I cannot change my Strict NAT type on my PC

pella01

Posts: 6   +0
I'm using 2 routers.


First one is the static modem (router) technicolor (2015) from my ISP. Because of their low range for WIFI I'm using a Tenda W303R router.
Now to make clear how is my PC connected, well it's wired, and the NET cable (for internet) from my PC goes to the Tenda router, then from Tenda router another NET cable to the first router Technicolor in order to connect them both so the Tenda can have internet in order to give Wifi, and internet to my PC.

I'VE TRIED PORT FORWARDING AND NONE OF THAT WORKED.




I'm quoting some words from an user that helps, but I would like other opinions so you can confirm is it true or give me opinions to solve this issue.

"



Do you have a public or private IP address?


1.Sign in to your router settings.


2.Access either the status page or WAN settings page.


3.Verify or record the WAN or Internet IP address.


4.On your computer, go to the What Is My IP Address site or the IPmarker site to verify your public IP address.


5.Compare this IP address to the one that you recorded from your router in step 3.


If the IP addresses match, then your router is being assigned a public IP address and open NAT should be possible. If the IP addresses do not match, then your ISP is supplying you with a private IP address and open NAT will not be possible under the current configuration.
"






So I checked and my IP's were totally different from each other.




WAN Connection type of the Technicolor router is DHCP

2020-05-21_19-24-10 (techni).jpg


___

I'm showing how is TENDA connected below:

2020-05-21_19-27-19 (tendaa).jpg

2020-05-21_19-28-48 (tenda2).jpg
 

Gabriel Pike

Posts: 221   +60
You are getting this error because of double NAT. The easiest way for you to resolve this is to log into the router and disable DHCP. Then plug the LAN port on the modem to the LAN port of the router. If you know the subnet of the modem LAN you could assign a static IP address in that subnet to the router to access it to change passwords and such. This essentially turns your router into just a wireless access point and puts a single NAT at the modem.
 
  • Like
Reactions: pella01

pella01

Posts: 6   +0
  • Thread Starter Thread Starter
  • #3
You are getting this error because of double NAT. The easiest way for you to resolve this is to log into the router and disable DHCP. Then plug the LAN port on the modem to the LAN port of the router. If you know the subnet of the modem LAN you could assign a static IP address in that subnet to the router to access it to change passwords and such. This essentially turns your router into just a wireless access point and puts a single NAT at the modem.
But the thing is that my internet cable from my pc is not that long to connect it directly to the modem. That's why I connected it to the second (tenda) router. Is there anyway to bypass :D ?
 

Gabriel Pike

Posts: 221   +60
Yes. The way I described. I didn't say anything about your PC. You log into your router and disable DHCP and set a static LAN IP that is not in the pool of the Modem but still in the subnet of the Modem. Then connect LAN of router to LAN of Modem. This makes the router still function for wireless or as a switch on the LAN bridge of the router.This makes the Modem the single gateway for NAT.
 
  • Like
Reactions: jobeard

pella01

Posts: 6   +0
  • Thread Starter Thread Starter
  • #5
Yes. The way I described. I didn't say anything about your PC. You log into your router and disable DHCP and set a static LAN IP that is not in the pool of the Modem but still in the subnet of the Modem. Then connect LAN of router to LAN of Modem. This makes the router still function for wireless or as a switch on the LAN bridge of the router.This makes the Modem the single gateway for NAT.
set a static LAN IP that is not in the pool of the Modem but still in the subnet of the Modem ....

Shall I set the IP of the modem in the router or how?
Give me a help in this final method <3
I can guide you with photos if you want...
 

Gabriel Pike

Posts: 221   +60
You set this in the LAN setting of the router. If your Modem is handing out addresses in a range, set the router somewhere outside the range.
 

pella01

Posts: 6   +0
  • Thread Starter Thread Starter
  • #7
You set this in the LAN setting of the router. If your Modem is handing out addresses in a range, set the router somewhere outside the range.
Would you like to help me guide into this. I can provide pics in private, tell me what do you need?
I'll appriciate your help and time
 

Gabriel Pike

Posts: 221   +60
Here is a link to a video describing how to do it. It is really not that complicated.

Below are step by step instructions:

How to set a Wireless Router as an Access Point



I've often found it useful to get just the wireless functionality out of a WiFi router and reuse it as an access point. Wireless routers seem more common, and are often priced even lower than wireless access points. Adding an access point to a wired network already in place, or to one where the main NAT router is provided by the ISP is usually the easiest solution. However, introducing a second NAT router on the network is not a good idea, especially without some tweaking to set it up correctly.

Instead of using your wireless router as intended (NAT routing, DHCP client/server, PPPoE client, etc.), converting it into a wireless access point will save you a lot of headackes and make the configuration much simpler.

