getting around double nat

[Skevans]

I need to get around a double nat without access to the exterior router. I have a MDU set up, and i can only adjust settings on my personal router, not the router providing the signal to mine. Any ideas on how i can get around this issue?

[Razor512]

If you want to avoid a double NAT, then ensure that the router behind your main one has either a bridge mode, or manually avoid the double NAT by using a LAN to LAN setup (where you chance the IP of the second router, and then disable its DHCP server).

 

For example, if your main router is on 192.168.1.1, then you can make your second router 192.168.1.2, and then disable the DHCP server of the second router (and start the DHCP range of the first router at 192.168.1.3). After that, a simple Ethernet cable connected from a LAN port of the second router, to a LAN port of the first router in order to avoid the double NAT.

 

If you can't adjust any setting on the primary router,  then just pick an IP that is outside of the default DHCP range (it is rare for a consumer router to be set to assign everything from 2-254).

[Skevans]

Just now, Razor512 said:

If you want to avoid a double NAT, then ensure that the router behind your main one has either a bridge mode, or manually avoid the double NAT by using a LAN to LAN setup (where you chance the IP of the second router, and then disable its DHCP server).

 

For example, if your main router is on 192.168.1.1, then you can make your second router 192.168.1.2, and then disable the DHCP server of the second router (and start the DHCP range of the first router at 192.168.1.3). After that, a simple Ethernet cable connected from a LAN port of the second router, to a LAN port of the first router in order to avoid the double NAT.

 

If you can't adjust any setting on the primary router,  then just pick an IP that is outside of the default DHCP range (it is rare for a consumer router to be set to assign everything from 2-254).

I don't have any access to the primary router. I called the company and they won't adjust any settings and will not forward any port. And i assume it is a business grade router ( I live in a complex with at least 320 units on the premises). But to your second point if i can assign an ip to the second router that is outside the range of the first then the second router will handle all NAT responsibilities?

[Razor512]

With the setup I described, it can work with no setting changes on the primary router, and it will allow the primary router to handle all of the NAT work. The second router will essentially become transparent, though still being able to offer its value add features such as sharing of USB storage, printers and various other functions.

[Skevans]

1 minute ago, Razor512 said:

With the setup I described, it can work with no setting changes on the primary router, and it will allow the primary router to handle all of the NAT work. The second router will essentially become transparent, though still being able to offer its value add features such as sharing of USB storage, printers and various other functions.

i think are talking different routers.  There is the internet then there is router1 that routs the internet to the different apartments. Then in my room i have an ethernet port on the wall that i plug my router(router 2) into. i have complete control over router 2 but have absolutely no control over router one.

[Skevans]

1 minute ago, Skevans said:

i think are talking different routers.  There is the internet then there is router1 that routs the internet to the different apartments. Then in my room i have an ethernet port on the wall that i plug my router(router 2) into. i have complete control over router 2 but have absolutely no control over router one.

scratch that we are talking the same routers

 

[Skevans]

5 minutes ago, Razor512 said:

With the setup I described, it can work with no setting changes on the primary router, and it will allow the primary router to handle all of the NAT work. The second router will essentially become transparent, though still being able to offer its value add features such as sharing of USB storage, printers and various other functions.

My problem is that in order for the plex server to work it has to be able to manipulate the router it is connected to. It can do that to mine but not router 1. I need to bypass router 1 altogether. The solutions that i have been reading about are using a DMZ or VPN. do either of those sound like they would work

 

[techguru]

if one router is already nat'ed..just get a switch instead of a router

[Skevans]

Just now, techguru said:

if one router is already nat'ed..just get a switch instead of a router

That would work but Plex media server has to be able to make changes to the router or i have to forward a port. I can't do either of these to the exterior router

[Razor512]

For plex, any changes it makes, will likely just be done over UPnP, and many ISP supplied routers will have it enabled by default.

[Skevans]

Just now, Razor512 said:

For plex, any changes it makes, will likely just be done over UPnP, and many ISP supplied routers will have it enabled by default.

I will give it a try. thanks

[Skevans]

3 hours ago, Razor512 said:

For plex, any changes it makes, will likely just be done over UPnP, and many ISP supplied routers will have it enabled by default.

Still a no go. Any other suggestions?

[Razor512]

Are you trying to gain WAN access or just LAN access to the server?

[Skevans]

WAN. however i don't need to access the server myself, the plex website is the interface to the server.

[brwainer]

20 hours ago, Razor512 said:

For plex, any changes it makes, will likely just be done over UPnP, and many ISP supplied routers will have it enabled by default.

In the industry being talked about, multi dwelling unit internet service, we typically disable UPnP or build a custom linux kernel for our router/servers that does not have it at all. 

[brwainer]

16 hours ago, Skevans said:

WAN. however i don't need to access the server myself, the plex website is the interface to the server.

If you live at a property managed by my employer, or one of our major competitors (which is most of the student housing apartment market between about 5 companies) then you're out of luck. One competitor still does public IP addresses for every user, but the rest of us have stopped because it costs so much to get thousands of IPs. We sell it to the property owners as a "security improvement" because like it or not, NAT does provide a form of security. Actually this security aspect of NAT is why you can't get Plex working, and why we don't run UPnP. The property owners and high level executives of our industry want you to use it for normal internet, not running servers. It also has a chilling effect on torrenting that I'm not sure is intentional or not - my company particularly doesn't have a policy against torrenting, but Strict NAT does tend to limit what connections your torrent client can make.

[Skevans]

6 hours ago, brwainer said:

If you live at a property managed by my employer, or one of our major competitors (which is most of the student housing apartment market between about 5 companies) then you're out of luck. One competitor still does public IP addresses for every user, but the rest of us have stopped because it costs so much to get thousands of IPs. We sell it to the property owners as a "security improvement" because like it or not, NAT does provide a form of security. Actually this security aspect of NAT is why you can't get Plex working, and why we don't run UPnP. The property owners and high level executives of our industry want you to use it for normal internet, not running servers. It also has a chilling effect on torrenting that I'm not sure is intentional or not - my company particularly doesn't have a policy against torrenting, but Strict NAT does tend to limit what connections your torrent client can make.

my provider is korcett. And i understand what you are saying, but saying that the internet has a "normal" use is bullshit. I am paying rent and there for am paying for the internet. My usage of it should not be restricted. Nothing against you, just venting to the cosmos.

 

[brwainer]

1 hour ago, Skevans said:

my provider is korcett. And i understand what you are saying, but saying that the internet has a "normal" use is bullshit. I am paying rent and there for am paying for the internet. My usage of it should not be restricted. Nothing against you, just venting to the cosmos.

 

Yeah they manage their networks the same way we do (I will not beyond that identify who I work for). But unless you're paying Korcett directly, internet access is an amenity provided to you by your property and the fact that you pay for internet "as part of your rent" means nothing. If your property isn't wired for a second provider, like some complexes actually have dual coax networks that would allow you to get your own service from the local cable company or telephone wiring so that you could get DSL, there isn't anything you can do. I know how annoying that is as I lived at a property we managed for a few years and had to live with double NAT - even as a supervisor I couldn't convince our CTO, whom I am on pretty good terms with, to forward me ports.