Strict NAT or type 3 Nat work around

What fixes have you found for this? What’s the easiest way to push this fix to all your users? We have tried enabling Nat type in the sm, using DMZ function as someone else posted in another form (unless we aren’t doing everything), we tried hanging it in the r200p which is behind the sm. We have also plugged the sm directly into a Xbox or playstaion with no change.

The easiest way around this is to just set the SM to bridge and assign the customer/gamer a static IP that they can use on the router of their choice that supports uPNP/NAT-PMP.

If you want to use NAT on the SM, you can enable DMZ.

Here is an example setup... please change IP's to match what you use on your network.

SM/NAT designated DMZ IP:

Customer router WAN IP:

Customer router NAT designated DMZ IP:

Customer's Sony Playstation (assigned static or via static DHCP entry):

1 Like

We want to leave enabling NAT in the SM as last choice. We read a post that showed enabling NAT in the SM will dramatically reduce througput for the extra overhead. To use DMZ you have to enable NAT i the SM, otherwise its greyed out.

The biggest problem is that we have multiple people with this isue now (we are new and only have 15 users in last couple weeks), we cant give everyone a static ip. We need an easier solution that we can push to all our SM's.

What speeds are you trying to deliver to the customer? You might want to check how old that post is that you read about reduced performance while using NAT... I remember seeing something about that years ago back when PMP450 first came out. Cambium has made significant performance improvements to NAT when using current firmware revs. Unless you're trying to push more then 60mbps through an SM, I wouldn't worry about the NAT overhead.

Like I said earlier, there's only a couple of different ways to deal with the PMP450 SM's not supporting uPNP/NAT-PMP. I'm not sure what other solution you're thinking might be available to 'push to all your SM's'.

Also, just because I said static IP, I don't necessarily mean that you need to give every customer a static public IP address. If you're strapped for public IP addresses you could do NAT at your head end using a Mikrotik router and just assign all the SM's and customer router's private IP addresses.... everything would be behind NAT. Mikrotik has quite a few features and options for using NAT and getting forwarding working to make your customers happy.

At this point I think it would be money well spent hiring a seasoned WISP-friendly network consultant for a couple hours to look over your current network and resources and work to help you put together a plan.

Lastly... ePMP supports uPNP while using NAT at the SM :-)


Well we have a config change we need to make because this is network wide. So when I say “push” I mean a network update that pushes this fix to every sm or r200p (good thing cN maestro allows you to update router settings from the cloud).

Send me your contact info if you would be interested in doing that when we launch our next tower. Currently, we are stuck using Someone else’s ‘backend’ service and don’t have much control. They are managing things past tier1 support.

Update: after talking to our group that manages everything tier2 and explaining that we even went as far as to hook a ps4 or Xbox directly to the SM via a power block and still had a strict NAT or type 3 it has been determined that there has to be an issue back at our Juniper router at the tower. Hopefully we can find a resolve sooner than later. Customers paying for internet and can’t play Call of Duty get hostile very quick, ha!

1 Like

I have this problem too using epmp force 180 i try use DMZ method but didn’t work
I use NAT with a unique public ip assign to SM what i miss ?
@Eric_Ozrelic @NetOpsCom