[Forge]

my isp sent me a new modem. The security on it is superior to the old one, but this one doesn't play nice with my netgear that I'm using behind it & connect all my devices to.
As the title indicates, I'm getting a double NAT with this combo & it's making web pages through multiple browsers, svn, & other connections through the LAN get bad certs and not recognize internet addresses.

The question is which is the better option?
Port Forwarding: (which I'm doing now & it's only 1 port since everything runs through the netgear & the netgear is the only thing connected to the isp modem)

Bridging: (i guess it works - the annoying thing is it shuts off the wifi in the isp modem. Not a big deal since I shut it off manually anyway, but when the modem does it it makes the damn lights on the modem blink which is really freakin' annoying. But if this is the better option I can get some electrical tape & cover them).

DMZ: not sure about this one & I trust the netgear security over the isp modem security if that's a factor


There's no networking going on internally in house. Just a wireless printer.

[oasiz]

If you do NAT:ing, use the device that does it better. Disable it for the other one. In this case your router should be the one doing it.
NAT is only a workaround due to the lack of public IPs, it's not really good for double NAT:ing (as it shuffles around with +10k port range to tie may sessions in one host to many hosts behind it) and you might run in to weird networking issues if you're not careful.

My recommendation: Always delegate ISP modems to dumb bridges and then get a proper router, usually ISP gear is underpowered hardware and occasionally they might even do remote updates which may reset your settings. Not to mention that a modem might be just some whitelabel huawei box with ISPs custom firmware that limits a bunch of features (Don't know about yours of course).

You will want full control over your network's vertical/horizontal routing from one spot if possible.
While you could leave the ISP modem GW as something like 10.10.100.1 and have your internal net as 192.168.100.1, this will just increase the complexity needlessly and is wilder stuff you will mainly find with strangely configured corporate networks.

EDIT: Also "the security" ?

[Forge]

oasiz, on 15 January 2020 - 11:11 AM, said:

Always delegate ISP modems to dumb bridges and then get a proper router

i'm not understanding your post. from my limited perspective, it sounds like you're simply repeating back to me what I already posted.

I have my own modem/router that I use. All my devices in the house are connected to it (wired & wifi).
This is then wired to the isp modem lan to wan.
the isp modem is connected to the server.



the question I'm trying to ask

should I put the isp modem in bridge mode
or
should I do port forwarding in the isp modem
or
should I set the isp modem in DMZ mode

I'm trying to resolve double-nat & I would like to know which is the better & more secure method
(i'm currently using port-forwarding)

[Forge]

*i'm getting double-nat using port-forwarding, but both devices are not 10.0.x.x. anymore so the weird issues I was having are gone

[Forge]

I did this:

oasiz, on 15 January 2020 - 11:11 AM, said:

While you could leave the ISP modem GW as something like 10.10.100.1 and have your internal net as 192.168.100.1, this will just increase the complexity needlessly and is wilder stuff you will mainly find with strangely configured corporate networks.

or would you still recommend bridging; which is the better option?


edit: (from discord) okay, i'll bridge them. Thank you @oasiz

[Mark]

At least you could still access your ISP modem settings to set bridge mode. If you remember the fiasco I had when doing the same thing you did, my ISP locked me out of their modem/router. It seems that when I contacted them for help with my problem, they accessed my account and turned off access to the modem that I wasn't supposed to have.

[Radar]

Forge, on 15 January 2020 - 08:07 AM, said:

Bridging: (i guess it works - the annoying thing is it shuts off the wifi in the isp modem.

Since it sounds like the ISP modem has WiFi, and you're not doing any complex networking stuff, why not just use the ISP modem?

[Forge]

Radar 100 Watts, on 16 January 2020 - 08:03 PM, said:

Since it sounds like the ISP modem has WiFi, and you're not doing any complex networking stuff, why not just use the ISP modem?

I trust my modem's performance and security features over the ISP's
I don't have to worry about random updates undoing all my settings
I don't have to reconfigure and reconnect my entire home network everytime I get a new ISP modem - which seems like every couple years lately

This is the first modem that gave me double-nat out of the box. There were three options available to deal with it, where the older modems only offered bridging.

[Mark]

For me, I added my own wireless router because my ISP actually wanted to charge me a monthly fee to activate wireless on their router/modem. I had no idea that getting it for free was a mistake on their part. Eventually they caught up to me and disabled it unless I pay.

[TerminX]

You want bridging.

[mike_s]

I have a similar setup as the OP. My setup is as follows:

1. I use my own ADSL modem I bought from a computer store and the DSL connection itself is a separate phone line

2. I connect the remaining socket (RJ45) on the modem to the WAN socket of the router using a straight-through RJ45 cat-5e cable.

3. In router settings, I specify the wan connection as PPPoE and insert the credentials my ISP gave to me.

Then at that point I'm connected. As for router, I make it so that computers that want to connect can receive an IP address (DHCP).

I do have an oddball disconnection but most of the time it works.