Looking for Help Avoiding Double-NAT
-
I've got an SG-1100 and a Google WiFi system with three access points. I want to set it up so that the Google WIFI is handling my LAN, while doing UPnP and DHCP, with the SG-1100 acting as a dual-wan gateway with failover. I don’t want it to do anything else than handling the failover, so to avoid issues I am trying to put the Google WIFI (currently set with a static IP) in a DMZ.
No matter what I try, I get strict NAT on my Xbox and Playstation. Does anyone know what configuration I need to do in pfsense to make this work? The Xbox is complaining of double NATing.
the topology is as such:
Cable Modem (Bridged) - > SG-1100 WAN (Public IP via DHCP)
DSL Modem (192.168.xx.1, with DMZ set for 192.168.xx.10) -> SG-1100 OPT (Static IP 192.168.xx.10)
SG-1100 LAN (192.168.xyz.1) -> Google WiFi WAN (Static 192.168.xyz.10) [I should setup a /30 here I think]
Google Wifi LAN (192.168.xy.1) -> my LAN (192.168.xy.0/24)
I am not sure how to setup the 1:1 NAT in a way that works with both modem configurations. I was not able to get the DSL ISP to enable PPPoE Passthrough as I had hoped, and they refuse to "bridge" the modem, likely due to the PPPoE. However, the DSL is the slower "backup" failover line, so I can afford to have dual NAT on that gateway.
Would DMZs help avoid the double-NAT issues, or am I approaching this problem with the wrong solution? I was hoping that I could fix this with firewall rules.
I think I can setup the Google WiFi to a "bridge mode," but then I lose it's wireless mesh capabilities, which is why I purchased them.
Thanks in advance for your help!