Home

Forums

Stories

Knowledge Base

Business Community > Gateways > ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

< Gateways

ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

SSIDad

2025-08-22 15:07:14 - last edited 2025-08-25 02:29:47

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-08-22

ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-22 15:07:14 - last edited 2025-08-25 02:29:47

Tags: #NAT #VLAN & Multi-Networks

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: 2.3.0

Device/Versions:

Router: ER605 v2, upgraded from firmware 2.2.6 → 2.3.0
APs: EAP670, upgraded from 1.0.4 → 1.1.1
Controller: OC 200 2.0, 5.15.24.21

Summary of Issue:
After upgrading the ER605 to v2.3.0, LAN clients connecting to a server on another LAN subnet no longer show their real source IP. Instead, the server only sees the router’s WAN IP (172.x.x.x) if a port forward is defined.

Steps to Reproduce:

Upgrade ER605 v2 from 2.2.6 to 2.3.0.
Create two LAN subnets (e.g. 192.168.0.0/24 for clients, 192.168.10.0/24 for servers).
Run a simple service like whoami on 192.168.10.2 to report client IPs.
From a LAN client (192.168.0.x), connect to the server by its LAN IP.
- With no port forward: server shows 192.168.0.x (expected).
- With port forward defined: server shows 172.x.x.x (WAN IP of ER605).

What I Expected:

LAN→LAN traffic should be routed directly, with client source IP preserved.
Port forwarding should only affect WAN→LAN traffic.

What Actually Happens:

LAN→LAN traffic is SNATed to the router’s WAN IP when port forwarding exists.
This breaks correct client IP visibility and access control.

Diagram (simplified):

Wi-Fi Client (192.168.0.x) ──> ER605 ──> Server (192.168.10.2)
     Reports 192.168.0.x (expected)    OR   Reports 172.x.x.x (wrong, when port forward exists)

Question:

Is this NAT behavior in 2.3.0 intentional?
If not, can TP-Link confirm whether this is a bug/regression?
Is there a way to prevent NAT from being applied to LAN→LAN traffic?

2 Accepted Solutions

Clive_A

2025-08-25 01:35:17 - last edited 2025-08-25 03:07:39

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled-Solution

2025-08-25 01:35:17 - last edited 2025-08-25 03:07:39

@SSIDad

We have noticed this feedback in another post.

If you experience the same issue as this one:

https://community.tp-link.com/en/business/forum/topic/836128

Please wait for future firmware regarding this if you face the same issue as described.

Recommended Solution

Clive_A

2025-08-26 07:32:50 - last edited 2025-08-26 13:22:44

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled-Solution

2025-08-26 07:32:50 - last edited 2025-08-26 13:22:44

@rcobourn @SSIDad @GRL

Clive_A wrote

GRL wrote

@Clive_A

Any chance of a beta for this issue? Im already using the one you supplied for the ER8411 to resolve millions of firewall issues with the NAS at my main site, but i have a similar issue at a remote site as well with a 605v2

I am not seeing a beta for ER605 V2, unfortunately.

If there is one, I will inform you.

Dev compiled one; you can download it here.

Recommended Solution

10 Reply

Clive_A

2025-08-25 01:35:17 - last edited 2025-08-25 03:07:39

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled-Solution

2025-08-25 01:35:17 - last edited 2025-08-25 03:07:39

@SSIDad

We have noticed this feedback in another post.

If you experience the same issue as this one:

https://community.tp-link.com/en/business/forum/topic/836128

Please wait for future firmware regarding this if you face the same issue as described.

Recommended Solution

rcobourn

LV1

2025-08-25 02:51:12

Posts: 1

Helpful: 2

Solutions: 0

Stories: 0

Registered: 2025-08-24

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-25 02:51:12

@Clive_A

Maybe I'm missing something, but how is pointing to a beta firmware for a different device a solution?

Clive_A

2025-08-25 03:07:29

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-25 03:07:29

@rcobourn

rcobourn wrote

@Clive_A

Maybe I'm missing something, but how is pointing to a beta firmware for a different device a solution?

