31

As the ISP-provided modem was generating pretty weak WiFi signal I've disabled its WiFi function, bought an Apple AirPort Extreme and connected it's WAN port to the modem. Now everything works just perfectly, but the AirPort configuration utility keeps complaining (yes, I know how to turn it off, but I am curious) about double NAT and demands me to reconfigure the modem to bridge mode. Why should I? What problems can double NAT cause?

Improve this question
1
  • 3
    Added latency? probably not even a couple ms. Your setup is no different than many vitual machine setups.
    – Chad Harrison
    Commented Dec 18, 2012 at 14:18

5 Answers 5

Reset to default
23

Anything that automagically open up holes in your firewall (for instance, as BitTorrent client might use uPNP to get a port opened for itself without direct user intervention) is going to fail, because it can't access the 'outer' NAT.

Otherwise, it's a bit of added latency (not likely to be significant) and you're paying to power two devices instead of one.

Improve this answer
7
  • 3
    You should be able to get around the uPNP problem by simply setting DMZ on the modem ("outer device") to point to the "inner" Apple Airport.
    – Hengjie
    Commented Apr 7, 2015 at 22:21
  • 3
    @Hengjie - at that point you're not doing double-NAT, you're doing single NAT with the inner airport in the DMZ. So really a different situation. Which would in fact solve the uPNP issue, but the OP was asking what issues arise from double-NAT, not alternate network topologies.
    – Michael Kohne
    Commented Apr 8, 2015 at 10:39
  • 4
    you would still be double NAT'ting because both router will run NAT. It's just that the outer router will DMZ pointed the outer router's DHCP negotiated address for the inner router. So you will continue to incur the cost of two network translations, but using DMZ simply fixes uPNP for the inner router.
    – Hengjie
    Commented Apr 9, 2015 at 10:58
  • 1
    To add to the accepted answer sometimes you need to double NAT if you have special hardware like VOIP router and you do not want to use it for all your network services. One configuration that I have home is fritz box with VOIP as modem with DMZ pointing at a time capsule which is the real network router and wifi poa. Both routers, if set in bridge mode, do not work properly (one refuses to service as VOIP box, the other as backup server), therefore I run double NAT.
    – Daniele Bernardini
    Commented Apr 22, 2015 at 14:03
  • I had some problems with a similar configuration years ago resulting in a lot of dropped packets and a very slow connection but otherwise I am running similar configuration in multiple offices and apartments since years with negligible latency impact and no problem whatsoever.
    – Daniele Bernardini
    Commented Apr 22, 2015 at 14:03
11

I had tried double and triple NAT-ing setups for fun. For most intents and purposes, double NAT-ing doesn't affect simple browsing/mail experiences. (adds less than 1ms of latency)

However, if you want remotely access your home network (or services) from internet. It would be a lot more complicated to set that up. That's the only disadvantage I can think of.

Improve this answer
4

One major problem would be that with Double Nat'ing you also create 2 private networks.

Private Network 1: You did turn off the Provider's WiFi, but are potentially with your in-house wiring still attached to the Provider supplied router.

Private Network 2: Your own WiFi Router, which is also wired to the Provider supplied router, will have again it's own network setup for anything attached to the wired ports, or WiFi.

Assuming that this will all work well, Devices on Private Network 2 might consider devices on Private Network 1 to be on another network (based on the network mask provided).

This appears to be the case for my Remote App on my iPhone for my Wired Receiver not wanting to connect to the receiver, although I can actually Airplay to it. Once I connect to the Providers Wifi with my iPhone (Private Network 1) - then the remote app also works.

Improve this answer
4

Problems arise mainly because the NAT tables on one device fill up or lose track of a particular connection, this type of configuration will cause issues with peer-to-peer technologies that are unable to effectively trace back the network path, MTU path discovery may not function or break and gaming/media services that use uPnP probably will not work unless reforwarding these services manually. [Source]

Solution

enter image description here Reconfigure the second, inside router as a layer 2 switch, by disabling its DHCP server.

Improve this answer
2

I see nothing wrong with double NAT except (as you've noticed) that an Apple Airport router device will complain about it. There may also be some applications (games for one) that may have trouble with double NATing. I used double NAT on my airport device and I told it not to bug me with double-NAT warnings. Everything I do works fine. I do not notice any slowdown. I have a web server, an SMTP server and both work fine. Besides that I do regular browsing, ftp'ing, etc. I wish I could tell my airport to warn me about problems, but to not consider double NATing a problem.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .