NAT Loopback in subnetwork

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

NAT Loopback in subnetwork

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
NAT Loopback in subnetwork
NAT Loopback in subnetwork
2021-04-07 08:43:52 - last edited 2021-04-09 03:42:47
Model: Archer C80  
Hardware Version: V1
Firmware Version: 1.5.7 Build 210308 Rel.60033n(4555)

Hi,

 

I have a TPLink VDSL Modem (TD-W9960 v1 1.2.0 0.8.0 v009d.0 Build 201016 Rel.78709n) and TPLink Access Point (Archer c80  v1 1.5.7 Build 210308 Rel.60033n(4555)) on my network.

 

A LAN cable (192.168.1.2) reaches the AP working in router mode through its WAN port. They both have Wireless enabled, but I treat the AP as my secure home network.

 

Modem directs the traffic on all ports to AP with NAT-dmz forwarding. It also uses tplink ddns service to bind subdomain.tplinkdns.com to my public IP.

The AP has some NAT port forwarding settings for various services including http on port 80.

 

When I connect to the modem's wifi, I can access all ports via the ddns domain. (NAT loopback works even I am on the local network)

But when I connect to the AP's wifi, I cannot access anything on my local network neither using the subdomain nor my public IP.

 

NAT boost is not activated on neither devices as I read that it disables the NAT loopback.

 

Can you please help me to figure out how can I enable access to my local network servers via the domain.

 

Best

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:NAT Loopback in subnetwork-Solution
2021-04-08 10:33:26 - last edited 2021-04-09 03:42:47

@tpta 

 

 

Before you start I would suggest to backup the TD-W9960 and C80 configuration just in case.

You will need these credentials for configuring C80 PPPoE session:

 

 

Delete the old Internet connection in TD-W9960 (PPPoE):

 

 

Add new Internet connection of type Bridge (click Save at the end):

 


 

Settings in C80:

 

 

After configuring the PPPoE in C80 click CONNECT (if available) and you should be able to establish the PPPoE session from C80.

You'll have an internet connection with a single NAT in C80 and since Kevin already confirmed the NAT loopback (hairpinning) implemented in C80 FW this configuration should resolve your issue.

 

 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
Recommended Solution
  3  
  3  
#7
Options
12 Reply
Re:NAT Loopback in subnetwork
2021-04-07 14:08:07 - last edited 2021-04-08 00:07:01

@tpta 

 

From your description it seems like NAT loopback/hairpinning on C80 doesn't work.

Why don't you try to put C80 in AP mode. Thus you'll avoid the double NAT in your network and probably the issue will disappear.

Your home network won't be less secure if you are NAT-ing in TD-W9960 only.

 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#2
Options
Re:NAT Loopback in subnetwork
2021-04-07 18:42:35

There are various reasons for that @terziyski. I would rather keep c80 as my router. Double NAT is not a serious problem, but we need to enable NAT Loopback (hairpinning) on it somehow.

  0  
  0  
#3
Options
Re:NAT Loopback in subnetwork
2021-04-07 20:13:26

@tpta 

 

OK, but you should know that NAT loopback/hairpinning is a feature that is FW embedded.

If it's not implemented in the C80 current FW release (which can be confirmed by TP-Link), then you'll have to wait for a release with that feature added.

 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#4
Options
Re:NAT Loopback in subnetwork
2021-04-08 06:58:36

@tpta 

 

C80 supports NAT Loopback (hairpinning) by default.

 

May I know who is your ISP? Is it possible to configure the W9960 into bridge mode, then configure the internet settings on the C80 to confirm if there is still an issue?

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#5
Options
Re:NAT Loopback in subnetwork
2021-04-08 10:06:52

Hi @Kevin_Z ,

 

Sounds interesting.

My ISP is TurkNet. I can manually configure the dsl settings, but how can I set the modem into bridge mode?

  0  
  0  
#6
Options
Re:NAT Loopback in subnetwork-Solution
2021-04-08 10:33:26 - last edited 2021-04-09 03:42:47

@tpta 

 

 

Before you start I would suggest to backup the TD-W9960 and C80 configuration just in case.

You will need these credentials for configuring C80 PPPoE session:

 

 

Delete the old Internet connection in TD-W9960 (PPPoE):

 

 

Add new Internet connection of type Bridge (click Save at the end):

 


 

Settings in C80:

 

 

After configuring the PPPoE in C80 click CONNECT (if available) and you should be able to establish the PPPoE session from C80.

You'll have an internet connection with a single NAT in C80 and since Kevin already confirmed the NAT loopback (hairpinning) implemented in C80 FW this configuration should resolve your issue.

 

 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
Recommended Solution
  3  
  3  
#7
Options
Re:NAT Loopback in subnetwork
2021-04-08 20:59:27

Thanks @terziyski!

 

Used this option and NAT loopback on c80 works now.

 

Wish nested NAT loopback would work as well, as I am not able to use W9960's WiFi coverage on other end of the home now as it does not have Internet. Can I somehow make it repeat c80's signal while it still stays in the Bridge mode?

 

Another question: I cannot use 192.168.1.1 to access W9960's interface yet through the other Wifi from c80. Is there a way to make this possible?

  0  
  0  
#8
Options
Re:NAT Loopback in subnetwork
2021-04-08 21:39:06 - last edited 2021-04-09 18:55:36

@tpta 

 

No, you can't use the W9960 wireless in bridged mode for internet access or WDS. That's why I suggested C80 in AP mode in the first place.

Accessing W9960's WebGUI should be possible. You can try by adding a static route in C80 to the LAN IP address of W9960 via C80 WAN interface:

 

 

assuming 192.168.1.1 is the W9960 LAN IP address, and 192.168.0.1 is the C80 LAN IP address.

If above doesn't work try to connect your PC by ethernet cable to W9960's LAN port (Set static IP address 192.168.1.3, mask 255.255.255.0, gw 192.168.1.1 on your PC LAN adapter/disconnect from wi-fi if any) - then browse 192.168.1.1 (W9960 login page).
 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#9
Options
Re:NAT Loopback in subnetwork
2021-04-09 01:35:36

@tpta 

 

Good to know changing the W9960 to bridge mode works, while there is no internet anymore on the 9960. To address the issue and try to fix it, we would like to have a specialist look into this further via email. Please check your mailbox later, and let us know if the issue is resolved.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  1  
  1  
#10
Options
Re:NAT Loopback in subnetwork
2021-04-09 03:47:06

Hi @terziyski !

 

Thanks for your help. Your assumptions regarding the IP addresses of both devices on their respective networks were true.

 

But adding new routing entry with that information results this error:

 

 

When I check with subnet 255.255.255.255, as below:

I get this error which I don't understand its meaning:

  0  
  0  
#11
Options