Double NAT solutions

[Guest]

I live out of town, I enjoy the seclusion but the internet leaves a bit to be desired.

 

My speeds are fine but I don't think there is a single WISP in my area which doesn't employ carrier grade NAT.

 

Double NAT works fine for an average Joe who just wants to check email and watch youtube, sure, but what about people who want to play online games or access their plex library outside of their home network?

 

I don't want to pay $10/month for a public IP and my ISP doesn't provide IPv6 (yet.) I also find the idea of paying for a VPN rather unattractive.

 

This got me thinking, If i could request my ISP to set my my internal IP inside a DMZ (and actually have them deliver) would it allow me to forward ports and have access to the outside world? Or does DMZ completely bypass NAT and require an external IP (which they would charge me $10 for.)

 

I have heard a little bit of Port Control Protocol but I'm unfamiliar with exactly how it works and not sure if it is a complete solution to carrier grade NAT. If you know how it works, would mind sharing with me the jist of it?

 

 

 

[Wombo]

4 hours ago, Lord_Doge said:

I live out of town, I enjoy the seclusion but the internet leaves a bit to be desired.

 

My speeds are fine but I don't think there is a single WISP in my area which doesn't employ carrier grade NAT.

 

Double NAT works fine for an average Joe who just wants to check email and watch youtube, sure, but what about people who want to play online games or access their plex library outside of their home network?

 

I don't want to pay $10/month for a public IP and my ISP doesn't provide IPv6 (yet.) I also find the idea of paying for a VPN rather unattractive.

 

This got me thinking, If i could request my ISP to set my my internal IP inside a DMZ (and actually have them deliver) would it allow me to forward ports and have access to the outside world? Or does DMZ completely bypass NAT and require an external IP (which they would charge me $10 for.)

 

I have heard a little bit of Port Control Protocol but I'm unfamiliar with exactly how it works and not sure if it is a complete solution to carrier grade NAT. If you know how it works, would mind sharing with me the jist of it?

 

 

 

Sadly, that's he nature of CGN. Sure there are some options, but really it comes down to what your ISP is willing to do for you. The easiest thing to do is unfortunately just to pay the $10. Perhaps if you explain the nature of your needs to your ISP and explain their service doesn't support you int he right ways, they may be willing give you discount.

[Guest]

3 minutes ago, Wombo said:

Sadly, that's he nature of CGN. Sure there are some options, but really it comes down to what your ISP is willing to do for you. The easiest thing to do is unfortunately just to pay the $10. Perhaps if you explain the nature of your needs to your ISP and explain their service doesn't support you int he right ways, they may be willing give you discount.

you didn't really answer any questions but i figure you're probably the only reply im gonna get so oh well

[brwainer]

In a normal SOBO router, and device you assign as being in the DMZ gets sent *all* traffic that the router recieves on its public IP that doesn't get sent to another device on the network (due to port forwarding or normal NAT operation) or isn't bound for the router itself. That is why putting a device in the DMZ is an alternative to forwarding ports to it - you are actually telling your router "instead of dropping any unmatched packets, forward them to this device."

 

Now try to think about this from an ISP perspective. You and I don't know how many users they have on a single public IPv4 address, but it's probably quite a lot. If you ask them to put your router in a DMZ, all traffic that reaches that public IP and isn't sent to any user will get sent to your router. Not only is that potentially a lot of traffic (BTW if someone tries to DDOS that public IP, most of the traffic will be forwarded to your router), but it would be unfair to any other user on the same public IP that also wanted ports forwarded to them or to be placed in the DMZ, aince there can only be one

[Guest]

9 hours ago, brwainer said:

In a normal SOBO router, and device you assign as being in the DMZ gets sent *all* traffic that the router recieves on its public IP that doesn't get sent to another device on the network (due to port forwarding or normal NAT operation) or isn't bound for the router itself. That is why putting a device in the DMZ is an alternative to forwarding ports to it - you are actually telling your router "instead of dropping any unmatched packets, forward them to this device."

 

Now try to think about this from an ISP perspective. You and I don't know how many users they have on a single public IPv4 address, but it's probably quite a lot. If you ask them to put your router in a DMZ, all traffic that reaches that public IP and isn't sent to any user will get sent to your router. Not only is that potentially a lot of traffic (BTW if someone tries to DDOS that public IP, most of the traffic will be forwarded to your router), but it would be unfair to any other user on the same public IP that also wanted ports forwarded to them or to be placed in the DMZ, aince there can only be one

Thank you for explaining. Is there any way to get around CGN without using a VPN?

[Donut417]

3 hours ago, Lord_Doge said:

Thank you for explaining. Is there any way to get around CGN without using a VPN?

Pay for a public IP address. 

[legopc]

On 13-8-2016 at 0:51 AM, Lord_Doge said:

My speeds are fine but I don't think there is a single WISP in my area which doesn't employ carrier grade NAT.

 

Would you care to explain what makes NAT different from "carrier grade NAT"? Thanks 

[brwainer]

Just now, legopc said:

Would you care to explain what makes NAT different from "carrier grade NAT"? Thanks 

Carrier grade NAT has a different subnet of IPv4 adrdresses that are used for internal functions - because sometimes you get routing conflicts if both the WAN and LAN of a consumer router are in the same subnet. To be specific, normal internal networks can be 10.0.0./8, 172.16.0.0/12, or 192.168.0.0/16 (See RFC 1918). The internal network for CGN can be 100.64.0.0/10 (see RFC 6598).

 

Other than the use of different IPs, there is no practical difference between carrier grade nat and regular nat.

[Guest]

18 hours ago, legopc said:

Would you care to explain what makes NAT different from "carrier grade NAT"? Thanks 

Simply put, NAT employed by your ISP. It makes port forwarding and such impossible to the end user since you're computer is basically behind two routers.

[Guest]

19 hours ago, Donut417 said:

Pay for a public IP address. 

I was afraid that would be my only option....