Ошибка double nat

Double NAT errors can really muck up your network connection, but it’s easy to detect them on Windows.

Experiencing network problems? The problem could be down to your PC’s Network Address Translation (NAT) throwing an error. NAT errors can spoil your surfing and gameplay experience considerably, but not everyone knows what a NAT is, and how errors can ruin your fun.

If you don’t know what NAT is, we’ll help you understand its meaning and how you can fix «double NAT» errors.

What Is NAT, and What Causes a Double NAT Error?

NAT is a translation method. It translates the public IP address that your Internet Service Provider (ISP) provides to a private IP address used by your local network.

The middleman in this equation is the router, which performs this translation. However, when you’re using two routers or connecting your router to an ISP gateway, the translation can go wrong and lead to double NAT errors.

Double NAT errors occur when your router is connected to another router or gateway. Since the IP address is translated twice in such setups, your network is essentially split into two different private networks. Both devices will have problems communicating with each other because of two different sets of IP addresses and firewalls.

Double NAT can cause network problems and interfere with online gaming, VPN connections, port forwarding, and port triggering. Double NAT often renders Quality-of-Service (QoS) configurations useless. It can also interfere with smart home devices like cameras and doorbells.

Essentially, double NAT can choke your network and stand in the way of effectively using many devices. Let’s talk about how to fix it.

How to Detect Double NAT on Windows

If you suspect something is wrong with your router configuration, you need to see if double NAT is currently occurring. Fortunately, you can do that from your Windows PC with a few quick steps.

To check if double NAT is the problem:

1. Launch an elevated Command Prompt by pressing Win + R, typing cmd, and pressing Ctrl + Shift + Enter.
2. Execute the following command:

   tracert 8.8.8.8

3. You’ll see a list of hops. If the first two hops are private IP addresses, you have a double NAT issue.

If you’re unsure as to which IP addresses are private or public, private IP addresses are typically in specific ranges, such as:

• 192.168.0.0 to 192.168.255.255
• 172.16.0.0 to 172.31.255.255
• 10.0.0.0 to 10.255.255.255

If you see IP addresses that look very different from these, those are public IP addresses. In our case, for example, only the first hop shows a private IP address while the subsequent hops show public IPs. This indicates that our network doesn’t have a double NAT problem.

How to Fix Double NAT Errors

Here are some ways to fix double NAT errors:

Remove a Router

You guessed it. If your current network setup includes two routers, the easiest solution is to remove one of the two routers from the equation. If you don’t absolutely need those two routers (most regular users don’t), just use a single router provided by the ISP.

Use One Router as a Modem

If you do need to use two routers, you’ll need to use your ISP’s router as a modem. This involves plugging the ISP’s router into the second router’s WAN port.

Use Bridge Mode

Another method to fix double NAT errors is enabling bridge mode. Some routers don’t have this option so you’ll first need to check if yours does by accessing the router’s firmware.

The bridge mode turns a router into a modem that relays all the traffic that comes its way directly to the router.

When you enable bridge mode, it disables NAT and allows all traffic to pass through without translation.

The method for configuring bridge mode differs for every router. You can generally access the router firmware by typing 192.168.0.1 or 192.168.1.1 into the browser’s URL bar and pressing Enter. Log in using the credentials provided by the ISP or the manufacturer.

If you can’t find the bridge mode settings, it’s best to contact the ISP or manufacturer.

Forward Connections Using DMZ

If bridge mode isn’t available, you can put your router in the demilitarized zone (DMZ). When you set up DMZ, you’ll create an area where all ports are forwarded to. This way, you won’t be disabling NAT, but you’ll create a port forwarding rule that says all traffic, from any port, is forwarded to a specific address.

Effectively, DMZ is a setting that bypasses DHCP, NAT, and firewall to give another router a direct connection to the internet.

Again, your router may or may not have the DMZ option.

Before you set up DMZ, you’ll need your secondary router’s IP address. This should be a static IP address, which means you can’t use DHCP mode. Once you’ve configured the router to use a static IP, go to the router firmware’s homepage or the page showing basic network details and note down the IP address.

