How to identify and resolve double-NAT problems

We’ll show you how to eliminate this conflict between your router and your broadband gateway



The digital world is all about IP (internet protocol) addresses. Every device needs an IP in order to communicate on the internet or within a private network. Given there’s not enough public IP addresses out there for every internet-connected device (at least with IPv4), this little thing called NAT becomes extremely important. It stands for network address translation (NAT) and is a function provided by routers to enable multiple devices to access the internet via a single public IP address.

Behind each public IP, there can be hundreds of devices with their own private IP addresses, thanks to NAT. And almost all equipment that provides the NAT function includes a firewall to protect the private IPs and devices from public IPs and devices on the internet. Other network services are also typically offered, like DHCP (dynamic host control protocol) to give out the private IP addresses to devices that connect to the local network.

How double NAT happens

Having more than one device performing NAT on a private network, however, can cause issues with that network. Some users may never notice, making it a non-issue for them. But others can run into headaches with certain applications, services, and situations. So, it’s always a good idea to eliminate double NAT if you have it.

Having more than one NAT device usually happens when you connect your own router to a gateway installed by your internet service provider (ISP) that also includes the NAT and routing functions. Some ISPs install only a simple modem that lacks the NAT and routing, which eliminates the problem altogether. But most ISPs assume you don’t their customers have routers, however, so they’ll provide you with a combo device whether you want it or not.

If you’re unsure what the ISP has given you, take a look at the box. If there’s only one Ethernet port, it’s likely a simple modem (aka a broadband gateway). But if there’s multiple Ethernet ports or if it supports Wi-Fi connections, it’s likely performing NAT and routing as well.

The problems double NAT can cause



When there’s double NAT on your network, you might run into issues with services that require UPnP (Universal Plug-and-Play) support or manual port forwarding. This would include online gaming on computers or consoles, remote desktop into your computers, connecting to a VPN server, or accessing security camera feeds. Services like these sometimes require certain ports to be opened in the router’s firewall and directed to a particular computer or device on the network.



This screenshot shows how I’ve configured my router for port forwarding, so that I can use remote SSH (Secure Shell) on a server on my local network. I can’t do that if my gateway is also performing NAT (network address translation). Credit: Eric Geier

