Accessing External IP Inside LAN (NAT Loopback)

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

ERIC8585
Posts: 25
Joined: Thu Mar 01, 2012 7:34 pm

Accessing External IP Inside LAN (NAT Loopback)

Post by ERIC8585 »

For some reason I cannot access my internal NAS device via my external IP from a computer on my internal LAN connected to my router running Gargoyle.

However I can connect via my external IP from a wireless device on my LAN. FYI the wireless AP is a Dlink DIR-655 router connected via a LAN port to the Gargoyle router. DHCP, etc are turned off on the DIR-655.

Does this behavior make sense to anyone? If so, can you explain to me what's happening?
Last edited by ERIC8585 on Sun Mar 04, 2012 3:36 pm, edited 1 time in total.

User avatar
DoesItMatter
Moderator
Posts: 1373
Joined: Thu May 21, 2009 3:56 pm

Re: Accessing External IP Inside LAN

Post by DoesItMatter »

Your D-Link DIR-655 is connected via LAN to the Gargoyle router.

Is the D-Link in the Gargoyle's DMZ?

If so - you have to check firewall settings on that other computer.

Quickest check - turn off any firewalls - then try accessing
the shared drive again.
:twisted: Soylent Green Is People! :twisted:
2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400

ERIC8585
Posts: 25
Joined: Thu Mar 01, 2012 7:34 pm

Re: Accessing External IP Inside LAN

Post by ERIC8585 »

DoesItMatter wrote:Your D-Link DIR-655 is connected via LAN to the Gargoyle router.

Is the D-Link in the Gargoyle's DMZ?

If so - you have to check firewall settings on that other computer.

Quickest check - turn off any firewalls - then try accessing
the shared drive again.
No the Dlink isn't in the Gargoyle's DMZ.

What I'm saying is I can't access a local browser based NAS connected to the Gargoyle router via any computer directly connected to the Gargoyle router over my internet IP address, but I can access it (through the internet IP) from wireless devices connected to the DIR-655 (acting strictly as a wireless AP), which is also connected to the Gargoyle router's LAN port. However, I can access the NAS via the local IP on the internal network via any devices.

It doesn't really matter as others outside my network can access the NAS via my external IP because I have port forwarding set up on the Gargoyle router. But sometimes I attempt to connect through my domain name, which is linked to my internet IP, while I'm on my LAN for the sake of not having to reconfigure my iPad apps with a local IP. It just seems like odd behavior to me as it worked fine when my DIR-655 was the router as well as now with the DIR-655 just serving access point duties. Something to do with how NAT works on Gargoyle opposed to Dlink?

Let me know if you don't understand what I'm saying and I'll draw a diagram.

pbix
Developer
Posts: 1373
Joined: Fri Aug 21, 2009 5:09 pm

Re: Accessing External IP Inside LAN

Post by pbix »

I definitely need a drawing. :geek:
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM

User avatar
DoesItMatter
Moderator
Posts: 1373
Joined: Thu May 21, 2009 3:56 pm

Re: Accessing External IP Inside LAN

Post by DoesItMatter »

DD-WRT has this setting - "Filter WAN NAT Redirection"

I think this is what is happening to you with Gargoyle.

I'm not sure how you change that or even where, but its definitely
going to be some command line work for you with firewall rules.
:twisted: Soylent Green Is People! :twisted:
2x Asus RT-N16 = Asus 3.0.0.4.374.43 Merlin
2x Buffalo WZR-HP-G300NH V1 A0D0 = Gargoyle 1.9.x / LEDE 17.01.x
2x Engenius - ESR900 Stock 1.4.0 / OpenWRT Trunk 49400

ERIC8585
Posts: 25
Joined: Thu Mar 01, 2012 7:34 pm

Re: Accessing External IP Inside LAN

Post by ERIC8585 »

DoesItMatter wrote:DD-WRT has this setting - "Filter WAN NAT Redirection"

I think this is what is happening to you with Gargoyle.

I'm not sure how you change that or even where, but its definitely
going to be some command line work for you with firewall rules.
That's probably what's happening. Thanks!

ERIC8585
Posts: 25
Joined: Thu Mar 01, 2012 7:34 pm

Re: Accessing External IP Inside LAN

Post by ERIC8585 »

Well I tried something else and now I'm back to square one. I tried connecting to my external (internet) IP with a device connected to the Gargoyle router wireless AP and it worked. But I still can't connect to my external IP through devices connected to the gigabit LAN ports on the Gargoyle router. I don't understand :?

mix
Posts: 292
Joined: Sun Feb 27, 2011 11:18 am

Re: Accessing External IP Inside LAN

Post by mix »

Are you guys talking about NAT loopback?
WRT54GL v1.1
Gargoyle 1.4.7

ERIC8585
Posts: 25
Joined: Thu Mar 01, 2012 7:34 pm

Re: Accessing External IP Inside LAN

Post by ERIC8585 »

Yes. Works with wireless devices on Gargoyle but not wired for some reason.

mix
Posts: 292
Joined: Sun Feb 27, 2011 11:18 am

Re: Accessing External IP Inside LAN

Post by mix »

ERIC8585 wrote:Yes. Works with wireless devices on Gargoyle but not wired for some reason.
Also known as NAT reflection. It seems weird that it will only work on the lan or wifi side, until I think about the fact that these two interfaces are actually bridged in software (probably called br-lan in ifconfig). Honestly, this is one of those more mysterious areas of nat routers that is often implemented incorrectly. I always go out of my way not to rely on it. When I use dns, I make sure that my dns server will always respond to internal clients (that is, ones on my lan, with an ip address in the nat address range, 192.168.0.x or whatever) with an internal ip address. External dns queries get responded too with the public ip address of the router. As long as whatever computer/device you are trying to access has a static internal ip address, this is not an issue.
WRT54GL v1.1
Gargoyle 1.4.7

Post Reply