Solution to problems of "Double NAT" or until to Back to My Mac (BTMM)

Similar Messages

• My airport extreme has connected to a Tplink router, i set my AE in Create network, so i get a problem of Double NAT. How can i repair this probleme because i have to use TPlink for my IP TV and i want to use AE to creat my network and the guest NW.

  my airport extreme has connected to a Tplink router, i set my AE in Create network, so i get a problem of Double NAT. How can i repair this probleme because i have to use TPlink for my IP TV and i want to use AE to creat my network and the guest NW. If we don't have a solution for this question, can i set my AE to use the IP TV and how??? I'm using a 4th Airport extreme

  No, not unless it is simply a network connection.
  How is your IPTV being provided.. if it is using a separate vlan or separate vpi/vci in the adsl connection. Who is your ISP?
  Is the TP-Link ADSL?
  Is the IPTV using a separate voice channel on adsl?
  Or a different vlan.
  Sorry but it is something where a definite answer is not possible unless you provide all the details.
  The setups are unique to each ISP around the world..
  Here is one for our local ISP.
  http://www.avenard.org/iptv/Setup.html
  He has a section on getting this working with apple router over wireless.. look
  http://www.avenard.org/iptv/IPTV_and_Wireless.html
  Google around and see if other people have had success.. the whole setup is tricky.. and it is hard if nobody has used it who actually understands networking.

• How do I correct a Double NAT status?

  I have used time capsule 2TB for a while, made changes many times,never had a problem but today after I made changes it is giving me a blinking amber light from the time capsule unit and from the airport wireless utility status "Double NAT". How can I correct this status?
  Thank you in adavnce for the help.

  Hi Thortey,
  If you are having issues with a "Double NAT" notification, you may want to take a look at the following article; while it speaks to Double NAT specifically in the context of Back to My Mac, the information and resolution steps for a Double NAT configuration should be universal:
  Back to My Mac: "Double NAT" configurations may prevent Back to My Mac connections
  http://support.apple.com/kb/TS1208
  Cheers,
  - Brenden

• Back to My Mac - can't figure out NAT stuff

  So I'm far from technical...I just can't figure out how to get Back To My Mac (BTMM) to work. I am setting this up from home now...
  I have walked through the BTMM manual:
  I start in AirPort Utility and select my Base Station.
  To be able to see the "Internet" button at the top (and AirPort, Printers, Disks and Advanced), I need to first select "Manual Setup".
  I click "Internet" as it says to do in the BTMM manual. Then there is only an "Internet Connection" tab. So to get DHCP and NAT to appear, I need to change the Connection Sharing drop-down from "Off (Bridge Mode)" to "Share a public IP address". Once I do that, the NAT tab appears.
  So I click NAT and then make sure 'Enable NAT Port Mapping Protocol' is checked (it is already).
  Then I click the Update button in the lower right.
  What I get then is a notice:
  'Correct the 4 problems below before updating this base station.
  Problem:
  DHCP Beginning Address
  DHCP Ending Address
  Allow SNMP over WAN
  Allow configuration over Ethernet WAN port'
  Then when I select any of those 4 problems, different notices appear at the bottom. Thing is, I have no idea how to fix any of them, and the BTMM manual gives no clues how to fix this.
  Does anyone have any advice?
  Thanks!

  I have the same problem. From as far as I can see, there isn't any reason to have the SNMP over WAN option checked. The DHCP beginning and ending addresses have something to do with how the airport assigns IP addresses to the computers on the network. I have a theory, but I need some backup. I think if I disable the DHCP on my modem and use the Airport as my DHCP server and enable NAT, it should work. Can anyone help out with this?!

• Will 'Double NAT' cause any problems for me?

  Hi there
  I have just received a Netgear VMDG280 Cable/ DSL modem/wireless router from Virgin Broadband in the UK and I plugged it into my Airport Extreme 802.11n base station. The internet works fine but the amber light remains flashing, warning me of a Double Nat error.
  I can easily select for my Airport to 'ignore' this Double NAT error message, but am worried that by ignoring this warning, I might compromise something important in my whole broadband set up. Could it also reduce security etc?
  Essentially, Im not doing anything fancy with my wireless network, besides running a Macbook Pro, Iphone, Ipad and friend's laptops etc.
  With Double NAT existing on my network, will this affect the service I will receive in any way? Or can I just put it out of my mind?
  Many thanks
  Dan

  +If I operate Airport Extreme in Bridge mode, will that mean that the technical quality and security of the Airport Extreme base will be bypassed in favour of the Netgear?+
  No
  +if the Netgear is classed as the lesser device of the two, shouldnt the Airport Extreme handle the more important tasks rather than being a passive 'bridge'+
  The Netgear is already configured as the "main" router on your network. It is what we call a "gateway", a combination modem and router on the same chassis. The AirPort Extreme does not include a modem, so if you wanted to make it the "main" router on your network, you would need to purchase a separate stand alone modem and then set up the Netgear as a "bridge". That gets really complicated.
  If you are seeing no adverse effects of the Double NAT, you can choose to "ignore" the message and the light will turn green. If you want to do this, open AirPort Utility, click Manual Setup, and then click on the word "Status" on the summary page. Click "ignore" regarding the Double NAT.
  Networking rules specify that you should try to avoid the Double NAT situation if possible. On a simple home network this is not usually a serious error, but it can slowdown internet browsing. If you plan to add a gaming console and want to play online games with other people, then the Double NAT will probably prevent you from doing so.
  My suggestion to place the AirPort Extreme in bridge mode was just that...a suggestion. If you are happy with the performance of your network now and simply want to get the light to turn green, you can choose to "ignore" the message.

• Time Capsule and Unexpected Double NAT problem

  I have had a Time Capsule setup and working fine for about 2 weeks. The Time Capsule is the only router on my network and connects to a Motorola Surfboard Cable Modem which as far as I know has no router capabilities and serves up the IP address that it gets from Comcast.
  All of a sudden this morning I get a "Double NAT" error message in my Airport Utility window. I cannot figure out any reason for this to happen, since the Motorola Surfboard doesn't act as a router at all.
  What is going on? Is this a bug in the Airport Utility software or what?

  I'm having this same issue. Resets, hard resets, and unplugging the ISP antenna did not resolve it. I was using an old AEBS G as my DHCP server, with the TC patched into it in bridge mode.
  Today, I decided I wanted the TC to be the DHCP part of the network, and the AEBS G as the bridged AP, but it just won't work no matter what I do. The TC is now getting the WAN from my ISP's wireless antenna, which I'm pretty sure has no NAT capabilities. My ISP does block ports, though, and maybe that's what's confusing the TC.
  Connectivity is all good, everything works, I just have this Double NAT error that I can't get rid of.
  Any ideas?

• No DNS and Double NAT

  Hello, I've recently encountered a very frustrating bug in my system that I could use some help troubleshooting.  I've read several similar posts, some are resolved while others are not, however none of the resolutions have worked for my situation.  Here it goes:
  I have an old macbook pro, a new macbook air, a white macbook and 2 iPhone 4s's all connected to the internet via WiFi through an AirPort Extreme.  The AE is connected to a cable modem which has internet service through Cablevision in NY.  There is also an AT&T Microcell hooked up to the AE to boost my cell signal.   All of this equipment has been working flawlessly together for a long time.  Until recently.  It could have started after an update, there have been several lately on all of the equipment including the firmware in the AE.  Anyway, I'll be connected without any issues - all lights green and happy - when suddenly, the internet will drop off and the AirPort Utility will pop up and warn me that:
  1) On the "internet" icon, it will say "disconnected"  
  2) On the AE icon, it says "No DNS server and Double NAT"
  After a few minutes and nothing done on my part, the lights turn green, the internet reconnects and all is well again. 
  This happens frequently and is really beaching a nuisance.  Due to the frequency of the disconnection, I can no longer download a large file, update, or anything.  Streaming video is impossible.
  So far, I have tried bridge mode and cycled the power in the order recommended to no avail.  When I do that, the AE turns green, but the internet says "not connected".  I have also read that there might be too many IP addresses which is not sitting well with my ISP, so I disconnected everything including unplugging the Microcell.  Lastly, there are no other wireless phones or devises in the house.  All to no avail.
  I should also mention that this began occurring on my Time Capsule, which I replaced with the AE in an attempt to fix this issue. 
  Any help would be greatly appreciated.
  Joe

