Computers & Electronics

How do I get around a double NAT network situation?

  • Last Updated:
  • Dec 26th, 2018 1:00 am
Tags:
None
[OP]
Deal Addict
User avatar
Dec 7, 2009
1043 posts
335 upvotes

How do I get around a double NAT network situation?

My parents have a Foscam security camera system controlled by a PC running Blue iris Security Cam software... I had them set up with a static IP through a Telus 3G smart hub, (they live out in the country), and everything worked great, we could access the cameras from a PC or phone anywhere. However, I recently switched them to Xplornet LTE, (10gb data cap to 400gb!), and we now have a problem connecting remotely.

I believe the problem is Xplornet has them behind a double NAT, the Xplornet modem shows a WAN IP of 10.194.x.x, which is private as far as I can understand, and the public IP websites list is a completely different 204.237.x.x.

Is there a way around this situation? Xplornet does not offer a static IP on LTE service at this time so I'm stuck with it as is. Will a VPN get through somehow? (I've tried playing around with TorVPN but no success so far).

Any help or suggestions appreciated!
25 replies
Deal Expert
Aug 22, 2006
27969 posts
13601 upvotes
First off, see if you can actually open up a port.
This would be moot if the first NAT is already blocking you and you can't do anything about it.
If you can open a port to your local public (private?) IP (let's just call it the WAN IP) then you might be in business.

Alternatively you could broadcast to a VPS or something and then access that, but that brings additional costs and complexity.
Unless you move, there really aren't many other options.
Member
Jan 15, 2008
332 posts
120 upvotes
Hamilton
Yes, any 10.x.y.z IP address is "private" (RFC 1918) and not routable on the public Internet.

As death_hawk suggested the first NAT from the truly public IP address of 204.237.x.y to your Xplornet WAN IP of 10.x.y.z has probably already got you over a barrel. Even if you're able to use a dynamic DNS service to track/update your true public IP of 204.237.x.y as it (if it) changes, you're stuck with not being able to get back through to the Xplornet equipment if you have no control over the first NATing.

I don't suppose you can ask if IPv6 is an available service option?? Then you can avoid the ugly IPv4 translation stuff if Xplornet can give you an IPv6 address.

I'm not at all familiar with the Foscam equipment but I think other brands like D-Link and TRENDnet have cloud-enabled cameras (if you trust them).
Deal Expert
User avatar
Aug 6, 2001
15535 posts
3430 upvotes
Stuck in a Box
Port forwarding from xplornet modem or just dmz
Deal Addict
May 17, 2012
2631 posts
1467 upvotes
ontario
contact xplornet and see if they offer a public ip (this is different than static IP). it is typically $5 extra / month. we had the same issue when living rural and when we were on rogers rocket hub. they added the public ip for 5/month.
Deal Expert
Aug 22, 2006
27969 posts
13601 upvotes
I noticed that you specifically stated "static IP"
If you can get a public IP that's dynamic then you're golden.
Deal Fanatic
User avatar
Mar 20, 2009
8862 posts
2687 upvotes
Vancouver
weedb0y wrote: Port forwarding from xplornet modem or just dmz
This
[OP]
Deal Addict
User avatar
Dec 7, 2009
1043 posts
335 upvotes
Ha, yea xplornet does suck a bit, that's why I had switched them to telus 3g in the first place. But the LTE service is actually pretty good, (though they throttle the hell out of it during peak hours), parents are loving being able to watch netflix and use kodi plugins which they couldnt do with telus ridiculous 10gb data cap.

I already have their asus ac66u router in a DMZ on the xplornet modem, and have the required port forwarded to the PC, still no luck. I didn't think to ask about a public IP, (I remember that was a option with telus as well), I'll give that and the IPv6 idea a try... just hope their tech support is competent enough to know what I'm talking about. :facepalm:

Thanks for the help everyone!
Newbie
Nov 27, 2006
24 posts
1 upvote
DJDiggler wrote: Ha, yea xplornet does suck a bit, that's why I had switched them to telus 3g in the first place. But the LTE service is actually pretty good, (though they throttle the hell out of it during peak hours), parents are loving being able to watch netflix and use kodi plugins which they couldnt do with telus ridiculous 10gb data cap.

I already have their asus ac66u router in a DMZ on the xplornet modem, and have the required port forwarded to the PC, still no luck. I didn't think to ask about a public IP, (I remember that was a option with telus as well), I'll give that and the IPv6 idea a try... just hope their tech support is competent enough to know what I'm talking about. :facepalm:

Thanks for the help everyone!
Did you get this figured out? I'm in the very same position.
Thanks
Deal Expert
Aug 2, 2004
33989 posts
7631 upvotes
East Gwillimbury
If your modem is providing DHCP services, disable DHCP in your Asus router

Then provide a static IP to your PC with the DVR and forward to that IP from the modem

The static IP should be in the same subnet as the modem. 10.194.x.y
Deal Expert
Oct 6, 2005
16623 posts
2328 upvotes
DJDiggler wrote: Will a VPN get through somehow? (I've tried playing around with TorVPN but no success so far).
Yes, with some paid VPN services they will allow port forwarding, in which case you can reach the server directly from a public IP address. Set up dynamic DNS so you know what the latest VPN IP address is.

