After a frustrating morning testing several different updated firmwares, I’ve determined that NAT (Network Address Translation) loopback is broken on firmwares 220.127.116.11 and 18.104.22.168 for the Draytek Vigor 2820VN. Other routers in the family are likely to be similarly affected.
NAT loopback you say? What’s that? Consider the following diagram showing a web server and work station both behind the same NAT router. The external interface of the router is configured to forward traffic to the web server to allow access from the Internet.
NAT loopback is functionality in the router that allows the internal work station to access the web server in the same way as external users. That is, via the external IP address. In order for this to work the router must allow the work station traffic to exit via the external IP address and “loop back” through the router into the web server. Not all NAT routers support this, and now unfortunately, not all firmware versions of the Draytek Vigor 2820 support it either.
My router had been running well on firmware version 3.3.3 for over a year, but the wireless is sometimes flakey, required a restart before devices can connect. The latest firmware introduces a number of fixes along with the ability for the router to reboot itself on a schedule. So I updated to the latest firmware available: 22.214.171.124. The upgrade went fine until I tried to access one of my internal web servers via its external address – this timed out. I confirmed that an external client could still see the server, so this was clearly a NAT loopback issue.
Next I downgraded the router to the next most recent firmware, version 126.96.36.199. This exhibits the same behaviour. Finally I downgraded all the way back to firmware 3.3.3. Thankfully I had a backup of the full router configuration so I didn’t have to reconfigure everything.
Oh, and NAT loopback is also important if you want multiple Xbox 360s to play well behind the router. Forza 3 in particular is very fussy about the network configuration if you want multiple devices on the same LAN in a game with external players – it’s the reason I bought the Draytek in the first place!
And finally, this is yet another example of the adage (which I would do well to try and remember this time) of if it is not broken do not “fix” it!