro.ut.er.ip/Services.asp, then grab said log via SSH/Telnet with command;
Code:
cat /var/log/messages

Then paste the result (masking sensitive information out) into a text file and attach to your reply along with screenshots, do not post logs inline on reply, it makes the thread hard to follow/read through.

Without any of such information, me too reports, are indeed not actionable and invalid.
This is if you want meaningful help.

Read the last section of this thread https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=54845 titled `Guidelines if your problem still exist. Open a new topic: `

Insert coin to continue!

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6532
Location: Romerike, Norway

PostPosted: Wed Apr 06, 2022 7:14    Post subject: Reply with quote
DeonM wrote:
I used the following syntax,

address=/isearch.babylon.com/173.194.66.102


Use the internal private address.
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 1837
Location: All over YOUR webs

PostPosted: Wed Apr 06, 2022 8:19    Post subject: Reply with quote
@Per Yngve Berg

You're replying to a post over a year old, you realize this right?

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum