D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-850L => Topic started by: alekelpragh on April 22, 2014, 06:45:26 AM

Title: DIR 845L running behind a firewall with NAT enabled (Double NAT)
Post by: alekelpragh on April 22, 2014, 06:45:26 AM

Hi Guys,

i have the Problem with double NAT and i have no idea how to disable NAT on the 845L

my Network looks like the following:

- ISP connection via PPoE, one single dynamic public IP
- D-Link DSL-321B/DE Modem, HW-Rev: D2, FW: DE_1.02 (mentioned on the label), running in bridge mode
- Modem is connected to pf-Sense at the WAN interface (Firewall distro on a PC Engines APU 1.c4)
   - pf-Sense is running PPoE, NAT, Routing, DHCP (for DMZ only)
   - DMZ interface isn't a problem right now, cause theres only a layer 2 switch
   - LAN interface: Link to the 845L
- D-Link DIR 845L, HW-Rev: A1, FW: 102b07 (upgraded just this day)
   - 845L is running DHCP for the LAN/WLAN
   - pf-Sense is connected to the WAN interface of the 845L with static IP configuration, just a transport Net with a /30 prefix. Static route is setup at the firewall, but not needed cause of the double NAT  ;D

My Problem now:
The configuration above is producing the double NAT issue! Because of the DMZ connected to the firewall, the firewall has to do the NAT! But i cannot find any option to disable the NAT on the 845L.

Other setup was to run the 845L in access point mode (with the "no Style" trick). This turned the 845L in an unmanageable switch with no WLAN. Did i something wrong or is the 845L not capable of it?

My last idea was to connect the firewall not to the WAN port of the 845L. Instead i used a usually switch port. Now, the 845L cannot send the right gateway via DHCP to the clients, cause it assumes the gateway to be at the WAN port. I disabled the DHCP on the 845L and configured it at the firewall. This option works quite good, but my WLAN clients don't get a DHCP lease, i am suggesting the 845L splits these to different media (LAN/WLAN) in different broadcast zones. I am missing an option to enable broadcast forwarding or DHCP relay agent...

Would be great, if someone could help me.

Title: Re: DIR 845L running behind a firewall with NAT enabled (Double NAT)
Post by: FurryNutz on April 22, 2014, 07:20:08 AM

Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)

• What Hardware version is your router? Look at sticker under router.
• Link>What Firmware (http://forums.dlink.com/index.php?topic=47512.0) version is currently loaded? Found on the routers web page under status.
• What region are you located?

THe problem is that you can not disable NAT on any of the D-Link routers. They are routers and NAT is always running. It's a network standard for most routers.

If your using a primary Firewall appliance device, then you should consider just getting a D-Link DAP access point for wireless connections and DHCP IP addresses only.

Title: Re: DIR 845L running behind a firewall with NAT enabled (Double NAT)
Post by: FurryNutz on May 05, 2014, 07:36:05 AM

Any status on this?  ???

Quote from: alekelpragh on April 22, 2014, 06:45:26 AM

Hi Guys,

i have the Problem with double NAT and i have no idea how to disable NAT on the 845L

my Network looks like the following:

- ISP connection via PPoE, one single dynamic public IP
- D-Link DSL-321B/DE Modem, HW-Rev: D2, FW: DE_1.02 (mentioned on the label), running in bridge mode
- Modem is connected to pf-Sense at the WAN interface (Firewall distro on a PC Engines APU 1.c4)
   - pf-Sense is running PPoE, NAT, Routing, DHCP (for DMZ only)
   - DMZ interface isn't a problem right now, cause theres only a layer 2 switch
   - LAN interface: Link to the 845L
- D-Link DIR 845L, HW-Rev: A1, FW: 102b07 (upgraded just this day)
   - 845L is running DHCP for the LAN/WLAN
   - pf-Sense is connected to the WAN interface of the 845L with static IP configuration, just a transport Net with a /30 prefix. Static route is setup at the firewall, but not needed cause of the double NAT  ;D

My Problem now:
The configuration above is producing the double NAT issue! Because of the DMZ connected to the firewall, the firewall has to do the NAT! But i cannot find any option to disable the NAT on the 845L.

Other setup was to run the 845L in access point mode (with the "no Style" trick). This turned the 845L in an unmanageable switch with no WLAN. Did i something wrong or is the 845L not capable of it?

My last idea was to connect the firewall not to the WAN port of the 845L. Instead i used a usually switch port. Now, the 845L cannot send the right gateway via DHCP to the clients, cause it assumes the gateway to be at the WAN port. I disabled the DHCP on the 845L and configured it at the firewall. This option works quite good, but my WLAN clients don't get a DHCP lease, i am suggesting the 845L splits these to different media (LAN/WLAN) in different broadcast zones. I am missing an option to enable broadcast forwarding or DHCP relay agent...

Would be great, if someone could help me.