Please wait for future firmware regarding this if you face the same issue as described.

GRL

LV4

2025-08-25 08:10:44

Posts: 775

Helpful: 316

Solutions: 91

Stories: 0

Registered: 2022-01-02

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-25 08:10:44

@Clive_A

Any chance of a beta for this issue? Im already using the one you supplied for the ER8411 to resolve millions of firewall issues with the NAS at my main site, but i have a similar issue at a remote site as well with a 605v2

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300

Clive_A

2025-08-25 09:20:35

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-25 09:20:35

@GRL

GRL wrote

@Clive_A

Any chance of a beta for this issue? Im already using the one you supplied for the ER8411 to resolve millions of firewall issues with the NAS at my main site, but i have a similar issue at a remote site as well with a 605v2

I am not seeing a beta for ER605 V2, unfortunately.

If there is one, I will inform you.

Clive_A

2025-08-26 07:32:50 - last edited 2025-08-26 13:22:44

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled-Solution

2025-08-26 07:32:50 - last edited 2025-08-26 13:22:44

@rcobourn @SSIDad @GRL

Clive_A wrote

GRL wrote

@Clive_A

Any chance of a beta for this issue? Im already using the one you supplied for the ER8411 to resolve millions of firewall issues with the NAS at my main site, but i have a similar issue at a remote site as well with a 605v2

I am not seeing a beta for ER605 V2, unfortunately.

If there is one, I will inform you.

Dev compiled one; you can download it here.

Recommended Solution

GRL

LV4

2025-08-26 07:34:01

Posts: 775

Helpful: 316

Solutions: 91

Stories: 0

Registered: 2022-01-02

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-26 07:34:01

@Clive_A

thank you !

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300

SSIDad

LV1

2025-08-26 13:22:18

Posts: 4

Helpful: 0

Solutions: 0

Stories: 0

Registered: 2025-08-22

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-26 13:22:18

@Clive_A

Thank you for the quick fix. I tested it this morning and confirm it resolves the issue on my end.

Now when I connect to my whoami service on VLAN 10 (192.168.10.0/24) from VLAN 1 (192.168.0.0/24), the remote address is correctly reported as a VLAN 1 address.

I discovered this initially because of IP whitelisting rules in my reverse proxy, which is also running in VLAN 10.

I assume this fix will be included in the next stable release?

#10

Clive_A

2025-08-27 00:49:06

Posts: 8362

Helpful: 4302

Solutions: 2193

Stories: 0

Registered: 2023-06-09

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

2025-08-27 00:49:06

@SSIDad

SSIDad wrote

@Clive_A

Thank you for the quick fix. I tested it this morning and confirm it resolves the issue on my end.

Now when I connect to my whoami service on VLAN 10 (192.168.10.0/24) from VLAN 1 (192.168.0.0/24), the remote address is correctly reported as a VLAN 1 address.

I discovered this initially because of IP whitelisting rules in my reverse proxy, which is also running in VLAN 10.

I assume this fix will be included in the next stable release?

Regarding the development progress and details you mentioned, we, the forum, are currently unable to provide specific information or estimated timelines.

We kindly ask you to be patient and refer to the final firmware release notes for updates on this feature. Thank you for your support and understanding.

#11

ceejaybassist

LV3

3 weeks ago

Posts: 108

Helpful: 73

Solutions: 1

Stories: 0

Registered: 2023-07-17

Re:ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

3 weeks ago

@Clive_A

Thank you for this.

I am running into the issue where when I access all of proxy hosts in Nginx Proxy Manager located in VLAN 20 from a client in VLAN 30, it is going to the WAN, meaning it is to the internet instead of just inter-VLAN access.

What I did as a workaround is whenever my public IP changes, I allow it one-by-one for each proxy host, which is so much of a hassle because I have many proxy hosts.

The beta firmware solved my problem. The inter-VLAN access is now working again.

#12

ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

ER605 v2.3.0 – LAN-to-LAN Traffic Shows WAN IP When Port Forwarding Enabled

Device/Versions:

Information

Voters 0

Tags