In essence, the new wireless router/access point needs to be configured to use a LAN IP address in your network range (the same subnet as your other devices), and you need to connect one of its LAN ports to the existing gateway/router. Do not use the Internet/WAN port on the wireless router to be used as an acces point.

More detailed step by step instructions on how exactly to convert and use your wireless router as an access point are below:



Step 1: Find the IP addresses of your existing gateway/router and clients

You need to find the internal IP address of your existing modem/gateway/router that connects your LAN to the internet. Under Windows, the easiest way to do this is drop to command prompt (Start > Run > type: cmd) and type: ipconfig




Click to expand

In this example, my ISP-provided gateway/router (the "Default Gateway") is set to 192.168.1.1. My client computer is at 192.168.1.10




The "IP address" line in the above figure shows your computer's IP, while the "Default Gateway" is your main existing router that provides your internet connection. It is usually in the 192.168.x.x range.

Alternaticely, you can try connecting to your router's default IP address by looking it up in our routers database.



Step 2: Connect to your router administration interface to find the DHCP range

By default, LAN clients are usually set to obtain their IPs automatically. What that means is, the router acts as a DHCP server, and serves IP addresses dynamically, as needed to the client computers. You need to find the range of IPs used for DHCP so you can later set your access point to use an IP address outside that range (but on the same subnet).

Login to your gateway's admin interface, usually by typing its IP address in your web browser, and find the DHCP range:




Click to expand


In this example, the DHCP range is from 192.168.1.10 to 192.168.1.100




Note: If you don't know the password to your router's admin interface, you may want to lookup the defaults in its manual, or in our hardware database.



Step 3: Connect a computer to the wireless router/AP

You need to connect a computer (via a LAN port) to the new wireless router to be used as an access point. I'll refer to it as the "Acces point" from now on. To do this:

- set your client computer to obtain its IP automatically (default behavior in Windows)
- connect it to a LAN port on the access point using a Cat5 network cable
- reboot, or use the "ipconfig /renew" command in Command prompt to force it to get an IP address from the access point

Log into the admin page of the access point (you can find it's IP address as you did in step 1 for your main router). It is usually done by simply typing the IP address of the router in your browser's address bar.




Step 4: Configure the wireless router / AP

Once logged into the admin interface of the wireless router, you need to do two things. First, you need to change its internal/LAN IP address to an unused address in the same range/subnet as all your other LAN devices. Second, you need to disable the DHCP server on your new AP, so there is only one DHCP server on the network. In my case, my main gateway/LAN router is set to 192.168.1.1, and it is serving dynamic IPs via DHCP in the range 192.168.1.10 - 192.168.1.100. I have to use any other address in the 192.168.1.x range for the access point:



Click to expand


In this figure, my new wireless router/access point is set to use 192.168.1.2 as its IP address, and I've disabled DHCP, so it will not interfere with the DHCP server from my gateway. It is important to have only one device acting as a DHCP server, and that the IP address of the access point is in the same range as the main router.






Step 5: Connect the AP to the LAN

It is time to connect the reconfigured wireless access point to the network. Use a LAN port on the new wireless router, and connect it with a Cat5 network cable to one of the LAN ports of the existing gateway. Make sure not to use the "Internet/WAN" port on the wireless access point!

Connect your client computer to another LAN port of the gateway/router (if you do not reboot, you will have to use "ipconfig /renew" in command prompt to obtain an IP address from your router).

Note: Some older devices that do not support Auto-crossover (MDI/MDI-X) may require a crossover network cable (where the send and receive pairs are switched) between the two routers. This is not common with modern hardware.



Step 6: Test admin page is reachable and secure the AP

Now that the new wireless access point is connected to our network, with a correct IP address in the same range (and outside the DHCP range), we can test whether it's reachable, and secure the wireless connection.

In the above example, I configured the wireless AP to use 192.168.1.2. Its administration interface should be reachable by typing this IP address in the browser.

Once connected, it is time to set the wireless security:




Click to expand


Use WPA2 if both your access point and clients support it. Set a strong key, and remember it - clients will need this to be able to connect to the wireless network. Try not to use WEP encryption - it can be cracked easily as illustrated here.






Step 7: Test the AP wireless connection

Start a wireless client and make sure it properly connects to the network. It should pull an IP address automatically from your existing router/gateway (the DHCP server).

Done, you now have a wireless access point.
 
  • Like
Reactions: pella01

pella01

Posts: 6   +0
  • Thread Starter Thread Starter
  • #9
Here is a link to a video describing how to do it. It is really not that complicated.

