MultipleNatFound, as seen in the quoted diagnostic text above, means that either you have got two (or more) routers in your network between the Roon Server machine and the ISP or your ISP uses CG-NAT or both.
In the diagnostic text, I can see ip addresses mentioned in two separate private subnets (192.168.178.25 and 192.168.68.1) which tells me that you actually have two devices offering router functionality in you home network. This means that the Fritzbox is not the only router in your home.
As a consequence you will have the following options to fix the issue you are seeing:
Put the Router/ModemRouter that is connected to the ISP service in bridge mode or modem only mode. This will mean that only one of its ethernet ports will be available and it will not provide router functionality (including NAT). All router functionality will then be delegated to the second router which should be the only device connected to the ISP router.
Put all routers other than the ISP router into access point mode so that they act as an ethernet to WifI bridge device and again they don’t offer router functionality.
Setup port forwarding on both routers. On the ISP router, set up a manual rule to forward TCP connections on the ARC port to the WAN side ip address of the second router. On the second router setup a manual Port Forward rule to forward TCP connections on the ARC port to the ip address of your Roon Server. You must use manual port forwarding. uPnP will not work in the multiple router scenario. In this case, you should use an ip address reservation in the DHCP settings of each router to ensure that the WAN side ip address of your second router and the Roon Server are always issued with the same ip addresses - otherwise, you will have to change the port forwarding rules every time an ip address changes.
Use Tailscale to avoid the need to set up port forwarding at all.
In addition to the above, if your ISP is providing a service to you with CG-NAT then you will not be able to get port forwarding to work and you will have two options:
Talk To your ISP and see if you can get a public ip address that supports port forwarding (ie non-CG-NAT). If they can’t or won’t do this. or they will but at too high a cost to yourself, your only option will be to use the next solution.
Use Tailscale to avoid the need to set up port forwarding at all.
You can tell if you ISP is using CG-NAT or not by going to a web site like https://whatismyipaddress.com/ that reports the ip address that was used to access it. If you compare this ip address with the WAN side ip address of the Router managing the ISP connection and find a difference, then it is likely that CG-NAT is being used. If both ip addresses are the same CG-NAT is not being used and it would then be likely that you have two routers in your local network - often either an ISP ‘modem’ or a Mesh Web system.
As you can see, using Tailscale is an option (in fact the only option) that will work irrespective of whether or not your ISP is using CG-NAT. As a consequence you may find it easiest just to adopt the Tailscale solution from the start.
Please let us know if we can provide further assistance. A quick glance at ARC diagnostics associated with your account hasn’t yet confirmed that port forwarding is working for you, so we’re reluctant to close this thread just yet.
