Is this double NAT?



  • I install pfsense 2.2.4 in vmware workstation 7.0.0-203739. One Network adapter in bridge mode (dlink router DIR-803) and another nic using VMnet5.
    In pfsense I get those ip
    Wan : 192.168.11.176
    Lan : 192.168.1.1

    Do I need to rid of Dlink router to access remote pc in lan side or not?

    ![pfsense Dashboard.jpg](/public/imported_attachments/1/pfsense Dashboard.jpg)
    ![pfsense Dashboard.jpg_thumb](/public/imported_attachments/1/pfsense Dashboard.jpg_thumb)






  • LAYER 8 Global Moderator

    "192.168.11.176"

    If pfsense wan has a rfc1918 address, then yeah you are behind a double nat if you have pfsense also natting to its lan.

    Get rid of your d-link and connect pfsense directly to your wan so it gets a public IP.  Then use that dlink as your AP if you want



  • Thanks. I will do this



  • Hello
    i install pfsene in physical pc and add wan connection. but do not get public ip, only wan ip.
    note: my isp has all connection same public ip.



    ![New Adobe Photoshop Image copy.jpg_thumb](/public/imported_attachments/1/New Adobe Photoshop Image copy.jpg_thumb)
    ![New Adobe Photoshop Image copy.jpg](/public/imported_attachments/1/New Adobe Photoshop Image copy.jpg)


  • LAYER 8 Global Moderator

    Dude if your not getting a public IP then your behind a ISP nat..  So before you were triple nat, now your only double nat ;)



  • That's IPv4.
    Maybe if you use IPv6 you get a public IP there?



  • Now what should i do? My isp can't help me about this matter, because they are only watch that I have internet connection or not.


  • LAYER 8 Global Moderator

    So do they forward inbound unsolicited traffic to your rfc1918 address?

    Seems unlikely that this could be all of them and not just maybe if lucky a handful you can use since you state "my isp has all connection same public ip"

    If you need unsolicited inbound traffic, change ISPs - or possible as mentioned IPv6 could be used?  But such a lame little isp I find this unlikely.  You could prob use a VPN that you run yourself on some vps to allow for inbound traffic to your setup.  Or leverage some vpn service that allows for forwarded traffic through the vpn to your end point.



  • Now what should i do? My isp can't help me about this matter, because they are only watch that I have internet connection or not.

    A big problem these days is many ISPs don't have any global unicast addresses available to give to customers, which means they are forced to use NAT.  That appears to be the case with you.  There is no way around it on IpV4.  The only way around it is IPv6.


  • LAYER 8 Global Moderator

    ^ this is true when use up all the IPv4 space ;)

    Blame can be spread around to all over the place.. ISPs, companies not giving back when they have no real use of the space they have, etc.  We have /16 and can tell you we use very small % of that..  Starting to get emails asking to rent some of our IPv4's

    As mentioned your only solution is to use IPv6 - which if your isp has no ipv4s to work with you would think they would be pushing their clients to ipv6.  Move to a bigger ISP is your other solution.



  • ISPs, companies not giving back when they have no real use of the space they have, etc.

    Even if they all gave back the unused IP address blocks, there still wouldn't be enough.  There are already more mobile devices than there are IPv4 addresses.  The only situation, which should have happened years ago, is IPv6.  I've been running it for 7 years, but first heard of it 22 years ago.

    I really get fed up with those who claim IPv4 is good enough, NAT will extend addresses, companies can give back unused blocks etc..

    IPv4 has been inadequate for years, ever since NAT became necessary due to the address shortage.


  • LAYER 8 Global Moderator

    Agree I have been using ipv6 for many years.. Got my HE sage cert/tshirt back in 2011..

    I am on tmobile phone and it doesn't get an IPv4 any more just IPv6.

    Completely agree IPv6 is the future - but some better management of ipv4 could of staved off the exhaustion for some time.  There is prob little reason for any sort of mobile device to get a ipv4 address from LTE, etc.

    Giving a school back in the day when internet first started a /8 was not forward thinking ;) heheh



  • I am on tmobile phone and it doesn't get an IPv4 any more just IPv6.

    Mine too.  My cell carrier uses 464XLAT to provide IPv4 support.

    Giving a school back in the day when internet first started a /8 was not forward thinking ;) heheh

    Of course, that predated personal computers, tablets, cell phones etc.  The 32 bit addresses were intended only to be for a demonstration, with larger addresses when "officially released" at least according to Vint Cerf.


Log in to reply