Thank you John for this simple and well explained guide. Took me a while to understand the right approach to this issue until I saw this. Have Mikrotik LHG to UDM Pro in my case, but same principle applied and it works.
Thanks for the NAT video and connecting to the UDM-Pro John. It seems ISPs are moving to locking out customers from customizing their modem / router all in one boxes as you show (at least up here in the Northeast). Would you be able to show / explain how to best setup the UDM-Pro behind double NAT?
If possible turn off the DHCP server. If you can’t turn off the firewall in the modem then you are going to have to double manage the port forwarding for anything you need to pass through. This is pretty annoying but could be worse :). I left the Wifi on the modem device turned on in case I had a case that popped up with the double NAT (like updates to some of my games and firmware flash on my audience controller) then for that use I would flip over to that network when I could)
Just a heads-up: After setting up my mother's new Ubiquiti network, her USG's utilization was always at 50% - 60%. After some of my own research, it looked like this was due to her Motorola gateway being double-nated with her USG. To fix, I needed to turn on her gateway's "Bridge Mode" where I had to disconnect the coax and connect directly to the gateway in order to enable. I'll be doing the same with my Grandmother's really soon which her Comcast provided gateway is just a matter of enabling without having to do anything fancy.
No it is not: it is just a forwarding. Bridge mode (which is the best mode) if you can set your ISP modem to it, would let the UDM get the public IP directly assigned to its WAN port. When bridge mode is not possible, sometime you can set your WAN port to use what the ISP's modem do: connect with PPPoE. Reuse the user/pwd of PPPoE on your WAN port and make ISP's gateway your next hop.
Thank you for the video however I'm not getting the same results as you. By that I mean, I set the Allocation Mode to IP Passthrough, Mode to DHCPS-Fixed and enter my UDM Pro MAC Address, however, when I navigate to the UDM Pro control I still see the internal address assigned by the Nokia in the WAN IP field. Is there something I'm missing? I tried disabling DHCP Server on the Nokia but nothing updates/changes. Note, I also have the BGW320-500. Any help is appreciated. Thanks
Hi John, thanks for the video. A few weeks ago I tried to setup a UDM Pro which kept losing connection. would that fit the discription of a double NAT issue?
@@johnsfilmsllc HI and thanks for your reaction. That's the thing, it was connected to a VLAN of my ISP. The setup is Fiber glass to the house, Media Converter to change from fiber glass to UTP and then in to the UDM. I set the VLAN to the VLAN that the ISP uses in the WAN of the UDMP and somehow it kept choking.
@@johnsfilmsllc does the DMZ mode does the same thing as IP passthrough? I've been using TP-Link MR600 where there is no option to IP passthrough. Or may I just simply turn off NAT on the router to do NAT on the Unifi behind it?
@@miroslavmatousek4674 That depends on the specific router. If you turn off NAT it should work …. If you want to test it out before buying the equipment try loading the controller on a spare raspberry pi or like
I think I'm on Triple NAT in my home. My Fibre optic "Modem" (Router) uses an IP. That then goes to the Wifi router provided by the ISP, that again has another IP address, so, another NAT. Finally, I have my own router plugged into that router that has it's own IP address range again. Now, the "Modem" isn't an issue, everything that comes in goes through the one port to the router automatically. But I do still have to use port forwarding for specific games that need it on both the "Internal" (mine) router, and "External" (ISP's) router.
Hi john very informative. I actually have the att modem and i also have a spectrum modem plugged into my UDM Pro. Trying to setup so when my spectrum takes a dump that the ATT recovers. what is the setup that has to be done on the UDM for the ATT? My connections i have are SFP+ for lan and Wan. Any help would be grateful
I’m jealous of your SFP+ connection from the att router into the udm pro - I don’t have that capability. You will want to set your att router to “pass through” mode to get it to hand the external IP to the udm pro
Problem with our service provider now, is they added another CGNAT device,. So essentially although one is already bridged,. I still get ip starting with 100.x.x.x. I'm. Using DDNS before to access vpn and cctv cameras,. But now,. Nothing works. Is there any other options?
I cannot get my bgw320 and udm pro to work together via IP passthrough. The udm pro just says "no internet detected" when putting the bgw320 into passthrough despite the udm pro receiving the public wan ip. Any suggestions. I've reset and rebooted both devices multiple times.
