Double Trouble: How to Deal with Double NAT on Your Network - Practically Networked (2024)

Table of Contents
NAT vs. Double NAT The Remedy Network Address Translation (NAT) Double NAT WAN and LAN Port Forwarding and UPnP Bridge Mode DMZ (Demilitarized Zone) Double NAT Remedies

If something is good, then doubling it usually makes it even better (Double Stuf Oreos are one example that comes to mind). But when it comes to Network Address Translation (NAT), the mainstay of most home networks, double doesn’t necessarily equal better.

NAT is definitely a good thing; it allows multiple devices to share a single IP address (without it we would have run out of IP addresses long ago) and it helps limit a network’s exposure to the Internet. But depending on the type of Internet access equipment you have or have been given by your ISP, you may encounter a situation known as double NAT, which isn’t so good. While double NAT doesn’t generally have any ill effects on run-of-the-mill network connectivity — Web browsing, e-mail, IM, and so forth — it can be a major impediment when you need remote access to devices on your network (such as a PC, network storage device (NAS), Slingbox, etc.).

NAT vs. Double NAT

Before we delve more into what double NAT is, how to identify it, and how to correct or compensate for it, let’s first briefly review how NAT works.

See Also
How do I find out if my ISP has put me behind a NAT. Will Dynamic DNS work with my ISP?Double NAT: What Is It & How to Fix It? - PureVPN BlogEdovia SupportWhat is UPnP and is it Safe?

In a typical home network, you are allotted a single public IP address by your ISP, and this address gets issued to your router when you plug it into the ISP-provided gateway device (e.g. a cable or DSL modem). The router’s Wide Area Network (WAN) port gets the public IP address, and PCs and other devices that are connected to LAN ports (or via Wi-Fi) become part of a private network, usually in the 192.168.x.x address range. NAT manages the connectivity between the public Internet and your private network, and eitherUPnPor manual port forwarding ensures that incoming connections from the Internet (i.e. remote access requests) find their way through NAT to the appropriate private network PC or other device.

By contrast, when NAT is being performed not just on your router but also on another device that’s connected in front of it, you’ve got double NAT. In this case, the public/private network boundary doesn’t exist on your router — it’s on the other device, which means that both the WANandLAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far — they arrive at the public IP address on the other device, where they’re promptly discarded.

One example of a likely double NAT scenario is if you’ve ditched your landline phone in favor of Internet-based phone service (such Ooma or Vonage), and as a result have a VoIP adapter plugged in between your ISP-supplied equipment and your router. Another is when your ISP gives you a DSL/cable modem with an integrated LAN switch (i.e. more than one LAN port) and/or wireless access point, and you connect your own router to it.

The Remedy

To check for double NAT on your network, log into your router and look up the IP address of its WAN port. If you see an address in the 10.x.x.x or 192.168.x.x range (both of which are private) it means that the device your router’s WAN port connects to is doing NAT, and hence, you’re dealing with double NAT.

There are a several options available to correct — or circumvent — a double NAT situation. If the culprit is your ISP-supplied equipment, you may be able to access the device’s configuration interface via a browser and set it up to work in “bridge” mode. This will disable NAT on the device and essentially make it transparent on the network so your router will receive the public IP address and perform the NAT function on its own. Instructions on how to activate bridge mode for your specific device can usually be found on the ISP’s or device manufacturer’s support site, but if you can’t find the information or aren’t comfortable making the change, an ISP’s phone tech support will often do it for you on request (or at least walk you through it).

If, on the other hand, your double NAT is being caused by a third-party piece of equipment that needs to be connected in front of your router (the aforementioned VoIP adapters usually require/recommend this for quality-of-service reasons), eliminating double NAT really isn’t an option– but you can still get around it.

One way to compensate for double NAT is to set up separate port forwarding rules on each device so that incoming traffic is shepherded through both layers of NAT. So for example, on the first NAT device (the one closest to your Internet connection) forward the port(s) you need to the IP address ofyourrouter’s WAN port. Then on your router, forward the same port(s) to the address of the device you need to reach.

