Jump to content
friggles88

How to fix double NAT issue?

Recommended Posts

I have an AT&T fios gateway (modem router combo) that I’ve configured to work with my xr500 router by using IP Passthrough per the ISP technician. I don’t usually have many gaming issues on my PS4, but sometimes cannot connect with other players at random although NAT type is Open 100% of the time. Ports are forwarded and all, but that has not resolved the issue. I have a suspicious that my network is experiencing double NAT.

 

I checked on my PC by doing run>cmd>tracert 8.8.8.8, and saw the first two hops were private ip addresses (192.168._._ for both), which from what I’ve read indicates double NAT. I’ve read a way to get rid of this is to enable access point mode on the xr500, but then you lose all features of the router as a result (QoS, geofilter, etc.).

 

Is there another way to fix double NAT without disabling all router features as when considering access point mode? Is there a way to simply disable NAT on the xr500 so I can keep all my features of the xr500? Any help would be appreciated. Sorry I don’t have the model of my gateway available at this time.

Share this post


Link to post
Share on other sites

Unfortunately the NAT on the XR500 is an integral part of many of it's features. You can put it into Access Point mode but you will experience reduced functionality.

Does your FIOS Gateway have a DMZ option? If you put your XR500 into the DMZ of the FIOS Gateway, that should eliminate the double NAT.

Share this post


Link to post
Share on other sites

Alex, are you saying that there is no way to disable NAT using an alternative method with the xr500 (other than AP mode) that will still allow me to have all the features of the xr500?

also, my gateway doesn’t have a DMZ mode, just what’s called IP pass through, I’ll have to check my Gateway when I get home, but if there is a way to disable NAT on the gateway would that also work or would that give me potential issues (might be a question for my ISP)? 

Ive seen this handled differently before (https://community.netgear.com/t5/Nighthawk-Pro-Gaming-Routers/Setup-XR500-ATT/m-p/1510930), although I have a PS4, but have not tried this specific fix mentioned in the link and there’s no response from the person who started the thread to know if it actually worked.

My setup utilized the IP pass through option in this link from AT&T (https://www.att.com/esupport/article.html#!/smb-internet/KM1188700) I used the “fixed” mode and entered the MAC address for my xr500. For some reason the IP pass through option has its own NAT. And what I’ve found out too is the DMZplus is a service with an additional fee, and I’m not sure if that would solve the problem either (I don’t really have any more info on it).

 

what are your thoughts?

Share this post


Link to post
Share on other sites

You could change NAT from secured to open which may be a workaround. 

I would actually speculate that the issue you're having is because you need to add your friends to the allow list on the Geo-Filter. If you don't then you won't be able to connect to them. Once you allow them you should be able to connect regardless of your Geo-Filter settings.

Share this post


Link to post
Share on other sites

Use IP-PassThru for the XR router as your DMZ option on the modem. This should help with NAT issues between the game console, router and ISP router. 

Only way to get to a good known single NAT condition is either bridge the modem if thats supported on your modem, or configure the XR router for AP mode as last resort.  

For PS game NAT status, you'll never see NAT type 1 with a router between the game console and modem. Type 2 will be the norm and should work for gaming online. 

Share this post


Link to post
Share on other sites

Fraser, I’ll try changing the NAT type and see if double NAT is removed. Also, I have everyone in my geofilter and have for a while, they haven’t moved or changed ISP’s and if they did I would add them. Typically I run my router without geofilter because I rarely have issues connecting to poor servers, I also have open NAT, but I have the NAT of both my gateway and router which still shows as Open in many of the games I play.

e38, Im not too familiar with bridge mode, maybe I’ll research that and see if it’s possible with gateway and my router. Also, the IP pass through feature with the gateway is intended to act like a DMZ (which I doubt, because I’m set up that way and still have double NAT), but there’s no DMZ setting on the router, even tier 2 support has mentioned that’s not possible. So whatever I’m using is as good as it gets, but I’m sure there’s some minor options I can change that may make a difference.

 

all, I’ll get back to you and let you know what works and what has issues when Im at home so hopefully in the future others can resolve this issue.

Share this post


Link to post
Share on other sites

Ya, you can't disable NAT on the XR, it's something that is built in to the WAN to LAN traffic path and is required for router mode. Only way to actually disable that is to configure the XR for AP mode, thus your single NAT will be with the ISP Modem. 

Ya IP Pass-thru is supposedly similar to DMZ however I've seen it where Pass thru really doesn't work right for some. That's a modem mfr issue. Even using this configuration, the modem and XR router will be in a double NAT condition. 

 

Any chance your ISP supports a modem only unit on there services? Or is this kind of modem something you need for others services, like TV or phone? If you could get into a modem only unit with your ISP service, then your single NAT would be on the XR router only. 

Share this post


Link to post
Share on other sites

Just answering some of your questions before I get home and can research a bit more:

e38, I’ve tried asking for just a modem and they will only give me the gateway, no other option is available apparently. I will check again with DMZplus service and see if that resolves anything.

Fraser, let me just clarify something. I can still connect to those players and play with them but over the course of about two minutes after they join a party that I’m hosting it kicks all of them out and they have to rejoin. The only way to get it to work is to have them all join and quickly search for a match. This only happens on my connection and I believe it’s due to double NAT.

While I don’t generally get any issues with my connection, I would like to resolve this one as I sometimes get very strange network performance for hours at a time, no consistency to it, and the issue appears to not be correlated with network congestion, or busy periods of internet use in my area. I also get lots of network error codes from Call of Duty games that aren’t even searchable thru their system, I’m hoping I can resolve these problems with removing the double NAT.

Share this post


Link to post
Share on other sites

Right okay, that makes more sense. What game are you playing specifically other than CoD and I assume you a using the Geo-Filter to force you and your friends a close game?

Share this post


Link to post
Share on other sites

Fraser, I play mostly CoD and that is my primary focus, so as far as it goes that is where I have seen this issue. Now that I am back I can talk about some of the items above.

I have a BGW210 gateway made by ARRIS. I tried changing the NAT from "Secured" to "Open" as you suggested, it did not change the double NAT when I ran tracert 8.8.8.8, the exact same private IP address showed up.

I did a bit more researching and it looks like I'll have to talk to tech support with AT&T. I found out that NVG and ARRIS gateways can actually be used in bridge mode, but I have not tried it yet and will likely get with AT&T to have this handled. 

Link to AT&T forum with instructions on IP Passthrough and DMZ setup on AT&T gateways (They say it's IP Passthrough, but the links in the "Solved" post for NVG/ARRIS take you to bridge mode setup for an NVG gateway): https://forums.att.com/t5/AT-T-Internet-Features/How-To-Setup-DMZ-and-IP-Passthrough/m-p/4320234#M3837

The link for NVG/ARRIS redirects to this page: https://forums.att.com/t5/AT-T-Internet-Features/How-to-put-the-Motorola-NVG589-in-bridge-mode-or-as-close-as-you/td-p/3552057/page/2

 

The second link I have posted shares a lot of info on my BGW210's setup that I didn't know about, not sure if this will work but I'll give it a shot and reach out if its better.

 

Thanks for all of the help up to this point.

Share this post


Link to post
Share on other sites

I've seen that it might be beneficial to use IP Passthrough with DHCPS-dynamic and use cascaded router mode. Try that, if it doesn't work then try contacting their tech support and keep us posted. The kicking thing, are you blocking a server when they all get kicked out?

Share this post


Link to post
Share on other sites

Fraser, I was not able to get the IP Passthrough to work with the cascaded router mode. No matter how many times I tried, entering the information as specified, I could not get a cascaded/bridge mode to work where the settings saved into my gateway. I think I'll reach out to tech support.

