How to test whether a router supports NAT loopback?

2

I've been unable to find much information on whether my router (Linksys EA4500) supports NAT loopback, so I'd like to perform a test to tell me whether accessing my external ip address from within the network actually goes out to the internet and back or if the router is smart enough to keep the traffic local.

Perhaps severing the connection between the router and modem or modem and wall would work, but I don't don't have physical access to the network at the moment.

Running traceroute external-ip-address from within the network (over an ssh session) only shows one entry in the output (the external ip address). Running it from outside the network shows a bunch of entries, but I'm not entirely sure what all this is telling me.

Is traceroute the correct way to find what I'm looking for or is there a better way to test it?

Pak

Posted 2014-12-28T06:56:30.180

Reputation: 379

Answers

1

You have a misunderstanding of NAT loopback. There is no mechanism for successful external ("out to the Internet and back") routing of this traffic. It MUST be done locally in your NAT gateway. If a LAN-side client can make a connection attempt to the public IP address of your gateway, and it successfully gets a response back from the LAN-side server you had set up a port mapping for, then your gateway is doing NAT loopback.

Spiff

Posted 2014-12-28T06:56:30.180

Reputation: 84 656

This is wrong there are routers that do not support loopback. – Mario – 2015-03-11T15:06:43.127

@Mario I didn't say all routers support it. I said if it's working on your network, then your router must support it. Otherwise, how could it have worked? – Spiff – 2015-03-11T16:17:59.330

Sorry I should have taken the time to explain better. I had a router that didn't support loopback (an older D-Link with terrible firmware). I don't remember the model, but it was a known issue with that particular model and revision at the time. Here's a current example: – Mario – 2015-03-18T02:18:57.110

DGL-4300 Firmware 1.2 release notes: "Added loopback feature - allowing to test virtual server entries from LAN side." (ftp://ftp2.dlink.com/PRODUCTS/DGL-4300/REVA/DGL-4300_RELEASENOTES_1.9_EN.TXT). It is important for anyone else reading this answer to know that loopback is not 100% guaranteed and one should look up their particular router's model, revision and firmware version if experiencing loopback issues. – Mario – 2015-03-18T02:25:52.387

@Mario In your first comment, you said, "This is wrong". You have yet to show that anything I said was wrong. – Spiff – 2015-03-18T02:33:31.690

1"This is wrong" was wrong, I should have just added the comment about some routers/firmware not supporting loopback for anyone else looking to see if their router supports loopback. – Mario – 2015-03-18T02:38:39.573

A simple gateway could be running the following protocol: if the packet is in the NAT range, locally resolve it, else just forward it to the external peer on the ISP side. If so, the packet would go to the ISP peer which will send the packet back to the gateway. traceroute may help determine the exact trajectory. – Abhishek Anand – 2018-11-02T23:02:08.610

@AbishekAnand Consider both the source and destination addresses on the packet on each leg of its journey. The bad NAT you propose would be transmitting a packet whose source and destination is its own address. Such a packet is nonsensical and should never be transmitted. It should be looped back by the NAT. If it did get forwarded to the ISP's router, the ISP's router should discard it and issue an ICMP Redirect, telling the bad NAT to handle its own packets. – Spiff – 2018-11-02T23:32:39.183

Asked: 2014-12-28T06:56:30.180

Viewed: 6 057 times

Active: 2015-03-11T16:18:31.923