NAT Transversal

Axl · March 18, 2025, 6:29pm

Hello,

Does anybody know how to activate NAT Transversal on OpernWRT 19.07?

Thanks

lleachii · March 18, 2025, 6:30pm

Are you asking about making a Port Forward, or ensuring a specific service works thru the firewall?

If the latter, which service?

OpenWrt 19.07 is end-of-life and end-of-support by the community (in general).

brada4 · March 18, 2025, 6:40pm

Please show ubus call system board

bluewavenet · March 18, 2025, 7:29pm

Either this is a non-supported device with a ancient fork of OpenWrt 19.7, or it is getting on for 5 years past EOL.

Either way, it is probably time to upgrade to OpenWrt 24.10.0, getting a new router in the process if required.
The answer to @brada4 's question will show the way forward.

Having said that, what you mean by "NAT Transversal", is actually called NAT Traversal. This is when inbound packets can, by some mechanism, "traverse" the outbound address translation of a router.

If you have a public ipv4 address, all you need is some kind of port forward setting up. This is not really NAT traversal though.

But without a public ipv4 address, you need something special - aka NAT Traversal.

This is achieved by the router opening a connection to an Internet hosted server, then keeping it open with some "keepalive", allowing that remote server to send packets to the router, passing through - or traversing - the NAT firewall.

The most simple way of doing this is by setting up a system on the router that polls (say using wget) a remote web server. The web server can reply to the poll if it has anything to send inbound.

A bit more sophisticated is an ssh tunnel to do essentially the same thing but in a more efficient way, easily allowing file transfer and terminal sessions etc.

Finally, a fully fledged VPN is the ultimate solution.
The VPN client residing on the router, and the VPN server on an Internet server.

It all depends on what you want to achieve.

Summit48 · March 18, 2025, 7:57pm

NAT Traversal is a feature of Tailscale.

OpenWrt 24.10.0 is required to access Tailscale 1.80.2

brada4 · March 18, 2025, 7:58pm

Any voip phone or game does that

Summit48 · March 18, 2025, 8:00pm

What problem are you trying to solve with NAT Traversal?

Axl · March 18, 2025, 8:34pm

I want to access an internal resource addressing the same public IP outside and inside the LAN.

Summit48 · March 18, 2025, 8:42pm

If I understand correctly, you want to access an internal resource(private IP) from an external public IP without opening ports on the Router?

If that is the case, it can be done with NAT Traversal on Tailscale.

Axl · March 18, 2025, 9:05pm

No. Let's put an example.

I have a web server whose internal LAN IP is 192.169.1.30. I've open the port 80 on the OpenWRT firewall and redirected to 192.168.1.30. The public IP is 11.22.33.44.
Now, if I want to acces to the web server I have to connect to 192.168.1.30 from LAN and 11.22.33.44 from WAN.
What I want is, regardless where I am, addressing the web server via its public IP, 11.22.33.44.

I hope I have been clear.

Axl · March 18, 2025, 9:18pm

You are true. The correct word is "traversal". Tha'ts a misspelling error I often make.

K1m0n · March 18, 2025, 9:36pm

I believe the term you are looking for is nat-loopback, not nat-traversal.

egc · March 18, 2025, 9:41pm

You maybe mean NAT reflection aka hair pinning aka NAT loopback
So that you can connect also from inside your network with the exteral ip address/hostname?

If that is what you are looking for then you can set this on the Advanced tab of the port forwarding rule.
Alternatively you can add the hostname to DNSMasq to resolve the hostname with its internal lan address.
address=/myhost/< internal-ip > list address '/example.com/0.0.0.0'
in Luci DHCP and DNS > General > Addresses (list address '/myhost/< internal-ip >')