NAT disable on a 4G-AC53U LTE modem

[Stajo]

Hi, if I do Disable Firewall in Firewall settings, does that turn off NAT?

 

[ColinTaylor]

Firewall and NAT are two different things. The firewall can be disabled in the Firewall tab , but it not advisable to do so. NAT cannot be turned off when the WAN Interface is Mobile Broadband (it would make no sense to have that option).

 

[Stajo]

Firewall and NAT are two different things. The firewall can be disabled in the Firewall tab , but it not advisable to do so. NAT cannot be turned off when the WAN Interface is Mobile Broadband (it would make no sense to have that option).

Thank you Colin. I know that the general meaning of the words differ but as far as I remember small home modems and gateways, when they came with "firewall" functionality back in the days it was mostly a NAT functionality, or am I wrong? The thing is that it will sit a Ubiquiti UniFi Security Gateway just after the ASUS with all the firewall functionality etc so I was hoping to be able to configure the ASUS basically as an 4G Internet gateway and avoid "double-NAT" problems. I want to be able to run Site-to-Site VPN with Auto IPsec VTI which cannot be done thru NAT.

So the question remains, does the disabling of firewall remove NAT in this case?

 

[ColinTaylor]

Thank you Colin. I know that the general meaning of the words differ but as far as I remember small home modems and gateways, when they came with "firewall" functionality back in the days it was mostly a NAT functionality, or am I wrong?

You are correct in that the "firewall" and NAT are both performed by the kernel's netfilter code.

The thing is that it will sit a Ubiquiti UniFi Security Gateway just after the ASUS with all the firewall functionality etc so I was hoping to be able to configure the ASUS basically as an 4G Internet gateway and avoid "double-NAT" problems. I want to be able to run Site-to-Site VPN with Auto IPsec VTI which cannot be done thru NAT.

So the question remains, does the disabling of firewall remove NAT in this case?

I don't believe that's the case. I don't have that device but it looks to be mostly the same as their non-LTE routers. On those devices disabling the firewall doesn't effect the NAT operation.

Maybe use port forwarding to the Ubiquiti? The router has NAT passthrough for IPSec but I don't think that's applicable with your setup.
EDIT: Or put the Ubiquiti in the Asus' DMZ, although you'd still have NAT.


The manual doesn't indicate that it can be configured in a "modem-only" mode which is what you're asking for. If that were an option I'd expect to see it under Administration > Operation Mode.

 

[Stajo]

Or put the Ubiquiti in the Asus' DMZ, although you'd still have NAT.

Here is the screen for creating a virtual DMZ. I am not sure what they meen by "Some applications require special handler against NAT. These special handlers are disabled in default."

 

[ColinTaylor]

They're probably referring to things like FTP which require special helpers to work through NAT.