MacNN Forums (http://forums.macnn.com/)
-   Networking (http://forums.macnn.com/networking/)
-   -   Double NAT - Is it really that awful? (http://forums.macnn.com/92/networking/507775/double-nat-is-it-really-awful/)

 
Atheist Jan 27, 2014 05:19 PM
Double NAT - Is it really that awful?
My ISP has provided me with a WiFI modem/router that is totally locked down. The only thing I can do is turn on/off the WiFi and change the WiFi password. I can't eliminate the modem because my ISP uses PPOA which is not supported by the Airport Extreme.

I'd like to be able to take advantage of Back to my Mac and other services that require port forwarding but to do so I'd end up with a "double NAT" scenario. Airport Utility complains and causes the router to blink yellow incessantly. I'm not sure if my anally retentive obsessive compulsive self can deal with the blinking light but I may just have to grin and bear it.

Thoughts/suggestions?
 
P Jan 28, 2014 03:59 AM
You can use double NAT if you use different address ranges. If the outer network uses the 192.168.x.x range and the inner uses the 10.x.x.x range (or vice versa, obviously), you should be good. It's when they both use the same range that bad things happen. Set the Airport Extreme to whatever the ISP router doesn't use.

(Technically you can use one on 192.168.1.x and the other on 192.168.2.x or whatever, but that requires fiddling with the subnet mask. Using different ranges is easier.)
 
Cold Warrior Jan 28, 2014 08:15 AM
Double NATs may make some services more problematic, a lot will depend on how well they can NAT punch through two NATs instead of one, and whether both NATs can do UPnP very well.

You can eliminate the airport NAT by changing its router mode to 'off' or 'bridge mode.' This will tell it to pass client traffic (including DHCP) to the modem/router device. Both it and the airport use NAT when in router mode; since you can't change the modem, placing the airport in bridge mode will still provide wifi via the airport, but will eliminate its NAT since it is no longer routing (it'll act like a dumb switch instead).

https://en.wikipedia.org/wiki/NAT_traversal
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
 
Atheist Jan 28, 2014 01:53 PM
Quote, Originally Posted by P (Post 4265678)
You can use double NAT if you use different address ranges. If the outer network uses the 192.168.x.x range and the inner uses the 10.x.x.x range (or vice versa, obviously), you should be good. It's when they both use the same range that bad things happen. Set the Airport Extreme to whatever the ISP router doesn't use.

(Technically you can use one on 192.168.1.x and the other on 192.168.2.x or whatever, but that requires fiddling with the subnet mask. Using different ranges is easier.)
I'll give that a try.. thanks.

Quote, Originally Posted by Cold Warrior (Post 4265694)
Double NATs may make some services more problematic, a lot will depend on how well they can NAT punch through two NATs instead of one, and whether both NATs can do UPnP very well.

You can eliminate the airport NAT by changing its router mode to 'off' or 'bridge mode.' This will tell it to pass client traffic (including DHCP) to the modem/router device. Both it and the airport use NAT when in router mode; since you can't change the modem, placing the airport in bridge mode will still provide wifi via the airport, but will eliminate its NAT since it is no longer routing (it'll act like a dumb switch instead).

https://en.wikipedia.org/wiki/NAT_traversal
https://en.wikipedia.org/wiki/Universal_Plug_and_Play
I presently have the Airport in bridge mode but with that configuration, port forwarding doesn't seem to work. I can't see my Macs from the outside world. That's why I was investigating other scenarios.

Thanks all for your suggestions. I'm traveling now but when I return home I'll be sure to do some more fiddling around and report on my successes (or lack thereof).
 
turtle777 Jan 29, 2014 02:22 PM
Quote, Originally Posted by Atheist (Post 4265722)
Thanks all for your suggestions. I'm traveling now but when I return home I'll be sure to do some more fiddling around and report on my successes (or lack thereof).
You could turn to other solutions for outside world access, as long as ou're trying to connect via a Mac (and not cell phone).

E.g.

Screensharing via LogMeIn (free)
VPN via LogMeIn Hamachi (free)

Also, take a look at Slink http://slinkware.com/features/
It offers full remote access to all shared Bonjour services.

-t
 
All times are GMT -4. The time now is 07:09 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2015, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2