1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Help with double NAT

Discussion in 'Asuswrt-Merlin' started by macster2075, Jul 10, 2019 at 6:44 PM.

  1. macster2075

    macster2075 Regular Contributor

    Joined:
    Jan 21, 2019
    Messages:
    141
    Hi..
    I am trying to eliminate double NAT.
    The way I have my RT-AC68P router is as follows.

    ISP Modem LAN port to WAN port on Asus Router.

    I have the option to bridge the ISP modem (Actiontec T3200) (192.168.254.254), but, I can't do that because this modem is located in my office which provides internet to my work computer via Ethernet. (it needs to be Ethernet connection) - If I bridge it, then only ONE Lan port would be available on the modem and will not be able to provide Internet via Ethernet to the Asus router.

    The Asus (192.168.1.1) router is on another part of the house providing Wireless and Wired connection to the rest of the devices on my network. (ran Ethernet cable through attic).

    As you can see, both the modem and router are under different networks.
    I know that I can just connect the Asus router from LAN to LAN on the modem and change its IP to be on the same network as the modem....but, if I do so, will I still be able to have the Asus router provide Wireless and Wired Internet?

    And... I have some settings on the Asus router like jffs and such... will that still be enforced?
    And finally... this means that the ISP modem will be doing all the DHCP.... is that a good thing?.. I ask because I don't know if its CPU is as fast as Asus.

    Any thoughts?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,805
    Location:
    UK
    Yes, just switch the Asus into "Access Point(AP) mode". That way the WAN port becomes another LAN port and things like DHCP and DNS are turned off. Other "routing" functions like VPN clients and the firewall would similarly be disabled as they are no longer applicable.
     
  3. macster2075

    macster2075 Regular Contributor

    Joined:
    Jan 21, 2019
    Messages:
    141
    what about the Asus router settings... will any of those jffs scripts settings will still apply to the devices connected to the Asus?
     
  4. macster2075

    macster2075 Regular Contributor

    Joined:
    Jan 21, 2019
    Messages:
    141
    I forgot to mention...
    The Asus router not only provides Wireless connection... it also has a guest wireless enabled for visitors.. Will that also be fine if I set the Asus on AP mode?
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,805
    Location:
    UK
    It depends on exactly what scripts you're talking about. As I said, the Asus isn't a router any more so scripts like firewall-start and nat-start won't be run (there's no point), but general scripts like services-start will.

    The guest SSIDs will still be available but they won't be able to provide any isolation from the LAN anymore (as the LAN is controlled by your primary router).
     
  6. macster2075

    macster2075 Regular Contributor

    Joined:
    Jan 21, 2019
    Messages:
    141
    The scripts I am referring to are things like... I have scripts to enforce SafeSearch on Google and Bing... I also have parental controls set like Time Scheduling (not through scripts).
    Also, I have Bandwidth Limiter enabled and I use DNS-Omatic as ddns to update OpenDns server with my IP.
     
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,805
    Location:
    UK
    I don't know how your SafeSearch script works but if it's done with dnsmasq (DNS) then that won't work as the router isn't a DNS server anymore.

    Parental controls won't work because as it's a routing function. I'd guess that the bandwidth wont work also, although depending how it's configured it might still be effective for the wireless networks.

    DDNS might still work.
     
  8. macster2075

    macster2075 Regular Contributor

    Joined:
    Jan 21, 2019
    Messages:
    141
    oh my!
    That sucks... unfortunately, my ISP modem cannot do what the Asus does. I really like the SafeSearch script and it works well... I also need the B. Limiter....
    What other option do I have besides running another Ethernet cable through the attic?
     
  9. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,805
    Location:
    UK
    If you can't bridge your Actiontec (because of the limitations you mentioned) and you want to use your Asus as a router then there is no way you can avoid double NAT (for devices connected to the Asus).
     
  10. JDB

    JDB Very Senior Member

    Joined:
    Aug 28, 2016
    Messages:
    789
    Just run another Ethernet back from the Asus to your work computer. Then the ISP modem can be bridge mode, Asus is a router and can do all the things you want.
    Sure it means 2 long cable runs but they will take the same path so neat and presumably easy as you’ve done it once already.


    Sent from my iPhone using Tapatalk
     
    Grisu likes this.
  11. adampk17

    adampk17 Regular Contributor

    Joined:
    Sep 17, 2013
    Messages:
    137
    What about bridging the actiontec, bringing the ASUS router in to the office to provide the LAN connection for your office and to act as the router. Then get a gigabit switch (or wireless AP) and connect that on the other end of your attic Ethernet run?
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,805
    Location:
    UK
    This is almost identical to my setup, but instead of running the second Ethernet cable back to where the modem is I use two powerline adapters (physical limitations make running a second Ethernet cable difficult). This works for me because there are only 2 low bandwidth (<50Mbps) devices that would need to use the powerline link.
     
  13. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,876
    Any particular reason you want to eliminate the double NAT? If you think it slows a connection or increases latency think again. I will be glad to send you my test results showing no impact on either when running in a double NAT setup.

    The only ordinary function that running a double NAT makes more difficult/ impossible is if you want to run a VPN server. I'm sure there are other functions that also become more complicated but to isolate IoT devices I have been running in a double NAT and the setup works fine for me.
     
  14. adampk17

    adampk17 Regular Contributor

    Joined:
    Sep 17, 2013
    Messages:
    137
    Just guessing, many consoles don’t get along with double NAT for online gaming.
     
  15. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    1,876
    I can't tell you for sure that a double NAT will work for gaming but folk lore seems to have lots of bias against double NAT with no facts to back them up.

    I have used double and even triple NAT setups and it has never stopped me from doing anything I needed to do. If you need port forwards it requires you forward the ports on both routers but once it is setup it works.

    Gaming consoles always seem to suggest you setup port forwards because they always suggested that in the past but it seems based on comments on this site it is not necessary.
     
    martinr and L&LD like this.
  16. adampk17

    adampk17 Regular Contributor

    Joined:
    Sep 17, 2013
    Messages:
    137
    I don’t know about the switch or the PS4, but the XBox One will detect the double NAT and bitch about it. That alone will lead folks to try and eliminate the situation.
     
  17. eibgrad

    eibgrad Senior Member

    Joined:
    Feb 20, 2017
    Messages:
    220
    I think some of the confusion comes from the fact that by default, theses gaming consoles depend heavily on UPnP, which afaik, is NOT propagated beyond the immediate router. But if you return to traditional port forwarding, seems to me it shouldn't matter how many routers are NATing (other than performance concerns).
     
    martinr likes this.
  18. Jack Yaz

    Jack Yaz Part of the Furniture

    Joined:
    Apr 20, 2017
    Messages:
    2,286
    Can you not DMZ each router through to the last in the chain? This isn't something I actually know about, so I could be wildly wrong!
     
    martinr likes this.