Additional NAT Networks

I have some L3 devices behind a BE800. This works fine internally, as I have bi-directional static routes.
The BE800 only NATs IPs on it's local subnet though. I see nowhere in the interface to also include the L3 subnets that are from the other internal devices. Is this not possible on this equipment?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Consumer routers only have the ability for a single vlan. You would have to have a nic on the TP-Link subnet and set up default route to send traffic to that interface, then it would reach the internet, or otherwise tag the outgoing traffic for that subnet.
- Copy Link
- Report Inappropriate Content
@apila22 Understood, thank you for the response.
I'm not talking about additional VLANs on the device itself though, but rather this scenario:
In any other L3 device, you can easily add the additional subnets as the NAT SOURCE addresses, and the equipment includes those networks when it does the address translation. TP-Link seems incredibly rudamentary here.
- Copy Link
- Report Inappropriate Content
Is the L3 side of the blue line an IP on the TP Link subnet? Do you only have a static route on the L3 for the TP Link subnet? What happens if you add default route (0.0.0.0) on the L3 to the TP Link gateway address? TP Link already has its quad zero to the WAN. But no matter what, you are doing double NATing trying to use a consumer device like that.
Or set up quad zero to your WAN IP address and the WAN subnet to quad zero like the TP Link has, but my experience stops at basic routing tables. This would break every time ISP changes your IP unless you pay for static, which would be why default routing to the TP gateway would be safer.
You aren't trying to allow incoming internet traffic to the L3 just outgoing?
- Copy Link
- Report Inappropriate Content
@apila22 Negative, not double-nat.
The top circle is the BE800, the bottom is the other L3 device. It's strictly routing. The BE800 only allows NAT from its internal subnet, not from any route set on the internal L3.
Yes, the default route of the L3 device behind is pointing to the BE800.
All clients in any subnet behind the other L3 device can reach the BE800 without any issue.
The issue is that the BE800 only performs NAT on its locally defined subnet. I can't see anywhere in the configuration to add additional nat sources. All other consumer grade routers support this, just not the BE800 it looks like.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Almost all. Most don't even need configuration.
Packet received on the inside interface, the router uses its 0.0.0.0 route to forward out the packet where it gets nat'd. A nat session is built. Everything works.
But since you asked for an exact model, consumer grade... Here's one of a thousand: Ubiquiti Edge Router X. A 50 dollar box of metal.
- Copy Link
- Report Inappropriate Content

Information
Helpful: 0
Views: 479
Replies: 6
Voters 0
No one has voted for it yet.