  Sounds very similar to what I've been trouble shooting for 2 months now, only I have DSL from AT&T and I don't see the Double NAT warning.  My last post on the problem is here. 
  My only emergency solution for getting by day to day on the internet is to unplug the AE and connect one Mac directly to the DSL modem.  There's no shared connection or WiFi.  I looked at hosting WiFi from the Mac, but the only security available with that is WEP which isn't considered secure.  Even with this set up, I think (seat of the pants) that there are quality of service problems. 
  I've replaced the Airport Extreme with 2 different new units and the DSL modem with a new unit to no avail.  The Genius Bar and Apple phone support couldn't solve this, nor have 2 calls to AT&T support and one visit from an AT&T repairman.
  I would like to know how to better test or quantify the poor quality of connection that seems to be the problem.

• Why do I lose internet connection when I put airport extreme into bridge mode to correct Double NAT issue

  I reset my airport extreme router the other day because I was too lazy to reset the password on my private network.
  I have been reading the advice found on apple support communities and wide web, but the solutions do not solve any problems and often create new ones.
  I'm regretting because everything was working just fine.
  But I remember having this double nat error when I first set it up a few months back, but now I cannot resolve it.
  I would live with the yellow light, but it seems that this double nat error is preventing my playstation 3 from connecting to the airport extreme.
  When I put the aiport extreme into bridge mode, I loose all my wireless networks, even when I reboot the airport extreme and the modem.
  I try rebooting the modem, then the airport. and vice versa. No internet.
  I switch back to NAT/DCHP and the internet works fine on apple devices, but not the playstation 3, and I have the 1 Double NAT error.
  I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
  I tried setting the DHCP only but it said it didn't like the settings. is there a stock range i could be using?

  I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
  Exact model .. motorola make adsl, cable and probably wireless modems.. with some modems and some modem router.. we need exact info. What kind of broadband do you have?
  I would note.. some of the motorola cable modems seem to have issues with the apple routers. If you are about due to change modems.. now is a good time.. not another motorola.
  If the modem is a straight cable modem, the AE must be in router mode.. but you need to power down the cable modem. maybe for 20min so the new router can pick up the IP address.
  You cannot use DHCP alone.. the ISP do not give you a block of IP addresses.
  You cannot use bridge with a pure modem.. you will find it works.. but only to one device.
  The only reason you get double NAT is the failure to pick up the public IP.
  Give the info required..
  If you have trouble, I need the actual IP of the modem. the actual IP of the AE WAN port when plugged in. Screenshots are good.

• Airport Internet Sharing and Double Nat Issue on the road

  The Airport express is a very handy little piece of hardware that is particularly easy to pack in a luggage and carry along for those of us that are spending lots of time out of the office and home.
  So here is the scenario when I travel and check in into an overseas hotel: I got two iphones, one local network, one my home network, and a Mac Book Pro, and soon, [when it finally ships], an iPad.
  That makes it at least 3 MAC addresses in one room, and if i have any visiting colleagues to pack up a presentation, I will have more.
  Usually hotels in Asia are well equipped with ethernet points in every room. The problem comes when I want to allow all my gears to connect to the internet.
  I can use the Mac Book to share its ethernet connection while tethered to the plug, which not only turns it into an unlikely desktop, but also do not champion stability when it goes in stand by or sleeps and at times it even mixes up which is the access point to the net. Therefore this does not seem to be the best solution.
  I can put the AE in bridge mode and plug it straight to the ethernet. But most hotels internet access are designed to charge per MAC address, so every time the router assigns via DHCP an IP to one of my gears it requires to accept new charges for that gear, even if they are all in the same room. This definitely does not seem right either.
  Now if I configure the AE to share a public IP address and force it to ignore the double NAT warning, the AE light turns green but the internet sharing does not seem to work at all.
  My two questions are:
  1) Why can't the AE be configured like the Mac Book to have a simple "Internet Sharing" protocol that will be always live and not going to sleep or stand by like the laptop [As the AE is design to be always online as a wireless connection].
  2) is there any way to make that "Share a public IP - *** double NAT" work?
  Any feedback is welcome.
  Thanks. M

