SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Routers

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 11-15-2012, 06:34 PM
RamGuy RamGuy is offline
Member
 
Join Date: Aug 2008
Posts: 89
Thanks: 0
Thanked 1 Time in 1 Post
RamGuy is just starting out
Default Shouldn't DMZ get around double NAT issues?

I'm faced with a slight troublesome network configuration whereas I have to go through a double NAT solution.

The deal is that I'm living with a shared Internet connection, but need to run my own separate subnet with my own IP-configurations and solutions. So basically I will have my pfSense server running from behind another router hosted by the house owner as we don't want to be on the same local network.


This of course bring the trouble regarding double NATing and all the port forwarding nonsense that provides. UPNP and automatic port mapping wont work when double NATing and I thought the whole idea behind DMZ on a router was to get around issues like this.


But after putting my pfSense server's WAN IP in our house owners router DMZ I'm still not seeing UPNP and automatic port forwarding, nor manually port forwarding working from my network like before we had double NAT?

If DMZ is out of the question, how would one resolve the issues regarding double NATing and getting ports successfully following through the network? And what is exactly the point with a DMZ function in a router if not for issues like this?
Reply With Quote
  #2  
Old 11-16-2012, 12:35 AM
jdabbs's Avatar
jdabbs jdabbs is online now
Very Senior Member
 
Join Date: May 2008
Location: al.us
Posts: 628
Thanks: 0
Thanked 27 Times in 25 Posts
jdabbs is just starting out
Default

The separate network is understandable, but is the different subnet a must-have requirement? If not, consider setting up your pfsense box as a transparent firewall. Only permit local gateway and Internet traffic in and out, and run DHCP on your side with a non-overlapping scope.
__________________
"No battle plan survives contact with the enemy." - Field Marshal von Moltke
Reply With Quote
  #3  
Old 11-16-2012, 06:39 AM
devnull devnull is offline
Member
 
Join Date: Aug 2012
Posts: 82
Thanks: 0
Thanked 5 Times in 5 Posts
devnull is just starting out
Default

Try one-to-one (1:1) NAT. Since you can have as many IPs on the WAN side of your pfsense box as you want, you should be able to use 1:1 NAT to place each device separately onto the home network.

Many-to-one NAT (i.e. the way 99% of all NATs operate) is only needed when you only have one IP address to talk to the rest of the world. Since you're inside a LAN you can take as many as you want (probably limited by pfsense software, but more than enough).

You'll need one IP address on the home LAN (your WAN port) for each of your devices on your LAN port.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 10:46 AM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  408
azazel1024  135
L&LD  104
john9527  102
htismaqe  92
stevech  78
ColinTaylor  74
hggomes  59
sfx2000  51
Anzaia  49
RMerlin  6284
john9527  459
stevech  353
ryzhov_al  289
TeHashX  253
L&LD  242
RogerSC  203
sinshiva  146
sfx2000  136
joegreat  127
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  54980
Old RT-AC68 -...  24447
Old Moderate Nat...  5333
Old ASUS RT-N66U...  4815
Old iOS 8.1...  4170
Old RT-AC87U -...  2674
Old RT-AC68P QOS...  2212
Old New AC68...  2057
Old AC68U,...  2010
Old Ruckus...  1840
Old Asuswrt-Merli...  243
Old RT-AC68 -...  141
Old Review: 24...  35
Old Moderate Nat...  34
Old iOS 8.1...  33
Old RT-AC87U -...  26
Old RT-AC68P QOS...  24
Old How to flash...  24
Old Linksys...  21
Old Help Plz:...  21


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.