DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2920 DMZ, Address Mapping and internal visibility

  • walster
  • Topic Author
  • Offline
  • New Member
  • New Member
More
20 Aug 2013 18:07 #77484 by walster
Hi, I have just migrated from 2800g on ADSL to a 2920 on Fibre.

I have a block of IP's and have successfully set up the IP Routed Subnet to allow for pass through and added a single WAN IP alias which I have mapped to a server with an IP of 192.168.1.14 by adding the WAN IP to point to 192.168.1.14 in the DMZ setup.

I have also added the reverse in Address Mapping.

I also have a DNS record (externally) which point a subdomain to the external WAN IP.

My problem is that I am unable to access using the subdomain name / WAN IP address from my internal network. I can PING successfully and I can also view successfully from an external network. It appears that the NAT Loopback is the culprit but I have no idea on how to enable/disable/fix.

Any ideas?

Many thanks

Please Log in or Create an account to join the conversation.

More
06 Sep 2013 12:27 #77620 by jrg
Seems like there's been quite a few people asking how to do this, and a notable lack of replies.

Recent topics include:
http://www.forum.draytek.co.uk/viewtopic.php?f=14&t=18549
http://www.forum.draytek.co.uk/viewtopic.php?f=2&t=18517
http://www.forum.draytek.co.uk/viewtopic.php?f=2&t=18440

Obviously, what needs to be in place is for the source IP of the internal host to be NATted, because the route back to the destination (NAT) IP must come through the Draytek in order to be unNATted again.

i.e. for communication from an Internal client to an External server IP that is really a NAT to Internal server IP:

Request packet: (Internal client IP,External server IP), takes the default route -> Draytek -> maps to (NAT External IP,Internal server IP)
Reply packet: (Internal server IP, NAT External IP), takes the default route -> Draytek -> maps to (External server IP, Internal client IP)

So, can it be done on any Draytek hardware and software (I'm looking for answers for the 2850, myself)? What is the mysterious 'NAT Loopback' to which some posters have referred? Is it just the above concept, or is it a tangible (undocumented) setting in some Draytek software?

Please Log in or Create an account to join the conversation.

  • walster
  • Topic Author
  • Offline
  • New Member
  • New Member
More
16 Sep 2013 17:37 #77698 by walster
Just sent a support request for this.
Will let you know here.

Please Log in or Create an account to join the conversation.

  • walster
  • Topic Author
  • Offline
  • New Member
  • New Member
More
16 Sep 2013 19:04 #77699 by walster

Please Log in or Create an account to join the conversation.

  • walster
  • Topic Author
  • Offline
  • New Member
  • New Member
More
19 Sep 2013 17:44 #77734 by walster
OK, I have this fixed for my 2920...

My support to and fro is as follows:

Could you try downgrading to the 3.6.3 firmware to check whether that resolves the issue for you?

ftp://ftp.draytek.com/Vigor2920/Firmware/v3.6.3/

If that doesn't resolve it, could you try disabling the firewall from Firewall - General Setup - set the Data Filter to Disable and test whether that helps?


A downgrade to 3.6.3 appears to have solved the issue, although the speed of the requests are very slow. I will do some testing and get back to you.


Thanks for confirming that, I'll check with the firmware team whether they are aware of this issue and if there is a firmware to resolve the problem available yet.


Please could you test whether this firmware allows NAT loopback to work with your configuration?

Before updating, please take a backup of the router's configuration as a precaution because this is a beta firmware and does add some features (the policy routing facility).


File attached as v2920_r37290_001.zip

I can confirm that yes, NAT Loopback does work with this firmware. Is the beta firmware fit for my continued usage?


I believe so, we haven't seen any significant issues reported with other users' testing of similar builds of firmware. It is expected to be released as 3.6.6 relatively soon.



End of.

Hope this help others who may have this problem, initially a firmware downgrade to 3.6.3 is the route to take to check if it fixes.

Cheers

Please Log in or Create an account to join the conversation.

Moderators: Sami