NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

juansolanop's avatar
juansolanop
Aspirant
Oct 21, 2021
Solved

NAT loopback on Orbi

based on this kb post the router supports the NAT loopback configuration: https://kb.netgear.com/000049578/Which-NETGEAR-routers-support-NAT-loopback   can anyone share the config steps? 
  • CrimpOn's avatar
    CrimpOn
    Oct 25, 2021

    There are two topics here: NAT Loopback and forwarding port 8090 to that server at 10.0.0.100

     

    NAT Loopback

     

    Any device on the 10.0.0.x LAN can reach the server directly using the IP address 10.0.0.100.

    NAT Loopback will work as well:

    • On the Orbi, forward port 8090 to 10.0.0.100
    • Learn the WAN IP address of this Orbi, which should be 192.168.1.??
    • Attempt a connection to that 192.,168.1.?? address on port 8090.
    • The Orbi router will say, "oh, my. 192.168.1.?? is not out on the internet somewhere, it is me."
      It will use NAT Loopback to redirect the connection to itself, and then port forwarding will send the connection to the server.

    Reaching the Server from the Internet

     

    This can be achieved by using two Port Forwarding rules.

    • On the Orbi, forward port 8090 to 10.0.0.100
    • On the upstream router, forward port 8090 to the Orbi's WAN IP address (192.168.1.??)
    • When a connection arrives from the internet to the upstream router's public IP address:port 8090, that router will say, "aha. connections to port 8090 go to 192.168.1.??) and forward the connection to the Orbi.
    • The Orbil will say, "aha, connections to port 8090 go to 10.0.0.100" and forward the connection to the server.
    • I have done this.  The key is that you must be able to set port forwarding rules on that upstream router.
juansolanop's avatar
juansolanop
Aspirant
Oct 25, 2021

I'm behind a double NAT, (which I know is not ideal) so that is part of the reason why I changed my LAN IP scheme. So I can understand how this could interfere with my ability to reach the service from the internet. However, do you think this could also affect if I try to reach the service from my LAN?

 

To give a bit more of context, my LAN is completely flat and I have a home server that for the purposes of this example let say it's 10.0.0.100 running a few services, my main router upstream all to a second router with a 192.168.1.0/24 scheme which provides the internet access.

 

I was attempting to use a dynamic DNS address with the hope that when I reach to something like xxx.ddns.net:8090 I could access my services regardless if I was connected to my LAN or outside of it.

 

with this in mind anything I should try to make this work?

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Oct 25, 2021

There are two topics here: NAT Loopback and forwarding port 8090 to that server at 10.0.0.100

 

NAT Loopback

 

Any device on the 10.0.0.x LAN can reach the server directly using the IP address 10.0.0.100.

NAT Loopback will work as well:

  • On the Orbi, forward port 8090 to 10.0.0.100
  • Learn the WAN IP address of this Orbi, which should be 192.168.1.??
  • Attempt a connection to that 192.,168.1.?? address on port 8090.
  • The Orbi router will say, "oh, my. 192.168.1.?? is not out on the internet somewhere, it is me."
    It will use NAT Loopback to redirect the connection to itself, and then port forwarding will send the connection to the server.

Reaching the Server from the Internet

 

This can be achieved by using two Port Forwarding rules.

  • On the Orbi, forward port 8090 to 10.0.0.100
  • On the upstream router, forward port 8090 to the Orbi's WAN IP address (192.168.1.??)
  • When a connection arrives from the internet to the upstream router's public IP address:port 8090, that router will say, "aha. connections to port 8090 go to 192.168.1.??) and forward the connection to the Orbi.
  • The Orbil will say, "aha, connections to port 8090 go to 10.0.0.100" and forward the connection to the server.
  • I have done this.  The key is that you must be able to set port forwarding rules on that upstream router.
  • juansolanop's avatar
    juansolanop
    Aspirant
    Oct 25, 2021

    thank you! this makes a lot of sense. Based on my scenario, the upstream router must support NAT loopback as well for this to work. Correct?

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Oct 25, 2021
      juansolanop wrote:

      thank you! this makes a lot of sense. Based on my scenario, the upstream router must support NAT loopback as well for this to work. Correct?

      No, I do not think this is correct.  NAT Loopback from a device on your 10.0.0.x nerwork will be caught by the Orbi and never reach the upstream router.  If you used the public IP address, rather than the 192.168.1.?? address, then Yes, that upstream router could use NAT Loopback to send the connection back to the Orbi, which would forward it to the server.

       

      Forwarding internet connections to this server has nothing to do with NAT Loopback.  Straight port forwarding all the way.

       

      NAT Loopback is a convenient way to test port forwarding when there is only a single router, because using the Public IP address in a connection will look  exactly like someone connecting from the internet.

      • juansolanop's avatar
        juansolanop
        Aspirant
        Oct 25, 2021

        As soon as I configure port forward in the upstream router everything started working from inside and outside my network. Thank you for all the help.