Seafile behind NAT with Nginx

I recently installed a VM dedicated for Seafile on my server at home which works flawlessly whenever I access it through my public ISP IP. As I accessed the Seafile through the public IP it used the upload speed of my current ISP internet but not the local network (obviously).

I managed to get Seafile work in two ways:

  1. Make it listen on 0.0.0.0 which is accessible from everyone through local network. -> This way it’s not accessible it through world wide web.
  2. Make it listen on 127.0.0.1 with Nginx proxy and port forward on 80 and 443 -> This way it’s accessible through the world wide web but not locally with local server IP.

Would be it be possible to make Seafile accessible through my local network AND externally? Because I would like to upload through my local network and eventually upload whenever i am not home.

This is a router issue. What you are referring to is called NAT Loopback, or NAT Reflection. Basically, if your router supports it, what it does is realize that the domain/IP you are using is your public IP and therefore, it keeps the traffic internal when a device tries to use the external IP.

Some routers allow you to turn it off or on. Others, it’s either on or it doesn’t support it at all.

So, with that being said, what is the model and brand of your router?

[EDItT]

As an added note, if your router does not support NAT loopback, you could always set up your own DNS server, configure a forwarding rule for the domain, and set the DHCP of your internal network to pass the DNS server’s IP address to all the clients when they connect.

2 Likes

Thanks for your quick reply.

I am using the ASUS RT-AC87U and the way it is setup is as following (I had to due to my ISP not allowing me to replace the modem):
ADSL Modem > ASUS Router > Client

Everything is managed on the ASUS router, DNS, DHCP Server, Firewall, Port Forwarding etc.

I just added some additional info to my last response. The AC87U should support NAT loopback. I have the ASUS RT-N66U, an older router, and it handles NAT loopback well. Hold on and I’ll check my settings and see if you can turn it on or off.

I just checked… It appears you can enable it and disable it in the router settings. However, with your model, ASUS has had some problems with it which they fixed with a firmware update. First, I would update to the latest firmware… Then, I would reset the router to factory defaults, and then reconfigure it, enabling NAT Loopback along the way. I would also disable NAT Acceleration, as it can interfere with Loopback, and really doesn’t give you much benefit anyway.

Also, keep in mind that you will have some overhead, and if you are transmitting via wifi, it’s going to be slower than you expect for the internal network. You are also using a VM, which will also slow you down some. For example, I have a Gigabit backbone, and my Seafile Server is on a standalone Debian server. On top of that, I use https. So, my transfer speeds with my wired clients are around 80 megabytes per second for large files. My wifi speeds are around 45 for large files.

Keep in mind that you may also be limited by slower switches or computers with slower network cards.

1 Like

Additionally, you could install DD-WRT easily. Then there will be not Firmwatre problems. And you could use iptables. I did it one a AC-66U B2, and it works well.

I hope that DD-WRT has gotten better with ASUS routers. I opted for Merlin on my due to the complications with DD-WRT on my model (RT-N66U). But, yes, I agree. Alternative firmware is usually much more stable and reliable than stock firmware for consumer routers.

We used it on RoboCup 2018 for steering or robot, completely trough a family house of stone we had a latency of 1.47ms. Of course, we optimized tresholds and power.

Thanks for the replies.

I am currently rocking the latest version of Merlin on my router. According to the sources on the internet NAT Loopback got removed on version 384.4. I am actually not feeling flashing my router to the stock firmware as i am quite happy with Merlin.

Is there any other way to archive my goal? If not, then it looks like i would need to access Seafile through my WAN IP only…

Unfortunately, Merlin recently stopped updating his firmware for my model. I looked into DD-WRT again, but the same complications exist, so I’m sticking with Merlin until I can afford a new router. I’m salivating over the AC88U…

I’m using Merlin as well. 380.70, which is the last version he released for my model. My option is under the firewall section of Merlin.

I suspect NAT loopback is still there, but for some reason, it’s not working for you. Try disable NAT acceleration and power off then power the router back on.