To set up DMZ, log into the router’s firmware and locate the DMZ setting. Enable DMZ and enter the other router’s static IP address.

Eliminate Double NAT Errors and Enjoy Your Network Again

Double NAT errors be a major problem, especially for those who love online gaming. Solving the double NAT error can be as simple as removing the second router or involve some technical steps like using a static IP address and enabling DMZ.

Hopefully, you were able to resolve the double NAT issue with one of these errors. While double NAT can prevent you from joining sessions, there are other factors that can cause the game to lag even though you’re able to join the session. Of course, there are methods to fix everything when you’re a determined gamer.

If you’ve recently upgraded your Internet connection and have two routers instead of one, it’s highly likely that you’re double NAT-ing. As a novice PC user, that shouldn’t bother you too much.

Some even say that double NAT-ing is even more secure than its singular version. However, if you’re not exactly tech-savvy, you may already have a lot of questions.

You can try to use a powerful VPN service to resolve the NAT issue once and for all, making this option the easiest, but it might not be useful for all users, depending on their network setup and expectations.

In other cases, users have encountered NAT issues while using their PS4 system, which can of course cause a wide range of issues, especially if you have waited for a long time to play a game.

What is double NAT?

To put it simply, double NAT is the situation when you connect to the Internet through two routers. So, you connect to your router, which is behind another router. Thus, you are part of two different private networks, which might seem ideal but it isn’t.

This situation is very frequent whenever your ISP enforces the use of a proprietary router. The ISP-provided router might not be exactly powerful, so you buy an additional one, which is more to your liking.

Due to your ISP’s policy, you are now double NAT-ing, which restricts you in a bunch of ways. For instance, port forwarding becomes a distant memory, since it’s so challenging, if not downright impossible in this situation.

Sure, you could just remove the ISP-provided router, but some companies insist on you using their hardware. A more complicated situation is when you’re using fiber optics and your ISP’s router acts as a signal converter.

For many users, double NAT isn’t a problem. But it can become troublesome if you play online games, want to forward some ports on your router, use UPnP or rely on IP address assignments.

How to fix double NAT

1. Remove ISP router from the network

1. Unplug and disconnect your ISP router
2. Plug the network cable into the WAN port of your personal router
3. Access your personal device’s interface and reconfigure it accordingly

You might need to change the way your modem handles the Internet connection. For instance, if your router only distributed dynamic IPs, you might need to change its settings so it can fill in the ISP modem’s position.

2. Enable Bridge mode on your ISP router

1. Call your ISP
2. Ask them to put their router in Bridge mode
3. Reconfigure your personal router as needed

You will need to configure your router so it can distribute the traffic that previously ran through the first device. For instance, if the ISP router was configured for PPPoE and your personal device was in dynamic IP distribution mode, you will have to move the PPPoE settings on your personal router.

Explanation: When you put the ISP router in bridge mode, it disables the NAT feature on it. Thus, it starts functioning as a DHCP server and stops generating IP conflicts.

More so, if it’s a wireless-enabled router, it will lose its Wi-Fi capabilities and you won’t be able to access it on your network using the default gateway address.

If none of these solutions is good for you, here are a few ways you can circumvent double NAT.

How to port forward through double NAT

1. Use DMZ to forward connections

1. Log into your second router (the one farthest from the Internet/closer to your PC)
2. On the status page, locate the WAN/IP address and note it down
3. Log into the first router (use Wi-Fi or plug your PC directly to its WAN port)
4. Locate the DMZ page (if supported)
5. Enable DMZ and type the IP you’ve previously noted from the second router
6. Save the settings

Note that you should configure the second router in such a manner that its WAN address doesn’t change (static IP). If you use it in DHCP mode, its IP will definitely change at some point, which will render the DMZ IP you used in the first router useless.

2. Use double router port forwarding

1. Log into your first router (use Wi-Fi or plug your PC straight into the WAN port)
2. Forward ports to your second router’s external IP address
3. Log into your second router
4. Forward ports to the device where you want to run the program/service (game server, mail server, etc)
5. Configure a static address for every device you want to forward ports to
6. Make sure that the second router has a static IP address

If you’re not sure about setting static IP addresses for network devices, we’re going to show you how in the following section.

