NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Double NAT configuration
I'm having trouble configuring my RBE971 as a router behind my modem/router, which is itself configured as a router. I want to retain some of the router functions of my modem/router, but also benefi...
I thought I had replied, but I realize my message didn't go through. So, I'll start again...
Thank you very much for your analysis.
The 10G hub is a Zyxel XS1930-10.
I just tried again by connecting the RBR's WAN port directly to the router. The result is the same.
I also tried changing the RBR from 192.168.16.1/20 to 192.168.0.1/24. Same result.
I also tried solution #2, without success. I finally gave up :(
Ultimately, since I wanted to be able to take advantage of certain RBR features not available in AP mode, I implemented the following solution:
- the box in router mode at 192.168.1.0/24, to benefit from certain features and manage my wired PCs over 10G,
- the RBR in router mode at 192.168.16.0/20 to manage my numerous Wi-Fi devices, but without using the router function,
- a PC on both networks with dnsmasq to serve everyone via DHCP and DNS, and configured as a gateway to the box.
I'm not marking the thread as resolved because I haven't achieved exactly what I wanted...
I've had my 970 series in double NAT many times. Behind a 192.168.0.1 router leaving the 970 router at 192.168.1.1 in full router mode. If I do this kind of configuration i typically use the 192.168.0.1's DMZ for the 970 router. Have zero issues using this configuration.
I've never changed the NAT Filter on either upstream or downtreamrouter, you can try this however it may not effect anything.
The 10G hub is a Zyxel XS1930-10.
I just tried again by connecting the RBR's WAN port directly to the router. The result is the same.
I also tried changing the RBR from 192.168.16.1/20 to 192.168.0.1/24. Same result.
I also tried solution #2, without success. I finally gave up :(
Ultimately, since I wanted to be able to take advantage of certain RBR features not available in AP mode, I implemented the following solution:
- the box in router mode at 192.168.1.0/24, to benefit from certain features and manage my wired PCs over 10G,
- the RBR in router mode at 192.168.16.0/20 to manage my numerous Wi-Fi devices, but without using the router function,
- a PC on both networks with dnsmasq to serve everyone via DHCP and DNS, and configured as a gateway to the box.
I've never changed the NAT Filter on either upstream or downtreamrouter, you can try this however it may not effect anything.Not on option on the 870. Are you seeing this on the 970? If so, where?
I've had my 970 series in double NAT many times. Behind a 192.168.0.1 router leaving the 970 router at 192.168.1.1 in full router mode. If I do this kind of configuration i typically use the 192.168.0.1's DMZ for the 970 router. Have zero issues using this configuration.
I double-route because my set top boxes only work with my ISP router, and the ISP router doesn't provide OpenVPN.
Port forwarding isn't a problem. But there are some other drawbacks. One is that the ISP router's wifi can't reach my set top boxes (which only have wifi interfaces), so I need to set up a separate mesh for that - using an RBK50 as an AP. So I end up with two competing meshes. Also some features of the set box (casting being one) require connecting my phone to the RBK50 network, instead of connecting to the normal 870 network.
Netgear could make some fairly easy improvements to the Orbi features that would let me fully integrate the network:
- They could make openVPN and DDNS available in AP mode
- They could let me turn off NAT filtering - letting me use a subset of the ISP's router local network addresses on the 870.
There are no technical reasons why these changes couldn't be made.
I guess I could just deploy a VPN server, but overall I do prefer Orbi's management interface.
Although I suspect adonf06 might be wanting a different set of functions than I do, I do understand his frustration.
NET Filter can't be turned OFF or disabled of course, just changed. Open Or Secure. Open is the older version of Full Cone NAT. Secure is newer generation Strict Cone NAT. Though in AP mode NAT would be technically disabled since AP mode disable all routring and filtering. I presume for security reasons, NG may not want to have a disable opton while in router mode. Done lots of research and testing with NAT Filtering and NAT over past years. Especially in gaming.
Also I presume that for general use and ease of operation, some features we would like to see may not be in high demand or common place for general users. Most users just want the system to be easily setup and work. Advanced features, well, all that is up to NG. I personally would like to see power adjustments return on the BE series. Was very helpful in troubleshooting too many RBS deployed and placement in smaller homes. Ran in to a recent issue having two systems online at the same time so I had to remove one BE system and revert to a AXE system to help avoid interferences in testing.
Some features are also meant to be ran in router mode so AP mode maybe more limited and not have a need for some features that are seen in router mode and some users should look at the host features and reqirements seen there and make a good choice on what modes they should and can use. Many different configurations out there. Just have to find what works best.
My 2 cents.
NAT Filter can't be turned OFF or disabled of course, just changed
Lots of routers (including L3/L4 managed switches) don't have NAT, so there is no technical reason why it can't be disabled. Of course it normally shouldn't be disabled when it is an edge router on a home network. But it is a way to avoid double-NAT.
It would not be easy to make openVPN and DDNS available in AP mode.
Both services can be deployed on a PC behind a NAT router (as long as the openVPN ports are forwarded to that PC). So they can work in AP mode (again as long as the TAP and TUN ports are forwarded).
Granted these are advanced and niche features, but these are very expensive routers in the prosumer price range. So IMO more advanced configs should be supported.
