Do multiple firewalls hinders my network performance?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

digital10

Regular Contributor
So my setup is that I have an ISP router, connected via ethernet to Netgear WIFI router. My ISP router, my netgear router, and I believe my computer all have a firewall setup. Does this hinder LAN/WAN performance due to the multiple firewalls or does it have no effect? Is it advisable to disable the firewall on any of them?
 

ColinTaylor

Part of the Furniture
No, they won't have any detectable impact on performance and should be left enabled unless you have a very specific reason not to.
 

degrub

Very Senior Member
minimal if any practical effect.
If you have enabled "deep packet inspection" or other services, you may see some CPU hit, but otherwise no.
 

CaptainSTX

Part of the Furniture
Double NAT = BAD!!!
Double NAT is just fine. It will not have any measurable impact on latency, download or uploads speeds. It can make setting up a server more difficult but other than that there isn't any reason to avoid a double NAT. I will be happy to send you the test data I accumulated which demonstrated to the 95% confidence level no impact.

The prejudice against double NATs is a myth in the same realm as people believe hiding your SSID makes your WiFi more secure.

That being said if you don't need to double NAT then keep it simple and don't.
 

digital10

Regular Contributor
Double NAT is just fine. It will not have any measurable impact on latency, download or uploads speeds. It can make setting up a server more difficult but other than that there isn't any reason to avoid a double NAT. I will be happy to send you the test data I accumulated which demonstrated to the 95% confidence level no impact.

The prejudice against double NATs is a myth in the same realm as people believe hiding your SSID makes your WiFi more secure.

That being said if you don't need to double NAT then keep it simple and don't.
where are my NAT settings? phone? router? isp router?
 

ColinTaylor

Part of the Furniture
where are my NAT settings? phone? router? isp router?
"Double NAT" isn't a setting, it's a term used to describe having one router behind another (where each router performs NAT).
 

CaptainSTX

Part of the Furniture
where are my NAT settings? phone? router? isp router?
The switch to turn off or turn on NAT are normally found with the WAN settings on a router. The default is normally ON. One of the the most basic and important functions of a router is NAT.

To have a double NAT setup requires at least two routers. The first router which is connected to the Internet through a modem or in the case of a fiber optic connection is assigned a public IP by the ISP. This IP is assigned to the router's WAN port. The second router is connected to the first router and in a double NAT setup. Its WAN IP is a private IP assigned from the LAN pool of the first router.
 

digital10

Regular Contributor
The switch to turn off or turn on NAT are normally found with the WAN settings on a router. The default is normally ON. One of the the most basic and important functions of a router is NAT.

To have a double NAT setup requires at least two routers. The first router which is connected to the Internet through a modem or in the case of a fiber optic connection is assigned a public IP by the ISP. This IP is assigned to the router's WAN port. The second router is connected to the first router and in a double NAT setup. Its WAN IP is a private IP assigned from the LAN pool of the first router.
i have a setup like this, i got isp router and from that its connected via ethernet to orbi in the wan/internet port. What do i have to do?
 

CaptainSTX

Part of the Furniture
i have a setup like this, i got isp router and from that its connected via ethernet to orbi in the wan/internet port. What do i have to do?

Here is how you setup a double NAT. It will work but be sure you have a reason to do so unless you are like some of us this site that just do things to experiment and because we can.

Also be aware if you are double NATed and call for tech support the level one script kiddies, once they find out you are double NATed, will insist that this is reason for all your problems and refuse to look for a solution until you disable the double NAT.
 

Attachments

  • How to double NAT two routers.txt
    4.9 KB · Views: 41
Last edited:

ColinTaylor

Part of the Furniture
@CaptainSTX Can you reformat your Double NAT document? It's very difficult to absorb the information when it's presented as a solid block of text.

EDIT: I think it's just the lack of indentation on the bullet points longer than one line, and the absence of a blank line between some sections.
 
Last edited:

CaptainSTX

Part of the Furniture
@CaptainSTX Can you reformat your Double NAT document? It's very difficult to absorb the information when it's presented as a solid block of text.

EDIT: I think it's just the lack of indentation on the bullet points longer than one line, and the absence of a blank line between some sections.

Let me see if I can attach it as a PDF file which should help with the formatting.
 

Attachments

  • How to double NAT two routers.pdf
    664.1 KB · Views: 45

cptnoblivious

Regular Contributor
Formatting looks good now.

The only thing I would change is the addressing so that they are very distinctly different (especially for folks that don't do a lot of networking), i.e. using 172.16.x.x/16 internally and 192.168.1.x/24 behind the first NAT.

Totally a personal preference of course :)
 
Similar threads
Thread starter Title Forum Replies Date
I Multiple WiFi Meshes with only 1 ethernet cable set? Other LAN and WAN 4

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top