What's new

Double NAT home network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Virgilio

New Around Here
I could really use some help with configuring a double NAT setup at home. This attachment has a diagram of what I'd like to do:
Dual NAT.jpg
My relevant equipment is:

NAT1 is an ARRIS TG1682G
NAT2 device is an ARRIS SB6782-AC

My IT skills are low, but this is a learning project!

Paul
 
I could really use some help with configuring a double NAT setup at home. This attachment has a diagram of what I'd like to do:
View attachment 8269
My relevant equipment is:

NAT1 is an ARRIS TG1682G
NAT2 device is an ARRIS SB6782-AC

My IT skills are low, but this is a learning project!

Paul

If all you want to accomplish is as shown and you don't need to share resources between NAT 1 & Nat 2 your setup is:

Set up NAT 1 with automatic WAN IP from your modem. Set the LAN IP of your NAT 1 router to 192.168.1.1 and your DHCP on that router to 192.168.1. 120 -140. You can use another subnet if you choose.

Connect your MOCA adapter to a LAN port on your NAT 1 router.

Using the another MOCA adapter connect it to the WAN port of NAT2 router.

Set the WAN IP on the NAT 2 router to automatic.

Set the LAN address of NAT router 2 to 192.168.2.1 and be sure DHCP server is enabled and set the pool to 192.168.2.100-120 depending on how many DHCP addresses you need.

For security be sure that administrative access from the WAN is off on both routers.

I use a similar set up and it works fine.
 
Hmm, I can't get nat2 to talk to nat1. Both of them are modem/router combos, do I need to turn off the modem somehow in nat2?


Sent from my iPhone using Tapatalk
 
Thanks for your help Captain. I have been trying to get them to talk side by side connected by LAN cable. NAT1 sees the MAC address of NAT2 and the correct DNS address, and NAT2 sees the correct IP address of NAT1. I reserved an IP address for NAT2 and both see it as an assigned IP, but there is no flow of data between the two.

NAT1 had an IP range of 10.0.0.1 - through whatever the default is. I changed the range to 10.0.0.2 - 10.0.0.100
and I changed NAT2 to 10.0.0.100 and gave it a range of 10.0.0.101 through whatever the max is. NAT2 started off with defaults in the 192.168.0.1 range.

right now, NAT2 won't acquire download stream.

Oh and my diagram was slightly wrong, I am trying to do this:
 

Attachments

  • Dual NAT revised.jpg
    Dual NAT revised.jpg
    107.3 KB · Views: 453
Apparently my NAT2 Modem/Router combo needs to use its coax connector for WAN because it finally connected to the other NAT that way when I moved to the basement. It connects and then drops right away and resets itself, but I'm done for this evening and I'm probably done until next weekend. I'll put another temporary splitter in there and look over my settings then.

Is there a way to change my WAN port to one of the RJ45 connectors?

I'm open to comments from anyone.
 
NAT1 had an IP range of 10.0.0.1 - through whatever the default is. I changed the range to 10.0.0.2 - 10.0.0.100 and I changed NAT2 to 10.0.0.100 and gave it a range of 10.0.0.101 through whatever the max is. NAT2 started off with defaults in the 192.168.0.1 range.
This is wrong (assuming your netmask is 255.255.255.0). Read @CaptainSTX post again. You have put both routers on the same network (10.0.0.x). If you want to have a double NAT (Network Address Translation) setup they need to be two different networks, e.g. 10.0.0.x and 10.0.1.x.

It begs the question, why do you want double NAT? Most people here are trying to avoid this kind of setup!

Disclaimer: I know nothing about MOCA.
 
This is wrong (assuming your netmask is 255.255.255.0). Read @CaptainSTX post again. You have put both routers on the same network (10.0.0.x). If you want to have a double NAT (Network Address Translation) setup they need to be two different networks, e.g. 10.0.0.x and 10.0.1.x.

It begs the question, why do you want double NAT? Most people here are trying to avoid this kind of setup!

Disclaimer: I know nothing about MOCA.

Thank you for responding.

So keeping the range from overlapping isn't enough, then? I'll try changing that.

I want a double NAT for a few reasons: First my ISP enters my modem on the high end and disables the MOCA on my leased modem just about every other day. I have to wifi in and turn it back on to use my wired PC's. From reading the Comcast/Xfinity forums they do this because the Tv Set-Top-Boxes share DVR info via a MOCA- like protocol, and they don't want customers to set themselves up with conflicts. It isn't in the diagrams but my set top boxes would be on the same coax that feeds NAT1.

Second, I read somewhere recently that a successful double NAT adds another layer of security. And third, it's a challenge and fun!


Sent from my iPad using Tapatalk
 
Last edited:
Thanks everyone who added suggestions. I found the solution to my problem: I had connectivity all along but I didn't realize it! I was watching my modem front lights as an indication of connectivity, but since NAT 2 is a Docsys modem the lights aren't going to light up ever. Since I was using that as my primary indicator I never bothered to ping anything or check for data.

I guess a docsys modem has to be a client on a docsys server to get docsys lights.
 
If all you want to accomplish is as shown and you don't need to share resources between NAT 1 & Nat 2 your setup is:

Set up NAT 1 with automatic WAN IP from your modem. Set the LAN IP of your NAT 1 router to 192.168.1.1 and your DHCP on that router to 192.168.1. 120 -140. You can use another subnet if you choose.

Connect your MOCA adapter to a LAN port on your NAT 1 router.

Using the another MOCA adapter connect it to the WAN port of NAT2 router.

Set the WAN IP on the NAT 2 router to automatic.

Set the LAN address of NAT router 2 to 192.168.2.1 and be sure DHCP server is enabled and set the pool to 192.168.2.100-120 depending on how many DHCP addresses you need.

For security be sure that administrative access from the WAN is off on both routers.

I use a similar set up and it works fine.

Do I have to set my subnet mask differently? Like instead of 255.255.255.0, I use 255.255.0.0? My logic is that the routers need to see the third set of numbers to identify the correct network.


Sent from my iPhone using Tapatalk
 
Do I have to set my subnet mask differently?
No. Routers will route traffic that doesn't belong on the LAN to another network. That's why they're called routers.

If you were to change the netmask to 255.255.0.0 it would assume anything with the IP address 192.168.x.y is on the LAN and will therefore not route it.
 
Thanks, I was starting to wonder if that was the case. I was getting some really misleading indications that probably stem from the way I was connecting both devices, which is what I was trying to fix in the first place.
 
Thanks, I was starting to wonder if that was the case. I was getting some really misleading indications that probably stem from the way I was connecting both devices, which is what I was trying to fix in the first place.

The device is trying very hard to phone home over the coax connection - yeah, it does MOCA as a secondary function, but that coax connection really, really wants to phone home, and there is little control over it, as it's generally assumed to be a managed WAN connection...
 
The device is trying very hard to phone home over the coax connection - yeah, it does MOCA as a secondary function, but that coax connection really, really wants to phone home, and there is little control over it, as it's generally assumed to be a managed WAN connection...

Thanks again. I bought a normal router and it was very straightforward to configure as recommended above.

Now, I'm taking some of my MOCA connections out and running LAN cable from NAT2 wan port to a NAT1 LAN port.

Does this new cable need to be pinned out as a crossover?


Sent from my iPhone using Tapatalk
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top