Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > Double NAT - Is it really that awful?

Double NAT - Is it really that awful?
Thread Tools
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status: Offline
Reply With Quote
Jan 27, 2014, 05:19 PM
 
My ISP has provided me with a WiFI modem/router that is totally locked down. The only thing I can do is turn on/off the WiFi and change the WiFi password. I can't eliminate the modem because my ISP uses PPOA which is not supported by the Airport Extreme.

I'd like to be able to take advantage of Back to my Mac and other services that require port forwarding but to do so I'd end up with a "double NAT" scenario. Airport Utility complains and causes the router to blink yellow incessantly. I'm not sure if my anally retentive obsessive compulsive self can deal with the blinking light but I may just have to grin and bear it.

Thoughts/suggestions?
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Jan 28, 2014, 03:59 AM
 
You can use double NAT if you use different address ranges. If the outer network uses the 192.168.x.x range and the inner uses the 10.x.x.x range (or vice versa, obviously), you should be good. It's when they both use the same range that bad things happen. Set the Airport Extreme to whatever the ISP router doesn't use.

(Technically you can use one on 192.168.1.x and the other on 192.168.2.x or whatever, but that requires fiddling with the subnet mask. Using different ranges is easier.)
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Jan 28, 2014, 08:15 AM
 
Double NATs may make some services more problematic, a lot will depend on how well they can NAT punch through two NATs instead of one, and whether both NATs can do UPnP very well.

You can eliminate the airport NAT by changing its router mode to 'off' or 'bridge mode.' This will tell it to pass client traffic (including DHCP) to the modem/router device. Both it and the airport use NAT when in router mode; since you can't change the modem, placing the airport in bridge mode will still provide wifi via the airport, but will eliminate its NAT since it is no longer routing (it'll act like a dumb switch instead).

https://en.wikipedia.org/wiki/NAT_traversal
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
     
Atheist  (op)
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status: Offline
Reply With Quote
Jan 28, 2014, 01:53 PM
 
Originally Posted by P View Post
You can use double NAT if you use different address ranges. If the outer network uses the 192.168.x.x range and the inner uses the 10.x.x.x range (or vice versa, obviously), you should be good. It's when they both use the same range that bad things happen. Set the Airport Extreme to whatever the ISP router doesn't use.

(Technically you can use one on 192.168.1.x and the other on 192.168.2.x or whatever, but that requires fiddling with the subnet mask. Using different ranges is easier.)
I'll give that a try.. thanks.

Originally Posted by Cold Warrior View Post
Double NATs may make some services more problematic, a lot will depend on how well they can NAT punch through two NATs instead of one, and whether both NATs can do UPnP very well.

You can eliminate the airport NAT by changing its router mode to 'off' or 'bridge mode.' This will tell it to pass client traffic (including DHCP) to the modem/router device. Both it and the airport use NAT when in router mode; since you can't change the modem, placing the airport in bridge mode will still provide wifi via the airport, but will eliminate its NAT since it is no longer routing (it'll act like a dumb switch instead).

https://en.wikipedia.org/wiki/NAT_traversal
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
I presently have the Airport in bridge mode but with that configuration, port forwarding doesn't seem to work. I can't see my Macs from the outside world. That's why I was investigating other scenarios.

Thanks all for your suggestions. I'm traveling now but when I return home I'll be sure to do some more fiddling around and report on my successes (or lack thereof).
     
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Jan 29, 2014, 02:22 PM
 
Originally Posted by Atheist View Post
Thanks all for your suggestions. I'm traveling now but when I return home I'll be sure to do some more fiddling around and report on my successes (or lack thereof).
You could turn to other solutions for outside world access, as long as ou're trying to connect via a Mac (and not cell phone).

E.g.

Screensharing via LogMeIn (free)
VPN via LogMeIn Hamachi (free)

Also, take a look at Slink http://slinkware.com/features/
It offers full remote access to all shared Bonjour services.

-t
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 10:30 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2