Unifi DIR-615 NAT Loopback

Posted on January 10, 2011 by Kean Meng

We have just made the jump into Unifi, the promising high-speed broadband service by TM. The stock router is the Dlink DIR-615. One of the problems that we have faced with the stock router is a NAT loopback problem.

Many routers and DSL modems prevent loopback connections as a security feature. This means that an internally NATed IP address ( such as 192.168.3.30 ) will not be able to connect to your forward/public facing IP address ( such as 202.183.113.83 ) from behind your router. In such a case, an external IP addresses can connect to your server that is hosted internally, but you can not.  From an internal IP, you will likely see the admin page of the router.

There are several options to get around the NAT loopback issue:

  • Change the router to one that has NAT loopback capabilities. In this case, the stock DIR-615 router will be set in bridged mode with another router to perform the PPPOE dialling and NAT functions. The routers that have NAT loopback function include Cisco Linksys WRT54G2 and Cisco Linksys E2000.
  • Run an internal DNS (domain name service) service that resolves locally hosted domain names to internal IP addresses. The added challenges of this method are the need to change the DNS of all internal client PCs and to configure WordPress and other web servers for multi-site features.
  • Flash the stock router with DD-WRT, a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. Valuable information on how to flash the stock Unifi router can be found at the unofficial Unifi handbook.

We decided to try out the third option – flashing the stock DIR-615 router with DD-WRT. Upon a successful firmware flashing and connection to Unifi, we encountered the same problem again – internal client PCs are presented with the login page of the router flashed with DD-WRT.

blog.iRepublics.com accessed externally

 blog.iRepublics.com accessed internally

The beauty of DD-WRT is that it’s open-source and customizable. To get around the NAT loopback issue, just run the following command from shell (with the 192.168.3.0 replaced with your local IP addressing of x.x.x.0 ):

iptables -t nat -I POSTROUTING -s 192.168.3.0/24 -j SNAT --to-source `nvram get wan_ipaddr`

However, the iptables command will be gone upon reboot. To ensure that the command is run upon each reboot,  enter the same command line into Admininistration>Commands section of DD-WRT. Click on ‘Run Commands’ and ‘Save Startup’.

We are happy campers for now :)

This entry was posted in Cool Stuff, Linux, Tips n Tricks. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>