Below are step by step instructions:

How to set a Wireless Router as an Access Point



I've often found it useful to get just the wireless functionality out of a WiFi router and reuse it as an access point. Wireless routers seem more common, and are often priced even lower than wireless access points. Adding an access point to a wired network already in place, or to one where the main NAT router is provided by the ISP is usually the easiest solution. However, introducing a second NAT router on the network is not a good idea, especially without some tweaking to set it up correctly.

Instead of using your wireless router as intended (NAT routing, DHCP client/server, PPPoE client, etc.), converting it into a wireless access point will save you a lot of headackes and make the configuration much simpler.

In essence, the new wireless router/access point needs to be configured to use a LAN IP address in your network range (the same subnet as your other devices), and you need to connect one of its LAN ports to the existing gateway/router. Do not use the Internet/WAN port on the wireless router to be used as an acces point.

More detailed step by step instructions on how exactly to convert and use your wireless router as an access point are below:



Step 1: Find the IP addresses of your existing gateway/router and clients

You need to find the internal IP address of your existing modem/gateway/router that connects your LAN to the internet. Under Windows, the easiest way to do this is drop to command prompt (Start > Run > type: cmd) and type: ipconfig




Click to expand

In this example, my ISP-provided gateway/router (the "Default Gateway") is set to 192.168.1.1. My client computer is at 192.168.1.10




The "IP address" line in the above figure shows your computer's IP, while the "Default Gateway" is your main existing router that provides your internet connection. It is usually in the 192.168.x.x range.

Alternaticely, you can try connecting to your router's default IP address by looking it up in our routers database.



Step 2: Connect to your router administration interface to find the DHCP range

By default, LAN clients are usually set to obtain their IPs automatically. What that means is, the router acts as a DHCP server, and serves IP addresses dynamically, as needed to the client computers. You need to find the range of IPs used for DHCP so you can later set your access point to use an IP address outside that range (but on the same subnet).

Login to your gateway's admin interface, usually by typing its IP address in your web browser, and find the DHCP range:




Click to expand


In this example, the DHCP range is from 192.168.1.10 to 192.168.1.100




Note: If you don't know the password to your router's admin interface, you may want to lookup the defaults in its manual, or in our hardware database.



Step 3: Connect a computer to the wireless router/AP

You need to connect a computer (via a LAN port) to the new wireless router to be used as an access point. I'll refer to it as the "Acces point" from now on. To do this:

- set your client computer to obtain its IP automatically (default behavior in Windows)
- connect it to a LAN port on the access point using a Cat5 network cable
- reboot, or use the "ipconfig /renew" command in Command prompt to force it to get an IP address from the access point

Log into the admin page of the access point (you can find it's IP address as you did in step 1 for your main router). It is usually done by simply typing the IP address of the router in your browser's address bar.




Step 4: Configure the wireless router / AP

Once logged into the admin interface of the wireless router, you need to do two things. First, you need to change its internal/LAN IP address to an unused address in the same range/subnet as all your other LAN devices. Second, you need to disable the DHCP server on your new AP, so there is only one DHCP server on the network. In my case, my main gateway/LAN router is set to 192.168.1.1, and it is serving dynamic IPs via DHCP in the range 192.168.1.10 - 192.168.1.100. I have to use any other address in the 192.168.1.x range for the access point:



Click to expand


In this figure, my new wireless router/access point is set to use 192.168.1.2 as its IP address, and I've disabled DHCP, so it will not interfere with the DHCP server from my gateway. It is important to have only one device acting as a DHCP server, and that the IP address of the access point is in the same range as the main router.






Step 5: Connect the AP to the LAN

It is time to connect the reconfigured wireless access point to the network. Use a LAN port on the new wireless router, and connect it with a Cat5 network cable to one of the LAN ports of the existing gateway. Make sure not to use the "Internet/WAN" port on the wireless access point!

Connect your client computer to another LAN port of the gateway/router (if you do not reboot, you will have to use "ipconfig /renew" in command prompt to obtain an IP address from your router).

Note: Some older devices that do not support Auto-crossover (MDI/MDI-X) may require a crossover network cable (where the send and receive pairs are switched) between the two routers. This is not common with modern hardware.



Step 6: Test admin page is reachable and secure the AP

Now that the new wireless access point is connected to our network, with a correct IP address in the same range (and outside the DHCP range), we can test whether it's reachable, and secure the wireless connection.

In the above example, I configured the wireless AP to use 192.168.1.2. Its administration interface should be reachable by typing this IP address in the browser.

Once connected, it is time to set the wireless security:




Click to expand


Use WPA2 if both your access point and clients support it. Set a strong key, and remember it - clients will need this to be able to connect to the wireless network. Try not to use WEP encryption - it can be cracked easily as illustrated here.






Step 7: Test the AP wireless connection

Start a wireless client and make sure it properly connects to the network. It should pull an IP address automatically from your existing router/gateway (the DHCP server).

