I've seen numerous posts about this, and the responses from TP Link staff have always been...wrong.

 

WiFi is only one part of my home network, and I value the Parental Controls and DHCP functionality that Deco provides.  I don't want to switch to AP mode and lose this functionality.

 

There seems to be some kind of confusion when it comes to Routing vs NAT, and I can't for the life of me see how disabling NAT in Routing mode would stop Parental Controls and DHCP from working.

 

This is my setup:

 

 

WAN--DSL Router--LAN Iface---|

              192.168.0.1/29 |

                             |

                             |----WAN Iface----Cisco Router--Other Internal Networks

                             | 192.168.0.2/29                  (PiHole DNS, Wired IoT, Wired TV etc)

                             |

                             |----WAN Iface----Deco-----LAN Iface-----WiFi Clients

                             | 192.168.0.4/29        192.168.68.1/24  DHCP 192.168.68.*/24

 

 

As it stands, the DSL Router performs NAT for all outbound Internet traffic.

 

The DSL router is the default gateway for both the Cisco Router and the Deco.

 

The DSL router has a static route for 192.168.0.0/16 to the Cisco Router.

 

At the minute there is no point me adding a static route for 192.168.68.0/24 pointing to the Deco, because the Deco NATs everything - the DSL router and Cisco Router will never see 192.168.68.0/24 addresses.

 

All traffic from the WiFi clients appears to come from 192.168.0.4, the Deco's "WAN" IP address.  This fundamentally restricts the ability for me to control access to other parts of my network based on Deco-assigned IPs, or to access WiFi clients from other parts of my network.

 

In order for traffic to transit from the WiFi Clients to the rest of the network (and Internet), it needs to go through the default gateway, which is 192.168.68.1.  At this point Deco inspects the requests and decides whether or not to permit the connection.  If a request received by 192.168.68.1 is a DHCP request, then Deco responds with an IP lease.

 

None of this functionality relies on NAT.  NAT is a completely separate function that transforms requests from the WiFi clients to appear to come from 192.168.0.4, and transforms responses accordingly.  It should not be necessary in routing mode if there is a separate upstream router providing NAT and configured with the appropriate static routes.

 

Please, get someone who understands networking to look at this request, which has been made repeatedly, and give advanced users the ability to disable NAT in Router mode!