Apple Airport Double NAT

How-to fix the Airport Double NAT warning

In iFix, Mac by andre0 Comments

Nothing is more annoying than an Apple Airport router blinking amber. I much prefer the zen-like steady green light…

I launched AirPort Utility and found a red dot next to the router’s name. Clicking on the router’s name brought up a menu showing details about the router and whatever problems it might be experiencing, in my case “Double NAT.”

What does Double NAT mean?

Every device connected to a network needs an address, in case of the Internet that’s an IP Address. When the original IP Address space (IPv4) was created, its creators didn’t foresee the vast number of addresses that would be required in the future, hence now we are running short. The successor, IPv6, is coming, but it will take years to implement.

In the meantime one workaround is to reserve a tiny fraction of IP addresses for private networks, such as the one we all have at home behind our Internet routers. This allows many more devices to connect to the Internet than there are public IP Addresses. To avoid confusion private IP Addresses are non-routable. To make it all work your router silently modifies the packets it receives from within your private network and translates them into normal, routable IP Addresses. This process is called Network Address Translation or NAT for short.

Double NAT is what happens when you have two routers translating packages; for example if you plug the WAN port of a second router into the LAN port of your primary router like I did. This isn’t necessarily bad, but you need to be aware of it, hence my Airport is blinking amber.

What to do about Double NAT?

Apple’s Airport gives you three choices: DHCP and NAT, DHCP only and Bridge Mode. The one to choose depends on which device on your network should assign the IP Addresses and where to do the Network Address Translation.

The easiest too understand modes are ‘DHCP and NAT’ and ‘Bridge Mode.’ In the DHCP and NAT mode your Airport base station does all the work, leases IP Addresses and behind the scenes Network Address Translation. A base station in Bridge Mode does neither, and assigning of IP Addresses and Network Address Translation falls to an upstream router. A base station in Bridge Mode simply extends your existing Wi-Fi network.

In DHCP Only mode your Airport base station only assigns IP Addresses but doesn’t provide Network Address Translation. The NAT is then performed at your primary router before it sends your traffic out onto the public network. What you need to watch out for is that both routers don’t assign the same IP addresses to avoid routing conflicts. Ideally you either set aside IP addresses for exclusive use of the secondary router (if using the same IP Address Class ) or have your secondary router use a different IP Address class.

Now that you know what each mode does, it is easy to choose the one that best fits your needs. Bridge Mode is great to extend the reach of your Wi-Fi network and both, DHCP with or without NAT give you more IP Addresses to play with as well as separating your networks.

Apple Airport Double NAT

Apple Airport Double NAT

Then again, you could just turn the warning off by right-clicking on the offending status itself and muting the notification… However, you do so at your own peril!

Leave a Comment