1. Home
  2. Categories
  3. General
  4. General Help
  5. Any way to avoid double NAT with two routers?

Any way to avoid double NAT with two routers?

  • Gąska
    Banned

    My network topology:

    71e2ea43-980f-468c-9e99-cbb2102b3cfd-image.png

    As long as the less shitty TP-Link router was in AP-only mode, everything was fine. But now I have a range extender that I want to setup as OneMesh device and that only works in router mode.

    So I want to configure the network so that every device can connect to the internet, every device can see each other regardless of which router it's connected to, and none of them is behind a double NAT. I have only vague idea how network configuration works so I need help.

    1. The 2nd router will necessarily have two IPs assigned, right? One for talking to the 1st router and one for talking to the connected devices? No way to have it the same?
    2. How to setup subnets? One inside the other or completely separate?
    3. One router should have NAT enabled and one should have it disabled, right?
    4. Should both routers have DHCP enabled, or only one of them?
    5. The shitty ISP router has a "Cascaded Router" option. This sounds relevant but I was unable to configure it - keep getting the "Cascaded Router Network Address must be a WAN-side subnet" error. Anyone has experience with that and know how to configure it?

    There's an option to connect the PC to TP-Link router instead of the shitty ISP router - and then there will be nothing connected to the first router except for the second router - but I'd rather avoid that due to the cable management needed. But if that's the only way to make it work, I'm okay with it.

    TL;DR: How do I achieve something like bridge mode without enabling bridge mode?

    4
  • cvi

    How to setup subnets? One inside the other or completely separate?
    Should both routers have DHCP enabled, or only one of them?

    DHCP & NAT on only one of them (probably has to be the shitty ISP one). Easiest to let everything be in the same subnet at that point.

    Edit: Technically, you could do just NAT on the shitty ISP one, and let the TP-link one do DHCP. Probably tricker to set up, depending on what configuration options each of the device give you.

    The 2nd router will necessarily have two IPs assigned, right? One for talking to the 1st router and one for talking to the connected devices? No way to have it the same?

    2nd router will have one IP assigned to it, but each of the two devices connected to it will have their own. (So, by your counting it would be three for that subgroup.)

    If you want/need a group of devices to share one IP "outward", you pretty much need to do NAT. (E.g., if the TP-link router + the two wireless devices have to count as one IP towards the ISP router, you need to do NAT on the TP-link router.)

    FWIW- I'm running behind double NAT (technically triple NAT if you count the carrier grade one on the ISP level). Have dealt with shitty ISP routers and don't trust them, hence all of my devices go into my own network.

    6
  • lolwhat
    Fake News

    Is the shitty ISP router absolutely required because it's some modem/router combo? What's the make and model of it, and have you looked online for a manual for it?

    2 Gąska 1 Reply
  • Gąska
    Banned

    @lolwhat you see, here's a funny thing. It's just a single function router. I don't need it for anything. It's absolutely useless to me. But AT&T uses a secret handshake for establishing connection that only their shitty routers knows so I'm forced to use it anyway. It's probably related to the optional $10/month equipment lease charge. And it cannot be set to bridge mode itself - if it could it would solve all problems.

    4 Tsaukpaetra 1 Reply
  • Tsaukpaetra
    Notification Spam Recipient

    @Gąska said in Any way to avoid double NAT with two routers?:

    And it cannot be set to bridge mode itself - if it could it would solve all problems.

    Yeah the closest to that nowadays is to set the DMZ zone ip to the second router.

    If you can't configure your repeater as a client bridge, then might look into alternative firmware for it (what is its model?).

    As others have said, configuring your secondary router as an AP (with DHCP disabled) is the simplest way to reduce the NAT hops. This is easiest to accomplish by setting its LAN IP to something that doesn't conflict with the ISP router's IP, disable DHCP, then (and only then!) connect it in via the LAN ports and not the WAN port (unless your firmware can configure that port to also be a LAN port, natch). The goal here is effectively turning all the actual "routing" features off on all but your main router.

    4
Log in to reply