Double NAT-ing with PPPoE/ISP

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
Mr.FlowTastiX
DD-WRT User


Joined: 11 Aug 2017
Posts: 126

PostPosted: Fri Sep 22, 2017 15:15    Post subject: Double NAT-ing with PPPoE/ISP Reply with quote
Fixing Double NAT for PPPoE:
While this is a commonly know issue's for some ISP user,
If you are restricted from ISP to bridge your combo modem/router,
or if you cant properly acces the ISP admin web GUI.
And you want to use your custom DD-WRT router,
without having to deal with the double NAT issue or DHCP.
commonly know providers are mostly in belgium for as far i know
(SKYNET/BELGACOM/PROXIMUS)
Who are getting locked out of their own modem interface,
to log in as admin and only can use the User login


This is how i got an solution for it:
ISP Combo Modem/router config:
First off you start with resetting your modem,
without any LAN cable's connected to it, let eh modem reboot,
and wait until all the lights are on and modem is ready for use.
Next you could do a reset on your DD-WRT router aswell,
default is alwayse easier to start from.
So when both are fully reset and rebooted and ready to go,
you first start with the modem/router from ISP, the default log in adres will be
192.168.1.1 go ahead and login with username and password you got from ISP,
Then you have to go to Acces Control/Firewall:
and change the settings from Medium to Low.
Leave DMZ to None!!
The DHCP range from modem/router default is:
For IPv4 Pool : 192.168.1.2 - 192.168.1.63
For IPv4 TV Pool: 192.168.1.64 - 192.168.1.127
You could configure this to make the IP Pools less, but default is fine for now.
That's all for the ISP combo modem/router

DD-WRT router config
Now you will need a cable that goes from the WAN port of the router,
to the LAN port of the Modem(BBox3-v2)
and use the LAN port from the router to you computers LAN,
All set up, Now turn you router ON:
Wait until all lights are on, then you will need to use the WiFi from
your router cause the default login adres is allready in use from modem,
(you could switch modem acces ip to 192.168.0.1) if you want to connect dericktly with cable,
but this time im fine using the wireless for just a moment,
Login to your DD-wrt routers login page, choose user/pass...
Then change WAN connection type to: PPPoE, login with your ISP givin username and pass..
Leave the rest as it is for advanced setting,
For the router IP: as Local IP Address use: 192.168.1.150(outside DHCP from modem)
For Network Address Server Settings (DHCP):Enable
Change Start IP Address: to 192.168.1.151 (max users:50 or more)
Static DNS 1: should be the static DNS givin from ISP
" " 2: aswell for the second DNS(you can find these in your modem web gui)
CHECK:
Use DNSMasq for DHCP
Use DNSMasq for DNS
DHCP-Authoritative
Apply Settings.
Now this is just the basic setting up PPPoE connection:
but now if you connect to your router you will have Double NAT,
and for console user, you NAT would be Strict,
You have to Set-up you IPV6 aswell:
Go to IPV6 and choose DHCPv6 with prefix...
change MTU to 1492 for ISP connection,
Enable Dhcp6c custom:
use command ;
    interface ppp0 {
    send rapid-commit;
    send ia-pd 1;
    request domain-name-servers, domain-name;
    };

    id-assoc pd 1 {
    prefix ::/64 infinity;
    prefix-interface br0 {
    sla-id 0;
    sla-len 0;
    };

    };

Now Apply Settings and save:
For Advanced Routing: Be sure Dynamic Routing is set to Disable.
Operating Mode Gateway

Static IP for Console/Computer:
Now for Static IP Go To Services:
Static Leases; and give your computer static IP aswell you console,
set this above 192.168.1.160 just to be sure!
Additional DNSMasq Options: (IPV6): config
    quiet-dhcp
    quiet-dhcp6
    quiet-ra
    enable-ra
    dhcp-range=::10,::200,constructor:br0,ra-names,slaac,64,24h


Then you can change WAN Traffic Counter setting to disable.
Apply Settings!

