Cable Modem NAT translation

[Mike McCall]

I have a cable isp using a Motorola Surfboard modem. I currently have a residential router placed between that and my managed switch. The router has been mainly used for WIFI access and whatever inherent (default) firewall capabilities it may have. However, since the modem apparently already does NAT translation, why couldn't I eliminate the router and use an AP instead? I have a server running DNS, DHCP, AD DS, but there's no security device in place. Will I have a problem with the ip of the modem (192.168.1.0) on a 10.xx.xx.xx network? Would the modem then become my gateway and I simply point to it instead of the router?

 

[YeOldeStonecat]

what WAN IP does your router get?...when it's behind the Surfboard. Which model Surfboard? Most of them don't do NAT< but they will have a class C management IP.

 

[Mike McCall]

what WAN IP does your router get?...when it's behind the Surfboard. Which model Surfboard? Most of them don't do NAT< but they will have a class C management IP.

It's a Motorola Surfboard SB6141. The external ip is 74.14.201.x. The gateway ip is 71.14.200.x. It does have a management ip address, but I don't see much I can do with it. Now that I'm looking at the external ip and gateway, it appears that the router is doing NAT...correct? If so, then it needs to remain in place especially since I have no other security device in place. Right?

 

[Markverhyden]

Been a while since I looked at my Moto but I seem to remember about the only thing you can do is turn NAT/DHCP off and on. My setup has always been providing a public IP to my router. To be honest I would just bridge the Moto, due to it's very limited functionality, and do what needs to be done with a router.

 

[YeOldeStonecat]

If your router is plugged into the modem, and your router has an IP on its WAN interface that is public, the modem is passing the public IP through without NAT.
Motorolas always have the management IP on that 192 range...you can still hit it (the way they have routing it's an additional IP you can still hit from behind your router). So it's not doing NAT. If it was doing NAT, your routers WAN IP would also be a 192 IP.

 

[Mike McCall]

Thanks, guys. That's what I thought once I saw what is on the public side of the router. So all I can do at this point is turn WIFI off and let the router handle NAT translation. I need a security device that can replace the router, I guess.

 

[YeOldeStonecat]

With everything behind the residential router.....they are behind its NAT already.
Is that residential router wireless? If so...no worries.

 

[Mike McCall]

With everything behind the residential router.....they are behind its NAT already.
Is that residential router wireless? If so...no worries.

It's true that nothing HAS to be changed, but since I'm already using a Meraki switch & AP, gaining experience with a dedicated Security Device is likely to be very helpful for business clients. After all, this is exactly what my home learning lab is all about. The more I can directly put hands onto, the more comfortable I'm likely to be in my ability to take on a given task. Just looking to expand my horizons.

 

[Markverhyden]

So I logged into my Moto to see what's there. As I mentioned it's been some time, 3-4 years, since I looked at it. There was nothing to change. But I did see the following on the configuration page.

 

[Mike McCall]

So I logged into my Moto to see what's there. As I mentioned it's been some time, 3-4 years, since I looked at it. There was nothing to change. But I did see the following on the configuration page.
View attachment 4821

Yes, I saw the same thing in mine. Nothing to change, but useful information if you're a cable tech I guess.