Double NAT

[maine-iac]

Has anyone tried MJ behind a double NAT?

[HolmanGT]

What is a double NAT?

[LikeMagic]

Double NAT = router behind another router!

In theory, it should work as long as each router (NAT) handles SIP ALG correctly. I used to have double NAT and all internet requests are handled correctly.

[HolmanGT]

LikeMagic,

Duh! why didn't I think of that? No seriously I probably should have said what does that do for you OK as long as we are being picky what does it do for your Network?

[LikeMagic]

Double NAT allows you to separate "LAN group A" from "LAN group B". Each LAN group's PCs can see/share files/printers in the same group but not to/from the other group. Each LAN group could both get on the internet.

People who know what they are doing use double NAT for LAN group's privacy.

Some people (who aren't too technical) connect 1 router behind another router just to get more LAN ports and unintentionally create 2 separate LAN groups and then complain why one LAN group's PCs could not see the other LAN group's PCs. If they want to use a second router (for more LAN ports) behind the first router, the second router should be set as "bridge" (extension) mode. In "bridge" mode, the router's NAT & DHCP functions are turned off. All LAN PC connections are passing back to the first router for service (NAT, DHCP) and all PCs stay in the same LAN group.

[HolmanGT]

LikeMagic,

Isn't that description you gave what they call virtual lans? Can you do that with two regular routers?

I am trying in my head to see the hook up. The only thing I can imagine is on port on the first router feeds the WAN port on the second router - oh hell this is giving me a headache. I don't have a clue how you would even hook something like that up unless the you have a single router that has that built in.

It is OK if you don't respond, I have a funny feeling this is way over my head anyway.

But thanks for the attempt to spoon feed a bade in the woods.

[LikeMagic]

LikeMagic,

Isn't that description you gave what they call virtual lans? Can you do that with two regular routers?

No. Virtual LAN is a LAN spreading across the public internet via VPN. For example, I could use VPN to connect from home (via public internet) to my WORK LAN. So technically I'm in a virtual LAN.

I am trying in my head to see the hook up. The only thing I can imagine is on port on the first router feeds the WAN port on the second router

That is correct! You got the idea!

- oh hell this is giving me a headache. I don't have a clue how you would even hook something like that up unless the you have a single router that has that built in.

It is OK if you don't respond, I have a funny feeling this is way over my head anyway.

But thanks for the attempt to spoon feed a bade in the woods.

If you're starting to get a headache, take 2 Tylenols and call me in the morning

[HolmanGT]

OK Bones,

2 Tylenols - your as bad as the Doctor that I do go to. they always want you to take Tylenol or Aspirin and keep the "Good Drugs" for themselves. I want a Valium the size of an all-day sucker. Then when I have to deal with things like double NATs I can just take a lick and I will no longer care if my feeble mind can grasp the concept or not.

Also if you take enough licks even terms like "virtual reality" will begin to make sense. "Virtually Reality" makes about as much sense as "Jumbo Shrimp" it is either one or the other but not both.

No I haven't been drinking, this is just my usual late night mental aberrations taking over so I think it is time to "Say Goodnight Gracie ..."


Oh - by the way LikeMagic did you read the post by "alambro1", located here: http://www.phoneservicesupport.com/jitt ... -t917.html

I also tried it and posted my experience. I am curious to see what you think of it.

[LikeMagic]

Oh - by the way LikeMagic did you read the post by "alambro1", located here: http://www.phoneservicesupport.com/jitt ... -t917.html

I also tried it and posted my experience. I am curious to see what you think of it.

I'm jumping over there now!

[semicharm]

Some people (who aren't too technical) connect 1 router behind another router just to get more LAN ports and unintentionally create 2 separate LAN groups and then complain why one LAN group's PCs could not see the other LAN group's PCs. If they want to use a second router (for more LAN ports) behind the first router, the second router should be set as "bridge" (extension) mode. In "bridge" mode, the router's NAT & DHCP functions are turned off. All LAN PC connections are passing back to the first router for service (NAT, DHCP) and all PCs stay in the same LAN group.

No, in cases like this, they should be using a switch rather than a second router. There dead simple to setup and cheaper too!

[maine-iac]

Some ISPs give out private IP addresses, which are NATed, instead of public addresses. Hence, if you connect your own router in, your network becomes double NATed. This can cause problems for some applications, especially if you want to run a server of some kind.

[LikeMagic]

Some people (who aren't too technical) connect 1 router behind another router just to get more LAN ports and unintentionally create 2 separate LAN groups and then complain why one LAN group's PCs could not see the other LAN group's PCs. If they want to use a second router (for more LAN ports) behind the first router, the second router should be set as "bridge" (extension) mode. In "bridge" mode, the router's NAT & DHCP functions are turned off. All LAN PC connections are passing back to the first router for service (NAT, DHCP) and all PCs stay in the same LAN group.

No, in cases like this, they should be using a switch rather than a second router. There dead simple to setup and cheaper too!

I totally agree with you here. A switch or even a hub would work much better than a router in this situation. However, some people are either lazy or cheap or NAT impaired they have no spare switch/hub but see a spare router with LAN ports laying around and they will use it I provide tech support to many people and I see this issue all the times

[Stewart]

Most any router can be used as a 4-port switch. Just turn off its DHCP server, set its LAN IP to not conflict with addresses on your LAN, connect one of its LAN ports to a LAN port on your main router, leave the WAN port empty. If the extension router has wireless, it can also function as an access point.

[sbb]

Virtual LAN is a LAN spreading across the public internet via VPN. For example, I could use VPN to connect from home (via public internet) to my WORK LAN. So technically I'm in a virtual LAN.

This is not correct. A VPN is a Virtual Private Network or a means of tying a remote device into a LAN Securely over the Internet.

A VLAN is a means of separating ports on a switch to individual LANs. As in ports 1 to 4 are VLAN1 and 5 to 8 are VLAN2. It is useful in that traffic on VLAN1 will not cross to VLAN2 without a router. It is a quick and very effective means of maximizing bandwidth by isolating traffic to only the appropriate devices rather than crossing the entire network. If you have a group of devices generating a lot of traffic you can prevent that traffic from affecting the rest of your LAN by placing them on their own VLAN.

[LikeMagic]

Ok, you got me. I was trying to give a quick & simple answer to HolmanGT, trying not to give him too much headache

However, my answer was not totally off base. I was trying to pick VPN as a commonly known virtual LAN variety. Here's the VLAN definition on WiKi:
"A VLAN is a partitioning of a network into multiple subnets using a VLAN ID. The partitioned network can be on a single router, can be on multiple routers that would otherwise form a single network, or can be on a VPN"

[HolmanGT]

OK guys - don't fight over it that HolmanGT ain't worth it.

My only exposure to Virtual LANs was in my work. All my machine control center were put on a VLAN by the [s]Gestapo[/s] Oops Freud snuck in there I meant the IT department.

To this day I still don't really see how it made anything safer, more secure but they thought so and we all know it is not nice to make the IT department mad by bucking (did I misspell that word, oh-well) the system.

The essence of what was supposed to happen was it gave them more control over what I was allowed to pipe over their side of the fiber and theoretically someone in an office cubical couldn't shut down one of my Glass manufacturing lines. We would want that to happen or we would all be reading this on CRTs instead of LCDs - Ouch!

But as usual the bickering is productive, it forces more opinions and subtle slants on a topic to be revealed.

PS - I had actually (In the Great Corning Glass Caper as I like to refer to it) implemented a VLAN using Cisco SOHO security routers, but the IT department wouldn't accept it for two reasons.
1. It wasn't their idea and method.
2. The Cisco SOHO security routers only cost $800 dollars and any self respecting "IT" person knows unless an item is near top of the line $8,000 dollar or better Cisco device it is no good and can't be trusted. And no I am not implying that "IT" groups get any kind of kick back from Cisco or Black Box. Those Xmas parties at the end of the year are just to help build genuine personal relations between those companies and "IT" professionals.