I tried this link with instructions by VoIP-Engineer on 4/19/2018 7:21PM: https://forums.att.com/t5/AT-T-Internet-Equipment/adding-a-cascading-router-to-existing-AT-amp-T-router-modem/td-p/5115126

Then i also tried the instructions by rreddy on  5/15/2017 9:41PM:https://forums.att.com/t5/AT-T-Internet-Equipment/Strict-NAT-Bridge-Mode-What-is-IP-Passthrough-Can-I-enable-on-my/td-p/5296974?source=ESSZ0SSPR00facsEM&wtExtndSource=20180216034450_AT&T Internet Equipment_Wireline_LITHIUM_1348403815

 

THe main problem I was having with the second set of instructions is that they did not specify where the IP address came from when entering information for cascaded router setup. I have my private IP address of my router known, but with the passthrough option it is public IP addresses handed off from my gateway. In the first link, he used the public IP addresses similar to those handed off by my gateway. This is all pretty confusing so I am hoping a tech can help. I'll get back to you guys as soon as I hear from them.

Share this post


Link to post
Share on other sites

Here's what happened when i got in touch with their tech support.... mind you lots of time was wasted by tier 1 support literally restarting my modem and router to resolve the issue... below is what transpired. In summary, IP passthrough could not successfully forward ports, the ATT tech could not get ports to open even when they forwarded ports on my router or used IP passthrough on the gateway, and double NAT still exists and cant be removed.

1) tech support saw that I performed IP passthrough with the xr500 in fixed mode. They said this was the best option for setup to have all ports open to my xr500.

2) tech support saw that ps4 was setup on the xr500 with static ip reservation, and that ports were forwarded for the static ip reservation. The list of ports consists of psn ports and black ops 4 ports. They said "it looks like your ports are forwarded and should be open"

3) tech support then checked if my ports were open using canyouseeme.org, and checked ports like "80" and others. The results showed that the reponse timed out for every port tested and that they did not appear to be opened.

4) tech support made me factory reset my router, and then we reconfigured IP passthrough for my xr500. Later today (because they killed an entire 2 hrs) they set me up again with someone to set my forwarded ports with me. Which all went through successfully in the setup, but when testing the ports on canyouseeme.org, they all timed out and did not appear to be open.

5) tech support denied my request to set up the cascaded router mode several times and repeated that "IP passthrough will solve your problems" and "if you set up cascaded router per the instructions it will literally screw up your router".

6)Double NAT continued to appear when doing tracert 8.8.8.8 in command prompt: two private IP addresses within the first two hops. ATT support said there is no way to remove the hop to their gateway in the second hop.

 

TL;DR

Share this post


Link to post
Share on other sites

Figgles,

I also have at&t fiber, ip pass through, dmz+, cascade router, are broken in any At&t modem router combos that they give their customers, its a known fact. 

Use the dumb switch method works perfectly for any router. I do not have the xr500 I use a asus rt-axu88, I am debating on trying this router out, but all I see here on the netduma and netgear froums is alot of issues with this hardware. I am waiting for them to drop the new fw and see if that fixes the issues. 

 

Here is the link on how to set it up.

https://www.dslreports.com/forum/r32094182-

 

 

Share this post


Link to post
Share on other sites

Netduma Alex,

You guys should post something about the Dumb Switch Method, for customers who use netgear routers and that are At&t customers using fiber.

Just an Idea, it might reduce some trouble shooting threads, for people here in thew states who use At&t internet.

Share this post


Link to post
Share on other sites

So basically they said this should work, it doesn't but didn't have a solution to the problem at all? Your best bet would probably be to do the above as suggested by pinkfloyd if this is a common issue that stays unresolved.

18 minutes ago, pinkfloyd said:

Netduma Alex,

You guys should post something about the Dumb Switch Method, for customers who use netgear routers and that are At&t customers using fiber.

Just an Idea, it might reduce some trouble shooting threads, for people here in thew states who use At&t internet.

That's a good idea, if it helps friggles we'll likely do this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...