Dealing with a double NAT situation on your network and getting stuck with plex not forwarding ports

Guides & Tutorials Tutorials
,
1

This can complicate things, especially with port forwarding and network configurations. Let’s break down the issue and see how we can resolve it.

Understanding the Issue

  1. Double NAT: This occurs when two routers on the network are both performing Network Address Translation (NAT). This can lead to complications with port forwarding, as each router needs to correctly forward the ports.
  2. Plex Servers: You’ve set up two Plex servers with different ports (32400 and 32401) and managed to get them working through port forwarding.
  3. IPv4 Land Attack Warning: This warning typically indicates that a large number of packets are being sent to the router’s public IP address, potentially from the internal network, which the ISP’s router might interpret as an attack.

Potential Causes

  1. Network Misconfiguration: There could be a misconfiguration in your network settings, especially related to how the ASUS routers are communicating with the ISP’s router.
  2. Port Forwarding Issues: The way port forwarding is set up on both the ISP’s router and the ASUS routers might be causing excessive traffic, which the ISP’s router flags as a potential attack.
  3. Firewall Settings: The ISP’s router might have stringent firewall settings that are too sensitive for your current network setup.

Steps to Diagnose and Fix

  1. Verify Port Forwarding Settings:

    • Ensure that both the ISP’s router and the ASUS routers have the correct ports forwarded.
    • The ISP’s router should forward the necessary ports to the WAN IP of the ASUS router.
    • The ASUS router should forward those ports to the respective Plex servers.

  2. Check for Network Loops:

    • Ensure there are no network loops or redundant connections between your ISP router and ASUS routers.

  3. Adjust Firewall Settings:

    • Check the firewall settings on the ISP’s router. If possible, relax the rules slightly to prevent it from misinterpreting legitimate traffic as an attack.

  4. Consider Bridging:

    • If possible, set the ISP’s router to bridge mode. This would turn off its routing capabilities and pass all traffic directly to the ASUS routers, effectively eliminating the double NAT issue.

  5. Update Firmware:

    • Ensure that both your ISP’s router and ASUS routers are running the latest firmware versions. Sometimes, firmware updates can fix unexpected issues.

  6. Monitor Traffic:

    • Use network monitoring tools to observe traffic patterns. This can help identify if there’s an unusual amount of traffic being generated that triggers the ISP’s router alert.

Example Configuration

ISP Router (Router A):

  • WAN IP: Assigned by ISP
  • LAN IP: 192.168.0.1
  • Port Forwarding:
    • External Port 32400 → Internal IP 192.168.1.2 (ASUS Router WAN IP)
    • External Port 32401 → Internal IP 192.168.1.2 (ASUS Router WAN IP)

ASUS Router (Router B):

  • WAN IP: 192.168.0.2 (Assigned by Router A)
  • LAN IP: 192.168.1.1
  • Port Forwarding:
    • External Port 32400 → Internal IP 192.168.1.100 (Plex Server 1)
    • External Port 32401 → Internal IP 192.168.1.101 (Plex Server 2)

Implementation

  1. Set the ISP Router to Bridge Mode:

    • This will pass the public IP directly to the ASUS router, eliminating double NAT.

  2. Configure the ASUS Router:

    • Perform all necessary port forwarding on the ASUS router.
    • Ensure the ASUS router is the primary router handling all routing and firewall duties.

Conclusion

By addressing the double NAT issue and ensuring proper configuration of port forwarding and firewall settings, you should be able to resolve the “IPv4 land attack” alerts. If bridging the ISP router is not an option, carefully review and adjust the port forwarding and firewall rules to minimize unnecessary traffic that could be interpreted as an attack.