How terrible is double NAT? really? - eviltoast

Hi,

I’ve been trying to work out my network architecture with the pieces i have today:

  • isp box with 10gig dac downlink, 4 ssd bays
  • pfsense box with dual 10gig dac card
  • switch with 10gig dac uplink and multi gig rj45
  • main proxmox host
  • other devices (laptops, iot…)

ive ran into a dilemma regarding switching my isp box to bridge mode:

  • if i do, i lose wlan and nas capabilities
  • if i dont, i have to contend with double nat

i’m sure that eventually i will get an ap (maybe unifi) and a dedicated nas (either home built or something like synology or asustore), but for the moment, i want to keep cost down and gradually add new pieces

i was wondering if double nat is of huge performance and maintenance implications, or if i would be okay running this setup for a few months until i get to add an ap and nas?

thank you

  • tsz@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    6
    ·
    1 year ago

    If you’re using double NAT, you’re doing something wrong. If you want to do it right, stop using double nat. If that doesn’t matter to you, and you’re comfortable supporting a broken-by-design network, do it.

    • LazerFX@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I’m going to briefly explain why I downvoted… this (I feel) is an unhelpful comment that doesn’t explain anything. You say, “[if] you’re comfortable support a broken-by-design network, do it.”, but you don’t explain why it’s a broken-by-design network.

      I’ll say - I agree with you, but the comment doesn’t actually enhance the conversation and comes off as abrasive and unhelpful. If I’m looking for information, I’d rather be given education (Even if it’s just a, “Go here for why you don’t do that!”), not just a, “Don’t do it” with no assistance and help for how to do it right.

      • tsz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        1 year ago

        If you don’t understand why it’ss broken, I guess that’s on you. If you’re to tbe point op is in terms of their needs, network topology etc and you still don’t understand the fundamentals, what do you expect me to say to resolve that? If you’re OK with supporting your broken, incorrectly configured network, then by all means. If you are not, then expect the answer from those you’re asking for help from to be “fix your shit”. Do not expect anyone to educate you. It’s like arguing with creationists - you picked this dumbass thing to get behind, I’m not on the hook to explain basic logic to you.