How to Fix Double NAT and What is it?

Learn what Double NAT is and how to fix it

What Is

Reading time icon 6 min. read

Calendar icon Updated on

by Vlad Constantinescu 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • If you've recently upgraded your Internet connection and have two routers instead of one, it's highly likely that you're double NAT-ing.
  • Although double NAT isn't necessarily a bad thing, it can become troublesome, especially if you want to grant access from the outside (port forwarding) to certain devices on your private network.
Double NAT

If you’ve recently upgraded your Internet connection and have two routers instead of one, it’s highly likely that you’re double NAT-ing. As a novice PC user, that shouldn’t bother you too much.

Some even say that double NAT-ing is even more secure than its singular version. However, if you’re not exactly tech-savvy, you may already have a lot of questions.

You can try to use a powerful VPN service to resolve the NAT issue once and for all, making this option the easiest, but it might not be useful for all users, depending on their network setup and expectations.

In other cases, users have encountered NAT issues while using their PS4 system, which can of course cause a wide range of issues, especially if you have waited for a long time to play a game.

What is double NAT?

To put it simply, double NAT is the situation when you connect to the Internet through two routers. So, you connect to your router, which is behind another router. Thus, you are part of two different private networks, which might seem ideal but it isn’t.

This situation is very frequent whenever your ISP enforces the use of a proprietary router. The ISP-provided router might not be exactly powerful, so you buy an additional one, which is more to your liking.

Due to your ISP’s policy, you are now double NAT-ing, which restricts you in a bunch of ways. For instance, port forwarding becomes a distant memory, since it’s so challenging, if not downright impossible in this situation.

Sure, you could just remove the ISP-provided router, but some companies insist on you using their hardware. A more complicated situation is when you’re using fiber optics and your ISP’s router acts as a signal converter.

For many users, double NAT isn’t a problem. But it can become troublesome if you play online games, want to forward some ports on your router, use UPnP or rely on IP address assignments.

How to fix double NAT

1. Remove ISP router from the network

  1. Unplug and disconnect your ISP router
  2. Plug the network cable into the WAN port of your personal router
  3. Access your personal device’s interface and reconfigure it accordingly

You might need to change the way your modem handles the Internet connection. For instance, if your router only distributed dynamic IPs, you might need to change its settings so it can fill in the ISP modem’s position.

2. Enable Bridge mode on your ISP router

  1. Call your ISP
  2. Ask them to put their router in Bridge mode
  3. Reconfigure your personal router as needed

You will need to configure your router so it can distribute the traffic that previously ran through the first device. For instance, if the ISP router was configured for PPPoE and your personal device was in dynamic IP distribution mode, you will have to move the PPPoE settings on your personal router.

Explanation: When you put the ISP router in bridge mode, it disables the NAT feature on it. Thus, it starts functioning as a DHCP server and stops generating IP conflicts.

More so, if it’s a wireless-enabled router, it will lose its Wi-Fi capabilities and you won’t be able to access it on your network using the default gateway address.

If none of these solutions is good for you, here are a few ways you can circumvent double NAT.

How to port forward through double NAT

1. Use DMZ to forward connections

  1. Log into your second router (the one farthest from the Internet/closer to your PC)
  2. On the status page, locate the WAN/IP address and note it down
  3. Log into the first router (use Wi-Fi or plug your PC directly to its WAN port)
  4. Locate the DMZ page (if supported)
  5. Enable DMZ and type the IP you’ve previously noted from the second router
  6. Save the settings

Note that you should configure the second router in such a manner that its WAN address doesn’t change (static IP). If you use it in DHCP mode, its IP will definitely change at some point, which will render the DMZ IP you used in the first router useless.

2. Use double router port forwarding

  1. Log into your first router (use Wi-Fi or plug your PC straight into the WAN port)
  2. Forward ports to your second router’s external IP address
  3. Log into your second router
  4. Forward ports to the device where you want to run the program/service (game server, mail server, etc)
  5. Configure a static address for every device you want to forward ports to
  6. Make sure that the second router has a static IP address

If you’re not sure about setting static IP addresses for network devices, we’re going to show you how in the following section.

3. Set up a static IP address on Windows 10

  1. Press the Win key on your keyboard
  2. Type cmd and hit Enter
  3. In the Command Prompt type ipconfig /all and hit Enter on your keyboard
  4. Locate your main network adapter
  5. Note down its IPv4 Address, Subnet Mask, and DNS Servers* (check the screenshot)Check the ipconfig values
  6. Close the Command Prompt window
  7. Check your router’s status page to view the DNS servers if ipconfig /all shows the same value as Default Gateway
  8. Access the Windows 10 Settings app
  9. Choose Network & InternetSettings app network and Internet
  10. Click the Change adapter options buttonNetwork configuration Change adapter settings
  11. Right-click the main adapter that you’ve used in the CMD steps above and choose Properties
  12. Select Internet Protocol Version 4 (TCP/IPv4) from the list
  13. Click the Properties buttonProperties of main adapter
  14. Take a screenshot of the current configuration displayed in the new windowConfiguration screen IPv4
  15. Click the Use the following IP address radio button
  16. Choose an IP address for your PC (should be similar to the CMD IP above**, only the last set of digits should be different, between 1-254)
  17. Type the Subnet Mask and Default Gateway exactly as they appeared in the CMD window
  18. Click the Use the following DNS server addresses radio button
  19. Type the two DNS servers as they appear in your router’s status pageAssign static IP address Windows 10
  20. Click OK

* – if you see the same DNS server as the Default Gateway, you will need to check the DNS servers displayed on your router’s status page. Alternatively, you can call your ISP and ask them what DNS servers they use, and they should be able to provide you with this information.
** – if the IP you saw in CMD is, for instance, 192.168.0.108 (our case), you can change it to any other IP like 192.168.0.xxx, where xxx = any number between 1 and 254, except 108.

If your Internet connection doesn’t work after you went through all these steps, it can be one of two things:

  • You chose an invalid IP address (the same as your router’s or not in the same range)
  • The DNS servers are wrong, in which case you’ll have to call your ISP and ask them to tell you what DNS servers to use

Bypass or disable double NAT, ultimately it’s a matter of choice

If you’re unfortunate enough to be trapped behind the double NAT wall, it can be quite difficult to bypass this situation if you’re a novice. However, if you follow our extensive guide, you should have no trouble.

Regardless of whether you want to eliminate Double NAT or just bypass it through various means, our guide should have you covered. Make sure you follow our instructions accordingly and not skip any step.

More about the topics: Fix network issues, ports

Vlad Constantinescu

Vlad Constantinescu Shield

Vlad might have a degree in Animal Husbandry and Livestock Management, but he's currently rocking anything software related, ranging from testing programs to writing in-depth reviews about them. He spent 3-4 years as a software editor at Softpedia and another year as a VPN specialist before he landed his current job as an author at Windows Report. In his free time, Vlad enjoys playing guitar, doing jigsaw puzzles, researching cybersecurity, and even having a good read on rainy days.