Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:network:switch_router_gateway_and_nat [2019/08/02 18:29] – Typo cypherpunks | docs:guide-user:network:switch_router_gateway_and_nat [2020/12/07 07:05] – [Switch vs Router vs Gateway] update links vgaetera | ||
|---|---|---|---|
| Line 10: | Line 10: | ||
| Network devices can operate in 3 different modes: | Network devices can operate in 3 different modes: | ||
| - | **[[docs: | + | **[[docs: |
| If you want to connect your device to an existing network to provide additional functions (for example, you just want to use the Wi-Fi network it provides, the additional ethernet ports, or the device is a NAS serving files over the network, or a mini-server offering some other service). | If you want to connect your device to an existing network to provide additional functions (for example, you just want to use the Wi-Fi network it provides, the additional ethernet ports, or the device is a NAS serving files over the network, or a mini-server offering some other service). | ||
| Line 37: | Line 37: | ||
| There is a range of options to connect the upstream side of OpenWrt to your existing home network. Each option tries to work around the double NAT problem with different technical tricks or configuration: | There is a range of options to connect the upstream side of OpenWrt to your existing home network. Each option tries to work around the double NAT problem with different technical tricks or configuration: | ||
| + | |||
| + | ====== Routers / Gateways ====== | ||
| ^NAT ^ Usage variant ^ Visualization ^ | ^NAT ^ Usage variant ^ Visualization ^ | ||
| - | | double | + | | single | [[# |
| - | | single | + | | single | [[# |
| - | | double | OpenWrt as router in double-NAT configuration with Dualstack Lite on ISP side | clients <-> OpenWrt router with NAT <-> ISP router with DS-Lite NAT <-> Internet | | + | | double | [[# |
| - | | single | OpenWrt as router with disabled NAT, additional routing rules in both routers | clients <-> OpenWrt router (no NAT) <-> routing rules <-> ISP router with NAT <-> Internet | | + | | double |
| - | | single | + | | single |
| - | | 0 | look-out: OpenWrt as router in IPv6 only configuration + ISP router | clients <-> OpenWrt router (no NAT) <-> ISP router (no NAT) <-> Internet | | + | | 0 | [[# |
| - | | single | OpenWrt as gateway using either OpenWrt-device-built-in or external modem | clients <-> OpenWrt as gateway with NAT <-> built-in/ | + | | single |
| - | | single | OpenWrt as switch | + | |
| + | ====== Switches and Client APs ====== | ||
| + | | single | ||
| Line 99: | Line 103: | ||
| Using this scenario depends on whether your ISP router supports custom routing rules. This requires that your ISP router allows you to define forward routing rules (often ISP routers are restricted in function and do not allow this). | Using this scenario depends on whether your ISP router supports custom routing rules. This requires that your ISP router allows you to define forward routing rules (often ISP routers are restricted in function and do not allow this). | ||
| - | The idea is of this solution is | + | The idea of this solution is |
| * to disable NAT on the OpenWrt router, but keep its routing (and firewall) on | * to disable NAT on the OpenWrt router, but keep its routing (and firewall) on | ||
| * routing on the ISP router is also enabled | * routing on the ISP router is also enabled | ||
| Line 109: | Line 113: | ||
| ===== Device as router as " | ===== Device as router as " | ||
| - | Only some ISP routers have this feature, sometimes called a //DMZ// (demilitarized zone), //DMZ for single server//, //exposed host//, or //poor man's bridge mode// (there is no standardized name). This feature enables your ISP router to define a single one of its downstream clients to be a so called " | + | Only some ISP routers have this feature, sometimes called a //DMZ// (demilitarized zone), //DMZ for single server//, //exposed host//, //IP passthrough//, or //poor man's bridge mode// (there is no standardized name). This feature enables your ISP router to define a single one of its downstream clients to be a so called " |
| This effectively disables NAT on the ISP router only for a single connected device on the ISP router downstream side: for obvious reasons, we will be connecting our OpenWrt router as this exposed host. So in the end, we have achieved single NAT solely in the network chain towards the OpenWrt router. | This effectively disables NAT on the ISP router only for a single connected device on the ISP router downstream side: for obvious reasons, we will be connecting our OpenWrt router as this exposed host. So in the end, we have achieved single NAT solely in the network chain towards the OpenWrt router. | ||
| - | Remeber | + | Remember |
| Drawbacks of this method are: | Drawbacks of this method are: | ||
| Line 129: | Line 133: | ||
| ===== Device as a gateway, with a true modem between it and the Internet ===== | ===== Device as a gateway, with a true modem between it and the Internet ===== | ||
| - | If your OpenWrt device has no WAN port at all out of the box adn has a built-in modem with something like a VDSL-phone port, or if it has a WAN port and you have an external modem that can be put in " | + | If your OpenWrt device has no WAN port at all out of the box and has a built-in modem with something like a VDSL-phone port, or if it has a WAN port and you have an external modem that can be put in " |
| - | See [[docs: | + | See [[docs: |
| Line 150: | Line 154: | ||
| For more information, | For more information, | ||
| - | Note: In case you are interested in creating a so called " | + | Note: In case you are interested in creating a so called " |