What's new

NAT loopback, how does it work?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pergola Fabio

Senior Member
Hi, how does nat loopback work?

lets say, i have a domain xxx.duckdns.org
I have a webserver running on port 80 , i can access from remote my webserver on http://xxx.duckdns.org (port 80 is forwarded)
Lets say , i have a second webserver running on port 81 , no port is forwarded
Can i acces that webserver from inside my lan? by accessing it on http://xxx.duckdns.org:81 ? how can i do that? without forwarding a port
do i need to create a subdomain? is there a setting for in on the router, so it it knows the local IP? Maybe by creating some dns record?

Or is that not possible at all?
What is the nat loopback?

thnx
 
I have a webserver running on port 80 , i can access from remote my webserver on http://xxx.duckdns.org (port 80 is forwarded)
Lets say , i have a second webserver running on port 81 , no port is forwarded
Can i acces that webserver from inside my lan? by accessing it on http://xxx.duckdns.org:81 ? how can i do that? without forwarding a port
I'm assuming these servers are on the LAN and not on the router itself. In which case you must have the port forwarded to access it through NAT loopback.

Alternatively you could create a hosts entry for xxx.duckdns.org on the router that pointed to the server's local IP address and avoid loopback entirely. There was a similar discussion about this here. But you would need to be using Merlin's firmware, which I'm assuming you're not as you posted in the Asus/official forum.
 
Last edited:
Alternatively you could create a hosts entry for xxx.duckdns.org on the router that pointed to the server's local IP address and avoid loopback entirely.

Only issue I have w/ this approach is that it locks you into *one* local IP address for the given domain name (as it has to be). It's NOT much help when you have multiple targets. In the latter case, NAT loopback is the only viable solution, since it relies on external-ip/external-port to local-ip/local-port translation via the DNAT of the port forward rather than domain name translation. IOW, NAT loopback is far more flexible.

I'm NOT suggesting the OP shouldn't use the domain-name solution if indeed he only has the one LAN target, but just to realize its viability as a solution assumes the only LAN target he will ever need is the one.

FWIW, here's an explanation of what NAT loopback actually does, and why and when you need it.

 
I always though that port forwarding was not needed ... But indeed seems logical, the router doesn't know, the destination... So maybe indeed the Dnsmasq is the solution
 
I always though that port forwarding was not needed ... But indeed seems logical, the router doesn't know, the destination... So maybe indeed the Dnsmasq is the solution

You don't necessarily need port forwarding to create a NAT loopback situation, which is exactly the case in that other link. The OP created a DNAT of his own that routed 1.1.1.1 back into the same private network. It's just that the most common situation where a NAT loopback situation is created, for most ppl, is w/ port forwarding, since the use of DNAT is fundamental to that process.

Fact is, *any* reference to an IP that's NOT on the same IP network as the client and is forwarded to the router, and which the router DNAT's back in the same IP network, creates a NAT loopback situation.
 
Last edited:
But the router has to be built to support NAT, right? Can stock firmware do this?
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top