If you’re running your own router alongside the modem/router combo your ISP gave you, there’s a good chance you’re inadvertently giving yourself a huge headache and a host of difficult-to-pin-down network problems. Let’s look at why these issues arise, how to detect them, and how to fix them.
Why Double the Routers Equals Double the Headaches
Running two routers simultaneously on your home network is exactly the kind of situation where these phantom problems can arise. Before we get into exactly why that can cause such a headache, let’s look at how you might end up in that situation without even realizing it.
The most common situation is this: your ISP gives you a modem that is actually a combination modem/router, and then you add in a router of your own. Now all your internet-bound traffic is passing through your new router and the ISP-supplied router.
While that’s the most common version of this problem, it can also happen if you use two routers in tandem. Maybe you use an older spare router as a switch for some extra Ethernet ports, or as an extra Wi-Fi access point without properly configuring it.
In all these instances, you end up in a situation where any given communication on your home network may (or even must) pass through two routers. Passing through two networking devices like that isn’t automatically bad, but if both devices are running a Network Address Translation (NAT) service, then you end up in networking bind known as a “Double NAT”.
The NAT service on your router is a very handy thing. In a nutshell, it’s the service that takes all the incoming requests directed at your singular public IP address, and deftly translates them to the internal private IP addresses of your computers and gadgets. When there are two of them, however, things get messy, as it forces all those network requests to traverse two translation events.
At best, it introduces latency into your network connections, which can cause lag in latency-sensitive applications like gaming. At worst, it completely wrecks UPnP (Universal Plug and Play) and any other router-based service that relies on the premise that the router will always be facing out towards the greater internet (and not facing into another internal network). UPnP, the most common victim of the double NAT, is a handy router service that automatically forwards ports on your router so applications that require specific or forwarded ports will work properly.
When a device connected to router (that is in turn connected to another router) attempts to set up a port forward arrangement via UPnP, it ends up forwarded not to the greater internet but to the other router. This forwarding-dead-end means a wide range of applications and services–communication apps like Skype, smart home apps and hardware like your Nest thermostat, and music hardware like your Sonos music system–either outright fail or require a lot of annoying trouble shooting on your behalf to fix.
At this point, more than a few of you are likely leaning back in your chair and saying “Yes. That. I plugged my own router into the combo-box my ISP gave me and now I have all sorts of headaches. What do I do?” Let’s look at how to detect if you’re experiencing a double NAT and how to fix it.
How to Detect a Double NAT
Network Address Translation (NAT) is such an ubiquitous feature in modern routers that if you’ve simply plugged one router into another router, it’s practically a given that you’ve accidentally created a double NAT.
Nonetheless, it’s handy to actually test whether or not you’re behind a double NAT, if for no other reason than it makes it easy to confirm when you’ve fixed the situation. The simplest test you can conduct is to check what the Wide-Area Network (WAN) IP address of your router(s) is. This is the IP address of what the router believes to be the outside world and may be labeled as the “WAN IP”, “Internet IP”, “Internet Address”, or “Public Address” depending on your router.
Log into the control panel of each of the routers on your home network. If, for example, you have a router you purchased and a router supplied by your ISP, then you will want to connect to both of them and check what they report as their WAN IPs. Here’s an example, via our D-Link router running DD-WRT firmware, of what you’re looking for.
In the above screenshot you can see that the “WAN IP” of the router is identified as 97.*.*.*. This is excellent, as it indicates that our public IP address is an IP address that belongs to our ISP. What we do not want to see here is an IP address like 192.168.0.1, 10.0.0.1, or 172.16.0.1 or slight variations thereof, as those address blocks are reserved for private networks. If the WAN IP address of your router is anywhere within those address blocks, it means your router is not connecting directly to the internet but is instead connecting to another piece of routing hardware.
How to Fix a Double NAT
Remove the Extra Hardware
This is, by far, the simplest solution. In a scenario where there is truly a piece of redundant hardware then it is easiest to just remove it. Let’s say, for example, you (or the relative whose connection you’re trouble shooting) purchased a nice new router and promptly plugged it into the old router. Rather than deal with the logistics and wasted energy of running two routers, you can simply remove the old router to banish the double NAT.
Switch Your Primary (ISP) Router to Bridge Mode
When your problem exists because you have an ISP-supplied router/modem combination unit (in addition your own router), the best solution is to switch the ISP-supplied router to “bridge mode”. Bridging is simply an old networking technique that transparently links two different networks. By switching to bridge mode, you are instructing modem/router combo to essentially act as a modem only–turning off all routing functions.
While this is an excellent way to resolve the double NAT problem, there is one thing you need to be aware of: any devices, besides the router, that were previously connected to your ISP-supplied router/modem need to be moved to your actual router. If you have a computer plugged directly into the Ethernet port of the ISP unit, for example, when you switch to bridging mode, you’ll need to connect it to your personal router instead. Also, if the ISP-supplied unit has a Wi-Fi access point that some of your devices are connected to (say, your iPad) then that access point will no longer work and you will need to transition all Wi-Fi devices over to your personal router.
Try googling “bridge mode” along with the model number of your ISP-supplied router, and you may find instructions for enabling bridge mode. Sometimes you need to directly contact your ISP, though, to have them set your ISP-supplied router to bridge mode. In the screenshot below you can see an example of selecting “Router Mode” and “Bridge Mode” as it appears in the Cisco control panel found in dozens of different common router/modem combination units.
While we’re on the subject of bridge mode, although you can, technically, switch the router behind your ISP router to work as a bridge, we’re not recommending that on account of two things. Customer purchased routers are almost always higher quality than ISP-supplied routers, so you’re better off using your own router than the one they give you.
Put Your Secondary Router Into the DMZ
This is a less common and less ideal, but still perfectly viable solution: you can put your router in the ISP-supplied router’s DMZ. Most routers have an option to place a device into the DMZ (aka the Demilitarized Zone) wherein all that device’s traffic is simply passed on to the greater internet (and vice versa). If your ISP-supplied router doesn’t offer a bridging mode but does offer a DMZ option, this may be your only solution. Search through the settings of your ISP-supplied router and plug in the IP address of your personal router into the DMZ list (reference support documentation for your particular model if you’re having trouble locating this feature).
Again, using the Cisco control panel found in some many ISP-supplied combo units, here’s what the DMZ interface looks like:
While putting a computer or other gadget in the DMZ is usually not an advisable course of action (as it leaves that device exposed to the internet), putting a router in the DMZ is perfectly fine (as the router was intended to connect directly to the internet anyway).
The only problems you may run into with this solution is if you fail to take all your equipment off the ISP-supplied router and put it on your personal router as the ISP-router’s network and your router’s network will function completely independently of each other. This means if your laser printer is hooked up to your ISP-supplied router, and you’re trying to print from your laptop on your personal router, the two devices simply won’t see each other.
There’s a very good chance if you’re experiencing some sort of difficult-to-pin-down network problem and you’re running two routers on the same network, that the two router setup is to blame. With a little trouble shooting and a quick settings change on one of the routers you can, painlessly, banish your connection related headaches.