Orbi WiFi 7 RBE973
Reply

PR60x NAT

Insightava
Aspirant

PR60x NAT

Using a PR60x and can't change the NAT from secured to open - can somebody point me to where this is located in the settings...please?

 

Thanks in advance

Message 1 of 8
schumaku
Guru

Re: PR60x NAT

This is nothing the router does or has to do specifically. This only depends on how your ISP does deal with your connection.

 

Static NAT assigns a fixed public IP address to a private IP address, allowing access to specific devices or services, but exposing them to potential attacks. Dynamic NAT uses a pool of public IP addresses to map to multiple private IP addresses, making it harder to track and monitor the network traffic and activity. Port Address Translation (PAT) uses a single public IP address to map to multiple private IP addresses, while modifying the port numbers to distinguish between different connections. This maximizes IP address utilization and minimizes exposure, but also introduces limitations and challenges such as handling protocols with multiple ports or dynamic port allocation.

 

Message 2 of 8
Insightava
Aspirant

Re: PR60x NAT

My nighthawk routers had a setting, and while using those or my netgear orbi system it could be set to open.  Now that I've transitioned it has been changed to moderate and my ISP hasn't changed....

Message 3 of 8
schumaku
Guru

Re: PR60x NAT

NAT Filtering.

 

Network Address Translation (NAT) determines how the router processes inbound traffic. Secured NAT protects computers on the LAN from attacks from the Internet, but might prevent some Internet games, point-to-point applications, or multimedia applications from working. Open NAT provides a much less secured firewall, but allows almost all Internet applications to work.

 

Know what: This is neither something technical, nor standardized in any way!

 

Now we want to solve the puzzle posed at the beginning - why should there be different NAT types? If you are ever asked by young people addicted to computer games which type of NAT needs to be set on the XBox or the router and you frantically look for the standardized description of “Open NAT” on the website https://tools.ietf.org/, “ Search for “Strict NAT” and “Moderate NAT” and don’t find them: this division into three “NAT types” is not a technical standard at all, but rather an invention by Microsoft. The game console manufacturer uses this distinction to define the different port forwarding techniques that are used for said online games.

The different NAT types:


Type 1, Open NAT: Any IT system on the Internet can establish connections to the ports and thus the PC in your network.
Type 2, Closed NAT: An IT system from the Internet can only establish a connection to the ports and the PC in your network if the local system has previously initiated the connection - the "classic" NAT and masquerading.
Type 3, Moderate NAT: Your router only forwards a specific IT system from the Internet to any port on your PC.

 

There are plenty of instructions on the Internet on how to set which NAT type on certain routers or game consoles - and online gamers are often overwhelmed trying to find the "right" settings for their system. On some websites it also says:

«Should I use UPnP, Port Forwarding, or both? Whenever possible, use UPnP. Port Forwarding should only be configured when you cannot use UPnP. It is not recommended to enable both UPnP and Port Forwarding at the same time.»

 

Said that much: Your Router is Type 3 - Closed NAT, but (of course) does allow you to configure port forwarding, so making it Type 3, Moderate NAT.

 

A discussion which does not exist in the business router class.

 

Where does the ISP come into this game? Not all Internet connections are exposed and reachable direct from the wild Internet. With the lack if available public IPv4 network subnets, ISPs started to deploy things like Carrier-Grade NAT. Here your router does not get a public IP address directly assigned, instead some deploy an IP address from the 100.64.0.0/10 network, very "cheap" ones deploy RFC 1918 Private Internet Addresses. In either way, it's not reachable from the wild Internet.

 

This does become a problem if people try to configure IPv4 NAT port forwarding on their routers, but no connection can -ever- be established successfully. This makes up the much bigger problem then these gamer theories from above.

 

And this is where a correct deployed IPv6 network (from your ISP) comes into play. Mind you: No more NAT, no protection, except if you have a good firewall allowing to configure IPv6 firewall rules. Now all IPv6 traffic can reach direct your whatever device you have connected to your network!

Message 4 of 8
Insightava
Aspirant

Re: PR60x NAT

I appreciate the info…

 

We have multiple Netgear routers that have a NAT setting that allows us to select ‘open’.

 

Does anybody know how to do this on the Pr60x ?

Message 5 of 8
schumaku
Guru

Re: PR60x NAT

Why oh why do are you so keen to have a NAT router where outgoing LAN->Internet connections remain kind of open for the same ports, previously used e.g. from surfing the Internet, allowing using the same connection unfiltered for Internet->>LAN? This is what Open NAT means. Makes zero sense from the security prospective.

 

Mark the other products as consumer junk please regardless of the brand. Or put the warning on it that the admin does obviously not understand what he does.

 

If this control isn't there, it can't be enabled "by accident".

 

Open does just keep the pure NAT on, the firewall will be completely disabled. Yes, I know, a lot of consumer garbage allows such stupid settings. Zero added value, zero added security ... just introduce yet another non-mitigated risk.

 

Do you know the difference between a pure NAT router and a firewall?

Message 6 of 8
Insightava
Aspirant

Re: PR60x NAT

Please stop - I'm asking for help with a simple question.  If you don't know where its at in the settings then move along to the next post.

Message 7 of 8
FURRYe38
Guru

Re: PR60x NAT

I know on home class NG routers, NAT Filter located under Advanced Tab/Setup/WAN Setup is where you can change from Secure to OPEN. Not sure if the PR series has this feature. Look around the WEB UI for something NAT Filter and see. I presume if you don't see this feature on the PR, then maybe something not supported. Most Nighthawk and Orbi home class systems has this feature. 


@Insightava wrote:

Using a PR60x and can't change the NAT from secured to open - can somebody point me to where this is located in the settings...please?

 

Thanks in advance


 

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 757 views
  • 1 kudo
  • 3 in conversation
Announcements