  Hi Bob,
  thanks for your reply. Yes the only way to work it out on a typical hotel set up is to adopt the bridge mode and sometime the do waive your extra logs in. But I am not always so lucky and I often need to come up with less optimal solution.
  This is a bit disappointing when you a have a AE in your luggage and you can't use it properly.
  Yet my Mac can work the problem out effortlessly by just "Sharing a internet connection" with the only major limitation of being physically connected to the Ethernet cable.
  Why can't the Airport Express do the same thing? Basically the AE could share the internet connection like the Mac Book, i guess introducing a secondary layer of NAT after the Hotel modem/router NAT setup [which is what the MAC Book is doing].
  If AE can't do that at all then I guess soon we will just end up shelving it.
  I wonder if this is an actual hardware limitation, MAC Book can wire TCP/IP flow to different sources on a double nat and AE can't, or this is just a software limitation and Apple could fix it with a firmware upgrade.
  Any thoughts on this?

• NAT overload is not working when i configure Double NAT for VPN

  I have Cisco 2921 router with OS version 15.1(4)M1.
  the router is configured for NAT overload and working fine, i have site to site VPN tunnel with peer with normal NAT translation. now we need to configure Double NAT on the VPN tunnel as we need to free the subnet on peer network. for double nat i use 3.2.21.x - 3.2.23.x / 24 network and apply following command
  Double NAT translation
  ip nat inside source static network 192.168.10.0 3.2.21.0 /24 no-alias
  ip nat inside source static network 192.168.20.0 3.2.22.0/24 no-alias
  ip nat inside source static network 192.168.30.0 3.2.23.0 /24 no-alias
  Nonat
  access-list 101 deny   ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
  VPN encrypted traffic over the tunnel
  access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
  Problem:
  as soon as i apply Double NAT translation command the  NAT overload stop working and client cannot reach to the internet
  the router partial configuration is as below
  REACH-R01(config)#do sh run
  Building configuration...
  Current configuration : 19233 bytes
  ! Last configuration change at 09:56:45 MST Tue Jan 29 2013 by admin
  ! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
  ! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname REACH-R01
  boot-start-marker
  boot-end-marker
  card type t1 0 0
  logging buffered 51200 warnings
  no aaa new-model
  clock timezone MST -7 0
  clock summer-time MST recurring
  network-clock-participate wic 0
  network-clock-select 1 T1 0/0/0
  no ipv6 cef
  ip source-route
  ip cef
  ip dhcp excluded-address 192.168.20.1 192.168.20.99
  ip dhcp excluded-address 192.168.20.250 192.168.20.255
  ip dhcp pool CISCO_PHONES
  network 192.168.20.0 255.255.255.0
  default-router 192.168.20.254
  option 150 ip 192.168.20.254
  no ip domain lookup
  ip domain name reach.local
  ip inspect name ethernetin ftp timeout 3600
  ip inspect name ethernetin h323 timeout 3600
  ip inspect name ethernetin http timeout 3600
  ip inspect name ethernetin rcmd timeout 3600
  ip inspect name ethernetin realaudio timeout 3600
  ip inspect name ethernetin smtp timeout 3600
  ip inspect name ethernetin sqlnet timeout 3600
  ip inspect name ethernetin streamworks timeout 3600
  ip inspect name ethernetin tcp timeout 3600
  ip inspect name ethernetin tftp timeout 30
  ip inspect name ethernetin udp timeout 15
  ip inspect name ethernetin vdolive timeout 3600
  multilink bundle-name authenticated
  isdn switch-type primary-ni
  trunk group PRI
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-3180627716
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3180627716
  revocation-check none
  rsakeypair TP-self-signed-3180627716
  voice-card 0
  dsp services dspfarm
  voice service voip
  allow-connections sip to sip
  fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
  sip
  voice translation-rule 1
  rule 5 /^7804981231/ /401/
  voice translation-rule 2
  rule 5 // /7804981231/
  voice translation-profile DID_INBOUND
  translate called 1
  voice translation-profile DID_OUTBOUND
  translate calling 2
  license udi pid CISCO2911/K9 sn FGL1540114P
  license accept end user agreement
  license boot module c2900 technology-package securityk9
  hw-module ism 0
  hw-module pvdm 0/0
  username test test
  redundancy
  controller T1 0/0/0
  cablelength long 0db
  pri-group timeslots 1-6,24
  no ip ftp passive
  crypto isakmp policy 10
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp key P@ssw0rd address 33.33.33.33 no-xauth
  crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
  crypto map VPN-TUNNEL 1 ipsec-isakmp
  description COMPUGEN
  set peer 33.33.33.33
  set transform-set ESP-AES256-SHA
  match address 115
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  description Outside Interface To the Internet
  ip address dhcp
  ip access-group outside_access_in in
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  crypto map VPN-TUNNEL
  interface ISM0/0
  ip unnumbered GigabitEthernet0/1.20
  service-module ip address 192.168.20.2 255.255.255.0
  !Application: CUE Running on ISM
  service-module ip default-gateway 192.168.20.254
  interface GigabitEthernet0/1
  no ip address
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface GigabitEthernet0/1.10
  description VLAN 10 DATA VLAN
  encapsulation dot1Q 10
  ip address 192.168.10.254 255.255.255.0
  ip nat inside
  ip inspect ethernetin in
  ip virtual-reassembly in
  interface GigabitEthernet0/1.20
  description VLAN 20 VOICE VLAN
  encapsulation dot1Q 20
  ip address 192.168.20.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  interface GigabitEthernet0/1.30
  description VLAN 30 WIRELESS VLAN
  encapsulation dot1Q 30
  ip address 192.168.30.254 255.255.255.0
  ip nat inside
  ip inspect ethernetin in
  ip virtual-reassembly in
  interface GigabitEthernet0/2
  no ip address
  shutdown
  duplex auto
  speed auto
  interface ISM0/1
  description Internal switch interface connected to Internal Service Module
  no ip address
  interface Serial0/0/0:23
  no ip address
  encapsulation hdlc
  isdn switch-type primary-ni
  isdn incoming-voice voice
  trunk-group PRI
  no cdp enable
  interface Vlan1
  no ip address
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip http path flash:CME8.6/GUI
  ip nat inside source static tcp 192.168.10.10 443 interface GigabitEthernet0/0 443
  ip nat inside source static tcp 192.168.10.10 25 interface GigabitEthernet0/0 25
  ip nat inside source static tcp 192.168.10.10 1723 interface GigabitEthernet0/0 1723
  ip nat inside source static tcp 192.168.10.10 3389 interface GigabitEthernet0/0 3389
  ip nat inside source static tcp 192.168.10.10 123 interface GigabitEthernet0/0 123
  ip nat inside source static tcp 192.168.10.10 987 interface GigabitEthernet0/0 987
  ip nat inside source list 101 interface GigabitEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 75.152.248.1
  ip route 0.0.0.0 0.0.0.0 75.152.248.1 254
  ip route 0.0.0.0 0.0.0.0 205.206.0.1 254
  ip route 192.168.20.2 255.255.255.255 ISM0/0
  ip access-list extended outside_access_in
  permit udp any any eq bootps
  permit udp any any eq bootpc
  permit tcp any host 22.22.22.22 eq 1723
  permit tcp any host 22.22.22.22 eq 3389
  permit tcp any host 22.22.22.22 eq smtp
  permit tcp any host 22.22.22.22 eq 443
  permit tcp any host 22.22.22.22 eq domain
  permit udp any host 22.22.22.22 eq domain
  permit tcp any host 22.22.22.22 eq 123
  permit icmp any host 22.22.22.22 unreachable
  permit icmp any host 22.22.22.22 echo-reply
  permit icmp any host 22.22.22.22 packet-too-big
  permit icmp any host 22.22.22.22 time-exceeded
  permit icmp any host 22.22.22.22 traceroute
  permit icmp any host 22.22.22.22 administratively-prohibited
  permit icmp any host 22.22.22.22 echo
  permit tcp any host 22.22.22.22 eq 987
  permit tcp any host 22.22.22.22 eq 47
  permit gre any host 22.22.22.22
  permit udp any host 22.22.22.22 eq isakmp
  permit esp any host 22.22.22.22
  access-list 23 permit any
  access-list 101 deny   ip 192.168.20.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 192.168.30.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 192.168.10.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 deny   ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 101 permit ip 192.168.10.0 0.0.0.255 any
  access-list 101 permit ip 192.168.20.0 0.0.0.255 any
  access-list 101 permit ip 192.168.30.0 0.0.0.255 any
  access-list 110 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
  access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
  access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
  Solution: Support forums team