If you have a lot of ports to forward, doing them individually can get a bit cumbersome, so a simpler method is to configure the first NAT device to make your router’s IP address the DMZ. This will hustle all incoming traffic through the first layer of NAT no questions asked, but when it hits your router it will be filtered or forwarded as appropriate.

Double Trouble: How to Deal with Double NAT on Your Network - Practically Networked (1)

Eric Geier

Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, providing a cloud-based Wi-Fi security service; Wi-Fi Surveyors, providing RF site surveying; and On Spot Techs, providing general IT services.

Sure, let's dive into the concepts mentioned in the article and expand on them:

Network Address Translation (NAT)

NAT is a fundamental process in networking that allows multiple devices within a private network to share a single public IP address. Without NAT, the depletion of available IP addresses would have occurred far earlier. It works by managing connectivity between the public Internet and private networks, assigning private IP addresses to devices within the local network and translating them to the public IP address when communicating externally.

Double NAT

Double NAT occurs when Network Address Translation is being performed not only on the primary router but also on another device connected in front of it. In this scenario, both the WAN and LAN sides of the router are within private networks. It becomes problematic when trying to enable remote access to devices within the network because incoming connections get trapped or discarded at the intermediary device performing NAT before reaching the router.

WAN and LAN

Wide Area Network (WAN) refers to the external network interface of a router that connects to the Internet, receiving the public IP address. Local Area Network (LAN) encompasses the private network created by the router for internal devices, usually in the 192.168.x.x or 10.x.x.x address range.

Port Forwarding and UPnP

Port Forwarding and Universal Plug and Play (UPnP) are methods used to direct incoming connections from the Internet to specific devices within a private network. Port forwarding involves manually configuring router settings to direct incoming traffic to a designated device or service, while UPnP automates this process by allowing devices to set up port forwarding themselves.

Bridge Mode

Bridge mode is a configuration setting that disables the NAT functionality on a device, effectively making it transparent on the network. When the primary router receives the public IP address and performs NAT independently, it resolves the double NAT issue.

DMZ (Demilitarized Zone)

The DMZ feature allows all incoming traffic to be directed to a specific device within the network. Setting the router's IP address as the DMZ on the primary NAT device can help streamline incoming traffic through both layers of NAT.

Double NAT Remedies

The article suggests several remedies for double NAT:

  1. Bridge Mode: Configure the ISP-supplied device to operate in bridge mode to disable its NAT functionality.
  2. Port Forwarding: Manually set up port forwarding rules on each NAT device to allow incoming traffic to pass through both layers.
  3. DMZ Configuration: Direct incoming traffic to a specific device (e.g., the router) by setting its IP as the DMZ on the primary NAT device.

The author, Eric Geier, not only explains the technical aspects but also provides practical solutions based on specific scenarios, drawing on his expertise as a freelance tech writer and founder of tech service companies dealing with networking, Wi-Fi security, and general IT services.

Double Trouble: How to Deal with Double NAT on Your Network - Practically Networked (2024)
Top Articles
200 PI to NGN - Exchange - How much Nigerian Naira (NGN) is 200 PiCoin (PI) ? Exchange Rates by Walletinvestor.com
How to Pass Your Aptitude Test
Informações sobre classificação de jogos - ESRB | Xbox
Crítica do filme de injustiça
Latest Posts
Can Drones See Inside Your House?
0.05 ETH to GAS - Exchange - How much Gas (GAS) is 0.05 Ethereum (ETH) ? Exchange Rates by Walletinvestor.com
Article information

Author: Edwin Metz

Last Updated:

Views: 6068

Rating: 4.8 / 5 (58 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Edwin Metz

Birthday: 1997-04-16

Address: 51593 Leanne Light, Kuphalmouth, DE 50012-5183

Phone: +639107620957

Job: Corporate Banking Technician

Hobby: Reading, scrapbook, role-playing games, Fishing, Fishing, Scuba diving, Beekeeping

Introduction: My name is Edwin Metz, I am a fair, energetic, helpful, brave, outstanding, nice, helpful person who loves writing and wants to share my knowledge and understanding with you.