I have Direct TV running on AT&T Uverse modem/router. We live in a remote area where this is how we get access to TV. I want to connect my AT&T router to the dream machine but not lose my wireless TV access. Do you know if this can be done???
That’s a good question. I had a similar setup a few years ago and did run double nat for a while but I have an idea. The wireless tv thing has two parts. An access point plunged into an Ethernet port on the modem/router and a wireless receiver connected to your tv with hdmi. Have you tried plugging the Ethernet cable that goes into the modem/router combo into your switch while turning on pass through? I believe it should resolve fine. You will need to check the services running on the att router to see if there is anything specific to dtv
Hi John, I have the same setup as yours, like same modem and UDM Pro. After I set the DHCPS-Fixed option, do I need to restart the modem to take changes into effect? as I am not able to see public ip on my Unifi dashboard
I’m in a fiber line with 10Gbs and ipv6 … unfortunately I need to use DS-lite for all those services not yet switched to ipv6 because of that I can’t dump the ISP router … happy double natting. And possible triple if I use VLAN in the wrong way.
I have the same equipment as you. I’ve set the AT&T device for pass through and gave it the MAC address of the UDM Pro. The UDM Pro’s WAN address has not changed, it’s still stuck on the 192.168.1.x subnet. Any thoughts?
@@johnsfilmsllc I was using the wrong MAC address. Apparently the WAN port on the UDM has its own MAC address. I kept trying addresses listed in the AT&T interface until the UDM finally showed an external IP address. I did have to reboot each time I changed the MAC address. Thanks again for making this video.
In those cases, always set up the ISPs modem in bridge mode. That turns off DHCP and just forwards the ISPs IP adress on to your own firewall/router. Easy.
I have a double nat causing a strict nat type on my AT&T Nightgear Nighthawk, how do i get rid of this cause I wanna play games online with my Switch but I can't due to having a D (Strict) Nat type.
YOu will have to look for settings similar to what I showed in the ATT router...bridge/passthrough settings hopefully. I don't have a nighthawk to test out
@@johnsfilmsllc In this case, where you are dealing with an ONT that does support a passthrough mode, you made the right choice. I am trying to solve a different problem where the upstream NAT is unavoidable.
I had a problem with AT&T router and setting up UDM Pro and finally fixed it by making the AT&T modem and the wan IP of the UDM pro on the same network. This network was a different network number than the main UniFi network. This was al without passthrough and everything still works. If I go to the passthrough page, I can select it but I can't choose where anything goes, its all greyed out. It appears that if DHCP is turned off on the Modem thats why its greyed out but I only want the UDM Pro giving out addresses.
Interesting - I have the UDM pro as the only DHCP server on my network as well. The passthrough completely stops it from issuing...I wonder if they have changed the modem firmware over time and locked that up?
@@johnsfilmsllc Perhaps its intentional to avoid conflicts. I don't suppose it hurts to tell the UDM pro its outside IP if the AT&T router knows to forwards packets there.
@@graviton1400 Some game devices detect the double NAT and believe an attempt at cheating and block those - if you are having random issue with services and you have set it up that way it could be the cause
@@johnsfilmsllc I had some help but I was able to finally set this to DHCPS passthrough on the AT&T modem. Redid whole network (changed all network numbers so that DHCP could be on 2 different networks without conflicting which enables passthrough on modem), didnt take long. Lynchpin was forgetting I manually assigned the WAN IP. Set that to DHCP and it immediately grabbed a public IP address.
Or you could pay for a static IP table, not use pass through, turn off all fire wall and packet management, let the modem pull its att IP address, which it’s going to do anyway, then set up your UDM Pro with you first Static IP address. Now you can control your remaining 4 IP addresses with the UDM Pro.
