To Double NAT or Not - Advice

[BasicBlue]

Hello All,

Just a seeking some advice around pros and cons for a simple home network setup. Here is the scenario.

ISP modem / router combo (router 1) for WAN access. A second router (router 2) connected to ISP using a private IP and all wired devices (printers, servers, NAS, XBox) connected to router 2.

I want to use router 1 to take all wifi devices in my house / office because it has some great tools to manage and monitor wifi connected devices.

What I need to do it be able to securely access my devices on router 2 via VPN built in the router 2, also allow those devices such as Xbox / PC to host / serge games and chat etc using UPNP I believe.

If I put the ISP device router 1 into bridge mode I loose the wifi features.

Is there a practical way to bypass the ISP firewall, NAT and DHCP and achieve desired results without bridge mode or will this create a double NAT and more problems?

Does anyone have any suggestions as how I could achieve this without creating more problems for myself? Perhaps I should just do the bridge mode and scrape the wifi management feature in the ISP router 1

Seeking insight for my pros and cons planning.

Thanks,

 

[ColinTaylor]

You would need to put the WAN IP address of router 2 in the DMZ of router 1.

If you were only wanting to access router 2's VPN server you could get away with just forwarding its port on router 1. However, because you want to use UPnP on router 2 for gaming there is no foolproof way of knowing all the ports that might need forwarding. Therefore the only practical option is to put router 2 in the DMZ.

This will indeed create a double NAT for devices connected to router 2, but that shouldn't be a problem.

 

[BasicBlue]

You would need to put the WAN IP address of router 2 in the DMZ of router 1.

If you were only wanting to access router 2's VPN server you could get away with just forwarding its port on router 1. However, because you want to use UPnP on router 2 for gaming there is no foolproof way of knowing all the ports that might need forwarding. Therefore the only practical option is to put router 2 in the DMZ.

This will indeed create a double NAT for devices connected to router 2, but that shouldn't be a problem.

Thanks for the reply. Perhaps I can can devices that require UPnP (xbox, gaming PC) on WiFi connection to Router 1 and eliminate that issue.

 

[ColinTaylor]

Thanks for the reply. Perhaps I can can devices that require UPnP (xbox, gaming PC) on WiFi connection to Router 1 and eliminate that issue.

There are various way you could configure your devices, I just responded to what you asked. As I said, double NAT isn't a problem. But if you move gaming devices from a wired connection on router 2 to a wireless connection on router 1 you might experience increased latency.

 

[BasicBlue]

There are various way you could configure your devices, I just responded to what you asked. As I said, double NAT isn't a problem. But if you move gaming devices from a wired connection on router 2 to a wireless connection on router 1 you might experience increased latency.

Yes, I totally appreciate your advice. Sadly, I just found out that my ISP has disabled the DMZ feature of the router 1. SO the only option provided is bridged mode. Not the worse case scenario, perhaps it is an excuse to upgrade my router to one with soem more modern wi-fi management tools.

Thank you,

 

[CaptainSTX]

Hello All,

Just a seeking some advice around pros and cons for a simple home network setup. Here is the scenario.

ISP modem / router combo (router 1) for WAN access. A second router (router 2) connected to ISP using a private IP and all wired devices (printers, servers, NAS, XBox) connected to router 2.

I want to use router 1 to take all wifi devices in my house / office because it has some great tools to manage and monitor wifi connected devices.

What I need to do it be able to securely access my devices on router 2 via VPN built in the router 2, also allow those devices such as Xbox / PC to host / serge games and chat etc using UPNP I believe.

If I put the ISP device router 1 into bridge mode I loose the wifi features.

Is there a practical way to bypass the ISP firewall, NAT and DHCP and achieve desired results without bridge mode or will this create a double NAT and more problems?

Does anyone have any suggestions as how I could achieve this without creating more problems for myself? Perhaps I should just do the bridge mode and scrape the wifi management feature in the ISP router 1

Seeking insight for my pros and cons planning.

Thanks,

Double NATing works fine for most people and no need for DMZ for most applications. Where the problems start is if you want to run a server on the second router or access devices on the second router's network from the first router's network.