On Wed, 10 Mar 2021 11:54:49 +0200 Andrei POPESCU <andreimpope...@gmail.com> wrote:
> On Ma, 09 mar 21, 13:35:18, Joe wrote: > > > > As an anecdote, I recall a BT service/router which literally would > > not work if it detected another NAT on the LAN. It was in a client's > > network, and I had to reconfigure things to work without the Debian > > server acting as a firewall. If it had been my network, the wretched > > thing would have gone back instantly, my network runs through two > > NATs and that isn't negotiable. > > What is the benefit of having your network behind two NATs? > Because I can't do much with a router, and I want reasonable firewall and logging control, and also a 'proper' DMZ in which to incarcerate visitors who want to use the Net. NAT on the firewall adds a small extra layer of security in case I make a mistake with the firewall code, and in the past I have had subtle problems with bridging. I've never had problems with two NATs (I've stayed away from IPSec, but PPTP will work through two NATs at each end). And no, I don't want to get involved with reflashing routers and then trying to solve problems with my ISP. -- Joe
