Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Is double NATing a problem?


16 posts

Geek
Topic # 108777 5-Sep-2012 13:51 Send private message

As per my other recent postings, I run a Draytek Vigor120 modem currently in standard modem mode behind a Netgear WNDR4500 wirless router. I'd switch to PPPoE pass through mode, but the downside of that is losing the web interface to the V120. Conversley, the downside of sticking with the standard modem mode is that I'm double NATing.

The question is whether double NATing is (i) a significant / fundamental / performance degrading problem that ought to be avoided if at all possible, or (ii) something I needn't worry about in everyday domestic use with a few wired and wireless devices around the house being used for web browsing, emails, Skype VOIP and the occassional media streaming?

Is there a clear answer on this, based on which I can make the decision in which mode to run the V120?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2Next
1394 posts

Uber Geek
  Reply # 681818 5-Sep-2012 14:19 Send private message

Double NAT is not ideal, however if you are predominantly using outgoing connections - web browsing, email etc, you'll probably be just fine.

A friend of mine set up his home this way several years ago (had been donated some equipment, and wanted to use it!), and it's been no problem.

I've not used a WNDR4500 - is it possible to put this in bridge mode or similar, so only the Draytek is doing NAT?

6943 posts

Uber Geek

Trusted
Subscriber
  Reply # 681824 5-Sep-2012 14:29 Send private message

Short Answer: Use PPPoE passthrough and add a static route in the Netgear so it knows how to get to the modem ip address range so you can access the web admin.

6943 posts

Uber Geek

Trusted
Subscriber
  Reply # 681828 5-Sep-2012 14:34 Send private message

Long Answer:

NAT

Network address translation breaks end to end connectivity.

Without "tricks" a client behind NAT on one connection can't connect to a a client behind NAT on another connection directly.

An application acting as a server listening for connections behind NAT won't receive any connections unless the router has a port forward to pass them on.

This doesn't really effect general web browsing or email because you are connecting to a hosted server that's not behind NAT.

Over time other client to client (or p2p) applications have worked around this by using a server as the middle man, (eg: messenger, skpye etc) register with a server on the internet first and then either proxiy the connection between the two clients via the server or match make the ports being used by the connection (outgoing connections put records in your routers NAT table) so direct communication can occur.

Additionally UPNP and NAT-PMP protocols were invented so clients/apps could dynamically request routers forward ports allowing apps to wait for connections and actually receive them behing NAT

Double NAT

If port forwarding manually you have to port forward twice in two devices, from modem to router and then from router to pc/device

You can see how double NAT would prevent UPNP and NAT-PMP from working because your app will only request a port be forwarded in the router not in the modem.

This mostly affects p2p and gaming, most console games use a p2p system for match making and hosting. If you are behind NAT and UPNP/NAT-PMP can't open a port you can't host very well and as above behind NAT can't join behind NAT hosts.

It can also affect VPN client software, some VoIP protocols, FTP

277 posts

Ultimate Geek

Trusted
  Reply # 681859 5-Sep-2012 15:11 Send private message

Considering the very minor nuisance of not being able to access a web interface in which no settings take effect anyway, I don't think it's a remotely tough decision. Use passthrough, avoid Double NAT.




I work for SnapperNet providing Tech Support for DrayTek modem/routers, Edge-core switches, Mobotix high-res IP cameras, QNAP network storage, Yeastar IP PBXs & more.
Anything I say is my own opinion and not necessarily that of Snapper Network Distributors

838 posts

Ultimate Geek

Trusted
Subscriber
  Reply # 681916 5-Sep-2012 16:48 Send private message

You should only need to look at the web interface of the DV120 when there is something wrong, so use passthrough




Hmmmm

2436 posts

Uber Geek

Trusted
Subscriber
  Reply # 681940 5-Sep-2012 17:40 Send private message

Double NAT will add to latency (although not much) but will be mostly noticable in real time traffic like VOIP, online games, skype etc.





1072 posts

Uber Geek

Subscriber
  Reply # 681972 5-Sep-2012 19:18 Send private message

Ragnor: Short Answer: Use PPPoE passthrough and add a static route in the Netgear so it knows how to get to the modem ip address range so you can access the web admin.


+1

There is nothing stopping you seeing the stats page. Just add a static route.



16 posts

Geek
  Reply # 682077 5-Sep-2012 23:31 Send private message

Thank you all .... looks like it's a "no brainer" ...... pass-through + static route.

8904 posts

Uber Geek

Trusted
Subscriber
  Reply # 682084 6-Sep-2012 00:03 Send private message

Double nat will totally break upnp on the network, even if you DMZ the second router, it still doesnt know what the external IP address is.




Richard rich.ms



16 posts

Geek
  Reply # 682313 6-Sep-2012 13:27 Send private message

Forgive me for perhaps asking a dumb question as a newbie .... but where do I configure the Telecom NZ settings for VPI / VCI / Encapsulation / Modulation? .... assuming they are still necessary in passthrough mode. I'm assuming it's not in the V120 modem, but I can't see where in the WNDR4500 router settings that I would do this.

