Double NAT Problem with two devices

I have a double NAT problem on my PC. My network configuration looks like this: (Modem which supplies TV, Smartphones Laptop with WLAN) -> (Nano Pi R4S OpenWrt which is connected via LAN to my PC for SQM). So Bridge Mode does not work otherwise is no more WLAN in the house. What option remains for me?

Cablerouter <- Pi (with SQM) <- PC
Cablerouter <- All other devices

Why do you need Sqm in that scenario, when it is solely effective for the PC?

If you like it that way, you could disable NAT on the Pi. SQM needs routing enabled, but does not need NAT.

Put the openwrt in the dmz of cable modem.
That effectively removes the burden (but it is still double Nat so make sure the ip ranges are different)

Does the cable router have a DMZ option at all?

Double NAT isn‘t necessarily a bad thing as long as you don‘t want to expose any services to the outside or maybe p2p gaming…

So what is it you are trying to accomplish?

And (as mentioned above) your setup isn’t optimal for sqm. You have to initiate sqm before it goes out to all your other devices otherwise they will hog your bandwidth and sqm afterwards won’t do much for you.

I suffer from bufferbloat and the setup how I run it atm solved it

No DMZ mode :frowning: So I can disable the NAT? What should I need to know about it? Do you have a guide?

I have a gigabit connection and somehow, without sqm, I suffer from huge bufferbloat. This setup solves it for me

Your setup and tests could be intriguing. Let me explain

If your setup is like this:

If there is a Wifi device (or more) hogging all your bandwidth your SQM instance (which needs a fixed value for up/download to work) doesn’t know what to do unless you are using some sort of autorate/adaptive bandwidth.

If you do a a test on or with your actual setup and you are not downloading anything on your wifi devices your test results are intriguing because this only shows what happens if you saturate your devices behind your openwrt router and if your other network is quiet at this time (nobody watching tv, youtube, downloading files etc on your wifi) you will probably get a decent result when doing some sort of test.
If you do a bufferbloat test and download a large file on one of your wifi devices you probably get a bad bufferbloat result. You can try this...

A better setup (from a SQM perspective) could look like this:

Only makes sense if you have some sort of qos/sqm on your ISP router (or you could replace it with an OpenWrt device – then you could ditch the 2nd device).

Or this:

Or this

Not uncommon that cable providers nowadays dont show full 1 gbit/s on IPv4, only via IPv6. At least my ISP reliably sucks everytime when ramping up IPv4.

Also are you sure that your Pi-CPU is fast enough to not bottleneck anything, to do SQM + IPv4 NAT + routing on 1gbit/s?

I get 79,9 MB/s with SQM Cake at D-680000kbit/s. But how do I disable NAT on my OpenWrt router now

The first setup is exactly my setup. I used to have constant D ratings at waveform even when no one was using the internet. I don't know why but this router between my ISP and PC solved that, I run cake on it. But I understand that it would be better to control every device with bandwith rules

to disable ipv4 NAT:
LuCi -> network -> firewall

there is a „masquerading“ checkmark in the
zones section,
at the bottom of the page in the
„WAN->reject“ line,
remove that checkmark and save.

to undo the change: set checkmark again

1 Like

I have no internet access after doing this

For this to work you have to create a static route from your isp router to your OpenWRT Network.
Requirement for this is that your isp router supports setting up static routes.

  1. create a static route on your isp router to your network (for example via your gateway (ip Adress your isp router handed out to your openwrt router). On my fritzbox it looks like this

  1. as mentioned above: disable masquerading in OpenWrt on the network (probably lan) you created your static route to
1 Like

I have this setting called Statische Routingtabelle IPv4-Routen. Is this right? I don't get it what to put in there

Can you post a screenshot?


This is the right place!

If you now show me the output of:

cat /etc/config/network

on your OpenWrt device i can tell you what to put in.