Recently I purchased an Asus router. Our old Netgear router died and we needed a replacement. The installation was almost plug and play with the new Asus, almost.
After the setup was complete I ran into an issue where the router was reporting a double-NAT issue.
With our previous router I had setup port-forwarding at the DSL modem level. The port forwarding was setup to forward all traffic from ports 1:65000 to the IP address of the Netgear router, something like this:
internet --> DSL modem --> port forwarding (1:65000) --> 192.168.1.nnn (local IP of the Netgear router)
That approach solved the double-NAT problem by having all traffic on those ports forwarded to the Netgear router.
However, for better or for worse, because the local IP for the Asus router changed (no longer 192.168.1.nnn, but now 192.168.1.xxx) this still didn’t work (and I didn’t immediately realize it). So as a result I began to dig deeper into the issue.
According to this post, there are three solutions:
- Setup the DSL modem in bridge-mode (described here)
- Forward traffic to the Asus router (partly what I had done, minus the oversight on the IP address)
- Setup the Asus router as a DMZ (similar to forwarding the port traffic, but with less control)
To setup my DSL modem into bridge mode I did the following:
- Edit the WAN service under:
Advanced Setup --> WAN service --> ppp1.1(that was the one that was enabled for me)
- Get the password by “editing” the page using FF webtools
- You will need it later
- Enable fullcone NAT
- Enable Bridge PPPoE frames between WAN and local ports
- Click save and exit
Now you’ll need to update the Asus’s WAN setup to use PPPoE login like this:
- Go to WAN
- Under connection type choose PPPoE
- For PPP user and pass, use those from the DSL modem
- Under MAC address choose “MAC Clone” (it should pick the MAC of the DSL modem)
- Click “Apply” and you are done
This solved my double-NAT problem. Now the router got the external IP the DSL modem was getting.
The reality, however, is that I could have just as easily fixed the issue through either port-forwarding and DMZ, but by the time I realized it I was too focused on solving it through the bridge approach.