2

We have a Comcast SMC Business Gateway router/modem combo in our office, and it doesn't provide much in the way of diagnostic tools or QoS routing. I want to plug another router with Tomato installed so I can monitor office traffic. This would result in a double-NAT setup.

We're all Mac users in the office, and I was wondering if a double-NAT would interfere with with our AFP file shares or or other common network / internet tasks? I'm aware that it can cause some problems, just not sure with what.

Thanks!

Bryan M.
  • 161
  • 8

2 Answers2

1

Firewalls control traffic that flow through them, so your internal LAN traffic should be unaffected as it doesn't or shouldn't flow through the firewall. Your inbound and outbound internet traffic is another matter though. does the Comcast router\modem support "bridging", or "passthrough" for all traffic, meaning can you turn off the firewall and NAT functions?

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • It does not support bridging. There's a suggestion for setup [here](http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24159465.html) (scroll down, its experts-exchange) that would bypass double NAT. However, do I need NAT on this extra router in order to accurately monitor traffic? – Bryan M. Nov 18 '09 at 11:55
  • I can't help with the modem and I don't have an Experts Exchange account. NAT should have no bearing on your ability to monitor traffic. What you'll need to find out is whether or not your switch, firewall, or modem\router support SNMP or port mirroring. If they do then you'll be able to monitor internet traffic directly at the modem\router, at the firewall, or on the switch port that the firewall plugs in to. Note that you need to monitor at one of these points, but not all three. – joeqwerty Nov 18 '09 at 12:36
1

If you have a static IP with your Comcast business service you can assign that routable address to your Tomato box, hook it up to the SMC, and voila, no more NAT and public IP on your device. This is the best way to "bridge" with these devices.

If you don't have a static, you can put the Tomato router in the DMZ of the SMC and you'll essentially have a bridge. Or, since you don't have a static, you can request a standalone modem from Comcast that will hand out a public IP to your Tomato router.

scraft3613
  • 470
  • 1
  • 4
  • 12