3. Set up a static IP address on Windows 10

1. Press the Win key on your keyboard
2. Type cmd and hit Enter
3. In the Command Prompt type ipconfig /all and hit Enter on your keyboard
4. Locate your main network adapter
5. Note down its IPv4 Address, Subnet Mask, and DNS Servers* (check the screenshot)
6. Close the Command Prompt window
7. Check your router’s status page to view the DNS servers if ipconfig /all shows the same value as Default Gateway
8. Access the Windows 10 Settings app
9. Choose Network & Internet
10. Click the Change adapter options button
11. Right-click the main adapter that you’ve used in the CMD steps above and choose Properties
12. Select Internet Protocol Version 4 (TCP/IPv4) from the list
13. Click the Properties button
14. Take a screenshot of the current configuration displayed in the new window
15. Click the Use the following IP address radio button
16. Choose an IP address for your PC (should be similar to the CMD IP above**, only the last set of digits should be different, between 1-254)
17. Type the Subnet Mask and Default Gateway exactly as they appeared in the CMD window
18. Click the Use the following DNS server addresses radio button
19. Type the two DNS servers as they appear in your router’s status page
20. Click OK

* – if you see the same DNS server as the Default Gateway, you will need to check the DNS servers displayed on your router’s status page. Alternatively, you can call your ISP and ask them what DNS servers they use, and they should be able to provide you with this information.
** – if the IP you saw in CMD is, for instance, 192.168.0.108 (our case), you can change it to any other IP like 192.168.0.xxx, where xxx = any number between 1 and 254, except 108.

If your Internet connection doesn’t work after you went through all these steps, it can be one of two things:

• You chose an invalid IP address (the same as your router’s or not in the same range)
• The DNS servers are wrong, in which case you’ll have to call your ISP and ask them to tell you what DNS servers to use

Bypass or disable double NAT, ultimately it’s a matter of choice

If you’re unfortunate enough to be trapped behind the double NAT wall, it can be quite difficult to bypass this situation if you’re a novice. However, if you follow our extensive guide, you should have no trouble.

Regardless of whether you want to eliminate Double NAT or just bypass it through various means, our guide should have you covered. Make sure you follow our instructions accordingly and not skip any step.

The digital world is all about IP (internet protocol) addresses. Every device needs an IP in order to communicate on the internet or within a private network. Given there’s not enough public IP addresses out there for every internet-connected device (at least with IPv4), this little thing called NAT becomes extremely important. It stands for network address translation (NAT) and is a function provided by routers to enable multiple devices to access the internet via a single public IP address.

Behind each public IP, there can be hundreds of devices with their own private IP addresses, thanks to NAT. And almost all equipment that provides the NAT function includes a firewall to protect the private IPs and devices from public IPs and devices on the internet. Other network services are also typically offered, like DHCP (dynamic host control protocol) to give out the private IP addresses to devices that connect to the local network.

How double NAT happens

Having more than one device performing NAT on a private network, however, can cause issues with that network. Some users may never notice, making it a non-issue for them. But others can run into headaches with certain applications, services, and situations. So, it’s always a good idea to eliminate double NAT if you have it.

Having more than one NAT device usually happens when you connect your own router to a gateway installed by your internet service provider (ISP) that also includes the NAT and routing functions. Some ISPs install only a simple modem that lacks the NAT and routing functions, which eliminates the problem altogether. But most ISPs assume their customers don’t have routers, however, so they’ll provide you with a combo device whether you want it or not.

If you’re unsure what the ISP has given you, take a look at the box. If there’s only one Ethernet port, it’s likely a simple modem (aka a broadband gateway). But if there’s multiple Ethernet ports or if it supports Wi-Fi connections, it’s likely performing NAT and routing as well.

The problems double NAT can cause

When there’s double NAT on your network, you might run into issues with services that require UPnP (Universal Plug-and-Play) support or manual port forwarding. This would include online gaming on computers or consoles, remote desktop into your computers, connecting to a VPN server, or accessing security camera feeds. Services like these sometimes require certain ports to be opened in the router’s firewall and directed to a particular computer or device on the network.

