Eliminate NAT between router and firewall

The_Librarian

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
41,546
Reaction score
21,127
Location
Dark room in Adventure. Grues abound.
So I have a Huawei router with ethernet port in the one corner, and a virtualized firewall in the other corner.

The firewall already do NAT and filtering like any good firewall worth its money should do.

So how do I get rid of NAT between the router and the firewall, as I don't need it.

Or do I just suck it up?
 
The_Librarian said:
So I have a Huawei router with ethernet port in the one corner, and a virtualized firewall in the other corner.

The firewall already do NAT and filtering like any good firewall worth its money should do.

So how do I get rid of NAT between the router and the firewall, as I don't need it.

Or do I just suck it up?
Click to expand...

Does the Router receive/connect your internet?

Just set it up in Bridge mode. Sometimes you need to set it up so it provides a DMZ IP to the device behind it.

Basically what you want to achieve is for the device downstream to receive the WAN IP directly.

If you don’t need the HUAWEI in the mix just remove it.

If this is DSL simplest way is to make it a modem only and dial the PPPoE from the firewall so it receives the WAN IP there.

Basically need more information.

And no you don’t just suck it up. You never want a double NAT. I’d junk the virtual fireball before I volunteered to live with a double NAT.
 
SauRoNZA said:
Does the Router receive/connect your internet?

Just set it up in Bridge mode. Sometimes you need to set it up so it provides a DMZ IP to the device behind it.

Basically what you want to achieve is for the device downstream to receive the WAN IP directly.

If you don’t need the HUAWEI in the mix just remove it.

If this is DSL simplest way is to make it a modem only and dial the PPPoE from the firewall so it receives the WAN IP there.

Basically need more information.

And no you don’t just suck it up. You never want a double NAT. I’d junk the virtual fireball before I volunteered to live with a double NAT.
Click to expand...
The router is not a DSL router. I've done PPPoE connections with various routers all successfully in the past, except for the first generation of Marconi routers when ADSL was in its infancy here (remember the 256k ADSL?). Those were seri-assly kak.

The router is a LTE router, not sure if you can do PPPoE on LTE?
 
The_Librarian said:
The router is not a DSL router. I've done PPPoE connections with various routers all successfully in the past, except for the first generation of Marconi routers when ADSL was in its infancy here (remember the 256k ADSL?). Those were seri-assly kak.

The router is a LTE router, not sure if you can do PPPoE on LTE?
Click to expand...

Yeah no PPPOE on LTE as far as I know.

You’ll need to how the Router has an option to forward it’s WAN IP.

What model is it? Maybe I can find a manual for it.
 
Very old netgear routers had the option to disable NAT. Not sure about their newer models.

Otherwise, why not put the firewall first and use the router as a switch only?
 
Does "DMZ" use L3 or NAT? if L3, maybe try putting the firewall in DMZ? If that is even still a thing in devices these days...

Haven't had to attempt something like this in a long time. Just vaguely recall DMZ being useful!
 
As far as the Huaweie LTE routers go, you're SOL and just have to suck it up.
You can alternatively go out and buy proper enteprise LTE kit, but I don't feel like paying R40,000 for an ISR 4000 just to see a public IP on my firewall.

To make things easier, just drop your firewall outside IP in the DMZ address of your router, and then you only have to worry about port forwarding on your firewall.
 
Faux_Grey said:
As far as the Huaweie LTE routers go, you're SOL and just have to suck it up.
You can alternatively go out and buy proper enteprise LTE kit, but I don't feel like paying R40,000 for an ISR 4000 just to see a public IP on my firewall.

To make things easier, just drop your firewall outside IP in the DMZ address of your router, and then you only have to worry about port forwarding on your firewall.
Click to expand...

False.

A mikrotik LTE router will do this at a fraction of the price.

scoop.co.za

MikroTik LHGG LTE6 Kit 17dBi Outdoor CPE | RBLHGGR&R11e-LTE6

MikroTik's RB-LHGGLTE6 features a dual-core CPU, large heat sink, high gain 17dBi integrated antenna as well as a CAT6 LTE modem.
scoop.co.za scoop.co.za
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X