Double NAT ISP Challeneges

Majority of the ISPs(Internet Service Providers) these days employs double NAT setup which makes it almost impossible to allow incoming connections, open port forwarding, run SSH server and access it outside the home network.

Please read the following information before entering a long term contract with your ISP.

To check if your ISP is using the double NAT setup:

  • Connect to your router’s web-based GUI and see if the WAN (internet) IP address is private or public. If it’s between any of these ranges (10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255, 192.168.0.0 – 192.168.255.255), then you have got a double NAT setup.

  • The other way to check is to see the traceroute to Google’s DNS server and if you see private IPs in the first 2 hops, then you have got a double NAT setup. You can do this by “tracert 8.8.8.8” on windows cmd or via using network utility->traceroute on a mac.

What are your thoughts about this?

Hello mohakagr,

Unfortunately, if your ISP uses a double NAT and no way to forward a port to your network, there is no way I can think of to make your node/gateway work on that network. Is it not possible to get your own IP for your network? If not, you’d have to collocate or cloud host your node and gateway somewhere.

If anyone does have ideas for how to get it to work behind a double NAT setup, I would be interested to know.

There is a way (and a few implemenations) to expose a public port on a machine in a private network, you have to create a tunnel to a public machine and forward the connections. The most common / easy to setup implementations are ngrok and ssh, but none is suitable for a xxnetwork node, because of performance (bandwidth and latency) and potentially geolocalization issues.

Thanks, Sydney. Does getting a static ip solve this issue or an ISP can still have a double NAT’d setup with a static IP as well?
The ISPs in my region couldn’t give a definite answer to these questions but in their user forums, it seems like a majority of them use a double NAT’d setup.

It could technically be either, I would hope it’s an IP just for you. An ISP can still use a double NAT for a static IP, it’s technically just a marketing term for your public internet IP doesn’t change. I would give it a try if you’re able to

I’m checking my provider and it seems that it offer public ip and so port forwarding, but what about the ip assignment…is a dynamic IP ok?

Static (public) IP is not required to run a node, the team mentioned it’s now fine to have a dynamic one.

2 Likes

I am getting a demo from one of the ISP this week. I am not sure if I’ll be able to build the node by that time. Are there any tests that I can perform from my mac on that demo network to check if it will run the node fine?