schnappi's profile

Mentor

 • 

92 Messages

Saturday, May 10th, 2014 1:48 PM

Will using your own router allow loopback connections?

Motorola NVG510 has serious issues with loopback connections (for example accessing a webserver hosted on your own network over the internet).

 

Will using your own router solve this issue? I am hesistant to think so since the conenctions still have to pass through the Motorola NVG510...even if it is "suppossedly" passing all traffic to your own router.

Expert

 • 

9.4K Messages

10 years ago

Yes, loopback will work if:

1. The NVG510 is configured for IP Passthrough mode
2. Your router is the IP Passthrough target, and has the registered internet-routable IP address as its WAN address
3. Your router supports loopback

Mentor

 • 

92 Messages

10 years ago

Quick correction. Meant a NVG589...not a NVG510.

 

That being said set up a router that supports NAT loopback with IP passthrough mode on the NVG589. NAT loopback DID NOT work with a router behind route setup with the NVG589.

 

I do not believe there is any way to make NAT loopback work with a NVG589 with a single IP (although please correct me if I am wrong and someone else has got NAT loopback to work with a NVG589).

 

As the prior poster stated giving your own router a "internet routable IP" would probably work. But one would have to purchase an additional IP lease from ATT. I suspect that this would work but a note to anyone who reads this...did not test giving my own router its own WAN (internet) ip.

ACE - Expert

 • 

34.7K Messages

10 years ago


@schnappi wrote:

Quick correction. Meant a NVG589...not a NVG510.

 

That being said set up a router that supports NAT loopback with IP passthrough mode on the NVG589. NAT loopback DID NOT work with a router behind route setup with the NVG589.

 

I do not believe there is any way to make NAT loopback work with a NVG589 with a single IP (although please correct me if I am wrong and someone else has got NAT loopback to work with a NVG589).

 

As the prior poster stated giving your own router a "internet routable IP" would probably work. But one would have to purchase an additional IP lease from ATT. I suspect that this would work but a note to anyone who reads this...did not test giving my own router its own WAN (internet) ip.


Putting the router behind the NVG 589 in "IP Passthrough" mode gives the Internet Routeable IP to that router without having to get the static public IP block.

 

 

Mentor

 • 

92 Messages

10 years ago

Putting the NVG589 into IP passthrough mode to another router DOES NOT solve the NAT loopback problem inherent to the NVG589.

 

My suggestion is to give a second (separate) WAN IP (which one would need to purchase from ATT) to your own router seperate from the WAN IP of the NVG589.

ACE - Expert

 • 

34.7K Messages

10 years ago

Given an choice between you being mistaken and SomeJoe being mistaken... um... well...

 

Although what I think I see SomeJoe saying is that if your router supports loopback, and it has a public address (which it would have via IP Passthrough) then loopback will work.  If your router doesn't support loopback, then well, it won't work (regardless of how it gets that public IP), it won't.

 

 

Mentor

 • 

92 Messages

10 years ago

Given a choice between ATT being mistaken and me being mistaken....enough said.

 

I encourage anyone reading this looking for answers to NAT loopback to draw their own conclusion as to whom is mistaken.

 

NAT loopback does not work with IP passthrough mode on the NVG589. There must be something about the traffic passing through the NVG589 (keeping in mind that the NVG589 has no true bride mode).

 

Tested a router with stock firmware and 3rd party firmware both capable of supporting NAT loopback. Waiting 24 hours, tried multiple DNS servers, flushed DNS cache on the machine testing the NAT loopback connection, ect.

 

A default Apache "The webserver is working" html page took 30+ seconds to load during test when attepting to access it via a domain tied to the WAN IP. Pressing F5 failed to load the page a second time and nothing showed up in the Apache log for the reload attempt (did not look at NVG589 log or own router log). Using the WAN IP after clearing browser cache returned similiar results.

 

Put up a webserver, VNC server, or temporarily open RDP to the internet and try connecting to it using your WAN IP. The evidence speaks for itself.

 

The NVG589 is a good piece of hardware that ATT dumbed down and limited with their firmware. ATT could easily add a "allow NAT loopback option" to the firmware. NAT loopback is not a security issue. While I encourage people to draw their own conclusions about NAT loopback ATT is kind enough to decide for us what is best (very similiar to our current government) by not putting an option in the NVG589 to allow NAT loopback.

ACE - Expert

 • 

34.7K Messages

10 years ago

The main problem is that NAT loopback is not important to 90% (or more) of a home ISP's customers.  As such, it gets no attention.

 

I also wonder where you got to use an NVG 589 that didn't have AT&T's firmware?

 

Expert

 • 

9.4K Messages

10 years ago

NAT loopback is defined as a function of a router where connections to ports on the outside IP address are translated and routed to the server defined in the router, even when the connection attempt comes from the "inside" portion of the network.

e.g.. Let's say we have a router with an outside IP address of 99.99.99.99 (a public IP address), and the router has been configured so that inbound connections to port 80 on that WAN interface are translated to a destination address of 192.168.1.20 (on the inside network). This enables a web server running on the 192.168.1.20 machine to respond to web requests from the Internet, provided those web requests are coming in to 99.99.99.99.

If another computer on the internal network, such as 192.168.1.101, can pull up the web site using http://99.99.99.99 (instead of the direct connection of http://192.168.1.20 ) then the router implements NAT loopback.

Now, knowing that, let's review:

If you use your own router, and it is the device doing the network address translation (NAT), that means it's outside address is x.x.x.x (a publically routable IP address), and it's inside addresses are private, in RFC 1918 address space. This can be set up with the U-Verse modems using DMZPlus (2Wire/Pace 3xxx series gateways) or IP Passthrough (Motorola NVG5xx series gateways).

NAT loopback in this situation is completely dependent on the functionality of your own router. By definition, any NAT loopback request under this circumstance never leaves your network and your router, and thus never touches the U-Verse gateway at all.

The bottom line is that if NAT loopback is not working with your router, then you either haven't configured your router properly, or your router doesn't support it. The ISP gateway has no bearing on this functionality whatsoever when configured in conjunction with your own router as described above.

 

Mentor

 • 

92 Messages

10 years ago

SomeJoe7777 you are correct regarding the route of a given packet when using a WAN IP locally (NAT loopback). However will again state that NAT loopback does not work using a router behind the NVG589.

 

As you stated it should...which is why the issue lies with the NVG589. Most likely something to do with IP passthrough mode on the NVG589 not being a true bridge mode which in turn does effect one's own router.

 

Bottom line I encourage you to attempt NAT loopback yourself with a router behind the NVG589 and report your results.

 

It wouldn't be the first time that ATT said something should work only to later admit it was a problem with their hardware.

ACE - Expert

 • 

34.7K Messages

10 years ago

Look, easy test:  Check to see what the outside WAN address is of your router.  If it is your public IP, then the NVG 589 has done every thing it needs to do for your router to be able to do NAT loopback, if it has the capability.

 

Once your router has its public IP address, if it can do NAT loopback it does not need to involve the NVG 589.  If it needs to involve the NVG 589 further, then it doesn't do NAT loopback.

 

Think about it.

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.