What's new

Shouldn't DMZ get around double NAT issues?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

RamGuy

Senior Member
I'm faced with a slight troublesome network configuration whereas I have to go through a double NAT solution.

The deal is that I'm living with a shared Internet connection, but need to run my own separate subnet with my own IP-configurations and solutions. So basically I will have my pfSense server running from behind another router hosted by the house owner as we don't want to be on the same local network.


This of course bring the trouble regarding double NATing and all the port forwarding nonsense that provides. UPNP and automatic port mapping wont work when double NATing and I thought the whole idea behind DMZ on a router was to get around issues like this.


But after putting my pfSense server's WAN IP in our house owners router DMZ I'm still not seeing UPNP and automatic port forwarding, nor manually port forwarding working from my network like before we had double NAT?

If DMZ is out of the question, how would one resolve the issues regarding double NATing and getting ports successfully following through the network? And what is exactly the point with a DMZ function in a router if not for issues like this?
 
The separate network is understandable, but is the different subnet a must-have requirement? If not, consider setting up your pfsense box as a transparent firewall. Only permit local gateway and Internet traffic in and out, and run DHCP on your side with a non-overlapping scope.
 
Try one-to-one (1:1) NAT. Since you can have as many IPs on the WAN side of your pfsense box as you want, you should be able to use 1:1 NAT to place each device separately onto the home network.

Many-to-one NAT (i.e. the way 99% of all NATs operate) is only needed when you only have one IP address to talk to the rest of the world. Since you're inside a LAN you can take as many as you want (probably limited by pfsense software, but more than enough).

You'll need one IP address on the home LAN (your WAN port) for each of your devices on your LAN port.
 
Similar threads
Thread starter Title Forum Replies Date
C Please help explaining pros-cons of Bridge mode vs DMZ of second router Routers 11

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top