  I have the same problem also.  Restarting isn't helping and the auto lock/unlock button is on.  Plus a couple of time when I turn it on it is asking if I want to power off.  That is when I push the button on the front to wake it up.  Not the power button on top.  I have an IPAd 2. Worked fine before the update. 

• Double NAT Error with Airport Extreme and Airport Express

  I have an Airport Extreme 802.11n base station which is connected to my DSL Modem/ Router via Ethernet. I have a MacPro which does not have an airport card installed so I bought an Airport Express 802.11n - which is connected to my MacPro via ethernet - and thus provides my MacPro with internet access.
  Originally I had the APExtreme and the APExpress set up in a WDS - all worked well - my other wifi equipped macs and devices in the house connected to the network with no problem, but I did notice that the maximum throughput I was getting was 802.11g speeds - this is of course due to the overhead of the WDS.
  I originally purchased these 802.11n devices because I wanted the higher throughput - so I decided to terminate the WDS and just have the APExpress (attached to my MacPro) "join" the wireless network instead of extending it - which works and I am enjoying the 802.11n speed.
  So, I just upgraded a couple of my Macs to 10.6.2 and was going to start using "Back to My Mac" and I got the error that there is a double NAT address problem and that "Back to My Mac" won't work until this is resolved.
  I know that going back to a WDS will resolve the double NAT problem - but I don't want to take the performance hit that goes with the WDS.
  So, short of buying an Airport card for my MacPro (which would eliminate the need of the APExpress)
  Is there any other way to resolve this double NAT problem besides WDS?
  Thanks for any advice.

  First of all thanks for your quick reply!
  Connecting my MacPro to the Airport Extreme would be a serious pain as the DSL Modem and APExtreme are upstairs near the only connection point in the building to a phone line - and my MacPro is downstairs.
  I suppose I could dig out a very long ethernet cable to perform the test. But before I jump through that hoop - please explain to me what you are trying to get at - in other words - what does it mean if this resolves the double nat error - and what does it mean if it does not?

• Telus double NAT

  I've recently added a Time Capsule to my network, linked to Telus' Actiontec V1000H modem/router. The V1000H has the latest firmware update, which I gather from internet discussion seems to have been pushed out by Telus to all V1000H modems. I disabled the Actiontec WIFI to allow the TC to link devices on my local system.  However, the TC and Actiontec produce a "double-NAT" error that I couldn't resolve.  Endless discussions with Telus' normal support level didn't find a solution except a statement that the Actiontec software has been configured to prevent use of settings that would eliminate the double-NAT.  Finally, I talked to their pay-for-service support staff who confirmed its a known problem.  Their network specialists haven't or aren't looking for a solution.  Their advice was to go buy a different modem because they no longer supply simple modems.
  Apple's expert support help confirm the TC is set up correctly but were unable to help with the Telus' settings.
  I'm surely not the first to meet this problem.  What solutions have been found to be successful?
  What are the risks of using a different modem?

