Double NATing Issues and DMZ Solution?


I just wanted to put this out there to make sure I am understanding everything correctly around double NATs in an apartment building and if my solution is sound.

So I just moved to an apartment building, which includes internet as part of utilities (500mbps up/down). You plug your router into the ethernet jack in the room and you have internet...kinda.

Problem is I have a VPN server at home for when I'm traveling. Anytime I try to connect to my IP, the connection fails. All necessary ports are correctly forwarded, but all port scan tools time-out. So after some digging around and contacting the building's admin, it turns out they used dynamic NAT.
So we got that switched over to a static NAT and now my router uses the static NAT to grab an IP (public IP -> 10.XX -> 192.XXX).

However, no inbound request ever makes it to my system; all port tools continue to time-out on the ports I have forwarded. I removed the router from the equation and went directly wall-computer (setup with the static private IP, 10.XX), but still no success (rules out a router problem, right?). My questions are:

  1. Is there anything else missing on my end that could cause this issue?

  2. Could setting my ISP's equipment to DMZ any requests to my router solve the issue (not sure if that is the right network terminology)?


Posted 2015-11-11T04:47:51.837

Reputation: 27



Yes, if your "ISP" maps the ports through to your router - either the appropriate ports (in this case 22), or the DMZ, that should work.

If they are doing this, they are not a real ISP.

You might want to get a LEB (Low end box/virtual server) and configure a VPN server on that; configure a VPN from your home router to that as well, and you can connect through that.


Posted 2015-11-11T04:47:51.837

Reputation: 49 152


Welcome to the new reality as ISPs start doing this, too.

Port forwarding on your router means nothing if the network to which it connects uses private addresses and doesn't port forward to you.

The ISP for the apartment complex may or may not be using CGN, which just adds another layer of NAT on top of the double-NAT you already have.

Ron Maupin

Posted 2015-11-11T04:47:51.837

Reputation: 3 130