Issue: UDP NAT reflection / hairpin NAT not working on Flint (MT6000)
I am hosting an ARK dedicated server on my LAN. The same server works correctly on my previous Arris router but fails when using a GL.iNet Flint (MT6000).
On the Flint:
LAN connections work
Ports are forwarded correctly
The server may appear in Steam
External joins and NAT loopback fail
ARK reports “LAN only” or times out during join/query
This is not CGNAT (WAN receives a public IPv4) and not a Windows or Steam issue.
Firewall backend verified via SSH:
fw3
ip addr
The router is using fw3 (iptables), not nftables.
However, firewall output shows warnings indicating improper binding of redirects and WAN devices, for example:
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: redirect (GL-ark) has no target specified, defaulting to DNAT
This suggests the firmware is creating DNAT-only rules without proper SNAT/masquerade reflection, preventing full UDP hairpin NAT. As a result, UDP reply traffic returns via the wrong path and Steam/ARK handshakes fail.
The same server and port configuration works immediately on my Arris router, confirming the issue is router-side NAT reflection behavior on the Flint.
Summarized this with Chatgpt, I am still new to this and am tech savy so most of this makes sense but don’t want to move to another router…. hope someone can help ty
Could you share the device via GoodCloud according to the tutorial below so that we can check it remotely? Technical Support via GoodCloud - GL.iNet Router Docs 4
Please note to send the device’s MAC address and the Admin Panel password via private message so that we can access the device.
Update, Will managed to help me out and seems like I had a prior forward issue and incorrect ip address for server, fully works, thank you everyone at support!!
During a remote check, we noticed that your ARK dedicated server has both wired and wireless network adapters, and you’ve set up separate port forwarding rules for each connection type.
However, since a port of the WAN can only be mapped to a single LAN host, the router will only apply the forwarding rule with the higher priority—in this case, the one shown above.
Connect your ARK dedicated server to the router using only one method (wired is recommended to avoid wireless interference) and remove any redundant port forwarding rules.
Additionally, reserve an IP address for the ARK dedicated server to prevent the port forwarding rules from failing if its LAN IP changes in the future. A step-by-step guide is available here: Address Reservation Tutorial
Afterwards, you can access your game server using your public IP address, as shown in Admin Panel → Internet → WAN.