2436 posts

Uber Geek

Trusted
Subscriber
  Reply # 682354 6-Sep-2012 14:25 Send private message

No those VPI/VCI you set in the Draytek







16 posts

Geek
  Reply # 682800 7-Sep-2012 13:18 Send private message

OK ...thanks

368 posts

Ultimate Geek
  Reply # 682985 8-Sep-2012 01:25 Send private message

Just as a voice from the other side, I'd say NAT'ing and double NAT are not an issue if you have a 'known' environment and are able to provide the required services without issues.

I would not spend money just to half-bridge/bridge to a firewall/router unless there was a reason to do so and/or NAT'ing gave you problems.

I have a TP-LINK 8840, 8840T, Linksys WAG120N and Thomson TG585v8.

The TP-Link 8840 can provide a half-bridge and I seem to remember setting it up as such as a test ages ago.

But the 8840 and 8840T have a slow ADSL2 speed, down 1Mbit (download) on the Linksys WAG120N and Thomson TG585v8 in my environment. (I can spit onto the VDSL2 boundary [sigh] but miss out re: distance to exchange)

So in my case half-bridge and lose 1Mbit and VLANs or use NAT and gain 1Mbit and in the case of the Thomson TG585v8, VLANs.

I use my Thomson TG585v8 as a modem/router and have configured VLANs on it and as such a half-bridge is not an option. By having VLANs on my modem I can 'fork' traffic to my private and/or guest LAN routers depending on usage and never the two networks will meet at the network layer.

My NAS is accessible via WiFi to guest network(IP network) if required.

There are services to provide Global to Private IP addresses in the form of DDNS and all of the TCP/UDP ports I use operate effectively using NAT (mainly PPTP and OpenVPN) and even PAT**.

25 - 30ms response time using ADSL2+ and NAT over ~100km to speedtest.net server is not bad in my book.
The 30ms is using a notebook on WiFi 15m from the router.


** TP-Link 8840 TCP/UDP port addressing probably stops at somewhere around 4096, so using PAT on high ports (6000+) to 'well known' ports does not work. BUT it does work on a TG585v8 ;-)

2228 posts

Uber Geek

Trusted
Subscriber
  Reply # 682986 8-Sep-2012 03:01 Send private message

^as above

I have run double NAT in the past for many years until I bought DGND3700 2 years back. For games, I forwarded both routers. As long as it does not cause any trouble, you can keep the current setup.





6943 posts

Uber Geek

Trusted
Subscriber
  Reply # 684007 10-Sep-2012 17:40 Send private message

nakedmolerat: ^as above

I have run double NAT in the past for many years until I bought DGND3700 2 years back. For games, I forwarded both routers. As long as it does not cause any trouble, you can keep the current setup.


Not so bad for 1 game, 1 player but it compounds the more games and players you have behind the double NAT.

I would argue manually port forwarding twice for every port that needs to act as a server and every player behind the double NAT is tiresome and annoying. Also means you have to use static ip addressing for clients or at least static by mac address.

 1 | 2Next
View this topic in a long page with up to 500 replies per page Create new topic





Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
New Zealand game developers conference expects big audience
Posted 20-Jun-2013 09:21

Vodafone launches 4G in Queenstown ahead of Winter Festival
Posted 20-Jun-2013 08:52

AVG Technologies launches AVG CloudCare in Australia and New Zealand
Posted 20-Jun-2013 08:42

Investor Rowan Simpson backs Timely
Posted 19-Jun-2013 14:36

Orcon Genius Go app set home lines free
Posted 19-Jun-2013 14:26

New Slingshot "Global Mode" gives access to world of content
Posted 19-Jun-2013 13:00


Trending now »
Hot discussions in our forums right now:

Sky outbid for EPL rights (Premier League Pass discussion)
Created by JonnyCam, last reply by yitz on 20-Jun-2013 20:21 (294 replies)
Pages... 18 19 20

Orcon Genius Go discussion
Created by freitasm, last reply by MadEngineer on 20-Jun-2013 19:20 (99 replies)
Pages... 5 6 7

I am been sued - HELP!
Created by BaaaaD, last reply by turnin on 20-Jun-2013 20:13 (78 replies)
Pages... 4 5 6

Polar Blast
Created by BlueShift, last reply by blakamin on 20-Jun-2013 21:09 (31 replies)
Pages... 2 3

Condenser Dryer: anyone has one?
Created by joker97, last reply by graemew on 18-Jun-2013 21:08 (31 replies)
Pages... 2 3

Slingshot Global Mode announced
Created by freitasm, last reply by richms on 20-Jun-2013 20:49 (61 replies)
Pages... 3 4 5

Slow YouTube Response
Created by SneakerPimps, last reply by mercutio on 18-Jun-2013 21:34 (23 replies)
Pages... 2

Sky News UK now streaming on Apple TV
Created by steve98, last reply by jarledb on 20-Jun-2013 12:00 (19 replies)
Pages... 2


Geekzone Jobs »
Most recent NZ jobs in technology:

Mobile Developer - iOS
Posted 20-Jun-2013 16:38

Systems Administrator
Posted 20-Jun-2013 16:38

Senior SharePoint Developer
Posted 20-Jun-2013 16:38

Mobile Developer - Android
Posted 20-Jun-2013 16:38

B2B Service Executive
Posted 20-Jun-2013 15:38

Systems Administrator
Posted 20-Jun-2013 15:38

Solutions Architect
Posted 20-Jun-2013 15:38


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.