Stumbled on this and to my joy it directly tries to address my pain points. But when I do IP Passthrough, my WAN IP is the local IP the BGW assigns to my UDM (it’s an SE if that matters). Just factory reset my BGW320 AT&T device and got the same results 😭
I take it back. Comments here helped sort it out (THANK YOU). Factory resetting my BGW helped me realize that the MAC I was thinking would be for passthrough is for my UDM, but it’s actually the specific PORT’s MAC that’s needed. After adding correct MAC and *only* after resetting my BGW did I get my ISP IP in my WAN IP via Unifi. Can’t believe I’ve been pulling my hair out for so long on this…. THANK YOU❤
This didn't help.. I have a 4G dionlink with double nat and it has no settings for bridge mode or settings that you showed... It's just one router there's no other networks or modems
@@johnsfilmsllc We are using a T-Mobile hotspot. There is limited to no options for bridge mode or DMZ. I will check and see if there is an installer portal to get in and get more features but at the moment the problem we are having his voice over Internet we are unable to make or receive calls. My best guess is it’s due to a port forwarding issue. I’m assuming we need to forward the port in the hotspot but there are no options.
Thanks for this. Fiancée got me a Dream Machine Pro for my birthday and we have AT&T. Needed to make sure I didn't miss anything!
You will be super duper happy with it!!! Happy Birthday!
Thank you John for this simple and well explained guide. Took me a while to understand the right approach to this issue until I saw this. Have Mikrotik LHG to UDM Pro in my case, but same principle applied and it works.
Yep 100% Thanks for watching!
Hi Artur, I have the same set up- but I am struggling with the set up. Can you please advise? thanks a lot!
Man, you really are good at this.
You mean explain concept style? You think it will take off? Thanks man!
Thanks for the NAT video and connecting to the UDM-Pro John. It seems ISPs are moving to locking out customers from customizing their modem / router all in one boxes as you show (at least up here in the Northeast).
Would you be able to show / explain how to best setup the UDM-Pro behind double NAT?
If possible turn off the DHCP server. If you can’t turn off the firewall in the modem then you are going to have to double manage the port forwarding for anything you need to pass through. This is pretty annoying but could be worse :). I left the Wifi on the modem device turned on in case I had a case that popped up with the double NAT (like updates to some of my games and firmware flash on my audience controller) then for that use I would flip over to that network when I could)
Tldr, bridge it lol, good job very clearly explained
Hehehe thanks!
I WAS JUST LOOKING FOR THIS
Great glad it helps
Just a heads-up: After setting up my mother's new Ubiquiti network, her USG's utilization was always at 50% - 60%. After some of my own research, it looked like this was due to her Motorola gateway being double-nated with her USG. To fix, I needed to turn on her gateway's "Bridge Mode" where I had to disconnect the coax and connect directly to the gateway in order to enable. I'll be doing the same with my Grandmother's really soon which her Comcast provided gateway is just a matter of enabling without having to do anything fancy.
Interesting - Thanks for sharing
Was the isp Spectrum?
You know you stuff dude. Thanks
is this passthrough pretty much bridge mode?
No it is not: it is just a forwarding. Bridge mode (which is the best mode) if you can set your ISP modem to it, would let the UDM get the public IP directly assigned to its WAN port.
When bridge mode is not possible, sometime you can set your WAN port to use what the ISP's modem do: connect with PPPoE. Reuse the user/pwd of PPPoE on your WAN port and make ISP's gateway your next hop.
Thank you for the video however I'm not getting the same results as you. By that I mean, I set the Allocation Mode to IP Passthrough, Mode to DHCPS-Fixed and enter my UDM Pro MAC Address, however, when I navigate to the UDM Pro control I still see the internal address assigned by the Nokia in the WAN IP field. Is there something I'm missing? I tried disabling DHCP Server on the Nokia but nothing updates/changes.
Note, I also have the BGW320-500.
Any help is appreciated. Thanks
Hi John, thanks for the video. A few weeks ago I tried to setup a UDM Pro which kept losing connection. would that fit the discription of a double NAT issue?
Quite possibly. It depends on the other variables (modem primarily)
@@johnsfilmsllc HI and thanks for your reaction. That's the thing, it was connected to a VLAN of my ISP. The setup is Fiber glass to the house, Media Converter to change from fiber glass to UTP and then in to the UDM. I set the VLAN to the VLAN that the ISP uses in the WAN of the UDMP and somehow it kept choking.
Did you update to the latest production firmware and controller?
I use DMZ Mode on The first Network if I can't turn it off NAT that forces the first network wide open for the second router
Clever
@@johnsfilmsllc does the DMZ mode does the same thing as IP passthrough? I've been using TP-Link MR600 where there is no option to IP passthrough. Or may I just simply turn off NAT on the router to do NAT on the Unifi behind it?
