Re: D7000v2 NAT Loopback

> Does the D7000v2 support NAT loopback at all?

   Unless it differs from the vast majority of Netgear routers, yes.  It
certainly works on my D7000[v1] (V1.0.1.64_1.0.1).  Does your D7000v2
have a firmware version?

> I can't get it to work.

   "can't" is not a useful description.  It does not say what you did.
It does not say what happened when you did it.  As usual, showing actual
actions with their actual results (error messages, LED indicators, ...)
can be more helpful than vague descriptions or interpretations.

> Not happy with this router at all.

   I'm not thrilled by your problem report, either (but I probably paid
less for it than you did for your D7000v2).

> Does your D7000v2 have a firmware version?

V1.0.0.47_1.0.1, the latest FW.

> It does not say what you did. It does not say what happened when you did it.  As usual, showing actual actions with their actual results (error messages, LED indicators, ...) can be more helpful than vague descriptions or interpretations.

I have a hostname with Namecheap that is assigned to my public IP, when I try and connect to this from within the LAN, the service cannot connect. However, the same service works from outside the LAN.

 Hope this helps.

> I have a hostname with Namecheap that is assigned to my public IP,
> when I try and connect to this from within the LAN, the service cannot
> connect. However, the same service works from outside the LAN.

   That does sound like defective NAT loopback, but with no actual
details, it's hard to be sure of much.

   I'd prefer to know things like (at least) the first two octets of
your "my public IP" address, whether you verified that the DNS look-up
gives the right address, what the service is, what the actual
port-forwarding rule is (or if you're relying on UPnP), how you
determine whether this (unspecified) service is accessed (from WAN and
within LAN), what the actual "cannot connect" error message was, and so
on.

   It's also quite possible that the D7000v2 has its own uniquely
interesting firmware defects, and this could be one of them.

> I'd prefer to know things like (at least) the first two octets of your "my public IP" address

94.10.x.x

> whether you verified that the DNS look-up gives the right address

traceroute to thor.xxx.xyz (94.10.x.x)

> what the service is

It's RDP on port 3389

> what the actual port-forwarding rule is

> how you determine whether this (unspecified) service is accessed (from WAN and within LAN)

I'm not sure if I know what you're asking, however I can tell when this has worked when the RDP connection is established.

> what the actual "cannot connect" error message was, and so on.
This is a different service that is a simple web server demonstrating that firefox cannot connect using the domain name. This isn't a problem as I have these services running through a reverse proxy for convenience so that works fine. This is only a problem because I often use RDP to access my desktop from multiple devices both on the LAN and outside it.

> what the actual port-forwarding rule is

> [picture]

   Ok.  The picture shows a port-forwarding rule for 3389 ->
192.168.0.3:3389.  Is "192.168.0.3" the system to which you're trying to
connect?  If you can connect to "192.168.0.3:3389" from the LAN, but not
to "94.10.x.x:3389" from the LAN, then I'd vote for a firmware bug.

> Firefox can't establish a connection to the server at
> thor.<smudge>xyz:6789.

   That's mildly interesting, but, with my weak psychic powers, I can't
see the port-forwarding rule for that port, or whether you can connect
to the server locally (or are you running Firefox locally?), or anything
else.

> [...] I have these services running through a reverse proxy for
> convenience [...]

   I don't know what that means.

   You may need to find someone with a D7000v2 who can replicate this
behavior (or not).  Or else contact Netgear support.

Same problem. I’m also frustrated not being able to access servers within my LAN with an external web address. I’ve turned NAT filtering to OPEN and also tried turning off NAT but to no avail. My old DGN3500 works fine, (and also has a faster ADSL speed)

Can anybody help?

> Can anybody help?

   Probably.  I'd suggest the people responsible for the bad firmware.

> [...] contact Netgear support.