Security Settings:
For security setting you will want to Disable firewall and uncheck everything,
cause you allready getting the firewall from your modem/router.
Apply these setting.
Access Restrictions
You have to scroll down, and check Catch all P2P Protocols.
Apply and continue.

NAT / QoS
Now comes the tricky part, for uPnP i want to disable it, cause i like it better OFF,
Cause you will only need 1 port and that should be the 3074 for console user,
to get rid off the Strict Nat issue!!
I used both: Port Forwarding/Port Range Forwarding/Port Triggering
cause i wasnt sure if you could do it just with port forwarding and i was still getting the strict NAT.
For Port Forwarding page, you have to use your Public IP adress you get on your router from ISP,
Place this on Source Net. For protocol use both: Port from 3074 Port to: 3074
and for ip you take your static Ip you made for your console.
for Port Range Forwarding and Port Triggering do the same, to be sure its forwarded.

QoS Settings
Start QoS: Enable
then you have to put in your download and upload 85´% of your total just default...
TCP-Packet Priority: i have SYN / FIN / RST
Now for Services Priority:
You have to ADD 2 new services to it, click on ADD:
Service Name : P2PTCP and port range from 1024 - 65535 (TCP)
Second one: P2PUDP port range same from 1024 - 65535(UDP)
Add them and save it , now add them to your Service Priority List,
and switch the Priority to Bulk for both.
Then you can apply settings for QoS.
Administration
Managment: Last but not least, you should go to management
and look for Routing and Disable that boy.
For IP Filter Settings (adjust these for P2P):
Maximum Ports: 4096
TCP Timeout (in seconds): 60
UDP Timeout (in seconds): 60
Apply Settings.

Be sure to make a back up from it, when you followed everything
You are ready to face your internet connection without any NAT- issue's for console xbox one.
Ipv4 and Ipv6 Working and having less latency, and getting rid from Bufferbloat.
Reboot your router once more
Everything should be working correctly now,
I know i have been looking some time for it to get everything working steady,
Been searching forums from ISP(BELGACOM/SKYNET/PROXIMUS)
for the BBox3 to find how to set up router behind modem without getting NAT.
and dont have to bridge your modem, cause no info at all on the forums are giving from
ISP Co-workers or forum users.
related speed testers for bufferbloat and ipv6 : https://sourceforge.net/speedtest/?source=sfnet_header
and : www.dslreports.com/speedtest
Hopefully i did help some users, to get rid of the STRICT NAT on console,
and having 2private LAN settings, with this easy set up, for your modem, you can still connect,
decoders on the LAN of Modem to get IPTV, and for computer devices you can use the DD-wrt router.
Now Enjoy DD-Wrt with smooth connection

Ps* I'm just novice user from DD-wrt, and could make some mistakes, or could done
it differently but this is the most reliable setting for me that works, without any more configurations afterwords. Hope some belgium users with the same ISP read this and fix this issue.
Thanks for reading and happy DD-wrting.

My set up router i used and build:
Netgear R7800 and Kongs build: r33010M
Sponsor
Mr.FlowTastiX
DD-WRT User


Joined: 11 Aug 2017
Posts: 126

PostPosted: Sun Nov 26, 2017 10:25    Post subject: Reply with quote
Need to add some things,
Use this Start up script aswell:
and first of all go to SETUP > NETWORKING
and your main bridge br0, change PRIO to = 1048576
this will be the same as you ip_conntrack_max in this start up script,
reducing lagg, and getting smooth connection overall.
you could leave the Maximum Ports on 4096,
the start up script will eventually overlapse that.
This is the script im using at the moment,
also to reduce lag make sure TCP_window_scaling is set to 1
and TCP_ADV_WIN_SCALE to 0
sleep 10
echo 9999999 > /proc/sys/fs/file-max
echo 9999999 > /proc/sys/fs/nr_open
echo 4096 > /proc/sys/net/core/netdev_max_backlog
echo 16777216 > /proc/sys/net/core/rmem_max
echo 3240000 > /proc/sys/net/core/somaxconn
echo 16777216 > /proc/sys/net/core/wmem_max
echo 16384 > /proc/sys/net/core/netdev_max_backlog
echo 1 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo "8192 873800 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 655360 8388608" > /proc/sys/net/ipv4/tcp_wmem
echo "8388608 8388608 8388608" > /proc/sys/net/ipv4/tcp_mem
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_adv_win_scale
echo 7 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 30 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 3240000 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 6000000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo 2 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_slow_start_after_idle
echo 65536 > /proc/sys/vm/min_free_kbytes
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo performance > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
echo 2 > /proc/sys/vm/overcommit_memory
echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
ifconfig eth0 txqueuelen 2
ifconfig eth1 txqueuelen 2
sysctl -w net.ipv4.tcp_congestion_control=htcp

