Preventing double NAT

I've set up my OpenWrt router behind WAN router.

I think as it is there is the issue of double NAT.

I think I have to setup a static route in the WAN router. But the last time I tried I had to factory reset the WAN router because nothing was working anymore.

How should the static routing look and how can I check if indeed double NAT is occuring in my network?

On ISP router:

ip route add via 192.168.x.y dev <OpenWrt_WAN_IP_on_ISP_deviceLAN> == default OpenWrt Network addressing != ISP router's LAN network

  • After this, you'll then need to disable masquerade on the OpenWrt's WAN firewall zone.

For this example the WAN router's LAN is and the OpenWrt router's LAN is

In the WAN router first create a DHCP reservation so that the OpenWrt router has a consistent IP address such as
If you chose an IP different from the existing leased IP, restart the OpenWrt router or at least restart the network so it picks up the new IP.
Then add a route for the second LAN ( via which is the reserved IP of the OpenWrt router on the first router's LAN.
These changes should not otherwise affect the operation of the WAN router at all even if the OpenWrt router is not connected.
Then go to the OpenWrt router firewall setting and uncheck "masquerade" on the WAN and restart the firewall. No more double NAT.


Your WAN subnet is in the 192, 172 or 10 IP ranges.


I forgot to note this: some ISP devices will handle static routes - but then oddly will only NAT to the Internet for the subnet on its LAN. Hopefully you don't have this issue.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.