   It seems to be a firmware problem.  When contacting Netgear support,
one could mention the following (plus this thread itself):

      https://community.netgear.com/t5/x/x/m-p/1637729
      https://community.netgear.com/t5/x/x/m-p/1608830
      https://community.netgear.com/t5/x/x/m-p/1602626
      https://community.netgear.com/t5/x/x/m-p/1581007

Netgear D7000v2 use Arno's iptables firewall (OpenWRT base)

Config Location :

/etc/arno-iptables-firewall/firewall.conf

/etc/arno-iptables-firewall/custom-rules

To enable NAT Loopback copy NAT Loopback plugins to

/share/arno-iptables-firewall/plugins/

/etc/arno-iptables-firewall/plugins/

More Info :

https://github.com/arno-iptables-firewall/aif

must enable telnet on D7000v2

---

@tasmansaroha wrote:

Netgear D7000v2 use Arno's iptables firewall (OpenWRT base)

Config Location :

/etc/arno-iptables-firewall/firewall.conf

/etc/arno-iptables-firewall/custom-rules

 

To enable NAT Loopback copy NAT Loopback plugins to

/share/arno-iptables-firewall/plugins/

/etc/arno-iptables-firewall/plugins/

More Info :

https://github.com/arno-iptables-firewall/aif

 

must enable telnet on D7000v2

 

 

 

 

 

---

Will this mod be lost on a firmware update?

> Will this mod be lost on a firmware update?

   Seems like a pretty safe bet.

Arno's iptables firewall configuration will be lost every upgrade/change firmware. Must backup configuration/plugins before upgrade to new firmware.

many configuration can be apply on /etc/arno-iptables-firewall/custom-rules

Firmware D7000V2 build base OpenWRT Chaos Calmer 15.05

enable telnet

https://wiki.openwrt.org/toh/netgear/telnet.console

Thanks for the tips.

Netgear confirmed that the D7000 doesn't support NAT loopback which I found bizarre as the R7000 (pretty much the same model without ADSL) does support NAT loopback.

I'll try the patches you suggest, Shouldn't have to do this on a high end product.

> Netgear confirmed that the D7000 doesn't support NAT loopback [...]

   No, the D7000 ([v1]) _does_; the D7000v2 has the bug.  What, exactly,
did (who at) Netgear "confirm", that there's a bug, or that this was an
intentional design decision (unlike every other router they make)?  (The
bug explanation would be more credible.)

> [...] which I found bizarre as the R7000 (pretty much the same model
> without ADSL) does support NAT loopback.

   No, except for the shape of the box and some of the features, it's
pretty much different, including the firmware.


> enable telnet [...]

   I use this program (which I modified): http://antinode.info/nte

Ah thanks

In a chat room Netgear just said ‘Sorry but your router doesn’t support that feature’ and pointed me to the page which lists the routers that support NAT Loopback. No statements that they’d look into correcting the problem, making me feel abandoned as a customer.

The whole episode has been disappointing as I bought the router to replace an elderly Netgear DGND7300 which (a) supports a higher ADSL line speed (b) supports loopback and (c) seems pretty robust. I’m replacing it because it’s running out of packet switching speed. Or trying to.

> In a chat room Netgear just said `Sorry but your router doesn't
> support that feature' and pointed me to the page which lists the routers
> that support NAT Loopback. [...]

   I'll guess: https://kb.netgear.com/000049578

   That's drivel.  That's a list of only modern, router-only routers,
model "Rxxxx".  It does not include older models, or any modem+router
models.  I can assure you that my old DGN2200v4 (V1.0.0.86_1.0.86 and
V1.0.0.90_1.0.90, at least) did it, and my current D7000[v1]
(V1.0.1.48_1.0.1 - V1.0.1.68_1.0.1) does it.

   It's possible that the oral tradition has been broken, and no one
currently at Netgear (or their subcontractors) still knows how to do it,
but it was a universal feature until recently.  More encouragement may
be found here, for another recent product:

      https://community.netgear.com/t5/x/x/td-p/1229851

It could be a (sad) trend.

   You might consider looking for an Ebay bargain on a D7000[v1].  I
haven't looked lately (since I got my spare/experimental unit), so I
know nothing, but, from time to time, I seem to recall seeing one sell

for under $100.

> [...] DGND7300 [...]

   "DGND3700"?  I started on my Netgear ordeal with a DGND3700v2, which
looked good, but its port forwarding firmware didn't allow different
external and internal port numbers.  The DGN2200v4 was a replacement for
that -- lamer wireless, but less incompetent port forwarding.  Both the
DGN2200v4 and the D7000[v1] mishandle special characters in PPP
passwords (unlike the DGND3700v2), so Netgear firmware bugs are not a
novelty.  Fixes seem to be.

I'm the original poster of this thread and ended up sending back D7000v2 to Amazon. I'm running an ECI openreach modem and an R7800 with DD-WRT flashed. I have IPv6 and NAT loopback working which is something I doubt I would have ever achieved witht the D7000v2. If you are also in the UK and okay with a two box solution, definitely see if you can give it a go.