_________________
Router Model: Netgear R7800
Firmware: DD-WRT v3.0-r33645M kongat (11/02/17)
Modem: Bbox v3
ISP: Skynet 60/15 Mbps
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6408
Location: UK, London, just across the river..

PostPosted: Sun Nov 26, 2017 11:27    Post subject: Reply with quote
what ISP Combo Modem/router do you use its not mentioned at the start...
does it work on other ISP Combo Modem/router's although i have mine in bridge mode already and im not in Belgium, if i reset mine than it will be a mess and have to wait ISP for a days...and no internet, so its not good advise for me then...

please forgive me, but i always had a believe "ifconfig" is working only on Broadcom units and Atheros use "swconfig" instead...
have you tested all those ?????

and long story short, if you disable SPI firewall than its better to cut all the hassle and just use DD-WRT in WAP mode its a hassle free and all CPU power goes to the router and no NAT at all + its much easy to configure even for beginner... https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Mr.FlowTastiX
DD-WRT User


Joined: 11 Aug 2017
Posts: 126

PostPosted: Wed Nov 29, 2017 7:29    Post subject: Reply with quote
Alozaros wrote:
what ISP Combo Modem/router do you use its not mentioned at the start...
does it work on other ISP Combo Modem/router's although i have mine in bridge mode already and im not in Belgium, if i reset mine than it will be a mess and have to wait ISP for a days...and no internet, so its not good advise for me then...

please forgive me, but i always had a believe "ifconfig" is working only on Broadcom units and Atheros use "swconfig" instead...
have you tested all those ?????

and long story short, if you disable SPI firewall than its better to cut all the hassle and just use DD-WRT in WAP mode its a hassle free and all CPU power goes to the router and no NAT at all + its much easy to configure even for beginner... https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point


Hey, thanks for the headsup, i was using SPI firewall but not much was checked, only filter multicast,
cause in my network there is a multicast, and ARP spoofing protection i thought was to not
interfier with the other wifi or other routers i wasnt sure, i disabled them now.
Well ive been searching around if you could use bridge on your modem its best off all,
but i think you can still configure and use some of these settings,
i guess that would be better cause now you are sending out data
dericlty from your router and your modem is dimmed down as ive read,
and if you would use some of these setting you would have more succes at it,
to make your connection wider so it could handle more data and in faster paste.
Well for my modem, here in belgium they not letting us bridging our modem/router
from our ISP if we ask them about it, they dont know anything of that matter,
or dont really want to tell us about it, we could maybe use serial connection to the modem,
to configure it, and decoding it, but then there would be a whole new firmware
that isnt made yet, and the ISP would find out and replace the modem for other one.
Modem/router i'm using now: B-box 3V+ from (Proximus) SKYNET
Thanks for reply.

_________________
Router Model: Netgear R7800
Firmware: DD-WRT v3.0-r33645M kongat (11/02/17)
Modem: Bbox v3
ISP: Skynet 60/15 Mbps
Mr.FlowTastiX
DD-WRT User


Joined: 11 Aug 2017
Posts: 126

PostPosted: Wed Nov 29, 2017 7:33    Post subject: Reply with quote
Alozaros wrote:
what ISP Combo Modem/router do you use its not mentioned at the start...
does it work on other ISP Combo Modem/router's although i have mine in bridge mode already and im not in Belgium, if i reset mine than it will be a mess and have to wait ISP for a days...and no internet, so its not good advise for me then...

