Scott, I would suggest using the bridge mode on the Apple routers. Generally only tunnelling will cause you issues, but any VPN will probably use tunneling. You should still be able to block MAC addresses in one of the manual airport controls even with DHCP turned off.
My problem with NAT is that the router needs to keep a mapping of all traffic and on a busy network it will eventually decide to drop that mapping. So if you are double natting then you are going to have twice the chance that a long not very active session will get dropped by one of your routers. As Jonathan On Jul 10, 2011, at 6:06 PM, Scott Howell wrote: > All, > > Here is the situation. I recently switched to Comcast business class. I was > provided with a SMC Network cable modem. THis box is actually a switch > consisting of four ports. Currently I have my AirPort router plugged into the > SMC and thus I have a double nat situation. THe SMC is configured to handout > DHCP addresses, which is how my AirPort gets its address, but I also am > handing out addresses using DHCP to the devices on my private network. I > actually am using DHCP reservations and for a specific reason. > I have setup mac address filtering to control certain machines on the > network. Unfortunately the SMC lacks some of the features for controlling > machines that are found in the Apple router. However, this double nat > situation can and has created some issues for me. I could of course just > bridge the AirPort and give up the whole deal on controlling machines on the > network. That may very well end up being necessary in the end; however, > before I do so, I wanted to ask if anyone had any thoughts. I did a little > searching around on Google, but unfortunately I'm not sure exactly what to > look for either. I don't think Google would take my message as a search term > either. :) > Although I do not have any plans to do this, the advantage of double nat in > this case is I could strap three more routers onto the gateway (SMC) and have > some fun. Now maybe there is a way around all of this, but seems the current > issue is IP6 tunneling, but I am more concerned if this could pose problems > with other services. So, thoughts welcome and I'll keep poking around and see > what I can learn. The good thing is that all seems to be working for the most > part, so this is not a critical need situation. Just need to make sure I can > vpn into the network at the office. :) > > Thanks, > Scott > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.
