Hello,

I'm trying to get rid of double NAT in this scenario:
Internet (private address 10.x.x.x) <-> LTE modem in bridge mode / passthrough (currently WAP LTE KIT - passthrough on eth1) <-> hAP AC router <-> LAN

WAP LTE is in passthrough mode connected to eth1 port on hAP AC - I've got 10.x.x.x address and traceroute from router works fine - single NAT, the problem is when I'm trying to access the internet from LAN - I've got another NAT.

WAP LTE doesn't have any firewall rules, just provides internet on hAP AC WAN. On hAP AC I've got src-dst masquerade on eth1 (wan port) as out interface. Everything works fine but how to simplify this and reduce NAT?

Also, I want to connect hAP AC with HEX PoE to increase ports as I'm running out of them - trying to use SFP direct-attached cable - should I use VLAN there or anything else? HEX will be in bridge mode.

Any help or suggestions appreciated.

you can't reduce the nat on the hap ac - as the hap as gets the IP from the LTE provider. If you disable the NAT on the hap ac the LTE provider will not know your local IPs that you are giving out via dhcp server on the hap ac.
If you want to extend the ports, make sure that on the hap ac the sfp port is in the switch/bridge and then make sure that sfp on the hex router is in the switch/bridge. Then just assign different ip on the hex so it doesn't conflict with the hap ac address and it should be working ok.

I was wondering this myself -- but couldn't you bridge from the lte1 device to the rest of the hAP interfaces so each connected device gets its IP from the LTE provider? In my case a MiFi7730L which supposedly allows 15 clients on WiFi, if it allows that many over the USB interface I would think this would be doable.

Thoughts?

Mitch

It's rather no go as only one interface for passthrough.
I can simply pass through IP / gateway etc to ethernet and that's it - so hAP AC get info from LTE on WAN port then second NAT has to work this out.

Got another question about LTE modem but this probably has to go to support - is it possible with fw upgrade or something that we'll have band aggregation - something similar to Huawei?

It's rather no go as only one interface for passthrough.
I can simply pass through IP / gateway etc to ethernet and that's it - so hAP AC get info from LTE on WAN port then second NAT has to work this out.

Got another question about LTE modem but this probably has to go to support - is it possible with fw upgrade or something that we'll have band aggregation - something similar to Huawei?

Band aggregation requires different hardware - usually it should support at least CAT6 LTE Category where the CA is supported.