Done, you now have a wireless access point.
Firstly I want to say Thanks, for the steps above. I hope I did it correctly.
Look below my results.

1. The main modem/router by ISP
2020-05-29_18-22-23.jpg


2. My router (access point) that I want to use it as primary WIFI.
2020-05-29_18-27-10 (2).jpg
So this is what it comes, in this case.
As you said an IP Adress outside the DHCP range!!!.
Check below....

3. My Router (access point) with the IP from (what is my ip)
2020-05-29_18-30-24 (3).jpg

4. I changed into this, and it was successful.
2020-05-29_18-31-23 (4).jpg

Now is it correct, or I still need to do something else?
 

Gabriel Pike

Posts: 221   +60
You should have it correct. 192.168.0.255 is not valid as it is the broadcast address. 192.168.0.2 should be fine. Glad you got it working.
 

pella01

Posts: 6   +0
  • Thread Starter Thread Starter
  • #11
You should have it correct. 192.168.0.255 is not valid as it is the broadcast address. 192.168.0.2 should be fine. Glad you got it working.
But it didn't work, I think, I assume that adding the gateway (192.168.0.2) of the second router in the DMZ Host in the primary modem bypasses the NAT. I think this is the best solution for people using Dynamic IP Adresses (DHCP) or at least people with the same problem as I had. . For a static address I think your example will be more suitable. But we should notice that some operators will charge extra for a STATIC IP ADDRESS.

And we should also notice that:

The problem with double NAT is that if the first router on your network doesn’t have the port forwards configured, incoming traffic will stop there even if you have the port forwards configured on the second router. Or even if the first router has the port forwards, it can’t forward the traffic to a device that’s connected to the second router. It might only forward traffic to computers and devices directly connected to that first router, which could be either a wireless or wired connection.

How to detect a double NAT situation


Sometimes gateways will detect double NAT and automatically fix the issue for you. Or sometimes, if the ISP installers are knowledgeable, they might fix it when they come out to install the gateway and see that you have your own router.

For the two ways I’ll show you how to detect a double NAT situation, you’ll need to check your IP addresses and know if they’re private or public. This is easy: private addresses are usually in the 192.168.0.0 to 192.168.255.255 range, the 172.16.0.0 to 172.31.255.255 range, or the 10.0.0.0 to 10.255.255.255 range. Addresses outside of these ranges would be public (internet) addresses.

One quick way that usually shows if double NAT exists is a traceroute, which allows you to ping a server or device on the internet and see the path it takes between routers and servers. Open a Command Prompt (on a Windows PC that’s connected to the internet, click on the Start menu, type “cmd,” and hit Enter) and type “tracert 8.8.8.8“ to see the traceroute to Google’s DNS server. If you see two private IP addresses listed in the first two hops then you have double NAT. If you see only one private address and the second hop shows a public address, then you’re all good.

traceroute-double-nat-100711216-large.jpg
Here’s a traceroute showing double NAT, as evidenced by the private IP addresses in the first two hops.
How to eventually fix NAT through DMZ

If you’ve confirmed you have double NAT, there are ways to fix it. One simple way is to unplug any additional router and only use your ISP’s gateway. If you’re a power-user and you can’t part with your fancier router, then this option probably isn’t for you.

If you’d like to keep your router, see if you can put the ISP’s gateway into bridge or passthrough mode. This will disable the gateway’s NAT, firewall, and DHCP functions and reduce it to a simple internet modem. Many gateways offer these settings, but not all. Log into the web-based GUI of the gateway and check for a NAT, passthrough, or bridge mode setting, but keep in mind sometimes it’s hidden. If you don’t see it, search the internet for details on your particular model, or call your ISP’s tech support.

If your ISP gateway doesn’t offer any bridging functionality, consider putting your router in the DMZ (demilitarized zone) of the gateway. If the gateway has a DMZ, it will basically give the router a direct connection to the internet, bypassing the gateway’s NAT, firewall, and DHCP so that your networked devices get those values directly from your router.

To utilize the DMZ, you’d log into the web-based GUI of the gateway, find the DMZ setting, and enter the private IP address that’s assigned to your router. Furthermore, you should also see if you can establish an IP address reservation for your router, so your gateway always gives the same private IP address to your router. If the gateway doesn’t support IP address reservations, you should log into the router’s web-based GUI and manually assign it a static private IP address (the same one you configure as the DMZ host) yourself for its WAN (wide area network; I.e., the internet) connection.
 

Gabriel Pike

Posts: 221   +60
No. You have done something incorrect then. The IP of your modem is 192.168.0.1. This is the gateway. The LAN IP of your router/AP needs to be 192.168.0.2. Not the WAN. No DMZ on modem to router.This makes modem single NAT point.