  Recently I had Telus come in and install Optik TV which involved a new router Telus' Actiontec V1000H and i have the Apple Time Capsule.  On the TC I have a flashing amber which as above I have the Double NAT error.  If I change it to bridge mode then my wiifi doesn't work.  If I click ignore then all is good and I haven't really noticed any internet speed difference.   If I go into into the Telus router it shows: 
  Summary
  Broadband:
  CONNECTED
  Wireless:
  DISABLED
  should the wireless be disabled?

• Help with Time Capsule Double NAT error.

  I've been reading different threads on this problem but have been unable to find a solution.
  I recently replaced a dead SpeedStream modem with a Motorola 3360, per AT&T's (my ISP) recommendation. Since swapping the modem I've had a "Double NAT" error on my Time Capsule. The new modem is the only change.  We connect every device: 1 G5 tower, 1 iMac, 1 iPad, 1 MacBook Pro via our wireless network. The Time Capsule is stand-alone, e.g., not connected to anything but the modem via the either-net cable provided.
  Running 10.7.4, the Airport Utility is 6.0, the TC firmware is up to date as well 7.6.1
  We've never had great speed but now it's slower than usual, I'm assuming because of the Double NAT error (two firewalls).
  I've followed the AT&T website instructions, to the letter, for switching the 3360 to "bridge mode," letting the TC handle the IP address (correct?) = no internet.
  I've also followed the support communities directions for switching the Time Capsule to bridge mode as well, letting the modem handle the IP address, the Double NAT error goes away but = no internet.  In this mode I can't join my own network and I get a "your computer is using an IP address that's already in use" error, though everything but my laptop is off.
  What I'm willing to try anything but I need very specific, step-by-step (noob) instructions. Many thanks.

  I've followed the AT&T website instructions, to the letter, for switching the 3360 to "bridge mode," letting the TC handle the IP address (correct?) = no internet.
  I've also followed the support communities directions for switching the Time Capsule to bridge mode as well, letting the modem handle the IP address, the Double NAT error goes away but = no internet.  In this mode I can't join my own network and I get a "your computer is using an IP address that's already in use" error, though everything but my laptop is off.
  I have to admit when I see Motorola modem I automatically think cable modem.. but yours is adsl.. so when you bridge the modem you have to use pppoe client in the TC.. not dhcp as you would with cable. Is that how you are trying it.
  I looked it up and there is a thread almost identical. https://discussions.apple.com/thread/3808550?start=0&tstart=0
  Bob.. gives instructions with pic in the thread on how to setup pppoe in the TC. This should work, although we have noticed some issues of late with the client not always handling IP correctly.
  I am not sure why it fails when you bridge the TC.. that IMO should work without too much hassle.
  I would download 5.6 utility
  http://support.apple.com/kb/DL1482
  It just does a lot more things than v6 in Lion.
  Go to manual setup in 5.6 utility.
  Go to internet tab
  Go to connection sharing.
  Set to Off bridge mode.
  Update the TC.
  Then reboot everything..
  start in sequence.
  1. Modem.. wait a couple of min.
  2. TC .. wait again..
  3. Clients.
  What you have previously done may well be correct but not renewing IP addresses properly has messed up the connection to the modem.

• Since cahnging FIOS Internet provider, which required a router to go in front of "AirPort" I have a blinking yellow on the AirPort and suggested editing in AirPort utility to cahnge from Double NAT to "Bridge Mode" my knowledge base is not clear as t

  How do I clean up my new FIOS connection? I just cahnged ISP Fios and they reqquired a router of thier own in front of my AirPort Extreme. Since then I have blinking yellow light on the AirPort and AirPort utility keeps promting for an edit. Suggests canging from NAT to "Bridge mode". Obviuosly U have some internet or this post would not go anywhere, my knowledge base is not enought to feel comfortable with changing the settings. Correctly editing can be tricky, so how do I make necessary changes?

