Messages

1

General Discussion / Re: How to avoid Double NAT with Fritz!Box

« on: January 28, 2022, 11:14:59 am »

Not sure if this will be helpful but sharing this anyway.

I have a FritzBox 5490 and OPNsense set-up as follows:

Code: [Select]

INTERNET ----[Fritz5490]----[OPNsense]--- LAN

On my FritzBox there is a setting under Internet > Permit Access that allows you to set port sharing. Under the same setting I have an option to fully expose a host (see image).
That's how I got rid of the double NAT

You are very right, from the screenshot you took I can say that this is the freaking DMZ, but in a not so obvious expression.

And, yes, the only two ways to properly get rid of the double NAT are:

1. Put the front device (the one most close to the internet/ ISP) in bridge mode.
2. If 1. is not possible, declare the back device (the one most close to the private network) as DMZ in the front device.

THX.
A good day!

The problem is, you wont get the external IP arriving at the OPNsense router. the fritzbox will still give you a internal ip for the WAN-port of your OPNsense-machine.
Thats exactly the problem i have right now.

Fritzbox only opens EVERY port and forwards it to this specific internal IP, except the ports you specify in the fritzbox to forward to other internal IPs.

So it doesnt solve the double-nat problem. Its like you set all ports open in the firewall of the fritzbox and forward the traffic to the specific internal IP.