I am having NAT type troubles connecting my Nintendo Switch to my Eero network, so I'm looking at purchasing a router that is hopefully more amenable to such WiFi use. I'm thinking about using this router to create a network within my Eero network. However, if certain ports need to be open on the router I'm buying in order for the Switch to function correctly, do these ports need to be open on the Eero as well?
Asked
Active
Viewed 181 times
1
-
yes. port forwarding must exist on the router with a public IP, and if there are additional NAT boundaries between the outermost network and the device, you will have to forward those ports on each nat (router) so they daisy-chain together. Public IP -> Outer Router -> Inner Router -> Device. – Frank Thomas Jul 05 '20 at 23:47
-
@FrankThomas: Why don't you make that an answer so that I can accept it? – Jul 06 '20 at 00:03
1 Answers
0
The situation you have described is called a Double-NAT scenario. Sometimes this is intractable (for instance when your ISP/Carrier implements NAT upstream, and assigns you a private IP that does not map directly onto a public one), but since you have admin on all the routers between you and your pubic gateway, you should be able to make this work.
In general, reach-ability for to a service relies on the three P's; a Process (that listens for incoming connections), a Port (opened by the process), and a Path between the client and the service host on that port (and thus the process). In this case we are worried about the Path.
Forwarding a port on the public gateway router (the one with the Public IP) is sufficient to let traffic onto your LAN, but because you have multiple sub-nets (and require interior routing that utilizes NAT), you must forward ports on each router on the path between the public gateway and the device hosting the service. In your case this means forwarding ports on the gateway, and on the interior routers on the path between the public IP and the service host.
Public IP:port -> Gateway Router:port -> Interior Router:Port -> Service host device
There are several alternate options, depending on your scenario.
Put the interior router in Bridged/AP Mode, and disable its DHCP server. This will cause the router to act simply as a switch/AP, and it will be on the same subnet as your gateway network. If you have this option, it is technically the simplest, though it diverges from your current network configuration, and may require additional adjustments.
Put the gateway router in Bridge mode. this will cause your outer subnet to cease to exist, and you will use the internal router exclusively, as your public gateway. This is also simple technically, but you can no longer use the ports on your outermost router, because it no longer hosts an internal subnet. I personally would put my own router between ISP owned equipment and my own, but once again this diverges from your current network topology, and is probably more of a pain than either forwarding the ports, or #1 above.
Use a service that provides an option for reverse-tunneling. This is potentially quite complex, but will work with most scenarios including CG-NAT, or stateful-firewalls that are outside of your control (at least in most situations; its their network, and if they really don't want you to do something, your options are simply to change carriers).
Frank Thomas
- 36,135
-
My question was, if I enable ports on the sub-network, do I also have to enable the ports on the gateway? – Jul 08 '20 at 16:47