NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Orbi NAT Hairpinning/Loopback Not Working
I have the Orbi RBR750 router. I set up port forwarding as well as dynamic DNS. Everything works as expected when connecting to servers on my local network using that DNS name and port number when c...
Yes, a bunch of ports including 80. The port number doesn't seem to make any difference.
Frustrating that I have only the RBR50. I forwarded port 80 to my Pi-hole, then opened http://<<my public IP> on two Windows computer a smartphone, and a tablet attached to the Orbi WiFi. All of them immediately brought up the Pi-hole web page.
Now..... how did this happen? Was it
- The request went out to the internet through the ISP and then came back through the ISP to my public IP and was forwarded to the Pi-hole? or....
- The Orbi recognized the public IP and did a NAT loopback?
My guess is the way to determine this is to do a packet capture and compare wan.pcap file against lan.pcap file to see if that traffic ever left the Orbi. I promise to do that tomorrow.
However, attempts to bring up the Pi-hole using the DDNS failed every time with an error that the Pi-hole needed to be whitelisted. I whitelisted the DDNS URL, but the error remained.
I am beyond frustrated. IP works from the local LAN. DDNS does not work from the LAN. (IP worked from a smartphone using LTE data and failed using DDNS. Now, I don't know if this is related to Pi-hole, Orbi.... or what.)
What a dismal situation. Guess I need to set up another service to test in addition to Pi-hole.
I can now confirm that both DDNS and IP works with my Orbi RBR50. Rather than forwarding port 80 to Pi-hole, I forwarded port 80 to my Epson printer, which has a web interface. With a browser on my PC, http://<DDNS> works. http://<public IP> works.
It might be worth a few minutes to confirm that the public IP being used by DDNS is the IP that the Orbi reports on the Advanced Tab, Internet panel for IP Address. This is easy to do. Connect to any of the "what is my IP address?" web sites and compare the IP that they return against the Orbi.
I also like to use a web site to confirm "is this port open?", such as Gibson Research Shield's Up! https://www.grc.com/shieldsup
So far, I am down to two alternatives:
- Port forwarding may be set up on the Orbi, but it is behind another router and does not have the true public IP. This means that NAT loopback cannot work. Or...
- Your Orbi does not work like my Orbi. This is such a basic part of the code that it seems unlikely. but.....???
(beating dead horse....)
Did another packet capture of WAN/LAN traffic.
- Forwarded port 80 to Epson printer, 192.168.1.4.
- Flushed DNS cache on Windows
- Connected web browser (Edge) on PC to http://DDNS (secretname.mynetgear.com)
- The printer management page displays. (It takes a bunch of GETs and responses to display one web page. sheeesh.)
- The WAN capture includes zero HTTP packets from the internet to the router. (This is to be expected because no one on the web should expect me to be hosting a web site.)
- The LAN capture includes zero packets (of any kind) directly between the PC and the printer. (I was not printing anything.)
- The LAN capture includes all of those HTTP GETs from the Orbi router to the printer and bunches of packets from the printer back to the router..
My conclusion is the NAT loopback is working as expected. The PC thinks that secretname.mynetgear.com is "out there" somewhere and sends HTTP packets to the router. The router responds with HTTP information that it got "from somewhere", but none of those packets went farther than the router.
My money is still on one of two possibilities:
- There is a Double NAT which prevents port forwarding and NAT loopback, or
- The RBR750 is kerfluxed.