NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jasperx's avatar
jasperx
Tutor
Nov 18, 2019

Best Option with equipment in hand to build a network that isolates the iOT devices. RBR50

My setup is working well but it is not secure enough to support using it for a home business.  My existing equipment is the RBK 53 setup in AP mode hooked to a Pace 5286 AC Router/Modem that brings i...
FURRYe38's avatar
FURRYe38
Guru - Experienced User
Nov 18, 2019

You may run into NAT problems in that configuration:

https://kb.netgear.com/30186/What-is-Double-NAT

http://computer.howstuffworks.com/nat.htm
http://www.practicallynetworked.com/networking/fixing_double_nat.htm
http://www.dslreports.com/shownews/Networking-101-The-DMZ-137550

 

Also having that many wifi sources running near by may make wireless surroundings noise and be problematic sometimes. If you can keep channesl far appart between two systems, this can work. I.e Orbi system 1 would need to be on channel 1 on 2.4Ghz and 36 on 5ghz. Orbi system #2 would need to be on channel 11 on 2.4ghz and 48 on 5Ghz. 

 

Placement will be key as well. 30 feet is recommended in between RBR and RBS to begin with depending upon building materials when wirelessly connected.

  • jasperx's avatar
    jasperx
    Tutor
    Nov 18, 2019

      I was aware of NAT behind NAT issues for some setups but had gotten steered in this direction by a post that you can see at this link DSLReports .  The thing that was different in this NAT behind NAT from what I have seen before is that there are 3 networks.

    The first network is created by the modem/router  192.168.1.xx

    to which each Orbi 1 occupies 192.168.1.100 and Orbi 2 occupies 192.168.1.101. Nothing else connects to 192.168.1.xx.

    Orbi 1 is connected to the modem/router with cable to it's WAN port... same with Orbi 2.  The Orbi 1 in turn creates a new network with the range of 192.168.2.xx and the Orbi 2 creates 192.168.3.xx.  There is no overlap of IP addresses being issued by the routers... three totally separate networks.

    The post that recommends this setup is widely referenced in the forum and no challenge to the NAT behind NAT approach is mentioned  at DSLReports.  That does not make it right but it looked credible enough for me to give the idea more consideration.  I may head back over there and ask for a little more detail on how the setup avoids the NAT behind NAT issue.

     

    Interference issues with the setup are helped by:

    1). Orbi sats are much more than 30' from each other and more than 30' from the Orbi routers.  The sats are not on the same floors of the building with the routers which would be located in the attic.

    2). The two Orbi bases (routers) potentially are close to each other and close to the Pace modem router. The plan here would be that the Pace modem/router would have wifi turned off and the connection to the Orbi routers would be cat 6.

    3). My diagram shows setting one Orbi router to Chan 1 and the other Orbi router to Chan 11.  Thank you for adding in the 2.4 GH channel suggestions 36 and 48.  If a problem showed up due to proximity of the two Orbi routers the plan will be to simply turn off the wifi on the second Orbi.  A wifi connecton on the business network is nice but not necessary.    In this setup, I could probably save some money and just use a router that has no wifi.

    • jasperx's avatar
      jasperx
      Tutor
      Nov 18, 2019

      Whoops!  A closer look at the last page of the DSLReports article does get into issues with the setup.

       

      "... the tradeoff in this setup is the difficulty in handling Internet services where requests originate from machines someplace else on the internet.  Allowing inbound traffic means opening holes in two firewalls."

       

      I am not at all sure if we need requests coming from outside our LAN.  I am not webserving or gaming.  What needs this?

       

      I am starting to think I need ATT to add a second line to the house and just have two entirely separate setups.  It sure seems like there is a problem here in need of a solution which does not look like subscription to a security service based in Romania or Russia or the Ukraine.

       

    • FURRYe38's avatar
      FURRYe38
      Guru - Experienced User
      Nov 18, 2019

      The NAT problem would be with both Orbi routers behind the ISP modem/router. There is NAT on the modem and NAT on each of the Orbi routers. 1 router you can help avoid NAT issues by using the modems DMZ for 1 of the Orbi routers. Unfortunately DMZ only allows for 1 device to be connected in the DMZ. 

       

      I would keep the base Orbi's far appart from each other as possible. I would recommend 20 feet or more if possible. You can have longer running LAN cables from the modem out to each Orbi base router. 

       

      Another option to help avoid double NAT on one of the systems, Say Orbi system 1, Use that system in AP mode. Then use the Modems router as the main router for that wifi system. Then Orbi system 2, use in router mode and put that in the modems DMZ. Just a suggestion.