1

I have my NAS behind my router setup with port forwarding so it can be accessed from anywhere. When I connect to it via LAN IP (192.168.1.*) the transfer speed is around 100MiB/s, however when I use the WAN IP the speeds are around 25MiB/s. Why is the WAN IP connection slower even though both devices are on the same LAN gigabit network? Is there some router configuration step I've missed? The reason I want to use the WAN IP locally is because I don't want to reconfigure the laptop every time it leaves the house, it should work regardless if it is at home or not.

Medran
  • 123
  • 4
  • Just an FYI, a NAS is not supposed to be WAN accessible, unless it's accessed via a VPN or SSH tunnel... your current configuration is almost certainly a security risk, with the correct implementation being to configure a VPN server, such as OpenVPN or WireGuard, on your router _(if OpenVPN, the configs need to be [tuned](https://github.com/JW0914/Wikis/tree/master/Scripts%2BConfigs/OpenVPN) for maximum throughput)_. As to your question, when accessing a LAN downstream device via WAN, you're restricted to the upload rate of your ISP, which appears to be ~25mbit/s. – JW0914 Sep 29 '20 at 15:18
  • @JW0914 I've taken quite a bit of care setting up the server to only operate over https port 443, using the latest versions of LAMP. I understand there is still risks, but I think I'm mostly safe. Does VPN increase security further? – Medran Sep 29 '20 at 16:53
  • Many, if not most, NAS providers, whether hardware or software-based, will usually state their NAS is intended to be run behind a router and not directly exposed to WAN (which is what port forwarding does). A VPN or SSH would increase the security and is the recommended way to access a LAN based NAS. – JW0914 Sep 29 '20 at 16:58

1 Answers1

1

When you are using the WAN IP address, the traffic that is destined for your NAS must first go to the router where the router must inspect the packets and then perform NAT to translate the WAN IP to and LAN IP and then route the packets according to the destination IP on the LAN. When you access the NAS directly by its LAN IP your computer can communicated directly with the NAS.

The extra step of making the router route and NAT the traffic is likely what is causing the reduction in throughput. Especially with consumer routers, performing NAT and routing is going to hider throughput compared to throughput on just LAN traffic.

heavyd
  • 62,847
  • 18
  • 155
  • 177
  • so on a higher end router I could expect the speed to be identical? Its fascinating because the 25MiB speed doesn't map to my internet speed at all, its a very arbitrary number on web traffic my speed is 12-35MiB. – Medran Sep 29 '20 at 16:38
  • 1
    Yes, its very likely that a higher end router could help... or simply keeping the traffic on your LAN instead of making it go through the routing system. And yes, that makes sense that it doesn't correlate to your internet speed, its not actually going out the WAN port of your router onto your ISP network, the traffic stays in your router and is routed directly from the router to your NAS. – heavyd Sep 29 '20 at 16:42
  • This is absolutely the answer, when doing the transfer over the WAN port the CPU of the router is totally maxed out. – Medran Sep 29 '20 at 16:46
  • 1
    It's not routed over WAN. The IP address is assigned to the router itself, so traffic to that address doesn't go anywhere further than that. (It isn't sent to the ISP over the WAN port, and it isn't even "looped back" through the WAN port – only through the router's CPU as heavyd describes.) – u1686_grawity Sep 29 '20 at 18:19