Public Sector & Education • Business & Enterprise • Home Security
Suppose you’ve set up an IP camera that you want to access from anywhere across the internet and have an external IP address or dynamic DNS address to use to access that camera. You’ve tested your setup when away from home and everything works well and as expected. You get home and use those very same details to access your camera and you get nothing, or worse, an error message.
You may be experiencing what’s called NAT loopback. This quirk of router configuration often causes problems for new users and can be very frustrating. This post tries to explain why it happens and what you can do to get around it.
Why does it happen?
To understand NAT loopback, you need to understand how your router works. A simple network is depicted below.
Your camera and computer are most likely connected to a router (either wired up directly, or via a wireless connection), which is then itself connected to the internet through your Internet Service Provider (ISP). Your router has two IP addresses: an internal one which is accessible only from your home network (for example 192.168.0.1) and one which is accessible from the internet. When accessing remotely you type in the external IP address of the router to access your camera since the internal one will never work externally.
Your local network only understands 192.168.x.x addresses. For example, if you typed 192.168.0.2 into the browser, your network would understand that you’re trying to access your camera and send the information there. Whenever a different address is requested (such as an external IP address like 220.127.116.11 or a web address like mycam.mydomain.com) your router realises that this is not meant for your internal network and sends it out on to the internet.
However, if that external address (such as mycam.mydomain.com) actually points back to your home router this will be recognized and the information sent out is then passed back to your router. Now, either the router then routes this information back to the correct internal location (such as your IP camera) or it drops the incoming packets of data.
One of the biggest problems with NAT loopback is that it’s often not obvious that everything is set up correctly. Some routers will display their own configuration page when such a request is made. Some will just not display anything while others are smart enough to recognize what you’re trying to do and will forward you to the right place.
This loop is called NAT loopback and some routers allow it while others don’t. If your router supports NAT loopback you won’t see this as a problem since your camera will be accessible from all locations with the same address, but since you’re reading this looking for a fix to why your IP camera is not accessible, your router probably does not support it.
How can I get around this?
There’s no one fix to this. It’s all up to your router. If your router supports NAT loopback then great! Whenever you type in the address you’ll get through to your camera. If your router doesn’t support it, there’s not much you can do.
If your router does not allow NAT loopback your only option is to use your external address (mycam.mydomain.com) to access your IP camera when not at home, then use the local address (192.168.x.x) when you’re at home. Set up a couple of bookmarks and this isn’t really an issue, though it is frustrating.
The only other thing to do is to get a router which allows NAT loopback, though more often than not router specifications don’t say whether it’s supported or not, so if NAT loopback support is what you’re after you’ll need to ask the manufacturer.
There is one other potential fix and that is to amend your local hosts file to point the external address to your internal camera. However, this is complicated so we’ll handle it in another post later.