@@miroslavmatousek4674 That depends on the specific router. If you turn off NAT it should work …. If you want to test it out before buying the equipment try loading the controller on a spare raspberry pi or like
I think I'm on Triple NAT in my home. My Fibre optic "Modem" (Router) uses an IP. That then goes to the Wifi router provided by the ISP, that again has another IP address, so, another NAT. Finally, I have my own router plugged into that router that has it's own IP address range again.
Now, the "Modem" isn't an issue, everything that comes in goes through the one port to the router automatically.
But I do still have to use port forwarding for specific games that need it on both the "Internal" (mine) router, and "External" (ISP's) router.
Hi john very informative. I actually have the att modem and i also have a spectrum modem plugged into my UDM Pro. Trying to setup so when my spectrum takes a dump that the ATT recovers. what is the setup that has to be done on the UDM for the ATT? My connections i have are SFP+ for lan and Wan. Any help would be grateful
I’m jealous of your SFP+ connection from the att router into the udm pro - I don’t have that capability. You will want to set your att router to “pass through” mode to get it to hand the external IP to the udm pro
Problem with our service provider now, is they added another CGNAT device,. So essentially although one is already bridged,. I still get ip starting with 100.x.x.x. I'm. Using DDNS before to access vpn and cctv cameras,. But now,. Nothing works. Is there any other options?
I cannot get my bgw320 and udm pro to work together via IP passthrough. The udm pro just says "no internet detected" when putting the bgw320 into passthrough despite the udm pro receiving the public wan ip. Any suggestions. I've reset and rebooted both devices multiple times.
I have Direct TV running on AT&T Uverse modem/router. We live in a remote area where this is how we get access to TV. I want to connect my AT&T router to the dream machine but not lose my wireless TV access. Do you know if this can be done???
That’s a good question. I had a similar setup a few years ago and did run double nat for a while but I have an idea. The wireless tv thing has two parts. An access point plunged into an Ethernet port on the modem/router and a wireless receiver connected to your tv with hdmi. Have you tried plugging the Ethernet cable that goes into the modem/router combo into your switch while turning on pass through? I believe it should resolve fine. You will need to check the services running on the att router to see if there is anything specific to dtv
Hi John, I have the same setup as yours, like same modem and UDM Pro. After I set the DHCPS-Fixed option, do I need to restart the modem to take changes into effect? as I am not able to see public ip on my Unifi dashboard
Update: it did work after restart (Y)
I’m in a fiber line with 10Gbs and ipv6 … unfortunately I need to use DS-lite for all those services not yet switched to ipv6 because of that I can’t dump the ISP router … happy double natting. And possible triple if I use VLAN in the wrong way.
I have a Netgear Orbi LBR20 LTE Upnp not working but I'm using my Netgear GS305E switch plus
I have the same equipment as you. I’ve set the AT&T device for pass through and gave it the MAC address of the UDM Pro. The UDM Pro’s WAN address has not changed, it’s still stuck on the 192.168.1.x subnet. Any thoughts?
Reboot? It's possible it's still hanging onto the DHCP address it was given previously?
@@johnsfilmsllc
I was using the wrong MAC address. Apparently the WAN port on the UDM has its own MAC address. I kept trying addresses listed in the AT&T interface until the UDM finally showed an external IP address. I did have to reboot each time I changed the MAC address. Thanks again for making this video.
@@owenjohnson5030 Awesome - I’m glad it worked for you
In those cases, always set up the ISPs modem in bridge mode. That turns off DHCP and just forwards the ISPs IP adress on to your own firewall/router. Easy.
Not easy when your ISP gives you a router with disabled bridge mode and there's no *legal* way to turn it on.
Someone didn't pay attention to the video. The example here is ATT which doesn't have bridge mode.
umd pro to add a athor router to the udm like a eagderouter
Just use the modem as modem and dial up from within the UDM, done. 1x NAT, thats old knowledge that every kid should have...
Yep agree. A ton of questions around it after my original UniFi video though :)
You would be better off disabling NAT on the UDM Pro (yes you can disable NAT). Good video and good explanation.
I have a double nat causing a strict nat type on my AT&T Nightgear Nighthawk, how do i get rid of this cause I wanna play games online with my Switch but I can't due to having a D (Strict) Nat type.
YOu will have to look for settings similar to what I showed in the ATT router...bridge/passthrough settings hopefully. I don't have a nighthawk to test out
So Sad. Was looking for instructions on disabling NAT on the UDM Pro, because I can't enable pass-thru on my upstream devices.
I was worried that would take out a ton of the “managed” features…
@@johnsfilmsllc In this case, where you are dealing with an ONT that does support a passthrough mode, you made the right choice. I am trying to solve a different problem where the upstream NAT is unavoidable.
@@PurcellvillePatriot That sucks…
I had a problem with AT&T router and setting up UDM Pro and finally fixed it by making the AT&T modem and the wan IP of the UDM pro on the same network. This network was a different network number than the main UniFi network. This was al without passthrough and everything still works. If I go to the passthrough page, I can select it but I can't choose where anything goes, its all greyed out. It appears that if DHCP is turned off on the Modem thats why its greyed out but I only want the UDM Pro giving out addresses.
Interesting - I have the UDM pro as the only DHCP server on my network as well. The passthrough completely stops it from issuing...I wonder if they have changed the modem firmware over time and locked that up?
@@johnsfilmsllc Perhaps its intentional to avoid conflicts. I don't suppose it hurts to tell the UDM pro its outside IP if the AT&T router knows to forwards packets there.
@@graviton1400 Some game devices detect the double NAT and believe an attempt at cheating and block those - if you are having random issue with services and you have set it up that way it could be the cause
@@johnsfilmsllc I had some help but I was able to finally set this to DHCPS passthrough on the AT&T modem. Redid whole network (changed all network numbers so that DHCP could be on 2 different networks without conflicting which enables passthrough on modem), didnt take long. Lynchpin was forgetting I manually assigned the WAN IP. Set that to DHCP and it immediately grabbed a public IP address.
@@graviton1400 AWESOME!!! Well done
Or you could pay for a static IP table, not use pass through, turn off all fire wall and packet management, let the modem pull its att IP address, which it’s going to do anyway, then set up your UDM Pro with you first Static IP address. Now you can control your remaining 4 IP addresses with the UDM Pro.
Or just call your provider and let them put your modem in bridge mode, problem solved.
activated bridge mode on my modem from isp. and voila ...no more 2 captains on one ship.
Well done
Stumbled on this and to my joy it directly tries to address my pain points.
But when I do IP Passthrough, my WAN IP is the local IP the BGW assigns to my UDM (it’s an SE if that matters).
Just factory reset my BGW320 AT&T device and got the same results 😭
I take it back. Comments here helped sort it out (THANK YOU).
Factory resetting my BGW helped me realize that the MAC I was thinking would be for passthrough is for my UDM, but it’s actually the specific PORT’s MAC that’s needed.
After adding correct MAC and *only* after resetting my BGW did I get my ISP IP in my WAN IP via Unifi.
Can’t believe I’ve been pulling my hair out for so long on this…. THANK YOU❤
I just had the time to look and I’m impressed with your stick to it. Great job! Thanks for watching!
Old school
He didn't address the double not subject instead he did passthrough setup (bridge)
Which solves the issue because it eliminates one of the NAT layers…
This didn't help.. I have a 4G dionlink with double nat and it has no settings for bridge mode or settings that you showed... It's just one router there's no other networks or modems
Ouch, you might google for a service menu on it to see if there is an installers access you can use to change it rather than the consumer portal
@@johnsfilmsllc We are using a T-Mobile hotspot. There is limited to no options for bridge mode or DMZ. I will check and see if there is an installer portal to get in and get more features but at the moment the problem we are having his voice over Internet we are unable to make or receive calls. My best guess is it’s due to a port forwarding issue. I’m assuming we need to forward the port in the hotspot but there are no options.
Pause. I'm 3 minutes into your video right now, the whole scenario you're describing is the issue I'm having. Don't let me down.
Okay, 4:37 seconds in. Looking good.
Update, I have a completely different interface with the 5268AC. The only thing that I have remotely close to that is applications, pinholes, and DMZ.
Can you apply the same principles and solve your issue?
It just keeps displaying a private ip as my wan address. and then all my consoles show a strict nat