I just checked the changelog for Merlin. What he removed was the Merlin implementation of NAT Loopback and has reverted back to the ASUS implementation of it. It’s still there. It’s just not Merlin’s any longer.

Sorry for the delay.

I disabled NAT acceleration and CTF. Unfortunately the option NAT loopback is still not visible which is really confusing.

So the NAT Loopback option has been removed entirely? In mine, it’s in the Firewall section of the router.

That’s correct, there is no NAT Loopback option available unless it’s hidden due to a different option being enabled which makes it hide, but i doubt it.

I probably checked the firewall section three times, but its not there. Here is a screenshot: https://alikarakayali.me/upload/shkbbecmzm.png

Some things you could try here:

  • Enable ICMP response from WAN - This can sometimes cause issues with loopback
  • Are you using IPv6? You might try disabling it and see what happens
  • Try hard resetting the router and then reconfiguring it. Asus uses a cache, and that cache may need to be cleared. A hard reset should do that.
  • Are you using a VPN by any chance? If so, try without VPN.
  • Run a traceroute on your public IP/domain from the client machine. If NAT loopback is working properly, you will get only one hop.
  • Enable ICMP response from WAN - This can sometimes cause issues with loopback
    I just enabled ICMP response
  • Are you using IPv6? You might try disabling it and see what happens
    No, IPv6 is disabled, i am not sure why the firewall for IPv6 is enabled. But i disabled that aswell.
  • Try hard resetting the router and then reconfiguring it. Asus uses a cache, and that cache may need to be cleared. A hard reset should do that.
    I actually don’t feel like reconfiguring due to the way i set it up with the ISP modem and some changes i have made which i don’t remember… Is it possible to clear the cache through SSH?
  • Are you using a VPN by any chance? If so, try without VPN.
    No, I am not using any VPN on the router.
  • Run a traceroute on your public IP/domain from the client machine. If NAT loopback is working properly, you will get only one hop.
    I did a traceroute to the public WAN IP and i am getting 3 hops, first hop is the gateway of the local network, the second and third hop is showing the public ISP IP.

Don’t bother messing around with nat loopback and ip level redirections, it’s finicky and not well supported on router OS’. I’d say you reserve a DNS name for the seafile server and then assign that name to the correct IP address for each subnet, that definitely solved it for me.

btw, we wouldn’t need to do all of this if it wasn’t for this (Use SERVICE_URL and FILE_SERVER_ROOT as relative URLs)

Can you please clarify what you made work and how? Everytime I make it listen on 127.0.0.1 i am able to access it through the domain name and/or public ISP IP, but not internal IP.

Whenever i make it listen on 0.0.0.0, its vice versa, i will be able to access it locally but not externally. I also don’t feel like exposing the ports of the Seafile server.

Yes, it is possible, but it’s been a while since I’ve done it. I will say this… When updating Merlin and/or Asus, I’ve often had problems with NAT loopback not working properly until I hard reset the router. Whether that had to do with the cache or not, I don’t know. But, if you haven’t done a hard reset since Merlin removed his implementation, it’s possibly the reason why.

Then loopback is not working. 3 hops would be normal without loopback… It would hit the gateway, then the ISP, the ISP would then route it back. As it stands, your router is not looping back.

I agree with @fakuivan, though. Router implementations of NAT loopback are unpredictable at best. The best thing to do is set up your own DNS… Now, if I’m not mistaken, Merlin’s firmware allows you to change the dns via dnsmasq, but I’ve never fooled with it before. Just so much easier to set up a DNS server in-house. However, you should be able to Google it and get instructions. All you need to do is have a DNS entry in the DNS table that directs internal requests to your domain directly back to the internal server. Problem solved.

As for what I’ve done in the past when Merlin’s or ASUS’s firmware broke loopback, I would put an entry in my hosts table on each internal PC… However, that doesn’t work well with a laptop you use at different locations.