Archer C5400X NAT loopback

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer C5400X NAT loopback

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C5400X NAT loopback
Archer C5400X NAT loopback
2020-08-28 00:26:55
Model: Archer C5400X  
Hardware Version: V1
Firmware Version: 1.1.0 Build 20180904 rel.41828

I just got a Archer C5400X and have been trying to get it to work with my TrueNAS installation and Nextcloud, but it refuses to work since i can not seem to get NAT loopback to work. I can reach the systems just from outside my home network, just not from inside my own network. Is there some way i can get this to work? Might have to return this and get another brand if it does not work.

  0      
  0      
#1
Options
6 Reply
Re:Archer C5400X NAT loopback
2020-08-28 01:09:06

@Armitage 

 

Hello,

 

Do you mean you cannot access the TrueNAS and Nextcloud by WAN IP address: port on the local computer? If so, can you access them by their IP address directly?

 

What is the detailed network diagram, are these TrueNAS and Nextcloud are connected to the C5400X directly by Ethernet cable or by wireless? Can you ping their IP address on another computer which is also connected to this router?

 

Thanks a lot.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Archer C5400X NAT loopback
2020-08-28 01:42:43 - last edited 2020-08-28 01:49:35

@Kevin_Z 

 

Hi, thanks for answering.

 

I have the C5400X connected to the wan, and downstream from it i have a MikroTik CRS305-1G-4S+IN 10Gb SFP+ switch to which most of my equipment is connected with fibre cables. I made a quick sketch in paint to better illustrate what it looks like:

 

This worked fine earlier today when i had my old switch connected, an Asus RT-N66U. Ports are forwarded the same way. I can ping inside the network to the various ip adresses fine, and i can reach the both the Home Assistant, TrueNAS and Nextcloud from outside my LAN with my domain name, but if i try to access my equipment via my domain name from inside the LAN it refuses to connect.

 

EDIT: I can access my equipment from inside my LAN if i go to the ip adresses directly, but this throws SSL errors (NET::ERR_CERT_COMMON_NAME_INVALID) since i have only set the certificates up for my domain name. I guess it is expected since the common name is wrong when i access the machines that way.

  0  
  0  
#3
Options
Re:Archer C5400X NAT loopback
2020-08-28 07:06:47

@Armitage 

 

Hello,

 

May I know what DDNS are you using on the C5400X now? 

 

BTW, our engineer will email you, if you are willing to do further analysis, please check your inbox and respond.  

                    

Thanks for your cooperation and support. Good day.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX55V2 Supports WireGuard VPN, EasyMesh Ethernet Backhaul, IoT Network, Speed Limit,and More If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#4
Options
Re:Archer C5400X NAT loopback
2020-08-28 12:29:42

@Kevin_Z 

 

Im using DuckDNS. I have a client on my computer that updates if it changes.

  0  
  0  
#5
Options
Re:Archer C5400X NAT loopback
2020-12-28 02:30:46

@Armitage 

Sorry to jump in this late but I have the same kind of problem. Were you able to solve yours and how ?

Thanks in advance

  0  
  0  
#6
Options
Re:Archer C5400X NAT loopback
2020-12-28 04:29:09

@LoloTheJeeper 

No, after mailing with a customer service representative a few times she passed the issue along to an engineer who told me that was not possible on the C5400X. If you connect several devices to a switch that you then connect to one single port on the C5400X you will not be able to navigate between the devices via hostname via hair-pin NAT.

 

This is the mail i got from the engineer:

This is Leo from TP-Link Support Team, and I will help you with this case.

I have checked the topology and information you provided before.
All you devices are connected to C5400X via MikroTik switch, so these devices share the one LAN port of C5400X, right?
Then it's suggested to connect other PC to C5400X other LAN port, not to MikroTik switch, check the attachment. That's the alternative for this issue.

Thank you in advance.

 

This is a suggested explanation i got from a user on the Mikrotik forums: 

When you connect equipment directly to C5400X, you probably use separate port for NAS. Which might indicate that TP-Link supports hair-pin NAT only between different interfaces. In ROS world this would indicate partial implementation of functionality (without SRC-NAT part) which means that server (NAS) sees real client's LAN address as source and sends replies directly, bypassing TP-Link which can not rewrite DST-NAT-ed contents (dst-address and dst-port).

So nothing to do with CRS and you'd experience same problem when using just any ethernet switch in place of CRS.

The solution would be to run DNS server on LAN, which would return LAN IP address for your services. It works fine as long as you don't depend on port translation on WAN interface (e.g. running some secondary HTTP service on secondary LAN server, exposed to public via non-standard port such as 8000).

 

Im surprised you managed to find the topic after this long. Sorry i could not solve this issue for you. I replaced it with another brand instead that also has built in support for more DDNS providers, which was also a problem for me with the C5400X.

  1  
  1  
#7
Options