Dealing with double NAT

[jgopel]

I live in an apartment in a building where my internet connection is operated by a third party company. They've configured the network such that I am double-NAT'd and are unwilling/unable to reconfigure it for just one NAT or do port forwarding for me. What they've done as a compromise is to assign me a public, static IP that's bound to one of the ports on the Ruckus WAP that's in my apartment. Until recently, I was running a dual-NIC system (not UnRAID) with one NIC connected to the double-NAT'd private network and one connected to the port and configured with the static IP, etc. The interface for the public network was only exposed to Plex so that Plex remote access works without having the extra hop through Plex’s servers.

 

I recently moved my media server to an UnRAID system and I've been super happy with it. I’ve gotten everything setup on the local network connection and now I’m trying to configure the public side of the networking. The primary goal here is to allow Plex remote access without having to go through Plex servers (to avoid losing quality). I’ve added a second NIC to the system (BCM5751 over PCIe, just in case it’s relevant), but it’s causing issues.It seems that I need to disable bonding so that the local and public interfaces don’t conflict and so that management stays available on the local network. I am not sure how UnRAID expects bridging to be configured in this situation, but I think having 2 bridges might be the solution. I’ve tried a number of approaches here that all seem to lead to lookup failures for tower.local at some stage, either in configuring networking or when the 2nd interface becomes active.

 

Is what I’m trying to do supported on UnRAID? If so, what’s the intended configuration to get it working? Thanks in advance!

 

[JonathanM]

3 hours ago, jgopel said:

assign me a public, static IP that's bound to one of the ports on the Ruckus WAP that's in my apartment.

First order of business is to get that static IP available on a wired connection, you may need a physical bridge connected to a normal router, or possibly you could configure a router to use the WAP as the WAN connection. Then you can set up your own network with NAT and port forwards as needed.

 

In no case should the public IP be configured directly in Unraid, the public WAN address should be on a separate router.

[jgopel]

Hi, thanks for the response. I think I communicated the situation badly - the WAP has LAN ports on it, so both connections are already wired connections. For a bit more color, there are WAPs throughout the property. Each resident has separate login information and a separate VLAN that their devices connect to. Wired connections into the WAP LAN ports end up on the same VLAN. This allows me to, eg, take a laptop to the roof and work up there while still being on the same network as the devices in my unit. The only configuration that the IT company that manages the WAPs was able to provide me where I was able to have a connection that was not behind a double NAT was to reconfigure one of the LAN ports on the WAP so that it's public.

I understand that UnRAID is not designed to be publicly facing and grasp the challenges that that creates for management. What I'd like to do is to have the wired connection from that port be used as the primary interface for my Plex container. I still need UnRAID to be on the VLAN, as that's where all the devices I'll be using to manage it are. Does that clear things up at all?