# Double-NAT Double-NAT is a scenario in which multiple routers on a network are performing *network address translation* (NAT) services. A common example of this is a cable modem or DSL modem to which a Wi-Fi router is connected. Both the modem and the router have NAT enabled, and local-network computers are connected to the router. Even if port forwarding is configured on the router, the computer is not accessible from the Internet because the router doesn't have a public IP address. It has only a private IP address on the modem's local (internal) network. There are several possible ways to resolve this, but none of them is a "silver bullet" solution. Concrete network configuration is required to determine which solution is appropriate for your particular circumstances. The following solutions assume the most common scenario: A modem (DSL, cable, fiber optic, etc) and a wireless router connected to that modem's local (internal) network. Both the router and the modem have browser-based administration interfaces, so each can be configured using only a Web browser. You may consult your router and modem manuals to determine the IP address at which each device's administration interface is available. ## **Possible Solutions** ### **1. Configure a PPPoE Connection Between the Router and Modem** This is the most robust solution, but not all ISPs provide enough information for this to be easily configured. PPPoE can usually be configured in the router's WAN settings. There are usually multiple options for WAN configuration, including DHCP and PPPoE. DHCP is no good here; it will only assign a private (local network) IP address to the router. PPPoE is a better option because it bypasses the modem's *network address translation* service. However, PPPoE may require authentication credentials your ISP might not provide. ### **2. Use the Router in *****Bridged Mode*** *Bridged mode* disables a router's NAT and DHCP services. Note that some routers don't include a *bridged mode*; rather, they simply allow you to disable NAT and DHCP services directly. Others may prevent you from disabling NAT and DHCP services at all. If the router is to operate in *bridged mode*, you must configure the modem to provide port forwarding services. ### **3. Add the Router to the Modem's DMZ** Routers commonly provide a feature called *DMZ (demilitarized zone).* This feature allows you to select one computer to which all network traffic is forwarded. If your modem supports *DMZ*, this might be the best solution for you. 1. Find the router's WAN (external) address. You might find this by logging into the router's admin interface and checking the *Status* page. 2. Log in to the modem's admin interface, find the DMZ settings, and enter the router's WAN address. Note that this solution will still result in a *double NAT* warning in *Screens Connect*, but if the router's port forwarding is correctly configured, *Screens* should still connect successfully.. ### **4. Forward the Modem's Port 5900 (or 22) to the Router** This solution is similar to Solution 3, except that instead of putting the router in modem's DMZ, only a single port is forwarded. 1. Find the router's WAN (external) address. You might find this by logging into the router's admin interface and checking the *Status* page. 2. Log into the modem's admin interface. Specify the router's WAN address as the address to which port 5900 or port 22 (protocol TCP) should be forwarded. Note that this solution still results in a *double NAT* warning in *Screens Connect*. ## **Still Doesn't Work?** If you configured the port manually, make sure the *Automatic Port Mapping* option in *Screens Connect* settings is deactivated. Should you still have problems getting remote access to work, please contact us via email at . So that we can help you solve your problem as quickly as possible, please include as much information about your network as possible. This includes the following: 1. Details about your network configuration, including brand and model for all connected network hardware, including modem, routers, VoIP devices, etc. 2. Screenshots of relevant router configuration information, including the router's *Status* page and port forwarding configuration. The more screenshots, the better. Attach screenshots directly to your message or compress them all into a .zip archive; there's no need to embed them into a PDF or Microsoft Word document. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://edovia-1.gitbook.io/screens-connect-for-macos/troubleshooting/double-nat.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.