What's new

Help with double NAT

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

macster2075

Very Senior Member
Hi..
I am trying to eliminate double NAT.
The way I have my RT-AC68P router is as follows.

ISP Modem LAN port to WAN port on Asus Router.

I have the option to bridge the ISP modem (Actiontec T3200) (192.168.254.254), but, I can't do that because this modem is located in my office which provides internet to my work computer via Ethernet. (it needs to be Ethernet connection) - If I bridge it, then only ONE Lan port would be available on the modem and will not be able to provide Internet via Ethernet to the Asus router.

The Asus (192.168.1.1) router is on another part of the house providing Wireless and Wired connection to the rest of the devices on my network. (ran Ethernet cable through attic).

As you can see, both the modem and router are under different networks.
I know that I can just connect the Asus router from LAN to LAN on the modem and change its IP to be on the same network as the modem....but, if I do so, will I still be able to have the Asus router provide Wireless and Wired Internet?

And... I have some settings on the Asus router like jffs and such... will that still be enforced?
And finally... this means that the ISP modem will be doing all the DHCP.... is that a good thing?.. I ask because I don't know if its CPU is as fast as Asus.

Any thoughts?
 
I know that I can just connect the Asus router from LAN to LAN on the modem and change its IP to be on the same network as the modem....but, if I do so, will I still be able to have the Asus router provide Wireless and Wired Internet?
Yes, just switch the Asus into "Access Point(AP) mode". That way the WAN port becomes another LAN port and things like DHCP and DNS are turned off. Other "routing" functions like VPN clients and the firewall would similarly be disabled as they are no longer applicable.
 
Yes, just switch the Asus into "Access Point(AP) mode". That way the WAN port becomes another LAN port and things like DHCP and DNS are turned off. Other "routing" functions like VPN clients and the firewall would similarly be disabled as they are no longer applicable.
what about the Asus router settings... will any of those jffs scripts settings will still apply to the devices connected to the Asus?
 
I forgot to mention...
The Asus router not only provides Wireless connection... it also has a guest wireless enabled for visitors.. Will that also be fine if I set the Asus on AP mode?
 
what about the Asus router settings... will any of those jffs scripts settings will still apply to the devices connected to the Asus?
It depends on exactly what scripts you're talking about. As I said, the Asus isn't a router any more so scripts like firewall-start and nat-start won't be run (there's no point), but general scripts like services-start will.

I forgot to mention...
The Asus router not only provides Wireless connection... it also has a guest wireless enabled for visitors.. Will that also be fine if I set the Asus on AP mode?
The guest SSIDs will still be available but they won't be able to provide any isolation from the LAN anymore (as the LAN is controlled by your primary router).
 
The scripts I am referring to are things like... I have scripts to enforce SafeSearch on Google and Bing... I also have parental controls set like Time Scheduling (not through scripts).
Also, I have Bandwidth Limiter enabled and I use DNS-Omatic as ddns to update OpenDns server with my IP.
 
I don't know how your SafeSearch script works but if it's done with dnsmasq (DNS) then that won't work as the router isn't a DNS server anymore.

Parental controls won't work because as it's a routing function. I'd guess that the bandwidth wont work also, although depending how it's configured it might still be effective for the wireless networks.

DDNS might still work.
 
oh my!
That sucks... unfortunately, my ISP modem cannot do what the Asus does. I really like the SafeSearch script and it works well... I also need the B. Limiter....
What other option do I have besides running another Ethernet cable through the attic?
 
If you can't bridge your Actiontec (because of the limitations you mentioned) and you want to use your Asus as a router then there is no way you can avoid double NAT (for devices connected to the Asus).
 
Just run another Ethernet back from the Asus to your work computer. Then the ISP modem can be bridge mode, Asus is a router and can do all the things you want.
Sure it means 2 long cable runs but they will take the same path so neat and presumably easy as you’ve done it once already.


Sent from my iPhone using Tapatalk
 
What about bridging the actiontec, bringing the ASUS router in to the office to provide the LAN connection for your office and to act as the router. Then get a gigabit switch (or wireless AP) and connect that on the other end of your attic Ethernet run?
 
Just run another Ethernet back from the Asus to your work computer. Then the ISP modem can be bridge mode, Asus is a router and can do all the things you want.
Sure it means 2 long cable runs but they will take the same path so neat and presumably easy as you’ve done it once already.
This is almost identical to my setup, but instead of running the second Ethernet cable back to where the modem is I use two powerline adapters (physical limitations make running a second Ethernet cable difficult). This works for me because there are only 2 low bandwidth (<50Mbps) devices that would need to use the powerline link.
 
Any particular reason you want to eliminate the double NAT? If you think it slows a connection or increases latency think again. I will be glad to send you my test results showing no impact on either when running in a double NAT setup.

The only ordinary function that running a double NAT makes more difficult/ impossible is if you want to run a VPN server. I'm sure there are other functions that also become more complicated but to isolate IoT devices I have been running in a double NAT and the setup works fine for me.
 
Any particular reason you want to eliminate the double NAT? If you think it slows a connection or increases latency think again. I will be glad to send you my test results showing no impact on either when running in a double NAT setup.

The only ordinary function that running a double NAT makes more difficult/ impossible is if you want to run a VPN server. I'm sure there are other functions that also become more complicated but to isolate IoT devices I have been running in a double NAT and the setup works fine for me.

Just guessing, many consoles don’t get along with double NAT for online gaming.
 
I can't tell you for sure that a double NAT will work for gaming but folk lore seems to have lots of bias against double NAT with no facts to back them up.

I have used double and even triple NAT setups and it has never stopped me from doing anything I needed to do. If you need port forwards it requires you forward the ports on both routers but once it is setup it works.

Gaming consoles always seem to suggest you setup port forwards because they always suggested that in the past but it seems based on comments on this site it is not necessary.
 
I can't tell you for sure that a double NAT will work for gaming but folk lore seems to have lots of bias against double NAT with no facts to back them up.

I have used double and even triple NAT setups and it has never stopped me from doing anything I needed to do. If you need port forwards it requires you forward the ports on both routers but once it is setup it works.

Gaming consoles always seem to suggest you setup port forwards because they always suggested that in the past but it seems based on comments on this site it is not necessary.

I don’t know about the switch or the PS4, but the XBox One will detect the double NAT and bitch about it. That alone will lead folks to try and eliminate the situation.
 
I can't tell you for sure that a double NAT will work for gaming but folk lore seems to have lots of bias against double NAT with no facts to back them up.

I have used double and even triple NAT setups and it has never stopped me from doing anything I needed to do. If you need port forwards it requires you forward the ports on both routers but once it is setup it works.

Gaming consoles always seem to suggest you setup port forwards because they always suggested that in the past but it seems based on comments on this site it is not necessary.

I think some of the confusion comes from the fact that by default, theses gaming consoles depend heavily on UPnP, which afaik, is NOT propagated beyond the immediate router. But if you return to traditional port forwarding, seems to me it shouldn't matter how many routers are NATing (other than performance concerns).
 
I think some of the confusion comes from the fact that by default, theses gaming consoles depend heavily on UPnP, which afaik, is NOT propagated beyond the immediate router. But if you return to traditional port forwarding, seems to me it shouldn't matter how many routers are NATing (other than performance concerns).
Can you not DMZ each router through to the last in the chain? This isn't something I actually know about, so I could be wildly wrong!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top