<![CDATA[UPnP double NAT working but not multiwan failover]]>Inspired by my success in having all games getting Open NAT, using 22.05, I decided to go on to test towards WAN2 (failover) which is on a consumer LTE router.

This router does not support bridging so I am stuck with double NAT, or rather a DMZ setup. BUT, the only way was to go back to port forward of 3074 like before.

After a bit of googling I found something about minupnp not working with Private IP on the external interface...
Unexpectedly, my TP-Link archer actually allows me to set any IP on the internal interface, not just private IP ranges.

So, I simply picked a random IP address that I knew belonged to the ISP I'm using, and... now it works!!
So this might be a tip for anyone sitting with an ISP router or on a FWA connection that doesn't support bridging. At least test it to see if the router allows it... I just realized that I never did any testing where I had turned off blocking of private and loopback addresses...

The thing that still doesn't work however, is my scenario with failover...

For regular port forwards I can set up two NAT rules for each port that I have forwarded, one for WAN and another for WAN2. In other settings I can simply use my Gateway Group which I created, like for DynamicDNS.

The UPnP settings however does not give me the option of using a Gateway Group, and I obviously can't have two different settings for WAN and WAN2. Which means that in case of a failover scenario, UPnP will not work... 😢

]]>https://forum.netgate.com/topic/177262/upnp-double-nat-working-but-not-multiwan-failoverRSS for NodeThu, 05 Mar 2026 14:59:56 GMTSat, 21 Jan 2023 15:07:36 GMT60<![CDATA[Reply to UPnP double NAT working but not multiwan failover on Mon, 23 Jan 2023 19:14:41 GMT]]>Although UPnP works when using something other than a private IP on WAN2, it does break the Dynamic DNS update.
Normally pfSense will use http://checkip.dyndns.org to get the IP address IF it detects a Private IP on the monitored port. If not, it will assume it is the correct IP which means the DDNS will be incorrect.

As there doesn't seem to be a way to force it to use that checkup service so I guess it's back to using port forwards for MW3 on the WAN2 port ...

]]>https://forum.netgate.com/post/1081957https://forum.netgate.com/post/1081957Mon, 23 Jan 2023 19:14:41 GMT