Eric Geier

The problem with double NAT is that if the first router on your network doesn’t have the port forwards configured, incoming traffic will stop there even if you have the port forwards configured on the second router. Or even if the first router has the port forwards, it can’t forward the traffic to a device that’s connected to the second router. It might only forward traffic to computers and devices directly connected to that first router, which could be either a wireless or wired connection.

Double NAT can also complicate any manual or automatic quality-of-service (QoS) controls that prioritize traffic on your internal network to ensure lag-sensitive traffic (gaming, voice, or video) is given higher priority than data associated with file transers. This is especially the case if you have devices connected to both routers, both of which have different QoS controls.

Eric Geier

How to detect a double NAT situation

I already mentioned how to quickly tell if an ISP’s gateway has NAT and routing capabilities, but you might also want to see if double NAT is actually happening before spending time on the issue. Sometimes gateways will detect double NAT and automatically fix the issue for you. Or sometimes, if the ISP installers are knowledgeable, they might fix it when they come out to install the gateway and see that you have your own router.

For the two ways I’ll show you how to detect a double NAT situation, you’ll need to check your IP addresses and know if they’re private or public. This is easy: private addresses are usually in the 192.168.0.0 to 192.168.255.255 range, the 172.16.0.0 to 172.31.255.255 range, or the 10.0.0.0 to 10.255.255.255 range. Addresses outside of these ranges would be public (internet) addresses.

One quick way that usually shows if double NAT exists is a traceroute, which allows you to ping a server or device on the internet and see the path it takes between routers and servers. Open a Command Prompt (on a Windows PC that’s connected to the internet, click on the Start menu, type “cmd,” and hit Enter) and type “tracert 8.8.8.8“ to see the traceroute to Google’s DNS server. If you see two private IP addresses listed in the first two hops then you have double NAT. If you see only one private address and the second hop shows a public address, then you’re all good.

Eric Geier

Another way to check for double NAT is to connect to your router’s web-based GUI and see if the WAN (internet) IP address is private or public. It should be a public address. If it’s a private address then you have double NAT.

Eric Geier

How you can fix it

If you’ve confirmed you have double NAT, there are ways to fix it. One simple way is to unplug any additional router and only use your ISP’s gateway. If you’re a power-user and you can’t part with your fancier router, then this option probably isn’t for you.

If you’d like to keep your router, see if you can put the ISP’s gateway into bridge or passthrough mode. This will disable the gateway’s NAT, firewall, and DHCP functions and reduce it to a simple internet modem. Many gateways offer these settings, but not all. Log into the web-based GUI of the gateway and check for a NAT, passthrough, or bridge mode setting, but keep in mind sometimes it’s hidden. If you don’t see it, search the internet for details on your particular model, or call your ISP’s tech support.

Eric Geier

If your ISP gateway doesn’t offer any bridging functionality, consider putting your router in the DMZ (demilitarized zone) of the gateway. If the gateway has a DMZ, it will basically give the router a direct connection to the internet, bypassing the gateway’s NAT, firewall, and DHCP so that your networked devices get those values directly from your router.

To utilize the DMZ, you’d log into the web-based GUI of the gateway, find the DMZ setting, and enter the private IP address that’s assigned to your router. Furthermore, you should also see if you can establish an IP address reservation for your router, so your gateway always gives the same private IP address to your router. If the gateway doesn’t support IP address reservations, you should log into the router’s web-based GUI and manually assign it a static private IP address (the same one you configure as the DMZ host) yourself for its WAN (wide area network; i.e., the internet) connection.

Eric Geier

Another option for eliminating double NAT while keeping a ISP gateway and your router is to run an ethernet cable from the gateway to one of your router’s LAN ports instead of the router’s WAN (internet) port. This will basically turn your router into a switch, and any computers connecting through the router (either wired or wirelessly) will get NAT, firewall, and DHCP from the ISP’s gateway. This is a good option if you’re using a secondary router to get better Wi-Fi or because you need more ethernet ports. If, on the other hand, your desire for another router is for better port forwarding or improved QoS controls, this approach won’t help.