Double Router Port Forwarding (Netgear)

[stormcloud007]

Hi all,

I have a Netgear DM200 using 192.168.5.1 - acting as my ISP link (BT)

This then connects to WAN port of my R7000 LAN Router- 192.184.17.1

The DM200 has DHCP enabled and my R7000 WAN IP is 192.168.5.10 - Gateway 192.168.5.1

All my devices on the network have an IP of 192.184.17.X and I have no issues accessing the internet.

I am however trying to open up a open on my NAS that sits on my LAN but goes out via the internet, so:

NAS > R7000 > DM200
192.184.17.30 > 192.184.17.1 > 192.168.5.10 > 192.168.5.1

I can't seem to get the bloody port open and can't see what else I can do.

Any help would be grand!

 

[BuddhaSkoota]

Hi all,

I have a Netgear DM200 using 192.168.5.1 - acting as my ISP link (BT)

This then connects to WAN port of my R7000 LAN Router- 192.184.17.1

The DM200 has DHCP enabled and my R7000 WAN IP is 192.168.5.10 - Gateway 192.168.5.1

All my devices on the network have an IP of 192.184.17.X and I have no issues accessing the internet.

I am however trying to open up a open on my NAS that sits on my LAN but goes out via the internet, so:

NAS > R7000 > DM200
192.184.17.30 > 192.184.17.1 > 192.168.5.10 > 192.168.5.1

If there's no reason you have the routers set up in this manner (double NAT), the easiest solution would be to configure the R7000 as an access point (from the DM200 connect to the LAN port on the R7000). Then port forward only on the DM200. Use this guide: http://www.tomshardware.com/forum/36406-43-convert-wireless-router-wireless-access-point

A second good solution: place the DM200 in bridge mode (modem-only) and forward only the R7000.
https://kb.netgear.com/30773/How-to-set-DM200-into-bridge-modem-only-mode?cid=wmt_netgear_organic

Otherwise, you would need to port forward on both routers. The DM200 would need to port forward to the WAN IP of the R7000, then the R7000 would need to be forwarded to the NAS IP. It's not an elegant solution, and not really intended to work in this manner.

Or, place the R7000 in the DMZ of the DM200 (if available), and port forward on the R7000 only.

Edit: [strike]I just looked up the DM200, it appears to be a modem-only device. Are you sure you've posted the correct model number? The R7000 should not be receiving a private IP address from the DM200, unless your ISP is using carrier-grade NAT.[/strike] Just found that the DM200 does have routing capabilities, so original answer applies. Also added bridging as an option.

 

[stormcloud007]

Hi all,

I have a Netgear DM200 using 192.168.5.1 - acting as my ISP link (BT)

This then connects to WAN port of my R7000 LAN Router- 192.184.17.1

The DM200 has DHCP enabled and my R7000 WAN IP is 192.168.5.10 - Gateway 192.168.5.1

All my devices on the network have an IP of 192.184.17.X and I have no issues accessing the internet.

I am however trying to open up a open on my NAS that sits on my LAN but goes out via the internet, so:

NAS > R7000 > DM200
192.184.17.30 > 192.184.17.1 > 192.168.5.10 > 192.168.5.1

If there's no reason you have the routers set up in this manner (double NAT), the easiest solution would be to configure the R7000 as an access point (from the DM200 connect to the LAN port on the R7000). Then port forward only on the DM200. Use this guide: http://www.tomshardware.com/forum/36406-43-convert-wireless-router-wireless-access-point

A second good solution: place the DM200 in bridge mode (modem-only) and forward only the R7000.
https://kb.netgear.com/30773/How-to-set-DM200-into-bridge-modem-only-mode?cid=wmt_netgear_organic

Otherwise, you would need to port forward on both routers. The DM200 would need to port forward to the WAN IP of the R7000, then the R7000 would need to be forwarded to the NAS IP. It's not an elegant solution, and not really intended to work in this manner.

Or, place the R7000 in the DMZ of the DM200 (if available), and port forward on the R7000 only.

Edit: [strike]I just looked up the DM200, it appears to be a modem-only device. Are you sure you've posted the correct model number? The R7000 should not be receiving a private IP address from the DM200, unless your ISP is using carrier-grade NAT.[/strike] Just found that the DM200 does have routing capabilities, so original answer applies. Also added bridging as an option.

Hi

I have this setup because I only want my DM200 to be public facing, if it wasn't this device it would be the BT Home Hub.

I already have a forwarding rule on the DM200 to 192.168.5.10, and on the R7000 (192.184.17.1), I have a forwarding rule with the same port number to the NAS.

There really should be no reason why this wouldn't work. Hmmmmm

 

[BuddhaSkoota]

I have this setup because I only want my DM200 to be public facing, if it wasn't this device it would be the BT Home Hub.

I already have a forwarding rule on the DM200 to 192.168.5.10, and on the R7000 (192.184.17.1), I have a forwarding rule with the same port number to the NAS.

As long as the DM200 is performing routing (not bridged), all LAN side devices will be behind NAT, so nothing will be public facing other than the DM200.

But if you decide to maintain double NAT, double port forwarding is (unfortunately) your only option, since it appears DMZ is not available on the DM200.

Double NAT will always be a bit clunky, so not sure what else to suggest.

 

[stormcloud007]

I have this setup because I only want my DM200 to be public facing, if it wasn't this device it would be the BT Home Hub.

I already have a forwarding rule on the DM200 to 192.168.5.10, and on the R7000 (192.184.17.1), I have a forwarding rule with the same port number to the NAS.

As long as the DM200 is performing routing (not bridged), all LAN side devices will be behind NAT, so nothing will be public facing other than the DM200.

But if you decide to maintain double NAT, double port forwarding is (unfortunately) your only option, since it appears DMZ is not available on the DM200.

Double NAT will always be a bit clunky, so not sure what else to suggest.

This worked fine with BT HHB6 instead of the DM200 - must be something I'm missing.

Appreciate your help with this. The only thing I can think of is to place the DM200 in Modem mode and my R7000 in bridge. But that's a bad idea, no??

Long story short, all I want is the DM200 to be dumb and the R7000 doing all the routing (currently setup with Tomato Shibby iOS). Don't want to have my ISP modem hooked up.

 

[BuddhaSkoota]

The only thing I can think of is to place the DM200 in Modem mode and my R7000 in bridge. But that's a bad idea, no??

Long story short, all I want is the DM200 to be dumb and the R7000 doing all the routing (currently setup with Tomato Shibby iOS). Don't want to have my ISP modem hooked up.

Putting the DM200 in modem-only mode will be fine, and should resolve your forwarding issue. Your network will still be behind the R7000's NAT, so nothing will be directly exposed to the Internet.

 

[tonster76]

Maybe reduce your MTU size to say 1450 on the R7000 and DM200. The double NAT will increase packet size and could create problems in some circumstances.

 

[bill001g]

Maybe reduce your MTU size to say 1450 on the R7000 and DM200. The double NAT will increase packet size and could create problems in some circumstances.

This is not correct. Nat will have no impact at all on MTU. All it does is change the content of the source IP field in the packet it does not actually add any headers to the packet.