Double NAT in a managed network

John_432 · Aug 1, 2016

I'm currently in a building to provides 100Mbps up/down internet access through wall ethernet jacks.

I have my personal wireless router connected to via the "WAN" port and it's being assigned a private IP in the 10.xx.xx.xx range. The wireless router in turn also has NAT enabled and giving out 192.x.x.x address to all my devices connected through it.

Now most things are working just fine except for a few things that do not like the double NAT situation I've got going on. From what I'e found searching online so far, the primary solutions involve disabling NAT and setting up my router as a switch.

This would be fine except I use a lot of things that rely on finding other devices in the local network to control each. Is there way to fix the double NAT while having my own protected private domain?

bill001g · Aug 1, 2016

Not with consumer grade equipment. You could use a layer 3 switch to or a firewall to define multiple subnets and then put rules in preventing them from talking but still allowing them to be in the larger network that the internet router nats.

jsmithepa · Aug 1, 2016

To me, is a question of routing. Home network equipment is just not designed to provide you with multiple routings. But you said you have a managed network, so maybe your network can but needs extra configuration. The typical problem is the client(s) on one subnet don't know HOW to get to the other subnet.

Wanna educated yourself on routing? open a DOS box in a client and type ROUTE PRINT.

This "routing table" tells this client what DOOR to go through in order to get to which subnet. I bet the table on the 192 subnet contains no entry whatsoever to tell it how to get to 10.x.x.x. and viceversa.

I started to play with it at some point but got side tracked and never got to the bottom of it, but that's what I believe is the gist.

Have fun.

greens · Aug 1, 2016

As is mentioned, you need some hardware and more importantly software capable of handling subnets.

Almost any device can have pfSense installed on it. this is a wonderful system for enterprise class firewalls and routers. I'd suggest either recycling an old compact PC for this, or even creating your own build around an embedded atom processor. The hardware shouldn't cost you much more than $100 out the door.

After you have pfsense installed on a device this will all be very easy to do following guides online. pfsense really is great.

Ceotase · Aug 1, 2016

Check with the building IT people, see if the will route your Ethernet connections separately. Often times they will comply so as not to have the tenants connecting routers incorrectly and thus causing problems for everyone.

Search

Double NAT in a managed network

John_432

Commendable

Ceotase

bill001g

Titan

jsmithepa

Polypheme

greens

Splendid

Ceotase

Reputable

TRENDING THREADS

Latest posts

Moderators online

Share this page