please forgive me, but i always had a believe "ifconfig" is working only on Broadcom units and Atheros use "swconfig" instead...
have you tested all those ?????

and long story short, if you disable SPI firewall than its better to cut all the hassle and just use DD-WRT in WAP mode its a hassle free and all CPU power goes to the router and no NAT at all + its much easy to configure even for beginner... https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

This is somehow more in depth : https://www.dd-wrt.com/phpBB2/viewtopic.php?t=311913&postdays=0&postorder=asc&start=30

Quote:
Ive finally found how to manage these, netfilter and conntrack togheter with DD-wrt
To make use off to max load you should set the router to 1048576,
but in the past ive been trying to configure this but with the wrong tcp_rmem and tcp_wmem
now im actually on point on how to issue this,
and make it work with all the command you want to configure
first off you should go to SETUP > NETWORKING
and change the main interface bride br0 PRIO
to whatever you want your conntrack_max to be...
Else this wont work, im using the 1048576,
cause most games use this for max rate...
Once you got that on there,
you could but its not a must, doenst really make any different but
on administration you could change the Maximum Ports to either
4096 - 8192 or even 16384 - 32768 ...
for UDP Timeout 60 and 60 for TCP, the get faster responds .

Anywayse if your using the correct Startup script now, with conntrack_max init
same as on your interface PRIO this should work perfectly;
How to Set up your TCP_WMEM and TCP_RMEM :
you could use a few off them it all depends on your PRIO/CONNTRACK_MAX

IVE MADE 3 EXAMPLES OF WHAT WORKS FOR 1048576
1) First is default(low) value's
2) Second is Balanced(medium) value's
3) Third is Highest(max) value's
So for example your RMEM/WMEM should be :

1) DEFAULT(LOW):
echo 262144 > /proc/sys/net/core/rmem_max
echo 262144 > /proc/sys/net/core/wmem_max
echo "4096 16384 262144" > /proc/sys/net/ipv4/tcp_wmem
echo "4096 87380 262144" > /proc/sys/net/ipv4/tcp_rmem
echo 1000 > /proc/sys/net/core/netdev_max_backlog
echo 8192 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
BE SURE TO CHANGE NETWORKING INTERFACE (br0)PRIO
to 8192 for this to work

2) BALANCED(MEDIUM):
echo 16777216 > /proc/sys/net/core/rmem_max
echo 16777216 > /proc/sys/net/core/wmem_max
echo "4096 65536 16777216" > /proc/sys/net/ipv4/tcp_wmem
echo "4096 87380 16777216" > /proc/sys/net/ipv4/tcp_rmem
echo 2048 > /proc/sys/net/core/netdev_max_backlog
echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
BE SURE TO CHANGE NETWORKING INTERFACE (br0)PRIO
to 1048576 for this to work.

3) HIGHEST(MAX):
echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 4096 > /proc/sys/net/core/netdev_max_backlog
echo "524288 2097152 33554432" > /proc/sys/net/ipv4/tcp_rmem
echo "524288 2097152 33554432" > /proc/sys/net/ipv4/tcp_wmem
echo 33554432 > /proc/sys/net/core/rmem_max
echo 33554432 > /proc/sys/net/core/wmem_max
BE SURE TO CHANGE NETWORKING INTERFACE (br0)PRIO
to 1048576 for this to work.

Its all about personal reference, you feel a slight different when using MAX and LOW
I personally think the MAX one is like to much your getting for gaming.

