Port Forward: The Double NAT
There are times where we setup a port forward inside a router, yet we still cannot hit the receiver from the outside. Most likely there is another router stacked in front of the one we assumed to be the primary. Typically, the “other” router isn’t obvious. The “other” router is most likely a modem/router combination provided by the Internet Service Provider.
As you can imagine, port forwarding through two routers is a bit more complex than port forwarding through one router. Below is a diagram of a double routed network.
Important Things to Notice:
- Both "Router #1" and "Router #2" have TWO IP addresses; an Internal IP address and an External IP address.
- There are TWO LANs (Local Area Networks).
- There are TWO WANs (Wide Area Networks). If there is a LAN then there is an accompanying WAN.
Now that we have identified these variables, we can move forward and learn how they affect us.
Network Address Translation
For simplicity and readability, let's refer to "Router #1" and "Router #2" as "R1" and "R2" respectively.
Every router does NAT (Network Address Translation), and has both an internal IP address (LAN) and an external IP address (WAN). The external IP address is the one that connects that router to the WAN (Wide Area Network). Usually the WAN is the Internet. The internal IP address connects the router to the internal network. A network with a double NAT is a bit more complex than the basic network.
R1's external IP address connects R1 to the Internet, just like any other network. R1 also has an internal IP address which provides NAT to the internal LAN1 network below it. Generally, the only connection to LAN1 is the router R2. R2 connects to LAN1 with an external IP address. Keep in mind, R2's external IP address is not connected to the internet, but to another private network (R1). Put another way, the R2 WAN IP address is external to R2 but internal to R1. R2 provides NAT to the LAN2 network below it through its internal IP address. Devices connected to LAN2, receive data from R2.
Let's assign IP addresses to everything, and see how it would look.
Looking at the diagram, the IP addresses that exist on LAN1 differs from the IP addresses on LAN2.
The IP addresses that are on LAN1:
The IP addresses that are on LAN2 :
Here is another diagram to help show the network divisions:
Configure Port Forwards
Now that this mess has been defined, let's talk about how to forward ports through this network.
The ultimate goal is to forward ports from the WAN interface of R1 to a device connected to LAN2. The best approach is to forward the ports on R1 to R2's external IP address. Logging into R1, forward ports to 192.168.1.5, the WAN IP on R2.
Note: In order to connect to R1's web interface one will probably have to plug a computer directly into R1 and establish a connection on LAN1.
Next, forward ports from R2 to the proper network device, in our case a Reference Station receiver. In our example we would log into R2, and then forward ports to 10.0.0.15 (Reference Station IP address).
Static IP Addresses
The port forwarding rules should be configured in the double router network and everything is hopefully working without a hitch. Great! However, if static IP addresses have NOT been configured for the network devices which have forwarded ports, then your port forwarding settings are doomed to break. If the port forwarding settings stop working, it is a good bet the network device with forwarded ports has obtained a different internal IP address than the initial internal IP address when the port forward settings were originally configured. In a nutshell, the ports are no longer forwarded to the correct IP address.
How to stop port forward settings from breaking?
Static IP addresses! A static IP addressing scheme allows an assignment of an IP address to a network device ensuring its IP address does not change.
The port forwarded network devices need to have a static IP address. If not, it has a dynamic IP address. Dynamic IP addresses can/will change. As you can guess, if the IP address of a network device with forwarded ports changes, the ports will not forward to the correct place. It is critical to setup a static IP address on the network devices for which you intend to forward ports.