Loopback/reflection of public IP not directly assigned to router

Hi,
I recently got a new ISP and I am now facing an issue with accessing my own (static) public IP from within the network. If I try to ping/access some service on my public IP from outside of LAN (i.e. from phone carrier), it works as it should, but the request times out if I try to do it from within.
From searching on the internet, it seems that this problem is quite common, and the solution always is to enable some loopback/reflection of router WAN IP to LAN.
The problem is that in my network configuration, the OpenWRT router doesn't have the public IP assigned to its WAN interface, because it sits behind an ISP router with 1:1 NAT.
From my understanding, that means that it can't know that traffic to this public IP is in fact destined towards it, and proceeds to route it to the ISP router, which probably throws it away.

In the scenario that I would want, all traffic from LAN to my public IP would be forwarded to the router itself (destination IP changed to 127.0.0.1), which would then redistribute it based on port forwarding rules, UPnP etc.
I tried to set this up using port forwarding in LuCI, but it doesn't seem to work.

Would anyone know how to get this functionality? Thanks in advance.

Not tested.... But:
Option 1) assign your static wan IP on loopback, so the router is able to answer on that address I any case.
Option 2) setup a NAT rule from lan zone to dest address and redirect to a local address. And ensure that you have a SNAT rule to lan zone which chances the src address back to the wan address.

I would prefer option 1.

Site note: some refer to this kind of issue "hairpin nat" if you want to search the web...

Ps: I understand you correctly that reachability from the internet to your additional static wan address works fine? And the NAT rule is present on the ISP device?

Thanks!
The first option worked and was just what I needed. Should anyone have the same problem, these are the commands I ran through SSH:

uci delete network.loopback.ipaddr
uci delete network.loopback.netmask
uci add_list network.loopback.ipaddr=127.0.0.1/8
uci add_list network.loopback.ipaddr=your public IP here/32

It is how you said, the IP is reachable from the internet and the ISP device is configured correctly. Thanks again for your help.

1 Like

Sweet. :sunglasses:

If you want to configure it in /etc/config/network you can use list address addr/prefix length to configure (besides the localhost IP) another address.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.