31

Feature Request: No-NAT Routed Mode

Many of us use an external firewall such as pfSense. The typical configuration when using an external firewall/router is to disable NAT and run eero in bridge mode. Unfortunately several eero client management features are lost when running in bridge mode. Can the eero be configure to route (static) but not NAT? This would allow all of the eero client management features and the use of an external firewall without double NATing.

Thanks

13 replies

null
    • stanslee
    • 6 yrs ago
    • Reported - view

    I too would like to see a routed mode without NAT. I have my eero behind another firewall, and I can't use family profiles functionality in bridge mode. Supporting a routed mode should be pretty straightforward.

    Otherwise, enable family profiles functionality to block based on MAC-address instead of just IP-address would also be fairly straightforward.

    • eero Community Manager
    • Jeff_C
    • 6 yrs ago
    • Official response
    • Reported - view

    Hi  h86TzfV3iK and  stanslee

    Thanks for the feature request! I'm sorry to hear that in your use case, you can't use all the features of eero. I'm happy to share this with our team and will relay back any updates. Thanks again!

    • theworm
    • 6 yrs ago
    • Reported - view

    Agreed I think this configuration is VERY common with most people that have minimal technical background.  Bridge mode gets it working but would like to see all features available.

    • pahrohfit
    • 6 yrs ago
    • Reported - view

    Cannot agree more that this is a very needed feature.  Being able to use all of the features of the Eero, while still maintaining an advanced network setup and firewalling is the biggest need right now.  Moves the Eero from hobby mode to something I can deploy at a SOHO

    • mikebronner
    • 6 yrs ago
    • Reported - view

    I also agree and would love this feature.

    • CEO & Co-founder
    • weaves
    • 6 yrs ago
    • Reported - view

    Out of curiosity, what are the core firewall features that you use with pfSense that eero doesn't have? Yes, pfSense is super configurable (have set up firewalls with their software many times in the past), but wanted to get a better sense of the make or break features / configurations from everyone's perspective.

      • h86TzfV3iK
      • 6 yrs ago
      • Reported - view

      weaves pfSense provides many usefully features for me, but the biggest is flexibility. Here are some of the features I leverage. 1) IPv6 support with prefix delegation 2) Visibility / Logging  3) Open - Data (#2) is exportable for analysis (ELK Stack) 4) VPN for remote access to my home network 5) VLAN/Routing support to separate home lab / DMZ from family. I often need a separate segment for unique DHCP, etc for OpenStack, K8s, etc. I don't really do anything too special with the firewall/IPS (SNORT/Suricata). HTH

      • nnyan
      • 6 yrs ago
      • Reported - view

      weaves I am in the same boat.  I use OPNSense ( a fork of pFsense) and while it's awesome they both have issues.  Why I keep this (and other things like Cujo) on my network?

      VPN server/client, versatile and custom DDNS, DNS Encryption, NTP options, robust threat (exactly what was attempted by who), bandwidth (by port, IP, Device, Destination, etc..), user reports/history, Geoblocking (don't need to connect to certain countries for example), IP Filtering (port forwards limited by source IP address and/or source IP subnet), New Device Notification, manage my certs, advanced logs so I can view EVERYTHING that happens (or tries to) on my network (I can't say how invaluable this is in order to diagnose when something isn't working on my network).  That's what I can think off the top of my head.

      • mikebronner
      • 6 yrs ago
      • Reported - view

      weaves As others have also indicated, my reasoning for this is to have it behind another gateway places the entire network behind VPN. While I don't have a sophisticated setup like rafaeldiaz , I do like logging and inspecting traffic every now and then to troubleshoot network issues. I also have a simpler setup, running on DD-WRT on a Netgear R7800 (to handle VPN encryption CPU requirements). I did try pfSense, but it was to complicated to maintain for me (I have a particular setup that doesn't lend itself to pfSense), so I do value simplicity and the "it just works" principle! :) Thanks for keeping an ear to the tracks and being involved in the community.

      • nnyan
      • 6 yrs ago
      • Reported - view

      mike.bronner  one of the reasons I am using something like Eero (instead of Unifi) is b/c I want to flatten my network and simplify it as much as possible.  I'll only be able to do so much but I want to do what I can.  At this point, I am really thinking of going back to the Orbi as I've been reading that they are fixing their connection issues.  At least I will get back more of the routing features.  Right now to "supplement" the Eero's I have:

      1.  Cujo (better reporting, seems to detect more things then the Eero firewall (confirmed by OPNSense) and I believe in a layered defense.

      2.  Synology NAS running my DDNS (which updates a number of services), NTP and VPN (I want to use MY VPN provider).  

      3.  Pi-Hole VM for ad-blocking.  Not sure I support ad-blocking being an add-on feature.  Hopefully, RATtrap works well for me as this has ad-blocking built in.

      4.  Guacamole VM for central remote access

    • depocu
    • 3 yrs ago
    • Reported - view

    I was searching same thing it has been 2 years any development on this?

    • dimatha
    • 2 yrs ago
    • Reported - view

    Would be really helpful

    • TravStlOfal
    • 1 yr ago
    • Reported - view

    This would be an easy feature to add.! Why is it taking so long.  Disable SNAT,  so I can see the real IP on my Palo Alto, it can do the SNAT. 

Content aside

  • Status Under Consideration
  • 31 Votes
  • 1 yr agoLast active
  • 13Replies
  • 1406Views
  • 18 Following