Follow

Double-NAT Scenarios

Double-NAT is a scenario in which multiple routers on a network are providing network address translation (NAT) services.

A common example of this is a cable modem or DSL modem to which a Wi-Fi router is connected. Both the modem and the router have NAT enabled, and local-network computers are connected to the router. Even if port forwarding is configured on the router, the computer is not accessible from the Internet because the router doesn't have a public IP address. It has only a private IP address on the modem's local (internal) network.

There are several possible ways to resolve this, but none of them is a "silver bullet" solution. Concrete network configuration is required to determine which solution is appropriate for your particular circumstances. The following solutions assume the most common scenario: A modem (DSL, cable, fiber optic, etc) and a wireless router connected to that modem's local (internal) network. Both the router and the modem have browser-based administration interfaces, so each can be configured using only a Web browser. You may consult your router and modem manuals to determine the IP address at which each device's administration interface is available.

Possible Solutions

1. Configure a PPPoE Connection Between the Router and Modem

This is the most robust solution, but not all ISPs provide enough information for this to be easily configured. PPPoE can usually be configured in the router's WAN settings. There are usually multiple options for WAN configuration, including DHCP and PPPoE. DHCP is no good here; it will only assign a private (local network) IP address to the router. PPPoE is a better option because it bypasses the modem's network address translation service. However, PPPoE may require authentication credentials your ISP might not provide.

2. Use the Router in Bridge Mode

Bridged mode disables a router's NAT and DHCP services.

Note that some routers don't include a bridged mode; rather, they simply allow you to disable NAT and DHCP services directly. Others may prevent you from disabling NAT and DHCP services at all.

If the router is to operate in bridged mode, you must configure the modem to provide port forwarding services.

3. Add the Router to the Modem's DMZ

Routers commonly provide a feature called DMZ (demilitarized zone). This feature allows you to select one computer to which all network traffic is forwarded. If your modem supports DMZ, this might be the best solution for you.

  1. Find the router's WAN (external) address. You might find this by logging into the router's admin interface and checking the Status page.
  2. Log in to the modem's admin interface, find the DMZ settings, and enter the router's WAN address.

Note that this solution will still result in a double NAT warning in Screens Connect, but if the router's port forwarding is correctly configured, Screens should still connect successfully..

4. Forward the Modem's Port 5900 (or 22) to the Router

This solution is similar to Solution 3, except that instead of putting the router in modem's DMZ, only a single port is forwarded.

  1. Find the router's WAN (external) address. You might find this by logging into the router's admin interface and checking the Status page.
  2. Log into the modem's admin interface. Specify the router's WAN address as the address to which port 5900 or port 22 (protocol TCP) should be forwarded.

Note that this solution still results in a double NAT warning in Screens Connect.

Still Doesn't Work?

If you configured the port manually, make sure the Automatic Port Mapping option in Screens Connect settings is deactivated. Should you still have problems getting remote access to work, please contact us via email at screensconnect@edovia.com. So that we can help you solve your problem as quickly as possible, please include as much information about your network as possible. This includes the following:

  1. Details about your network configuration, including brand and model for all connected network hardware, including modem, routers, VoIP devices, etc.
  2. Screenshots of relevant router configuration information, including the router's Status page and port forwarding configuration. The more screenshots, the better. Attach screenshots directly to your message or compress them all into a .zip archive; there's no need to embed them into a PDF or Microsoft Word document.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk