Jump to content

Double NAT

Brian Furious
By Brian Furious
in Networking
 Share
Posted

Hello everyone. I've recently switched from ADSL to VDSL2 and my old modem/router doesn't support VDSL2 so I had to stay with my provider's one which sucks (I can't even change DNS on it), so I was about to buy a new one but I prefered not to and to use my old router's WAN port to handle the connection through my IPS's modem.

 

My question is: do I get any latency/impact from leaving the NAT on on my ISP's modem or should I just turn it off since my secondary router can handle NAT really good? Or should turn on NAT on both modems?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Double NAT can bring performance and stability issues. Turn it off on one of them.

HAL9000: AMD Ryzen 9 3900x | Noctua NH-D15 chromax.black | 32 GB Corsair Vengeance LPX DDR4 3200 MHz | Asus X570 Prime Pro | ASUS TUF 3080 Ti | 1 TB Samsung 970 Evo Plus + 1 TB Crucial MX500 + 6 TB WD RED | Corsair HX1000 | be quiet Pure Base 500DX | LG 34UM95 34" 3440x1440

Hydrogen server: Intel i3-10100 | Cryorig M9i | 64 GB Crucial Ballistix 3200MHz DDR4 | Gigabyte B560M-DS3H | 33 TB of storage | Fractal Design Define R5 | unRAID 6.9.2

Carbon server: Fujitsu PRIMERGY RX100 S7p | Xeon E3-1230 v2 | 16 GB DDR3 ECC | 60 GB Corsair SSD & 250 GB Samsung 850 Pro | Intel i340-T4 | ESXi 6.5.1

Big Mac cluster: 2x Raspberry Pi 2 Model B | 1x Raspberry Pi 3 Model B | 2x Raspberry Pi 3 Model B+

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'd do passthrough on the edge, single NAT layer handled by the downstream router. 

 

Double NAT can work okay for general browsing and similar but can also be erratic if the NAT timeout are different or if one of your segments is unable to route as much traffic as the other one (ie bottleneck).  If you need any forwarded services you'd have to forward them twice and things like UPNP won't cross into your boundary NAT.

PC : 3600 · Crosshair VI WiFi · 2x16GB RGB 3200 · 1080Ti SC2 · 1TB WD SN750 · EVGA 1600G2 · Define C 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Thank you for the quick reply. I disabled any service on the modem but I am facing some issues now. My ISP connects me through PPPoE and gives me a dynamic IP so I disabled PPP and NAT on first modem and the other modem/router connected from WAN to LAN of my ISP modem with PPPoE. Internet works great though it assigns me a public IP that can't be reached outside the network. If I try to ping my public IP it doesn't respond, though a tracert returns the public IP with <1 ms then it tries to reach the IP again without success. 

 

 

Edit: ping seemed not responding though the services were reachable like HTTP and FTP. After 30 minutes I tried to ping it again and it responds.

 

I have another question.  My secondary modem handles everything now and I gave it 192.168.1.1 IP while the primary one has 192.168.1.254. My primary modem does not ping nor I can reach anything from it. If I plug the ethernet on my primary modem, I can see my secondary router connected to it, though I can't ping it or access to it. 

Since my ISP connects me through PPPoE and I try to enable PPP protocal and NAT, it gets another public IP so probably it has different NATs if I enable them? Do I bascially get 2 public IPs?

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×