NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

sduttonusa's avatar
sduttonusa
Tutor
Jun 22, 2020
Solved

Nighthawk X6 R8000 Nat hair pinning / loopback

I see from the support documents that this model supports NAT Loopback.  I have two virtual machines running on my network . . . one running FileMaker Server, the other running FileMaker Client.  Whe...
  • sduttonusa's avatar
    sduttonusa
    Jun 23, 2020

    I've spoken to a couple of IT specialists who have successfully set up the FileMaker scenario exactly as I described above . . . they allowed me to Remote Desktop into their "Machine 1 - FileMaker Client" to access a database on their "Machine 2 - FileMaker Server" via their Domain Name.  The SSL connection succeeded (showing a Green Padlock).

     

    They both stated this is only possible by setting up a NAT Loopback, and that the router must have NAT configurability (which you addressed in your last response---my Nighthawk does NOT allow the NAT to be configured).  Their solution:  purchase an enterprise level router which allows for the NAT to be configured and that will resolve the issue.

sduttonusa's avatar
sduttonusa
Tutor
Jun 23, 2020

My domain (www.example.com) is tied to a static IP (99.99.99.99).  

I have two machines in my office network, both running Windows Server 2016:

       Machine 1 with an interrnal IP of 192.168.1.100 which runs FileMaker Client.

       Machine 2 with an internal IP of 192.168.1.101 which runs FileMaker Server.  (The SSL Certificate is installed here in FMS.)

To access a database that is hosted on Machine 2, one must connect via FileMaker Client on Machine 1.

Currently, Machine 1 connects to Machine 2 using the internal IP of 192.168.1.102

 

When I access my network remotely, I login via my domeain (www.example.com).  This allows me to open FileMaker Client on Machine 1, which then connects to the hosted database on Machine 2 via the internal IP of 192.168.1.102.

 

The problem is, for security reasons, going to FileMaker Server on Machine 2 must be from the external WAN domain (www.example.com), not an internal LAN 192.168.1.201 . . . the SSL Certificate residing in FileMaker Server on Machine 2 is looking for a connection from www.example.com.  I need to set up a NAT Loopback that connects www.example.com to the LAN IP 192.168.1.201.

antinode's avatar
antinode
Guru
Jun 23, 2020

> [...] I need to set up a NAT Loopback [...]

 

   Again, see the "General advice" above.  A "Certificate" does not
"look for a connection from" anything.  NAT loopback is an always
enabled, non-configurable feature of the router.

 

   What you should be able to do is set up port forwarding for your
FileMaker server, just as if you were trying to allow access to that
server/service from the outside world.  When that's done, the router's
NAT loopback feature should allow you to access that server/service from
a system on your LAN in the same way as you would from the outside
world, using the router's WAN/Internet IP address.

 

> [...] that connects www.example.com to the LAN IP 192.168.1.201.

 

   ".102"?

 

> [...] When I access my network remotely, I login via my domeain
> (www.example.com). [...]


   "login" could mean almost anything.  What, exactly, are you doing
on the remote system?

 

> [...] This allows me to open FileMaker Client on Machine 1, which then
> connects to the hosted database on Machine 2 via the internal IP of
> 192.168.1.102.

 

   If you're running a FileMaker client on the ".101" system, talking to
a FileMaker server on the ".102" system, then what difference does some
kind of "remote" access to the client system make?

 

   At least one of us (still) doesn't understand exactly what you're
trying to do, and why it fails.

  • sduttonusa's avatar
    sduttonusa
    Tutor
    Jun 23, 2020

    I've spoken to a couple of IT specialists who have successfully set up the FileMaker scenario exactly as I described above . . . they allowed me to Remote Desktop into their "Machine 1 - FileMaker Client" to access a database on their "Machine 2 - FileMaker Server" via their Domain Name.  The SSL connection succeeded (showing a Green Padlock).

     

    They both stated this is only possible by setting up a NAT Loopback, and that the router must have NAT configurability (which you addressed in your last response---my Nighthawk does NOT allow the NAT to be configured).  Their solution:  purchase an enterprise level router which allows for the NAT to be configured and that will resolve the issue.

    • antinode's avatar
      antinode
      Guru
      Jun 23, 2020

      > [...] Remote Desktop [...]

       

         Ok.  So the remote system is not relevant; "you're running a
      FileMaker client on the ".101" system".

       

      > They both stated this is only possible by setting up a NAT Loopback,
      > [...]

       

         Your router should have NAT loopback.  Have you any contrary
      evidence?

       

      > [...] the router must have NAT configurability [...]

       

         So that you can configure it to do what, exactly?

       

      > [...] my Nighthawk does NOT allow the NAT to be configured).

       

         Configured to do what, exactly?


      > [...] Their solution: purchase an enterprise level router which allows
      > for the NAT to be configured and that will resolve the issue.

       

         Getting a different router with more capability "will resolve the
      issue" only if you know how to "configure NAT" to do what you want,
      whatever that actually means.  But, if you believe that you've "solved"
      your problem, then that's ok with me.

       

      > What you should be able to do is set up port forwarding for your
      > FileMaker server, [...]

       

         Still my suggestion.  If that's what "configure NAT" means to you,
      then the R8000 should be able to do what you want.