Ooma double-NAT network unless you put your existing router in bridge mode
SF Man
ISP and Linksys WRT54G wireless router.
Reading the Ooma reviews, I come across this line:
"Note, you filthy pirates, that this will double-NAT your network unless
you put your existing router in bridge mode."
In this review:
Review: A month with Ooma, the lifetime free VoIP system
http://gadgets.boingboing.net/2009/03/17/review-a-month-with-1.html
Can you tell me in plain English what this line is trying to tell me?
- Why is he directing this to 'filthy pirates'?
- If network address translation is good, is double NAT better? Why?
- Is he actually recommending "bridge mode" (whatever that is) or not?
I know the basics, so, if you can tell it to me with basic talk, that would
be great. Basically, if I get this Oooma Telo VOIP unit, would I want to
hook it up before the router, or after? And would I want to put my router
in this so-called bridge mode or not?
PS: I'm not a pirate so I'm not sure if any of this applies.
Kathy
I can say that I have 2 routers (wired & wireless) and had to put one
in bridge mode, i.e. you do not want 2 things giving out ip addresses.
Your hookup would go modem -> Ooma -> router -> rest of your network.
GlowingBlueMist
> I am considering buying& hooking up the Ooma Telo with my line-of-sight
Most home user routers or DSL Modems/routers are setup by default to use
a NAT IP address values on the LAN side. The usual range of IP address
assigned using NAT are not able to be routed over the internet. The
user's local router knows the final physical device address and as such
is able to complete the connection to the internet for you.
When you add a second router also using NAT into the mix things get
tricky. The final router in the link at the user knows the local
devices but when it tries to forward them to the internet it gets
blocked by the second non-routable NAT address in use by the other
router or DSL/Cable Modem box using NAT.
Bridge mode basically turns off the router functions, so that the
internet IP address that comes in from the WAN goes directly to the LAN
with no change in IP address. The second router is then able to forward
it's NAT'd devices out over the internet using the routable address
being supplied by the first box. With NAT turned off a box that has
more than one "LAN" port becomes basically an Ethernet switch with all
ports showing the same IP address as supplied by the ISP or device
upline from it.
I found the review at the following YouTube link quite interesting.
http://www.youtube.com/watch?v=vOo8bDBCFl4&feature=related
Char Jackson
wrote:
>I am considering buying & hooking up the Ooma Telo with my line-of-sight
>ISP and Linksys WRT54G wireless router.
>
>Reading the Ooma reviews, I come across this line:
>"Note, you filthy pirates, that this will double-NAT your network unless
>you put your existing router in bridge mode."
>
>In this review:
>Review: A month with Ooma, the lifetime free VoIP system
>http://gadgets.boingboing.net/2009/03/17/review-a-month-with-1.html
>
>Can you tell me in plain English what this line is trying to tell me?
>- Why is he directing this to 'filthy pirates'?
I assume he's talking about port forwarding. Filesharers and gamers,
for example, typically need to forward certain ports to get their
respective apps working, and double NAT makes port forwarding a bit
more complicated because it has to be done twice if there are two NAT
routers connected back to back. Putting one of the routers in bridge
mode eliminates the double NAT, somewhat simplifying things for people
who need to forward ports. If you're in a category of people who don't
worry about such things, then double NAT is no worse than single NAT,
IMHO.
>- If network address translation is good, is double NAT better? Why?
NAT has its pros and cons, but double NAT probably brings more cons
than pros for many people. Others won't see any behavioral changes at
all, so it depends on the specific situation.
>- Is he actually recommending "bridge mode" (whatever that is) or not?
If double NAT is a problem for you, then putting one router in bridge
mode will help because it eliminates the double NAT. On the other
hand, if you have no apps that are affected by double NAT, or even if
you do have such apps and you're comfortable with making the necessary
router config changes, then double NAT is nothing to be afraid of.
>I know the basics, so, if you can tell it to me with basic talk, that would
>be great. Basically, if I get this Oooma Telo VOIP unit, would I want to
>hook it up before the router, or after? And would I want to put my router
>in this so-called bridge mode or not?
I would connect it to the LAN side of your existing router. If you do
that and it works fine for you, (no QOS issues, for example), then the
whole bridge mode argument is moot.
Jeff Liebermann
wrote:
>I am considering buying & hooking up the Ooma Telo with my line-of-sight
>ISP and Linksys WRT54G wireless router.
