Discussion topic: Double NAT Setup Guide.

@TrebleTA 

The Asus router you have set up is incorrect, you cannot use a public IP address on that interface it must be in the private address space (192.168,x.x, 10.x.x.x, etc..) and the gateway should point to the Sky Hub at 192.168.0.1 (default gateway)...

That is not correct, and using 192.168.x.x on the sky hub will then disable miniupnp on the ausus

@TrebleTA 

You have used the IP address "100.64.20.5" on Asus which is reserved for carrier-grade NAT and is bogus. This should be changed to an IP address in the private address space see RFC 1918.

---

@mae-3 wrote:

@TrebleTA 

 

you cannot use a public IP address on that interface it must be in the private address space

 

---

I don't know about can't, but you definitely shouldn't ; )

This is testest and the address used is a CGNAT space, 

There are several other reserved ranges out there that are not "private" but not sure what the daemon will detect as public vs private, so rather than trying a bunch, first try CGNAT as that is the "proper" solution.

And this is only needed if you want to use UPNP on the router, like I do for better gaming experence.

@TrebleTA 

Are you a carrier-grade service provider?

why are you tyrying to pick at something that works?

@TrebleTA 

It doesn't work 100% because when a site uses the public IP address and session IP (the CGNAT address space on LAN) then paywalls don't work correctly amount other things...

CGNAT is designed not to be addressable on the public internet or LAN for technical reasons in the RFC!

@TrebleTA 

"There are several reasons why Carrier-Grade NAT (CGNAT) may not be ideal for use on a private LAN:

1. Complexity: Implementing CGNAT requires additional hardware, software, and configuration, which can add complexity to the network setup and increase the likelihood of errors and downtime.

2. Limited resources: CGNAT typically involves sharing a limited pool of public IP addresses among many private devices. This can lead to issues such as port exhaustion, limited bandwidth, and reduced network performance.

3. Security: CGNAT can make it more difficult to identify and track the malicious activity on the network, as multiple private devices share the same public IP address. This can make it harder to detect and block attacks, which can increase the risk of security breaches and data theft.

4. Compatibility: Some applications and services may not work properly with CGNAT, as they require direct access to a public IP address to function. This can include services such as VoIP, VPNs, and certain gaming applications.

5. Lack of control: Using CGNAT means relinquishing control of the public IP address space to the service provider. This can limit the ability to customize and optimize network configurations to meet specific business requirements."

Taken from OpenAI.

As that says it may not be ideal, Yet every thing runs fine, I even use a VPN and it is only using 100.64.x.x as the BRIDGE, and not on the main lan. Yes there are do and don't, but 192.x.x.x will not enable Upnp when stuff is using a double nat, and then port fwd is needed, also game will use randoms ports so you will end up with a moderated nat type on consoles and get some issues

I have not had 1 problem using it this way since the start of the year.

I watch netflix, paramount all streaming services fine, I play games on 4 consoles, also on my gaming pc. with out issue and all reporting open nat.

I been on the gov.co.uk web sites from sorting tax to road tax. bbc downloads all with out a issue. so far, and taken and recived many VOIP call's 🙂

If I do Firewall checks on the web all come back stealthed and ip leak test show sky ip and cloudflair dns as it should. if they get more info than that then I have a breach.

@TrebleTA 

How are you opening port(s) on the edge Sky Hub router, UPnP is disabled and UPnP will not work through two routers it is designed for the edge router. 😎

By disabling Sky's Firewall, creating a rule to counter theirs, and then putting it on a DMZ, this more or less make's the sky hub a bridge, then with the 100.64.x.x ip as the guide explains, this then makes it all work.

So Upnp (everything) works on the Asus under double nat etc. why I have done the guide!

also I'm still able to use the sky hub for VOIP.

Also wanted to add if you use say cloudflare dns and not skys, then on the asus under lan make a rule for the sky q for a static ip and add skys Dns, else you will have problem streaming / Downloading stuff on the sky box. I've added a picture but removed bit of my ip.

Also but not needed on the asus under admin setting I set NTP server to skys.

ntp1.isp.sky.com I got from the sky hub logs.

Also I disabled ipv6 firewall on the asus and enable dos protection.

Interesting solution @TrebleTA!

Technically that's quite clever - the 'public' IP address used shouldn't affect anything beyond the Sky router because it's NAT-ted, and the internal network (from the Asus) will have a private IP address range as normal.

If the 'public' IP address was to leak for any reason, it would likely be filtered out by Sky, and packets certainly couldn't be routed back to that address from the internet.

Agreed it may not be a recommended solution per the RFCs - and not something you'd want set up in an organisation - but for home use, it does appear to solve a problem.