Orbi WiFi 7 RBE973
Reply

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

sduttonusa
Tutor

Nighthawk X6 R8000 Nat hair pinning / loopback

I see from the support documents that this model supports NAT Loopback.  I have two virtual machines running on my network . . . one running FileMaker Server, the other running FileMaker Client.  When connecting from the outside using Remote Desktop, I connect to the VM with FileMaker Client, which then "connects internally" to the VM running FileMaker Server.  On my Nighthawk router, I need to point my external domain name (www.example.com) for my VM running FileMaker Client to the internal IP of the VM running FileMaker Server (192.168.1.201).  Where / how do I map that connection?

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 1 of 6

Accepted Solutions
sduttonusa
Tutor

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

I've spoken to a couple of IT specialists who have successfully set up the FileMaker scenario exactly as I described above . . . they allowed me to Remote Desktop into their "Machine 1 - FileMaker Client" to access a database on their "Machine 2 - FileMaker Server" via their Domain Name.  The SSL connection succeeded (showing a Green Padlock).

 

They both stated this is only possible by setting up a NAT Loopback, and that the router must have NAT configurability (which you addressed in your last response---my Nighthawk does NOT allow the NAT to be configured).  Their solution:  purchase an enterprise level router which allows for the NAT to be configured and that will resolve the issue.

View solution in original post

Message 5 of 6

All Replies
antinode
Guru

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

> I see from the support documents that this model supports NAT
> Loopback. [...]

 

   Some of the non-psychics in your audience might not be able to guess
_which_ "the support documents", but that should be true.

 

> [...] I have two virtual machines running on my network [...]

 

   At that point you lost me.  What are the IP addresses of the relevant
network interfaces on these systems?

 

> [...] I need to point my external domain name (www.example.com) for my
> VM running FileMaker Client to the internal IP of the VM running
> FileMaker Server (192.168.1.201). [...]

 

   Are you asking how to configure port forwarding, or what?  Which
services are offered by what at which LAN address (and ports)?

 

   An "external domain name" is normally resolved to your router's
WAN/Internet IP address, not to any LAN IP address.


   NAT loopback allows a device on your LAN to act (approximately) as if
it were an outside-world device when it tries to communicate with your
router at its WAN/Internet IP address.  But it's not intuitive or
magical.

 

> [...] Where / how do I map that connection?

 

   Which connection, exactly, between what, exactly, and what, exactly?


   General advice: You might have more success if you described the
actual problem which you are trying to solve, rather than asking how to
implement some particular "solution" ("NAT loopback"), which may have
little or nothing to do with the actual problem (whatever it might be).

Message 2 of 6
sduttonusa
Tutor

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

My domain (www.example.com) is tied to a static IP (99.99.99.99).  

I have two machines in my office network, both running Windows Server 2016:

       Machine 1 with an interrnal IP of 192.168.1.100 which runs FileMaker Client.

       Machine 2 with an internal IP of 192.168.1.101 which runs FileMaker Server.  (The SSL Certificate is installed here in FMS.)

To access a database that is hosted on Machine 2, one must connect via FileMaker Client on Machine 1.

Currently, Machine 1 connects to Machine 2 using the internal IP of 192.168.1.102

 

When I access my network remotely, I login via my domeain (www.example.com).  This allows me to open FileMaker Client on Machine 1, which then connects to the hosted database on Machine 2 via the internal IP of 192.168.1.102.

 

The problem is, for security reasons, going to FileMaker Server on Machine 2 must be from the external WAN domain (www.example.com), not an internal LAN 192.168.1.201 . . . the SSL Certificate residing in FileMaker Server on Machine 2 is looking for a connection from www.example.com.  I need to set up a NAT Loopback that connects www.example.com to the LAN IP 192.168.1.201.

Message 3 of 6
antinode
Guru

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

> [...] I need to set up a NAT Loopback [...]

 

   Again, see the "General advice" above.  A "Certificate" does not
"look for a connection from" anything.  NAT loopback is an always
enabled, non-configurable feature of the router.

 

   What you should be able to do is set up port forwarding for your
FileMaker server, just as if you were trying to allow access to that
server/service from the outside world.  When that's done, the router's
NAT loopback feature should allow you to access that server/service from
a system on your LAN in the same way as you would from the outside
world, using the router's WAN/Internet IP address.

 

> [...] that connects www.example.com to the LAN IP 192.168.1.201.

 

   ".102"?

 

> [...] When I access my network remotely, I login via my domeain
> (www.example.com). [...]


   "login" could mean almost anything.  What, exactly, are you doing
on the remote system?

 

> [...] This allows me to open FileMaker Client on Machine 1, which then
> connects to the hosted database on Machine 2 via the internal IP of
> 192.168.1.102.

 

   If you're running a FileMaker client on the ".101" system, talking to
a FileMaker server on the ".102" system, then what difference does some
kind of "remote" access to the client system make?

 

   At least one of us (still) doesn't understand exactly what you're
trying to do, and why it fails.

Message 4 of 6
sduttonusa
Tutor

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

I've spoken to a couple of IT specialists who have successfully set up the FileMaker scenario exactly as I described above . . . they allowed me to Remote Desktop into their "Machine 1 - FileMaker Client" to access a database on their "Machine 2 - FileMaker Server" via their Domain Name.  The SSL connection succeeded (showing a Green Padlock).

 

They both stated this is only possible by setting up a NAT Loopback, and that the router must have NAT configurability (which you addressed in your last response---my Nighthawk does NOT allow the NAT to be configured).  Their solution:  purchase an enterprise level router which allows for the NAT to be configured and that will resolve the issue.

Message 5 of 6
antinode
Guru

Re: Nighthawk X6 R8000 Nat hair pinning / loopback

> [...] Remote Desktop [...]

 

   Ok.  So the remote system is not relevant; "you're running a
FileMaker client on the ".101" system".

 

> They both stated this is only possible by setting up a NAT Loopback,
> [...]

 

   Your router should have NAT loopback.  Have you any contrary
evidence?

 

> [...] the router must have NAT configurability [...]

 

   So that you can configure it to do what, exactly?

 

> [...] my Nighthawk does NOT allow the NAT to be configured).

 

   Configured to do what, exactly?


> [...] Their solution: purchase an enterprise level router which allows
> for the NAT to be configured and that will resolve the issue.

 

   Getting a different router with more capability "will resolve the
issue" only if you know how to "configure NAT" to do what you want,
whatever that actually means.  But, if you believe that you've "solved"
your problem, then that's ok with me.

 

> What you should be able to do is set up port forwarding for your
> FileMaker server, [...]

 

   Still my suggestion.  If that's what "configure NAT" means to you,
then the R8000 should be able to do what you want.

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 2025 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7