Sigh. Ooma works, but I'm not thrilled with the prices.
<http://www.ooma.com/buy/>
For example, I'm paying $75/year for Future-Nine.com. Breakeven with
Ooma would be in 3-4 years, by which time the Ooma hardware might be
considered obsolete. (Hint: Computers are NOT a good investment).
>Reading the Ooma reviews, I come across this line:
>"Note, you filthy pirates, that this will double-NAT your network unless
>you put your existing router in bridge mode."
True. The problem is that the required STUN server will not traverse
double NAT. See techy details at:
<http://en.wikipedia.org/wiki/Session_Traversal_Utilities_for_NAT>
In many application scenarios it is common that both
endpoints are located behind a NAT. This double-NAT
problem is often not easily overcome even with STUN and
sometimes an intermediate application proxy server is
required.
I've tried double NAT with various VoIP applications. Outgoing calls
usually work. Incoming, through double NAT never does. Check with
Ooma to be sure, and ask whether they support RFC3489 or RFC5389. If
RFC5389, it *MIGHT* be possible to answer calls.
>In this review:
>Review: A month with Ooma, the lifetime free VoIP system
>http://gadgets.boingboing.net/2009/03/17/review-a-month-with-1.html
>
>Can you tell me in plain English what this line is trying to tell me?
Nope. I deal in technobabble. VoIP is NOT simple or easy.
>- Why is he directing this to 'filthy pirates'?
No clue. The reference makes no sense and trashes an otherwise
tolerable product review. Pirates are usually those that engage in
theft of service. I suggest you ignore it.
>- If network address translation is good, is double NAT better? Why?
NAT is a cute trick that single handedly saved the internet from an
early demise. Were it not for NAT, we would have run out of IP
addresses long ago (instead of running out next year). NAT allows you
to run a large number of computers hidden behind a single IP address.
That's the good part. Everything else about NAT is problematic. Port
forwarding is an ordeal processes needed to deal with incoming
connections (VoIP incoming calls, interactive games, etc). If you
have an application that is hard coded for a single IP address, you
can have exactly one computah running that application behind your NAT
router. Connecting to the modem (or OOma) device THROUGH the router
is also a problem that requires setting up a static router. Lots of
other compromises and limitations which I won't detail.
A second NAT router (double NAT) makes things even more complexicated.
Such arrangements are common in coffee shop hot spot systems, where it
is used to isolate the coffee shop machines from the customers. It's
also used in some private networks for connecting to a remote office
via a VPN that traverses the internet over a single IP address. Again,
it can be made to work, but you really need to know what you're doing.
>- Is he actually recommending "bridge mode" (whatever that is) or not?
Bridge mode means turning OFF the routing function in the router. I
have zero technical info on the workings of the Ooma device, so I
can't offer any specifics. In the case of various Linksys VoIP
routers, I simply ignore the WAN (internet) port on the router, plug
one of the LAN ports into the main internet router, disable the DHCP
server, and it works. In effect, I've disabled routing (and enabled
bridging) by simply not using the router section. No clue if Ooma can
do that.
If it can't, then your other option is to do the same with your WRT54G
router. This may not be desirable. More specifically, I think it's a
lousy idea. Putting the main router into bridge mode disables all the
firewall protection and services in the WRT54G and counts on Ooma to
provide firewall services. Not recommended.
Incidentally, this hassle is why STUN services were invented.
>I know the basics, so, if you can tell it to me with basic talk, that would
>be great.
Too late. You get technobabble. I don't have time to make it simple.
>Basically, if I get this Oooma Telo VOIP unit, would I want to
>hook it up before the router, or after? And would I want to put my router
>in this so-called bridge mode or not?
Dunno. I have no real info on the Ooma. Ooma does give a clue at:
<http://ooma.custhelp.com/app/connect_internet>
However, I'm not going to guess what they're trying to do. A real
data sheet on their VoIP device would have answered any questions, but
apparently Ooma does not seem to want such details disclosed.
You probably should dig though their installation support forum at:
<http://www.ooma.com/forums/viewforum.php?f=2>
for a more specific answer.
>PS: I'm not a pirate so I'm not sure if any of this applies.
Let me know if you want links pointing to instructions how to become a
pirate.
--
Jeff Liebermann je...@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558