Double NAT issue on Google Wifi - Why?
-
My Google Wifi (GWF) works much better when connected to the modem directly (as a primary router) than connected behind the pfsense. So I contacted Google support, they told me that it's a issue often reported when using a double NAT... Ok, let's bridge the GWF then... Nope! otherwise the mesh doesn't work (it's a feature).
The question is WHY? of course the Google tech couldn't say.
I see a lot of TCP:FA, TCP:PA and TCP:RA from the Wifi to Internet for some reason, I guess whatever cause that is what makes the GWF sucks in double NAT.
The setup is:
internet <-> modem <-> pfsense <-> DMZ 192.168.1.0/24 <-> GF <-> LAN 192.168.2.0/24
The PFSense has 192.168.1.1 on the DMZ, and GF has 192.168.1.2
The GF has 192.168.2.1 on the LAN, the clients from 2.10 to 2.254
The PfSense has a static route 192.168.2.0/24 to 192.168.1.2 (it works without but who knows)So Why?
eg FW logs: [DMZ is label LAN... I know :( ]
Jun 2 19:04:01 LAN 192.168.1.2:43192 172.217.9.195:443 TCP:PA
Jun 2 19:04:01 LAN 192.168.2.234:46972 172.217.164.138:443 TCP:FPA
Jun 2 19:04:00 LAN 192.168.2.234:46972 172.217.164.138:443 TCP:FPA
Jun 2 19:04:00 LAN 192.168.2.234:46976 172.217.164.138:443 TCP:FPA
Jun 2 19:03:59 LAN 192.168.2.234:46970 172.217.164.138:443 TCP:FPA
Jun 2 19:03:03 LAN 192.168.2.234:46976 172.217.164.138:443 TCP:FPA
Jun 2 19:03:03 LAN 192.168.2.234:46972 172.217.164.138:443 TCP:FPA
Jun 2 19:03:01 LAN 192.168.2.234:46970 172.217.164.138:443 TCP:FPA
Jun 2 19:02:07 LAN 192.168.2.234:46972 172.217.164.138:443 TCP:FPA
Jun 2 19:02:07 LAN 192.168.2.234:46976 172.217.164.138:443 TCP:FPA
Jun 2 19:02:07 LAN 192.168.1.2:46970 172.217.164.138:443 TCP:FPA
Jun 2 19:02:02 LAN 192.168.1.2:46970 172.217.164.138:443 TCP:FA
Jun 2 19:02:02 LAN 192.168.1.2:46970 172.217.164.138:443 TCP:FA
Jun 2 19:02:02 LAN 192.168.1.2:46970 172.217.164.138:443 TCP:PA
Jun 2 19:02:02 LAN 192.168.2.234:46972 172.217.164.138:443 TCP:FPA
Jun 2 19:02:02 LAN 192.168.2.234:46976 172.217.164.138:443 TCP:FPA
Jun 2 19:01:30 LAN 192.168.2.125:34099 172.217.7.202:443 TCP:R
Jun 2 19:01:29 LAN 192.168.2.125:34098 172.217.7.202:443 TCP:R