I have thought about it a lot actually. It has been on my list of videos to make for some time now. Just haven't gotten around to actually making it.

Yes, but the static route is generally advertised through DHCP. Kind of a waterfall situation with DHCP advertising the default-gateway downstream...over and over and over again.

The tablet I use for my videos is a Boogie Board Sync which is paired to my computer in digitizer mode. I use it along with the built-in Windows whiteboard application for the drawings. Unfortunately, this product was discontinued some time ago and I don't believe they ever made a 1-1 replacement for it. I'm just hoping mine never breaks. I believe the Boogie Board "Blackboard" will save your scribbles much like the Sync, but don't quote me on that.

Not sure if I'd label it as "inferior". Sometimes you have to work with what you have and if you can't setup bridge mode or a DMZ, then sometimes you just have to live with double-NAT. It really doesn't make too much of an impact if you aren't hosting out of your house or using certain games.

I'm just curious as to how it would matter because pretty much every router has no ability to cross talk. that is comunicate with another connection on it.. you'd ghave to connect to the actual computer via internet oop I see your ideal it would prevent it from going through that router, but not the internet

Depends on what part you are trying to access remotely. Typically, you would just use the same port-forwarding rules on both routers (Router A = Router B's IP & Router B = Synology IP). However, If you're trying to access SMB shares over the internet by port forwarding, I would not recommend it.

I could help you out if you still need help

@@matthewschuster4600 thanks mate all good now it was an issue with the ISP. I also changed ISP no issue everything moving forward

Forwarding all ports to the second router would make it much easier to manage, but I wouldn't say it is "advisable". By forwarding all ports, you are essentially creating a DMZ between your first and second router. This isn't necessarily "bad" but it widens your attack surface. Also, there are some ports that may be in-use by the router itself. This doesn't usually cause a problem, but some models can get confused and cause undesirable behavior when EVERY port is forwarded without a proper DMZ mode.

I think this is just semantics. From my experience, Double NAT is referred to as you explained (source NAT done twice) which is also what is explained in the video. Using the same IP scheme in two different parts of the network and translating between the two using NAT is definitely something that can be done (and frequently used as a band-aid of sorts). However, I'm not entirely sure how this is referred to. If you refer to this as double-NAT, then we simply have to different meanings for the same phrase. They are two completely different ideas, though.

@@ToastyAnswers Thanks Toasty.

NAT can provide some security, but it is best not to think about it as a security feature. The security benefit is kind os a side-effect of NAT. There is really no substitute for a good firewall. In this situation, an Edgerouter with restrictive firewall rules should be good enough.

I use the first router\modem to assign the IP to the second router, if you prefer it you can set the IP statically on the second router the same goal is accomplished.

Yes, I used a static address on my second router.

@@ToastyAnswers Thanks. I figured but wanted to be sure. Helping someone with this issue this weekend and wanted to be sure.

Correct, if you have devices directly connected to the first router they would function as normal.

@ToastyAnswers damn still replying 2 years later!? Ur the absolute best! I've been looking for the answer to this question for days.

I wouldn't say there is a real "benefit". It makes things a bit convoluted and complicated which could make it harder to gain access, but if someone can bypass one NAT they can probably bypass two.

I hate troubleshooting Xbox NAT issues on a network. The Xbox likes to use something like UPNP to dynamically open and close ports, which a lot of routers don't support. Basically, if you don't have all the ports an Xbox uses open and forwarded, then you will likely get an error. This depends on the game being played... different games want to use different ports for different reasons. It is hard to do this on business-class devices since they don't typically support the (less secure) dynamic methods of opening ports.

@@ToastyAnswers Thanks. I do it some things just wondering why. That explains a lot.

There's a few reasons, all of which depend on your provider or where your connection is coming from. Some ISPs do CGNAT (which is still NAT on a much larger scale). Other reasons would be if you're in an apartment complex or dormitory where the connection is managed by the landlord and is ran through another router upstream.

Yeah... listening to that again is a bit confusing. I can see why you misunderstood what I was trying to say. There is nothing wrong with adding router #2 to the DMZ. This does not end up with double NAT. I was trying to say that sometimes none of those options are available (Pass-thru, bridge, or DMZ). Which is where you end up having double NAT. My comment about "sometimes you can only do DMZ" was just an add-on comment (sometimes you can only do pass-thru, sometimes you can only do DMZ, sometimes none of these are available... which is when you end up with double NAT). I think I threw that in because my own router only has the option to use DMZ (not pass-thru or bridge). So, DMZ is actually how I run my own network. There isn't any additional security risk by using DMZ over another option.

@@ToastyAnswers that’s incredible - this is as I suspected, but wanted to confirm as you definitely sound like you know more about this than me 😂 Thanks for the super quick response, much appreciated. I went ahead and configured it this way earlier after the fibre technician left, and it seems rock solid. Having some issues with port forwarding which has previously been configured on router #2 and worked with no issues. Could the reason these aren’t working any more, be due to having this router in the DMZ of router #1? Surely not, as being in the DMZ by definition means that router #2 is exposed to my external IP address? Curious if you know why the forwards might not be working any more. Both routers are on different subnets, afaik. Router #1 assigns an IP of 192.168.1.xxx to router #2 (which I’ve then added to the DMZ) and router #2 is then assigning all IPs on the subnet 192.168.0.xxx.

FWIW, the WAN IP of router #2 is showing as 192.168.1.xxx - I was expecting this to show as an external IP… is this correct behaviour? Could explain the port fwd issue.

There could be a few reasons why the existing port-forward configuration isn't working, but without knowing exactly how the network is configured it is hard to say. 1. The network behind the Edgerouter is different than it was (E.g. Previously, the devices did not have 192.168.0.xxx addresses). You would need to update the port-forwarding destinations to the correct addresses. 2. The devices have grabbed different DHCP addresses, therefore the port-forward destination has changed. If the previous router was used for DHCP (also, the devices you were port-forwarding were DHCP enabled) and now the Edgerouter is being used, the devices could be getting different IP addresses than they previously had. 3. The new ISP is blocking those ports somewhere upstream... (not the most likely, but it could happen). With a DMZ, the WAN address of router #2 isn't going to show a public IP, but this shouldn't have any affect on the port-forwarding. Essentially, a DMZ destination is the same as port forwarding every single port from your WAN address to your "DMZ device" (in this case, the Edgerouter or Router #2). This is why you can only have a single DMZ destination. Your ISP router is still technically performing NAT (Yes... you do "technically" still have double-NAT...) but it has no consequence since ALL traffic is being forwarded to your internal DMZ device anyway. The translation still occurs, but ALL traffic is translated and passed along to your internal router. From your perspective, your Edgerouter might as well have the public IP since it is processing all the public traffic anyways. It's just passing through a translation layer that isn't really needed... it just happens to be your only option for achieving what you want to do.

You can still get the stats via port forwarding. There are a few threads on Reddit explaining what you need to input. A quick google search should get you there.

Would love to see a video on this being done with IPv4 NAT