Issue with NAT Loopback on Flint 2 (GL-MT6000) – Unable to Access Internal Server via Public IP from LAN

12zz · September 9, 2025, 12:23am

Dear GL.iNet Support Team,

I am currently using the Flint 2 (GL-MT6000) router and have encountered an issue related to NAT loopback functionality.

Issue Description:

When attempting to access an internal server using the public IP address from within the same LAN (i.e., when connected to the Flint 2’s Wi-Fi), the connection fails.

However, when I access the same server using mobile data (external network), the connection works as expected. This suggests that the port forwarding configuration and public IP routing are working correctly from outside the LAN.

Verified Configuration:

Luci > Firewall > Port Forwards > [Edit Rule] > Advanced Settings
→ "Enable NAT Loopback" is checked
GL.iNet Admin Panel > NAT Settings
→ "Full Cone NAT" is enabled
Port forwarding is set up correctly and confirmed working from external connections.

Additional Observation:

Interestingly, I tested creating a new wireless network (SSID) via
Luci > Network > Wireless, and after connecting my iPhone to this new network, I was able to access the internal server via public IP without issues.

This suggests that NAT loopback is not functioning correctly on the default Wi-Fi SSID, but it does work on a newly created wireless interface.

System Information:

GL.iNet Firmware Version: v4.8.2-op24
OpenWrt Version: OpenWrt 24.10.2 r28739-d9340319c6

Questions:

Is this behavior expected in the current firmware?
Are there any known limitations or settings specific to NAT loopback on the default SSID?
Could this be a firmware bug or misconfiguration?

I would appreciate any guidance or clarification you can provide.
Thank you very much in advance for your support.

Best regards,

bruce · September 9, 2025, 7:55am

Hi,

I tested on my MT6000 with v4.8.2-op24 and did not reproduce the issue.

My topology is as follows, and the Internet is not a real public network, which is simulated by a router:

The MT6000 is configured as follows

Set up port forwarding:

Bruce_2025-09-09_15-35-541290×922 56.4 KB
Full Cone NAT enabled. If not enabled, LAN/WiFi and WAN access is also normal.

Bruce_2025-09-09_15-36-501303×389 20.1 KB

The PC_ B from the Internet (WAN side of MT6000), it is without issue to access through [WAN IP:port]:

The PC_ A connected to MT6000 WiFi, access through [WAN IP:port], without issue (one example here)

Please reset firmware and try to re-configure.
Every time you did a configuration, and check [WAN IP:port] to see which configuration occurs exception.

12zz · September 9, 2025, 11:55am

Thanks for your advice. After resetting the firmware and testing again as you suggested, everything worked well. It's a bit of a hassle to start the configuration from scratch, but I'm glad the issue is resolved. Appreciate your help!

9b9e69c2-4b75-4420 · September 9, 2025, 4:57pm

It sounds like a good time to make a backup:

12zz · September 10, 2025, 2:21am

I ran into the same NAT loopback issue again while reconfiguring everything, but this time I was able to pinpoint the exact cause.
It turns out that the problem was caused by installing Docker via the OpenWRT plugin/software manager.
After removing Docker, NAT loopback started working correctly again.

So if anyone else is having similar issues, especially after installing additional plugins, I recommend checking if Docker (or other network-affecting services) is interfering with NAT behavior.

bruce · September 10, 2025, 9:00am

I guess it may be that docker managed the iptables/nft table, causing the prerouting masquerade to fail.

system · October 10, 2025, 9:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.