Private Internet Access offers this service.
[OP]
Deal Addict
User avatar
Dec 7, 2009
1043 posts
335 upvotes
gt2001 wrote: Did you get this figured out? I'm in the very same position.
Thanks
Sorry gt, haven't really tried figuring it out much more... Xplornet dosent offer any static or dynamic IP or IPv6 on the LTE service and no idea when they ever will. I did set up a paid vpn and had them forward a port but just couldn't connect. It dosent help that I can only play around remotely via teamviewer and if I cut their internet I'm really screwed, (did that once already after I got ahold of the xplornet routers admin login and tried switching it to bridged mode). I have been looking into setting up an openvpn server on my "always on" media server at my house and connecting them through a client but it was a bit intimidating as I have no vpn experience.

I'm going up for a visit this christmas so I might give the paid vpn a try again, I really felt like it should have worked after they forwarded the port. :(
Deal Expert
Aug 22, 2006
27969 posts
13601 upvotes
Setting up a VPN is actually pretty easy.
But I'm not sure I recommend tunneling it through your home.
Then again... what could go wrong? Xplornet isn't exactly the fastest thing ever.
I'd get like a $5 VPS somewhere and tunnel through that. It'll be easier on your part.
It'll be less things to troubleshoot.
Deal Addict
Jul 21, 2005
1838 posts
914 upvotes
Alberta
Just DMZ as other's have mentioned. Easiest way. Forward all packets right past the first device and into your own router or whatever it is you are using. Use the first device for nothing more than a modem.
[OP]
Deal Addict
User avatar
Dec 7, 2009
1043 posts
335 upvotes
eblend wrote: Just DMZ as other's have mentioned. Easiest way. Forward all packets right past the first device and into your own router or whatever it is you are using. Use the first device for nothing more than a modem.
Yes, have done that but the issue is the isp itself has a double nat in their network infrastructure... Even hooking up the pc directly to their modem results in a double nat. And I obviously have no control over their network so there is no easy solution. Telus smart hub 3g internet has a extra charge option to get a private ip (and not be subjected to the double nat) but xplornet lte does not.
Deal Addict
Nov 12, 2006
2180 posts
1184 upvotes
London
It's not the perfect solution, but Teamviewer will get through a double NAT for remote pc access. (as opposed to RDP, which suffers from the issue you have).

Perhaps access something set up at the location with Teamviewer and then use that to access the cameras.
[OP]
Deal Addict
User avatar
Dec 7, 2009
1043 posts
335 upvotes
arisk wrote: It's not the perfect solution, but Teamviewer will get through a double NAT for remote pc access. (as opposed to RDP, which suffers from the issue you have).

Perhaps access something set up at the location with Teamviewer and then use that to access the cameras.
Yep, thats my stopgap solution, teamviewer does work but really sucks for viewing the cameras compaired to the purpose built blue iris camera app for android/ios.

If I get it working when we go up for christmas I'll definitely post here for anyone else in this situation.
Newbie
Feb 14, 2011
71 posts
19 upvotes
Toronto
People in this thread who talk about DMZ and forwarding ports obviously have no idea of what the OP problem is. His ISP is using NAT to allow multiple users on the internet at the same time without giving them public IP addresses. OP is behind his ISP router, even if he removes his own router all together and plug in directly to the modem he will still get 10.x.x.x Class A private ip address from his ISP. You can forward ports and DMZ until cows come home and nothing will happen. End of story.

I had the same problem when I was trying to set up a weather monitoring station in the remote area. Here are solutions that would work:
1. Set up an OpenVPN server somewhere on the internet that has publicly accessible IP address. Then let the remote location connect to server as a client and then you can talk to remote location via local "virtual" IP address. This OpenVPN method is somewhat complicated and requires a lot of command line knowledge, I used pfSense router as OpenVPN server and it took me several hours to set up everything as I had no previous OpenVPN experience. However when set up this method was fairly reliable, the client automatically reconnected to server if connection dropped.

2. Set up PPTP VPN server. This method is very easy to set up, especially when using pfSense as a VPN server. Just input the information and passwords in router GUI and then let the remote client connect to server using standard windows "connect to workplace VPN" method in Network and Sharing Center in Control Panel. Make sure you create a scheduled task or start-up script to establish this connection automatically when the computer comes on. Otherwise your parents have to connect manually every time you want to have access.

3. The easiest method I found is to use 3rd party VPN service. At that time I used Hamachi VPN service, it allowed me to create a non-managed mesh network for free. It's very easy to set up, just install the program, it creates a virtual VPN network interface and assigns 5.x.x.x virtual IP address to network peers that you allowed to join your network. You can access your remote location by entering its hamachi virtual IP address. The disadvantage of this method is that Hamachi uses p2p protocol for all data transfers between peers, which is subject to all p2p throttling, for me at times it worked very slow because of this.
Newbie
Mar 6, 2016
2 posts
i read another post where the person was able to log into the Xplornet router... 192.168.209.1 (I think was the address) and able to turn off firewalls, and do port forwarding.

anyone know if this will work for the ipcamera situation?

basically I have the same problem but I could not follow what the dude on the other thread did (foscam-xplornet-internet-issue-1680655/2/)

I think what some are saying here is that since it is a wireless signal, Xplorent is giving out private IP addresses at the broadcasting tower and then the receiving modem is acting as the 2nd nat and my router is actually the 3rd nat.

so, even if I can get into my receiving modem, I'm still really only in a private network.

but maybe not, since in the WAN section of my Xplornet modem, i can see a IP address that looks like a public IP.

thanks for any help

Top