Can't figure out good way to isolate router from apartment LAN

[dinkarinka]

Hi,

I tried working this out in the #networking IRC channel on FreeNode but nobody could figure it out, hence I come here, praying SNB has the skillset to help me further.

Situation is this: I live in an apartment building that shares one internet connection and thus one modem. However, I do not want the other apartments to see my Apple TV or other devices.
To accomplish this, I have connected LAN1 on the modem to WAN on my router.
This works great, except for the fact that my PS4 can't deal with double NAT and always has NAT type 3 / strict. I have tried putting my router into the modem DMZ and then then the PS4 in the router DMZ, but this does not work.

Routing is as follows: WAN IP (86.*.*.*) to modem internal IP (192.168.178.1) to router 'WAN' IP (192.168.178.2) to router internal IP (172.16.0.1) to PS4 static IP (172.16.0.104). See drawing for extra clarity.

As some of the other apartments use the modem WiFi for internet access, I cannot put it in bridge mode.

Is there a method to keep all the devices on my router LAN separate from the devices on the modem LAN, yet prevent double NAT?

Thanks in advance

 

[ColinTaylor]

No, not with that arrangement. Not unless the ISP modem has some sort of "WAN pass through" function.

How about plugging your PS4 directly into one of the ISP modem's other LAN ports. If there aren't any free LAN ports you could put a small multiport switch in front of your router and the PS4. So the PS4 would now be something like 192.168.178.3. Not ideal, but if you're only concerned about NAT on the PS4...

 

[dinkarinka]

Yeah, I would be quite okay with that. Man, I’ve been researching my butt off about subnets, using subnet masks like 255.255.255.192 to split up a network, VLANs and stuff like that and all it actually takes is such a simpler solution.. thanks a lot!

 

[sfx2000]

How about plugging your PS4 directly into one of the ISP modem's other LAN ports. If there aren't any free LAN ports you could put a small multiport switch in front of your router and the PS4. So the PS4 would now be something like 192.168.178.3. Not ideal, but if you're only concerned about NAT on the PS4...

I was thinking the same thing...

ISP Router < -- > switch (unmanaged) < --> OP's router on port X, OP's PS4 on port Y

So what happens is that PS4 should be NAT Type 2 as it's still behind the ISP's Residential Gateway, and OP's Router with AppleTV and other devices will be handled by OP's Router - challenge there is that OP's devices will be double-NAT'ed, which can be a problem for some apps.

See this sometimes, it's more a problem with the consoles not doing things well - there are ways to punch holes - and Sony and Microsoft could do this better...

 

[roguetr]

See this sometimes, it's more a problem with the consoles not doing things well - there are ways to punch holes - and Sony and Microsoft could do this better...

To be fair, some of the games on their platforms operate outside of their hosted server infrastructure and any alternative solution would likely not apply to those games. Basically any game not requiring a PS plus or Xbox live subscription. Fortnite is a good example of this.

Keeping double NAT out of the equation is always good practice despite a platform's lack of ability to cater for it.

Sent from my MI 5 using Tapatalk

 

[coxhaus]

I think double NAT adds too much latency. I don't do it.

 

[roguetr]

I think double NAT adds too much latency. I don't do it.

And you shouldn't if you can avoid it but the OP has no choice if they choose to host their network behind their own router in their given scenario.

Sent from my MI 5 using Tapatalk

 

[CaptainSTX]

I think double NAT adds too much latency. I don't do it.

I don't game or try to forerun the stock market so for various reasons I prefer to use a double NAT. Physically I know it has to add some amount of time/ latency to pass through a second router and a short jumper cable connecting the routers but I have never seen even a 1 ms increase in latency. Including switches or APs in your network also can add latency, and perhaps the latency is less than a double NATed router. Unless you are going to connect your PC directly to your modem and your modem is in close proximity to your demark every device and foot of cable in your network is going to increase your network's latency.

There are many reasons not to double NAT, but IMHO increased latency isn't one of the more important reasons, at least for most users.

 

[coxhaus]

If you type tracert on a command prompt, trace route, from a PC on the inside NAT router you should see how many ms it takes to go to your outside router. I would think it will be 1 or 2 ms maybe even 3 ms.

 

[ColinTaylor]

There are many reasons not to double NAT, but IMHO increased latency isn't one of the more important reasons, at least for most users.

I'd agree with this. I can't remember ever seeing a router where the overhead from just applying NAT to packets increased the latency in any measurable way. It should be well below 0.1ms. I suppose if you had some ancient kit with a really slow processor...

EDIT: Just to clarify that I was only talking about the overhead for NATing the packets, not the rest of the routing process. Altogether I'd still expect it to be <1ms.

 

[CaptainSTX]

If you type tracert on a command prompt, trace route, from a PC on the inside NAT router you should see how many ms it takes to go to your outside router. I would think it will be 1 or 2 ms maybe even 3 ms.

As you suggested I just ran a tracert from a PC connected to the inside router to the outside router. The result was less than 1 ms.