Vigor2820n 3.3.4 firmware upgrade stops you accessing the “external ip” from inside

I recently upgraded the firmware on my Draytek Vigor 2820n ADSL router to version 3.3.4 from 3.3.3. One thing that surprised me was that the change stopped me being able to access my public IP from behind the router. That is I have an internal LAN with RFC1918 addresses such as 192.168/16 and could access my public ip address which gets routed back by the router to an internal host. The 3.3.4 firmware upgrade stops that working. That makes it a bit of a pain to test connectivity to sites like my web site from inside compared to from outside and it took me a while to figure out what had happened. In the end I’ve had to implement split DNS so that internal references to the “external sites” I provide resolve to internal ip addresses internally but the public see my external ip address. A lot of work for a home network but otherwise things just don’t work properly.

So if you have a Vigor 2820n then be aware of the change in behaviour from the previous version of the firmware.

Tags: , , ,

5 Responses to “Vigor2820n 3.3.4 firmware upgrade stops you accessing the “external ip” from inside”

  1. It is in my experience that many routers prevent access to the global ip (termed ‘backlooping’) from behind the router. I once had the explanation that it could be a possible ‘security risk’. But don’t ask me why!

    • Simon J Mudd says:

      Hi Peter,

      Indeed I’ve seen this behaviour before, but it’s certainly been convenient for me to have the router behave the way it did. I’ve had to adjust a few things here to allow me to access my blog from “inside”, but indeed it now works.

      Checking the 3.3.4 upgrade notes do not give any indications of this change, at least not to me.

      Nothing to worry about but a gotcha if you’re not expecting it. Hence this blog post.

  2. Tom Chiverton says:

    There’s a work around, if you have a pool of public IPs (my excellent UK ISP, Zen, gives me 8 for basically no money).
    If the actual IP assigned to the router is a.b.c.d, then in DNS set another address from your pool (a.b.c.e) as the IP for the host.
    Then set a.b.c.e as an ‘WAN IP Alias’ in WAN, internet access, WAN1.

    Now wait for DNS to timeout and you should be good.

    You can see why this works by looking at the static routes page on the 2820s admin.

    Gimme a shout if you find something better…

  3. Jack says:

    Hi there,
    I’m having the same problems, could you explain in a little mote detail on how you changed the settings in the draytek?
    Thanks in advance!

  4. […] Simon J Mudd's Blog Random thoughts on different topics « Vigor2820n 3.3.4 firmware upgrade stops you accessing the “external ip” from inside […]

Leave a Reply