in Infrastructure, Internet, Networking

NAT Loopback broken on Draytek Vigor 2820 firmware > 3.3.3

After a frustrating morning testing several different updated firmwares, I’ve determined that NAT (Network Address Translation) loopback is broken on firmwares 3.3.4.1 and 3.3.5.1 for the Draytek Vigor 2820VN. Other routers in the family are likely to be similarly affected.

NAT loopback you say? What’s that? Consider the following diagram showing a web server and work station both behind the same NAT router. The external interface of the router is configured to forward traffic to the web server to allow access from the Internet.

NAT loopback is functionality in the router that allows the internal work station to access the web server in the same way as external users. That is, via the external IP address. In order for this to work the router must allow the work station traffic to exit via the external IP address and “loop back” through the router into the web server. Not all NAT routers support this, and now unfortunately, not all firmware versions of the Draytek Vigor 2820 support it either.

My router had been running well on firmware version 3.3.3 for over a year, but the wireless is sometimes flakey, required a restart before devices can connect. The latest firmware introduces a number of fixes along with the ability for the router to reboot itself on a schedule. So I updated to the latest firmware available: 3.3.5.1. The upgrade went fine until I tried to access one of my internal web servers via its external address – this timed out. I confirmed that an external client could still see the server, so this was clearly a NAT loopback issue.

Next I downgraded the router to the next most recent firmware, version 3.3.4.1. This exhibits the same behaviour. Finally I downgraded all the way back to firmware 3.3.3. Thankfully I had a backup of the full router configuration so I didn’t have to reconfigure everything.

Oh, and NAT loopback is also important if you want multiple Xbox 360s to play well behind the router. Forza 3 in particular is very fussy about the network configuration if you want multiple devices on the same LAN in a game with external players – it’s the reason I bought the Draytek in the first place!

And finally, this is yet another example of the adage (which I would do well to try and remember this time) of if it is not broken do not “fix” it!

23 Comments

  1. :) True! However I’ve created a cron job to SSH into the router and perform the reboot. The wireless would only fail after several weeks of activity – now it gets rebooted often enough that it never has trouble

  2. I have experienced the exact same issue on my Vigor 2820n model, already contacted draytek.nl about this issue, their response has not been really helpful. They suggested using the *.rst firmware file and reconfigure the modem which made no difference at all. I returned to the 3.3.3 firmware as well.

    @Howard: Do you experience the NAT loopback issue primarily when using WIFI of cabled as well?

  3. @RvdH I only tested on the wired network but have no reason to believe the Wi-Fi would have behaved any differently.

  4. Same problems here with a Vigor 2710n using Firmware 3.3.5.1. But not always… weird thing. Sometimes the loopback works, and a connection can be established. And weird, too: sometimes external connections time out, although there is just NAT needed, without any internal loopback.

    I’m afraid there are general NAT problems in this firmware, not only loopback issues.

    BTW: I’m using both Wi-Fi and cabled network. No difference!

  5. I have several 2820s and they all lose NAT loopback if I run any firmware above 3.3.3 on them. It’s not intermittent and it’s not associated with previous firmware backups as I’ve tested them after a factory reset. NAT Loopback is broken. Confirmed.
    Of course, I’ve never got a satisfactory answer out of Draytek either. I’ve tested up to firmware 3.3.5.1 – always happy to test future firmware – you never know: One day I may find one that works!

  6. Damn, a bit to optimistic i guess… when wired it seems to work fine, but them using WIFI the connection times out again :(

  7. Reading your report here I was astounded……since my own 2820n exhibits the same problems with NAT loopback. I started with 3.3.3 which was “perfect” but decided to upgrade to get the latest features elsewhere in the firmware, and I noticed also that 3.3.4.1 & 3.3.5.1 are both broken.
    I’ll go look for 3.3.5.2 and try it.

    Ian.

  8. I tried 3.3.5.2_RC2, made no difference for me. Had to downgrade to 3.3.3 to fix this problem also. Can someone keep me posted on what Draytek is doing to resolve this problem? I need the wifi fixes and I need to know more about what causes this problem and how to resolve it.

  9. I am having a hell of a time trying to make my pair of xboxes work seamlessly with my Vigor 2820n running on 3.3.4_RC10 (UK firmware). I thought it was my settings as I know they can be a bit fussy about router configuration. Glad to have found your blog entry here.

    I’ll try downgrading the firmware tonight, hope for an improvement. I was also seeing wireless issues which prompted me to upgrade in the first place so I expect that to recur.

    Just out of interest how do you have your NAT stuff configured for the xboxes? Recommendations vary depending on where you read. I currently have mine IP-bound to MAC, uPnP enabled. Recently I tried enabling port triggering (port forwarding is really only going to support a single box) on the XBL ports but it’s always very flaky.

    Thanks,

    Dan.

  10. I’ve just had 3.3.5.2_RC3a from UK support – I’ve only been running with it for a day but it seems to fix the NAT loopack problems.

  11. Would you let us know where we can find this RC3 and I’ll test it myself. Very keen to resolve the loopback.

  12. From a Draytek support email today:

    ‘…the fixes in 3.3.5.2 RC3a will be present in 3.3.5.2 once it’s released, which should be quite soon.’

  13. @Paul
    I received 2 versions of the 3.3.5.2RC3, both AnnexA (Analog) from Draytek support.
    modem codes: 211011, 232201

    Did you already test the RC3 firmware or do you still like to test it?

  14. @RvdH,

    I would love to test this new firmware (modem code 232201) if you could email it I can be reached at danielmwray at gmail. Thanks in advance.

  15. @RvdH
    Yes, would very much like to test the RC3 – I have not tested any yet.

  16. Very much appreciated RvdH, I’ll give this a try this evening.

  17. Hi RvdH – Have just upgraded using this firmware. It has worked fine in that the NAT loopback issue is resolved, however my admin password seems to have changed. Have tried all the defaults I can find but no joy. All other settings seem to have been retained, ie I can VPN on etc… Any thoughts?

  18. Just tried the v2820 232201 RC3a, the loopback only works on the first IP address of the internet range, I have 8 internet IP addresses, and use the first 3, for various services, only the routers base addess would work :-( so still buggy.

  19. Seg have put a beta firmware download on their website for the nat loopback problem. I have installed and tested it, and it seems to work on all wan aliases! :-)

Comments are closed.