This is a configuration guide for Roon Arc users encountering “multiple NAT” errors. It’s specifically for users with an ATT BGW320 fiber modem / gateway / router, in bridge mode, and a separate router. In this case the separate router is an Asus AX-88U. For what it’s worth, my Roon Core resides on a virtual machine, but that shouldn’t change this approach. It took a lot of messing around, so I wanted to show my settings.
Preliminary steps (things you’ll need to configure and verify):
Obtain your Public IP (just for diagnostics). Whatismyip.com See My Public IPv4 is: XXX.XX.XXX.31
Find your router’s LAN MAC Address. For Asus router, log into the interface, navigate to “Network Map,” on the right hand side see “System Status” and click “Status.” Under Status look for the LAN MAC Address. We’ll make this up. D0:4D:24:4B:B6:F0.
Roon Core IP Address. Open Roon. Navigate to settings. Click on Roon Arc. Note your Roon Core’s IP Address. We’ll make one up. 22.214.171.124. Also note the Host Port. Here, 55000.
Access your ATT&T modem interface for advanced configuration.
Look at the back of your modem. Above the reset button it will show an IP Address. Navigate to the IP address in a browser on a computer connected to the same network.
At this point also write down the Device Access Code found on the back of your ATT modem.
Browse to the interface using the IP Address for your modem.
In the interface settings
- Click Firewall, you’ll need to enter the Device Access code.
- Under Firewall, click NAT/Gaming.
- Click Custom Services.
- Name the service what you want. I’d choose “Roon.”
- For global port enter 55000-55002. (I put in a range just in case, but 55000 alone should work).
- Base Host port must be 55000 (the same port you see in Roon, under Roon Arc settings).
- Hit “Add.”
Under IP Passthrough
- make sure the allocation mode is “Passthrough.”
- Passthrough Mode should be DHCPS-fixed.
- You can ignore the Device List and instead manually enter your Router’s (in this case the Asus AX-88u) MAC Address. In this example: D0:4D:24:4B:B6:F0.
- For passthrough DHCP Lease, I put 30 Day, 1 Hours, 10 Minutes. I, honestly, have no idea what happens if you stick with the default 10 minutes. I assumed that it may only work for 10 minutes. I also don’t know how to make it infinite. But now that I know where the setting is located, I figure it can be renewed as necessary.
- Hit “save.”
At this point you should be finished with the modem settings. The purpose is to forward your IP Address to the external router, and to also open the firewall for Roon Arc. Click on “Home Network.” Verify that IP Passthrough Status is “On.” And that the IP Passthrough Address is the same as your Public IP. (If not, don’t worry until we restart all the devices).
Access your Router’s interface.
For Asus it’s http://router.asus.com. Log in. (These steps should be similar in non-Asus router interfaces, though things may be in different places).
Navigate to LAN.
While potentially not necessary, start by manually assigning your Roon Core’s IP Address. Under LAN, click on DHCP Server. DHCP Server should be enabled. At the bottom of the page, you should see “Manually assigned IP around the DHCP list.” Toggle the arrow drop down under Client Name (MAC Address), find your Roon Core, and select it. Enter the Roon Core IP Address. In my example, that’s 126.96.36.199. DNS Server should be “default.” Hit “Apply.”
Navigate to WAN.
Under the Internet Connection tab.
- WAN Connection should be Automatic IP.
- WAN must be enabled.
- NAT must be enabled
- The NAT type must be Symmetric
- UPnP must be enabled.
- Ignore WAN Aggregation.
Under the Port Trigger tab
I have it enabled, but nothing is entered. I don’t think enabling is necessary, but I want to make note of my settings.
Under Virtual Server/Port Forwarding tab
Enable Port forwarding
Add a profile
* Manually enter. You don’t need a service name, but you could call it Roon.
Protocol is TCP
External Port, using my examples, is 55000
Internal Port is 55000
Internal IP Address is your Roon Core’s IP Address, in my example it’s 188.8.131.52
Click the NAT Passthrough Tab and verify the following settings.
* All enabled except for PPPoE Relay.
Don’t mess with the FTP ALG port.
I also made sure IPv6 was disabled.
My firewall in the router settings was enabled.
At this point, your settings should all be good, but your Roon Arc still isn’t going to work. This is because the devices need to be cycled in order to properly assign the IP forwarding we enabled in the ATT modem.
Unplug both the modem and the router for a couple of minutes.
Plug in the router.
Wait 5 minutes.
Plug in the modem.
Once their booted, retest the ARC Roon connection. It should work.