My Alix router is not directly connected to the Internet anymore.

[J65nko]

Several years ago, our village got glass/optical fiber cable for Internet and TV.
One company laid he optical fiber cable, and we were free to choose between five Internet Service Providers.
At that time you could choose to have digital television through a set-up box, or select an option to keep your old coax cable television.

Because we don't watch television that much and because 40 channels was more than enough, we opted for the non-digital television. The TV signal arrived digitally to our house through IIRC a second optic fiber cable.
An adapter converted this digital TV signal to analog, that using a coax splitter, went to living room TV and a TV upstairs.
The Internet optical fiber cable through an Ethernet converter went to my Alix router. It used DHCP to get an IP address.

That worked well for several years. Our original ISP, Lijbrandt, was bought over by another Dutch ISP called Telfort and nothing changed for another couple of years.

Then Telfort decided to stop offering the analog TV signal and we had to switch to digital TV with a set-up box. And that meant renting two of these boxes.

What they did not tell us, that we could not have our OpenBSD PF router, the Alix, directly connected to the Internet anymore.
There is now one single appliance. an Experia 10, that provides WiFi, TV signal and Internet.

My solution was to turn off the WiFi, and connect the external NIC of the Alix to the Experia box.
That way I could keep my local ethernet LAN setup, a 192.168.222.0/24 network as it is.

The external Alix NIC gets an IP from the Experia box, and continues doing Network Address Translation. Not to or from a 'real' IP anymore, but with a 192.168.0.0/24 address that it receives from the Experia box as a dhclient.

My stand-alone WiFi access point is still connected to the second NIC of the Alix. My wired 192.168.222.0/24 network still is on the third NIC.

Although I am now forced to do "Double NAT", I still can protect my wireless and wired network with OpenBSD's pf on the Alix.

How is the situation in your country? Can you still connect your router to the Internet, or are you, just like me, forced into doing "Double NAT"?

[IdOp]

We now have a fiber optic cable into the building where I live; it was installed a few years ago. Once it was all set up I thought they were offering service over it, but that was false. It took probably more than a year before one could purchase ISP service on it. However, I don't use it.

It was only about 3 years ago that I switched from dial-up, when that became totally untenable for various reasons. So I went to DSL, 6 Mbps, which is serving well so far at a reasonable cost. My router is connected directly to the internet. Hopefully I can stick with this setup for a long time, as I dread the day when the ISP has to install some kind of WiFi/modem/router thing in the home.

Regarding the general situation in Canada, well, it is complex, but to over-simplify, the oligopoly of large internet providers (telecom and cable companies) are required by law to sell their service wholesale to smaller ISPs at regulated prices, who then re-sell it to compete with them.

One question: Have you noticed any trouble with double NAT? I remember reading somewhere that it can cause problems in some cases, but I forget the details.

[J65nko]

Here in the Netherlands the situation is similar.

The companies that own the physical infrastructure have to allow other parties access to their network. BTW here this also applies to the electrical grid, and the natural gas pipeline infrastructure.
But it is also strange, although the fiber optical cable network is run by an "infrastructure administrating company", part of this company is owned by the mother company of a major ISP.

Re: double NAT

Up to now have not experienced any issue with it. Several weeks ago I attended a couple of Zoom teleconferences / get togethers. I used my Lenovo tablet that connects with WiFi and experienced no problems. I don't use IPsec that usually is problematic with NAT traversal.
The following shows that FTP works

Code:

$ ftp -a ftp.nluug.nl

Trying 145.220.21.40...
Connected to ftp.nluug.nl.
220-Welcome to the FTP archive of 
220-The Netherlands Unix Users Group (NLUUG).
220-
220-This server is located in The Netherlands, Europe.
220-If you are abroad, please find an ftp site near you.
220-Most information on this site is mirrored.

[snip]

331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

[snip]

ftp> get SHA256
local: SHA256 remote: SHA256
150 Opening BINARY mode data connection for SHA256 (709 bytes).
100% |*****************************************************************|   709       00:00    
226 Transfer complete.
709 bytes received in 0.19 seconds (3.56 KB/s)
ftp> 
ftp> quit

A quote from NAT - Issues and Limitations states that FTP can be problematic:

Quote:

Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" FTP, for example), sometimes with the assistance of an application-level gateway (see below), but fail when both systems are separated from the Internet by NAT. Use of NAT also complicates tunneling protocols such as IPsec because NAT modifies values in the headers which interfere with the integrity checks done by IPsec and other tunneling protocols.

As you can see it is not a problem here. But my Alix is using the OpenBSD built-in ftp proxy, that probably helps.

[jggimi]

I still use a pair of carp(4)ed Alix machines as a high-availability home router.

I have switched back and forth between two large US ISPs (Comcast, AT&T) over the last 10-15 years; most often due to moving my home. For residential service, both of them provide a single "dynamic" IPv4 address that almost never changes. And both allow this Internet address to be used without double-NAT. However, there are limitations for the one I'm using at the moment, AT&T: while it doesn't require double-NAT it does require provisioning their gateway to assign the local router to its own DMZ.

IPv6 is different between the two ISPs also. Comcast offered a /64 delegation and that worked well for me. AT&T offers SLAAC services, but I have not been able to delegate any addresses from that /64 for use by my internal networks.