Implemented Disable NAT on the routers (i.e. TL-ER605 and TP-Link TL-ER7206)
Team,
Suggestion (assuming this is not possible within the current firmware):
Allow customers to operate the router without using NAT.
Meaning allow the device to behave as a special router with firewall capabilities that can be turned on and off as needed.
This prevents double-natting when behind an ISP router.
While maintaining the ACL-capbilities for enhanced network security.
What is your view here?
Cheers - Will
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
+1
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Still waiting for this...
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @MaxxFR
MaxxFR wrote
It's been sent and notified to the dev team. But I don't think it's gonna be a high-priority demand/request.
I know open source can do that because there is openwrt for ER605 already and I had a brief look at the features on it. It does support many features that we don't support, but that's the advantage of open source. There are always unconventional ways to use products and the different needs from people, but our baseline is still providing conventional products to meet the most basic uses of our 2B customers.
I have looked up what UBNT does, and I don't find it supports disabling NAT as well. And so far we plan to keep it as a router. And most other contract users don't have the requirement of disabling the NAT. Just a few people on the forum expect this, I am afraid that this feature will be delayed longer than any other requests. Or not considered. I am still checking with the dev about this.
If you have a double-NAT issue, turn the modem to bridge mode. Or set its NAT mode to full-cone mode. If your modem cannot be changed to bridge mode to fix double-NAT, you may also write a request to the manufacturer of the modem or seek help from the ISP to see if they can provide a firmware or command to turn the modem to bridge mode.
- Copy Link
- Report Inappropriate Content
Thanks for your help and reply @Clive_A
I understand but lot of ISP Router/Modem haven't a bridge mode to add cyber security service and decline their responsability in case of attacks. Router Manufacturer like TP Link don't have this problem because just sell hardware and that good.
Hope the dev team understanding that.
Thanks
- Copy Link
- Report Inappropriate Content
Hi @MaxxFR
Thanks for posting in our business forum.
MaxxFR wrote
Thanks for your help and reply @Clive_A
Hi
I understand but lot of ISP Router/Modem haven't a bridge mode to add cyber security service and decline their responsability in case of attacks. Router Manufacturer like TP Link don't have this problem because just sell hardware and that good.
Hope the dev team understanding that.
Thanks
Hmmm. It's not convincing enough. At least to me. I have reported this to the dev anyway.
My perspective:
So, first, if the modem is a modem router, it has the most basic capability to mask your IP address. It processes the source IP and MAC addresses. It, in a way, can be thought of as a firewall. NAT basics.
If you are worried about the attacks, I believe the modem router can do it as well but not that all-around. It should at least have the capability to stop some attacks. But if you are referring to the real, and targeted attack, our routers cannot defend a heavy attack as well. There is a limit to the hardware and if you intend to have the top protection, it is always recommended to use a famous service like Cloudflare.
If your ISP provides the contract modem-router, it should be responsible for the attacks as they provide and "force"(imply) you to use their device. This happens in the other places of the world. ISPs should provide the most basic protection as they have already provided a capable router.
This requirement is only proposed by people who know about networking. If your ISP doesn't allow you to turn it into a modem bridge mode, then think about the reason why they don't allow it. They want you to use their router. So, this requirement seems to be contradictory if you offer insight from the perspective of a double-NAT.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 40
Views: 10489
Replies: 66