Posted: Wed Oct 16, 2019 11:52 Post subject: Double NAT issue?
I have a ISP modem+router and a DDWRT router. I wondering as I see the local network IP in the DDWRT router (192.168.1.x) as in the ISP modem for the DDWRT router and in the DDWRT router, I see the WAN IP as the same 192.168.1.x and my DDWRT router is accessible in 192.168.y.1 IP(web UI access IP). I get a fist LAN cable out of the ISP's modem+router to the WAN port of DDWRT router and I'm connecting my laptop to LAN ports of DDWRT router. But also I have internet in the LAN ports of the ISP's modem+router. As circumstances now I believe I'm on double NAT:
1) Whats wrong with having a double NAT?
2) Do my speed decrease if I have double NAT?
3) If I remove the double NAT, what I will gain?
4) Shall I remove double NAT and enable remote in the management section of DDWRT to be able to access the DDWRT web-UI or any methods of remote access, ad while I'm having double NAT, I can't access to my DDWRT router remotely?(in case I need to restart it if the VPN glitches?)
5) I change the 'connection type' in the ISP's modem+router from DHCP to PPP, and I clicked the 'Apply' but still when I restart the DWRT router, I don't have my WAN IP as a public IP yet? Also if I turn off then turn on the ISP's modem+router, this settings of connection type reverts back to DHCP. Am I doing something wrong that I don't get the results?
6) Shall I remove this double NAT or not as I believe I have double NAT? Whats the pros/cons of this double NAT?
7) As I think ISP have the admin access to the modem+router they provided, I want to replace it, what do you think about TP-link TD-W9960 or TP-link TD-W9970? Anything better, more secure and privacy minded?
Double NAT is not really a bad thing.
However iffin it twas me I would put the ISP modem in 'Bridge mode' and let the DD-WRT router do everything.
I think most ISP modems are able to be put in 'Bridge mode' but maybe not all.
Just have to google your modem + bridge mode and see what you can find.
others may have better advice -- I'm just passing thru
1. Depends on your use case
2. Possibly, In theory it should because you have two systems doing NAT traversal processing, but say your internet speed is 50 Mbps and each of your routers have a NAT throughput of 100 Mbps, you will not see a difference, ... the biggest change would be a slight delay increase (because of the extra hop/processing)
3. Not having double NAT, In theory your second NAT is even more secure/filtered than machines after the first NAT, because NAT is a "firewall"
4. remote management is never very secure, but you can always port forward into the second NAT router. Ie for first NAT router remote could be 80, and then second NAT router could be on 8080
5. I do not know enough about the ISP modem+router to actually answer
6. This is similar to above, be careful that both routers do not use the same private IP addresses such as both on 192.168.1.0/24, this causes IP address collision
7. This depends on your ISP, do you have a separate modem or is there modem+router all you need? Is your ISP setting any tags or VLANs or things like that? Privacy is different, are you using your ISP's DNS? are you using https to connect to sites? Is your DNS encrypted? Are you using a VPN or Tor or a Proxy?