This is my Start up script im using;
Quote:
sleep 10
echo 9999999 > /proc/sys/fs/file-max
echo 9999999 > /proc/sys/fs/nr_open
echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 16777216 > /proc/sys/net/core/rmem_max
echo 16777216 > /proc/sys/net/core/wmem_max
echo "8192 873800 8388608" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 655360 8388608" > /proc/sys/net/ipv4/tcp_wmem
echo "8388608 8388608 8388608" > /proc/sys/net/ipv4/tcp_mem
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_adv_win_scale
echo 3240000 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 6000000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
echo 3240000 > /proc/sys/net/core/somaxconn
echo 4096 > /proc/sys/net/core/netdev_max_backlog
echo 16384 > /proc/sys/net/core/netdev_max_backlog
echo 1 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo 7 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 30 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo 2 > /proc/sys/net/ipv4/tcp_syn_retries
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_slow_start_after_idle
echo 65536 > /proc/sys/vm/min_free_kbytes
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo performance > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor
echo 2 > /proc/sys/vm/overcommit_memory
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
ifconfig eth0 txqueuelen 2
ifconfig eth1 txqueuelen 2
sysctl -w net.ipv4.tcp_congestion_control=htcp


Be sure to make full load from your CPUFREQ:
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
echo performance > /sys/devices/system/cpu/cpu1/cpufreq/scaling_governor

These are important aswell if not configured correct,
you will have latency issue's when gaming,
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_adv_win_scale

And dont forget to use the same value for your interface PRIO on br0
the same as you are using for your conntrack_max.

I also tryed doubling these value's but i geuss that would be to much,
and kinda giving me more latency;
echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 2048 > /proc/sys/net/core/netdev_max_backlog 2048
echo "1048576 4194304 67108864" > /proc/sys/net/ipv4/tcp_rmem
echo "1048576 6291456 67108864" > /proc/sys/net/ipv4/tcp_wmem
echo 67108864> /proc/sys/net/core/rmem_max
echo 67108864> /proc/sys/net/core/wmem_max
SO DONT USE THESE!!

Now go try it yourself and feel the different,
If you are online gamer for XBOX or PC,
You would defenitly feel a slight better connection,
and no more lag spikes or frame drops.
Much Smoother Gaming!!!

PS: As for member/admins on DD-WRT, dont come rushing at me
saying these dont work for you them i'm sorry to hear that,
then you must overlooked something or not configured well.
Iv'e found this from loads of resource's and experimenting for myself
to try and find the correct calculation, and find the MAX and the MIN.
Value's so this is what ive ended up with, that works for me much better!!
First i was having 35-40ms Latency in games and i was still producing
bufferbloating, sometimes when heavy loads lag spikes.
After using this commands and adjustments,
im now having 21-28ms latency and much improvement for UP/DOWN
Im not talking about SPEED or more up/down... cause thats not possible,
you only can regulate these, so you have a straight line no up/downs jitters
on your connection, good source is DLSREPORTS.COM to find out.
I am using QoS aswell with some configurations on the interfaces and Mac adresses
and port Priority's but this is not a guide for that, allready good guides out there
to set this up correctly.
I also want to add im not using uPnP, i manually configure my port forwarding
for what i need for my device's.
For security settings, im filtering Multitasking and ARP Spoofing prot,
WiFi 5.0ghz is on 160 (80+80)..
After brainstorming for a long time ive finally found a setting that works best for me ethernet connection.
Maybe this would to for some people aswell, mostly if your a competive gamer,
and like your things to run smoothly.

My router used Netgear R7800 DD-Wrt
DD-WRT v3.0-r33770M kongat (11/15/17)
Kernel VersionLinux 3.18.81-rc1 #225 SMP PREEMPT Wed Nov 15 16:49:58 CET 2017
And Using PPoE connection behind Modem/Router with single NAT
Connected on the WAN port from my router to LAN on modem.
SUBNET USED 172.16.0.0/24

I also want to mention ive found a better way to get IPV6
if your ISP supports it and modem is forwarding,
instead of the burst of IPV6 you get when using the regular command for DHCP6c
you need to go to SERVICES >
ENABLE > Add Requestor MAC to DNS Query.
And on IPV6 Tabled, Prefix DHCPv6 Delegation
ENABLE > Dhcp6s

I think this would be all i would like to add to this topic!!
Hope i helped out some users, having trouble finding these settings.
Enjoy Gaming!!

_________________
Router Model: Netgear R7800
Firmware: DD-WRT v3.0-r33645M kongat (11/02/17)
Modem: Bbox v3
ISP: Skynet 60/15 Mbps
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum