What's new

Lots of NAT?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Gary Schiltz

New Around Here
I want to be able to access my home network from the outside. I plan to do this by setting up OpenVPN or some other VPN technology, but I believe there is a whole lot of NAT between me and the outside world (only a little of it my own doing). I'm a complete VPN novice, but am a retired software engineer who has enough knowledge of networking to be dangerous to myself, if not others :) I live in rural Ecuador, so my choice of ISPs is very limited (my own equipment on both ends of a 20 km PTP link). From what I know of networking, and the output of a traceroute from my laptop, I must be behind about 5-9 NATs. Here is the output from doing a "traceroute 1.1.1.1", trimmed slightly to be more easily readable:

1 192.168.0.1 1.401 ms 2.350 ms 2.469 ms
2 192.168.12.1 12.056 ms 9.380 ms 7.982 ms
3 172.16.102.1 11.345 ms 9.212 ms 9.514 ms
4 172.17.0.9 10.414 ms 12.921 ms 8.802 ms
5 172.17.0.5 9.870 ms 9.683 ms 10.508 ms
6 172.17.0.1 12.757 ms 9.357 ms 10.100 ms
7 172.29.190.1 11.102 ms 11.733 ms 18.210 ms
8 192.168.77.1 10.202 ms 9.175 ms 16.467 ms
9 200.107.255.33 10.405 ms 10.172 ms 12.034 ms
10 192.168.100.1 10.627 ms 11.128 ms 14.938 ms
11 * * *
12 * * *
13 94.142.103.34 90.968 ms 82.214 ms 82.990 ms
14 5.53.4.202 82.562 ms 206.679 ms 273.892 ms
15 5.53.4.179 100.335 ms 274.302 ms 181.753 ms
16 176.52.253.23 183.966 ms 237.479 ms 144.741 ms
17 1.1.1.1 180.733 ms 97.598 ms 99.280 ms

The first two addresses are my own equipment (192.168.0.1 is my home router in the house, and 192.168.12.1 is my Ubiquiti ER-X at the ISP's site. Everything below that is my ISP's network. Some questions:

Am I correct that there are several NATs here (based on all the 192.168.x.x and 172.x.x.x addresses)?

Is there any hope of a VPN server running on the ER-X helping me to get access from outside? I don't have a public IP address, but was planning to sign up with a DDNS provider, like no-ip.com. But before I go to too much trouble, I want to see if this network is as unusual as I understand it to be.

Thanks from Mindo, Ecuador
Gary Schiltz
 
That is not NAT, that is routing.

The IP addresses of your local devices (192.168.0.x) are NATed to your router's WAN address (which I assume is 192.168.12.<something>). This single address is then routed to the ER-X, then over your ISP's network and then the internet.

So for your VPN to work you need to know whether the ER-X's WAN interface has a public IP address. If it has then you can configure the ER-X to port-forward to your home router (assuming the VPN server is running on the home router).

EDIT: I'm assuming that your "home router" is typical consumer WiFi router with built-in firewall and NAT.
 
Last edited:
traceroute 1.1.1.1

Interesting... Cloudflare plays interesting games...

Code:
$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
 1  192.168.1.1 (192.168.1.1)  0.562 ms  0.202 ms  0.183 ms
 2  10.150.76.1 (10.150.76.1)  7.520 ms  7.651 ms  7.507 ms
 3  ip68-101-128-242.sd.sd.cox.net (68.101.128.242)  8.124 ms  8.797 ms  8.927 ms
 4  68.1.4.106 (68.1.4.106)  10.969 ms  12.181 ms  11.631 ms
 5  172.68.228.82 (172.68.228.82)  8.234 ms  9.083 ms  9.607 ms
 6  one.one.one.one (1.1.1.1)  9.606 ms  13.934 ms  9.313 ms
 
Similar threads
Thread starter Title Forum Replies Date
H Any way around double NAT? Other LAN and WAN 15

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top