  How do I clean up my new FIOS connection?
  The FIOS router needs to be in Bridge Mode to prevent the Double NAT error from occurring when two routers are both fighting with each other for control of the network.
  Unfortunately, the likely problem from the FIOS side is that FIOS support will either tell you that their router cannot be configured to operate in Bridge Mode, or if it can, they will not tell you how to do it.
  But, it could not hurt to check with FIOS to see if anything might have changed recently in this regard, so your first call would be to FIOS support.
  If you cannot change the FIOS router to Bridge Mode, the alternate plan would be to change the AirPort Extreme to Bridge Mode. If you are using the Guest Network feature on the AirPort Extreme at this time, that feature will not work correctly when the AirPort is set up in Bridge Mode.

• Double computer name on network and NAT issue with Back to My Mac

  These are the problems I am having:
  When my MacPro workstation (which on the network is named "The Beast") wakes from sleep - I get a message saying "there is already a computer on the network with the name "The Beast". Other computers on the network can now find you at "The Beast-2"" and it gives me a new name in the file sharing preferences - even though it is the only computer on the network with that name.
  Why is this happening???
  The other problem is with BackTo My Mac - When I try to enable it - I get an error message saying "Turn off NAT Addressing" - which I thought was turned off since the AEBS is in Bridge Mode. Why is this happening?
  Here is my network setup which consists of the Modem / Router from my ISP - an Airport Extreme Base Station and one Airport Express - which is connected to my MacPro via ethernet. The MacPro does not have an airport card installed and is running OSX 10.6.8 - all other computers / devices are running 10.7.x and iOS6).
  VDSL Modem / Router (from Internet provider) with wireless turned off - (so it is not broadcasting a competing wireless signal) - connected via ethernet to my Airport Extreme Base Station.
  Here are all the settings on the AEBS and the Airport Express: - I am using Airport Utility 5.6.1 on my Mac Pro running OSX 10.6.8 - so the setup prefs are different than the newer version of Airport Utility found on 10.7.x systems - but both work fine. Although I did notice that the option to allow ethernet clients to connect to the Airport Express does not exist (or I just didn't find it) in the newer version of Airport Utility.
  Airport Extreme Base Station is set up as follows:
  Wireless Mode: Create a Wireless Network
  Wireless Settings:
  Allow this network to be extended IS CHECKED
  Radio Mode: 802.11n (b and g compatible)
  Wireless Security: WPA/WPA2 Personal
  Access Control:
  MAC Address Access Control: Not Enabled
  Internet Settings:
  Internet Connection:
  Connect Using: Ethernet
  Connection Sharing: OFF (Bridge Mode).
  TCP/IP:
  Configure IPv4: Using DHCP
  Advanced Settings:
  Logging & Statistics:
  Syslog Destination Address is blank (as in nothing appears in this field).
  Syslog Level: 5 - Notice
  Allow SNMP is CHECKED
  MobileMe:
  Back to my Mac is turned off - but if I try to turn it on I get an error message saying "Turn off NAT Addressing - which I thought was turned off since the AEBS is in Bridge Mode. Why is this happening?
  IPv6:
  IPv6 Mode: Link-local only
  As stated - my MacPro with no wifi card -  is connected via ethernet to an Airport Express which connects wirelessly to the AEBS for network and internet access.
  Airport Express Settings:
  Airport Settings:
  Wireless Mode: Join a Wireless Network
  Allow Ethernet Clients IS CHECKED
  Wireless Security WPA/WPA2 Personal
  Internet Settings: Are grayed out (as in I can't change these settings - I assume because they are being controlled by the AEBS) and read as follows:
  Connect Using: Wireless Network
  Connection Sharing: OFF (Bridge Mode)
  TCP/IP:
  Configure IPv4: using DHCP
  All other settings are identical to the AEBS.
  All other WiFi devices in the house (MacBook Pro, iPhones, iPad's, iMac, Apple TV, Nintendo Wii etc…all are able to connect to the network and connect to the internet - no problem.
  Thanks for any insights into what might be causing the double name on the network and why it is asking me to turn off NAT addressing - when both my Airport devices are in Bridge Mode?

  I am also having this issue... any updates on this??