[Answered] SQM and double NAT

I was configuring SQM on my TP-Link Archer C7 when I thought about something, I'm in a double NAT situation at home.
My network configuration is as follow:
ONT ==> (Public IP) [WAN port] ISP Modem/Router [LAN port] ( ==> ( [WAN port] Archer C7 [LAN port] (

I can't setup Bridge mode on my ISP Modem/Router (not supported) and I also can't take it out at all because I need it for VoIP and TVoIP. So I just lowered the Firewall setting of the router to it's minimum setting and enabled a DMZ between it and my Archer C7 which works well enough for me.

So I was wondering 2 things:

  • Will SQM work "as advertised" in a double NAT configuration?
  • As I was reading this part of the SQM conf user guide it says at the end "This discussion assumes SQM is instantiated on an interface that directly faces the internet/WAN. If it is not (e.g., on a LAN port) the meaning of ingress/egress flips. In that case, specify egress queueing disciplines as nat dual-dsthost and the ingress one as nat dual-srchost". SQM is instantiated on the WAN port of my Archer C7 but because it's connected to my ISP router it's technically a LAN port. Can I follow the "Making cake sing and dance, on a tight rope without a safety net" recommendations at all? And if do I follow the standard instructions (treat the WAN port of my Archer C7 as a real WAN port)?

Thanks anybody who take the time to read me and I'm looking forward to your answers!

Depending on what you consider sqm-scripts advertisement :wink: Most likely yes.

If you connect the C7's wan port to a LAN port of the ISP router you need not invert the meaning of the download and upload fields, in your case interface directionality and internet directionality are still aligned.

Unfortunately, the deNATing cake can do for you will not be too interesting in the double nat configuration, so the "sing and dance" part will not work for IPv4, but if your ISP also supplies IPv6 and you managed to get the also working on the hosts connected to your C7 the sing and dance section will still work (since IPv6 should not be masqueraded/NATed, double NAT should not affect/modify the IP DST and IP SRC address of IPv6 packets).

Hope that helps...

Best Regards

Post-Scriptum: After re-thinking this, cake's “Making cake sing and dance, on a tight rope without a safety net” recommendations only require unambiguous internal IP addresses it simply ignores the external host's addresses and heve should not care about double NAT at all.

1 Like

That's what I thought, just wanted to be sure ^^

My ISP support and supplies IPv6, maybe it's a good time to do some research on making it work across my network!

Thanks a lot for your answers, that's exactly all I was looking for!