What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can I remove NAT but still use the Firewall?

Magnesium_CW

Magnesium_CW

New Around Here
Hello all,

My home setup is I have a modem with a DHCP server and an Asus RT-AC68U running as a router / firewall / wifi hotspot. I'd like to install an inline tap between the ISP Modem and Asus router (like http://greatscottgadgets.com/throwingstar/) and run a Network Intrusion Detection System (like http://www.securityonion.net/) to be able to monitor for virus infections and know which of my hosts are compromised, but having NAT on the Asus stops me from determining which member of my network is infected.

I want to disable NAT on the Asus router and use DHCP from my modem to solve knowing which asset is generating which network traffic, but I don't want to lose the amazing firewall capabilities of the Asus router in the process. Is there a way I can have both?

Thanks,
Magnesium
 
Does your modem also provide NAT? If it doesn't how will your LAN devices be able to connect to the internet?
 
yes. you can disable nat. but are you going to pay for public ip addresses for each of your devices?
 
Consider running a UTM which is basically what you're looking for. Have the UTM also perform the NAT (or in some cases the UTM can filter at layer 2 instead so you can just put one in between).
 
I think setting up your ASUS router in AP Mode will more than suffice. DHCP and NAT are turned off and all traffic is passed to the border router (in your case the ISP modem).
 
ColinTaylor said:
Does your modem also provide NAT? If it doesn't how will your LAN devices be able to connect to the internet?
Click to expand...

Sorry, that was a vital point I forgot to mention. My ISP modem also has a firewall an NAT's everything that it provides a DHCP address for. It's one of those ISP modems that they remotely control and I don't trust either what they do with it nor what malicious smart people on the itnernet can do to my internal network if compromising the ISP modem. This is why I want my own firewall to block unsolicited internal traffic.
 
snapilica2003 said:
I think setting up your ASUS router in AP Mode will more than suffice. DHCP and NAT are turned off and all traffic is passed to the border router (in your case the ISP modem).
Click to expand...

Thanks Snapilica2003, but this would lose the ability for using the firewall of the Asus router. Maybe that's what has to be done in this scenario, like System_Error_Message has implied in his/her response, and I have to use a 3rd system between the router and the modem to do next gen firewall stuff. I was trying to avoid that scenario and that's why my OP is here asking if there's a way.

Anything anyone else can suggest before I consider this thread closed as a no? Maybe something RMerlin can think of?

Thanks again,
Magnesium
 
Have you tried disabling NAT (WAN > Internet Connection > Enable NAT = No) and seeing what happens?
 
Calisro said:
Got it! Do they not allow you to bridge their modem/router?
Click to expand...
If I understand you correctly, my modem will do a full DHCP internally and I can set my internal router as a bridge / AP but then I think I lose the firewall capability of it.

ColinTaylor said:
Have you tried disabling NAT (WAN > Internet Connection > Enable NAT = No) and seeing what happens?
Click to expand...
I have tried that. My Modem then fails to route traffic back to my internal network devices properly. Maybe there's a configuration I'm missing to allow this to happen gracefully, like an IP address overlap between my modem and router, but I've been unable to figure out how to get my router to send everything router related over the same switch port to my router (if that makes any sense).
 
most modems and isps let you bridge their modem so your router gets the public ip.

EDIT: Sorry, I re-read what you are trying to accomplish. You actually want the ISP modem to be the dhcp/nat device so you can plug a tap on hte line and continue to use the firewall.
 
Last edited:
You must log in or register to reply here.

Similar threads

K
Asus router as adblock/firewall server (but not acting as a router) between modem and mesh routers
Replies
7
Views
522
Tech9
Tech9
T
Advices about custom dns in a home lan
Replies
3
Views
417
Digilog
D
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
C
ZenWiFi XT9 blocks weather.gov
Replies
11
Views
426
bennor
B
Spartan
Can I use my cellphone's wireless hotspot in addition to the router's WAN to get double the speed?
Replies
5
Views
793
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
nospamever Remove USB2 thumb drive Asuswrt-Merlin 13
M RT-BE88U - How to remove or prevent creation of IOT VLAN (3006 firmware) Asuswrt-Merlin 1
V How to remove these eternal mistakes? Asuswrt-Merlin 8
K Add/Remove Port Forwards on a schedule Asuswrt-Merlin 3
M How to NAT traffic inbound to a specific host or network ? Asuswrt-Merlin 6
A Open NAT game profiles Asuswrt-Merlin 8
J Double NAT trouble? ISP-provided modem/router + GT-AX6000 (w/ RMerlin) Asuswrt-Merlin 6
J Max number of open NAT connections on GT-AXE16000 and GT-BE98 Asuswrt-Merlin 9
S VoWifi and NAT Acceleration Asuswrt-Merlin 0
C Solved Need help with nat-start scripts Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 569 (members: 34, guests: 535)
Back
Top