Primus Support - Double-NAT

Main Menu

Home

Primus Service Guides

Quick Links

Primus Email/Web Auto-Config

Account Toolbox

Primus Webmail

Primus Webfilter

Primus Terms & Condtions

Live Support

Translation

Home

Networking Guides

Double-NAT

Primus Support

Double-NAT

Double-NAT is an issue where two routers that use Network Address Translation are placed one after the other, this is a common network setup mistake made by people who wish to add wireless without replacing their existing ADSL Modem.

Network Address Translation is a system of IP-Masquerading that is used to allow multiple hosts (computers) to use a single public IP Address to access the Internet. It works by re-writing the source and destination addresses of IP packets as they pass through a router to allow the router to pass the data to the appropriate host on the Internal network.

By design Network Address Translation will not work properly when there are two levels of Network Address Translation. When you access something on the network, the second router will modify the packet to contain the originating address and the private IP address it was assigned by the first router as its public IP, the first router will then modify the packet to contain the Private IP address of the second router and its real public IP address, as you can imagine when this packet comes back from the destination the routers are going to get a little confused.

Double-NAT will usually handle basic web browsing, and not much more. Sending emails and sometimes receiving emails can be very problematic, and anything more complicated than that is completely out of the question.

The Below diagram shows the kind of setup where you might encounter a Double-NAT issue.

The solution for this issue is to either replace both routers with a single unit that can connect to the Internet and route the traffic to the wireless and wired network, or turn the first modem/router into a bridged modem.

Most ADSL Modems support "bridged" or "half-bridge" modes, which disables all routing & network address translation in the modem. In the case of "bridged" mode you need to establish the PPPoE connection from the second router, if the second router does not support PPPoE then you'll need to use "half-bridge". Half Bridge works by the modem still doing PPPoE/PPPoA to get on-line, except that it pushes the Public IP Address onto the Ethernet connection so it can be used by the second router's wan interface.

You can still encounter some problems with packet fragmentation or other MTU related issues with a two router setup, but these can usually be resolved with a lot of tweaking and a lot of patience.