Archer C5400X NAT loopback
I just got a Archer C5400X and have been trying to get it to work with my TrueNAS installation and Nextcloud, but it refuses to work since i can not seem to get NAT loopback to work. I can reach the systems just from outside my home network, just not from inside my own network. Is there some way i can get this to work? Might have to return this and get another brand if it does not work.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello,
Do you mean you cannot access the TrueNAS and Nextcloud by WAN IP address: port on the local computer? If so, can you access them by their IP address directly?
What is the detailed network diagram, are these TrueNAS and Nextcloud are connected to the C5400X directly by Ethernet cable or by wireless? Can you ping their IP address on another computer which is also connected to this router?
Thanks a lot.
- Copy Link
- Report Inappropriate Content
Hi, thanks for answering.
I have the C5400X connected to the wan, and downstream from it i have a MikroTik CRS305-1G-4S+IN 10Gb SFP+ switch to which most of my equipment is connected with fibre cables. I made a quick sketch in paint to better illustrate what it looks like:
This worked fine earlier today when i had my old switch connected, an Asus RT-N66U. Ports are forwarded the same way. I can ping inside the network to the various ip adresses fine, and i can reach the both the Home Assistant, TrueNAS and Nextcloud from outside my LAN with my domain name, but if i try to access my equipment via my domain name from inside the LAN it refuses to connect.
EDIT: I can access my equipment from inside my LAN if i go to the ip adresses directly, but this throws SSL errors (NET::ERR_CERT_COMMON_NAME_INVALID) since i have only set the certificates up for my domain name. I guess it is expected since the common name is wrong when i access the machines that way.
- Copy Link
- Report Inappropriate Content
Hello,
May I know what DDNS are you using on the C5400X now?
BTW, our engineer will email you, if you are willing to do further analysis, please check your inbox and respond.
Thanks for your cooperation and support. Good day.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Sorry to jump in this late but I have the same kind of problem. Were you able to solve yours and how ?
Thanks in advance
- Copy Link
- Report Inappropriate Content
No, after mailing with a customer service representative a few times she passed the issue along to an engineer who told me that was not possible on the C5400X. If you connect several devices to a switch that you then connect to one single port on the C5400X you will not be able to navigate between the devices via hostname via hair-pin NAT.
This is the mail i got from the engineer:
This is Leo from TP-Link Support Team, and I will help you with this case.
I have checked the topology and information you provided before.
All you devices are connected to C5400X via MikroTik switch, so these devices share the one LAN port of C5400X, right?
Then it's suggested to connect other PC to C5400X other LAN port, not to MikroTik switch, check the attachment. That's the alternative for this issue.
Thank you in advance.
This is a suggested explanation i got from a user on the Mikrotik forums:
When you connect equipment directly to C5400X, you probably use separate port for NAS. Which might indicate that TP-Link supports hair-pin NAT only between different interfaces. In ROS world this would indicate partial implementation of functionality (without SRC-NAT part) which means that server (NAS) sees real client's LAN address as source and sends replies directly, bypassing TP-Link which can not rewrite DST-NAT-ed contents (dst-address and dst-port).
So nothing to do with CRS and you'd experience same problem when using just any ethernet switch in place of CRS.
The solution would be to run DNS server on LAN, which would return LAN IP address for your services. It works fine as long as you don't depend on port translation on WAN interface (e.g. running some secondary HTTP service on secondary LAN server, exposed to public via non-standard port such as 8000).
Im surprised you managed to find the topic after this long. Sorry i could not solve this issue for you. I replaced it with another brand instead that also has built in support for more DDNS providers, which was also a problem for me with the C5400X.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1380
Replies: 6
Voters 0
No one has voted for it yet.