I have a Flint2 running the most recent firmware. I currently have a Qnap on my network and all traffic coming from the WAN to the qnap is showing as being accessed from the router’s local address instead of the external IP address the traffic is coming from. Is there anyway to disable this so the router passes the external address through to the qnap so I can ban the bots trying to access the qnap? Right now the geo-block firewall does not work because it looks like all the traffic is coming from my network
Hi
Please navigate to Luci - Network - Firewall - Port Forwards and edit the corresponding port forwarding rule to disable the "Enable NAT Loopback" feature.
I disabled NAT loopback for all of my port forwards and my qnap is still showing all addressing as coming from the gateway. I attempted to log in from different devices and on different networks. All of it was showing the same gateway address as the access location. I did not have this issue when I was using my dd-wrt router before on this NAS. Are there any other settings I can look at?
Could you share your detailed network topology as well as the QNAP-related configuration you’ve set on the Flint 2?
Please also SSH into the router and run the following command to check whether any SNAT or MASQUERADE rules are present:
iptables-save | grep -e 'SNAT' -e 'MASQUERADE'
If possible, we recommend sharing the device with us via GoodCloud so we can directly review the configuration.
Note: Please send the device MAC address and login password via private message for remote access.
Technical Support via GoodCloud - GL.iNet Router Docs 4
Here is a simple drawing of the local network. When I disabled NAT on my network, it broke outside connection to the server. I have a reverse proxy set up on the server to go from the http to https when connections hit the http outside my network. This did not effect my previous router. I dont have access to the SSH into it now and the option to message your chat is not available because it says you are private.
In summary, without NAT on, the connection to the server breaks, including from the qlink software connection provided by qnap. With NAT on, I am still unable to get outside addresses delivered to my router with their source IPs but I am able to access the router.
The external traffic is all going through the 192.168.1.0 network
We have sent a private message so you can share your router’s MAC address and login password with us there.
This will allow our team to proceed with the remote checks via GoodCloud.
Any updates? I responded to the DM
We cannot find your device in the GoodCloud shared list.
Could you try sharing it again and check if the MAC address is correct?
I just added my router to the goodcloud. Sorry, I did not realize that was part of the process
It's fine.
Please follow this tutorial to connect your device to GoodCloud and share it with us. Once you have done so, please let us know, we will then remote check.
Technical Support via GoodCloud – GL.iNet Router Docs 4: Technical Support via GoodCloud - GL.iNet Router Docs 4
done.
We have observed the following:
-
The port forwarding rules did not appear to be configured as suggected. Therefore, we have disabled the 'Enable NAT Loopback' feature.
-
Masquerading in the LAN firewall zone was mistakenly enabled, so we disabled it as well.
It should now work as expected. Please double check.
Thank you! I just checked the logs for the NAS and it showed an external log in and it didnt seem to break anything. I will let you know if I run into any issues