Double NAT on Virgin Media routers / alternative to 'Modem Mode'

g67575

g67575

g67575

Soldato
Joined
30 Jun 2019
Posts
8,117
There is a guide here, which explains how to run a Virgin Hub5X router alongside another router. Link:

Virgin Media Hub 5x Modem Mode workaround

A quick guide on how to work around the lack of modem mode on the Virgin Hub 5x, this guide makes some assumptions you will not be using the Hub for Wifi or any of the other ethernet ports Login 192.168.0.1 Configure the DMZ IP navigate to (Advanced Setting > Security > DMZ) and set the IP to...
d3v0ps.cloud

The Virgin router forwards all traffic to the 2nd router, without being affected by the Hub5X's firewall.

This is accomplished by enabling a DMZ, and pointing it towards the IP address of the 2nd router, which has it's own firewall.

Firewall options on the Virgin router can also be disabled. Presumably UPNP also.

Disabling WIFI and DHCP on the Hub seems like it would be a good idea.

I want a reliable network configuration, and the stories I've read about modem mode on Virgin's hub routers leave a lot to be desired. Running a 2nd router in the network, would allow more advanced features to be used, like SQM /bandwidth control for the WAN connection.

Questions:
  • Looking at the guide, it looks like there is probably no way to (easily) access the web interface of the Hub5X again (it recommends to only use the 10GBE port for the WAN IP, but no others). Is that correct?
  • Are there any strong reasons to avoid running a double NAT?
  • Would the IP address on the 2nd router have to be changed to meet the format: 192.168.0.x, in order to configure the DMZ?
 
Last edited:
g67575 said:
There is a guide here, which explains how to run a Virgin Hub5X router alongside another router. Link:

Virgin Media Hub 5x Modem Mode workaround

A quick guide on how to work around the lack of modem mode on the Virgin Hub 5x, this guide makes some assumptions you will not be using the Hub for Wifi or any of the other ethernet ports Login 192.168.0.1 Configure the DMZ IP navigate to (Advanced Setting > Security > DMZ) and set the IP to...
d3v0ps.cloud

The Virgin router forwards all traffic to the 2nd router, without being affected by the Hub5X's firewall.

This is accomplished by enabling a DMZ, and pointing it towards the IP address of the 2nd router, which has it's own firewall.

Firewall options on the Virgin router can also be disabled. Presumably UPNP also.

Disabling WIFI and DHCP on the Hub seems like it would be a good idea.

I want a reliable network configuration, and the stories I've read about modem mode on Virgin's hub routers leave a lot to be desired. Running a 2nd router in the network, would allow more advanced features to be used, like SQM /bandwidth control for the WAN connection.

Questions:
  • Looking at the guide, it looks like there is probably no way to (easily) access the web interface of the Hub5X again (it recommends to only use the 10GBE port for the WAN IP, but no others). Is that correct?
  • Are there any strong reasons to avoid running a double NAT?
  • Would the IP address on the 2nd router have to be changed to meet the format: 192.168.0.x, in order to configure the DMZ?
Click to expand...
1. You can normally access the SH via a certain ip when in bridge mode. You may have to access it locally from the other port in this case.
2. Generally not recommended but if you have no choice…
3. Yes, the Hub needs to have a different ip and subnet completely. Then offers dhcp to your router on the wan interface. Then you are free to use your own subnet.

Silly how the Hub5x does support bridge mode.
 
Last edited:
There’s also this:

fttppro.co.uk

Replacing the Hub 5x with a WAS-110 SFP+ Module on Virgin Media’s XGS PON broadband - FTTP Pro

In my previous blogs I have documented the journey to getting Virgin Media's XGS PON powered broadband installed and as you will see from reading them the inculded Hub 5x is limited in features and at the time of writing (21/7/24) does not have Modem Mode working properly which makes using your...
fttppro.co.uk fttppro.co.uk

Which ditches the 5x completely. But would need a router with a SFP+ port and no guarantee that’ll it’ll keep working.
 
I have the Hub 5x: thought about trying it, haven’t yet due to time/effort. Wish I could share something more useful, sorry.

If you’re already a customer, I’d pile onto the mound of requests in the community forum (hopefully help get their attention but nothing yet). If you’re not a customer on their fibre I’d strongly recommend other options if you have them.
 
alex24 said:
I have the Hub 5x: thought about trying it, haven’t yet due to time/effort. Wish I could share something more useful, sorry.
Click to expand...
Cheers. We got connected on Virgin FTTP a week ago, and it has been well worth it. It's the only non FTTC option we have, but I think Openreach is planning to rollout FTTP in our town by 2026.

I will most likely try double NAT myself at some point, but first I have some desktop IP phones to setup, once our landline number has been ported to A&A VOIP.
 
Last edited:
I would try it within the cooling-off period, as it may be a deal-breaker depending on your needs. Then you can walk away without penalty. 2026 isn't that long...
 
I consider FTTC to be quite poor value these days, was getting around 40mbps on an aluminium line for £30 p/m on Hometelecom (ex Cuckoo customer). That would have increased to £33 p/m in April 2025.

So, around 1/10 of the sync speed for more money.

Also got very fed up with having the line managed by DLM, and gradual worsening of FTTC overtime, likely because of crosstalk.

Paying for the landline isn’t worth it (data and voice) and the SOGEA options are often priced similarly.
 
Last edited:
g67575 said:
Does anyone run their network this way (double NAT with a Virgin Media Bub 5x)?

Have you noticed any issues?
Click to expand...
Not with VM specifically but had a friend who did this with Plusnet years back and an Asus, it was causing weird issues with online gaming where he couldn't properly join our sessions. Popped over and redid his network so it's no longer double NAT, and everything worked perfectly afterwards.
 
Last edited:
There was a couple of threads on reddit about this, but I don't know if these ways still work. There seemed to be some hoop jumping you could do to get modem mode to enable:


In a bit of a surprise Nexfibre started to network our town at the start of the year, I'm in a similar position to you where FTTC is basically dog water. I had been on coaxial VM (from NTL) at my old address for around 20 years or so, so I was curious how their fibre service worked and was shocked to see that modem mode doesn't work on the fibre hub 5x like it does on the coaxial modem I had!

Anyway, a bit moot for me now since I took out a 2 year contract with 3 5G thinking there would be no chance of FTTP here until 2026 :rolleyes::cry:.
 
Nobody has proven those workarounds are stable unfortunately. Some can’t even get it to work at all, could be firmware differences.

The XGS-PON SFP stick is proven working but the rug could be pulled out any time, in theory.
 
Someone did some performance testing for a double NAT in 2018, the difference in latency and bandwidth was very small / margin of error:

pdfupload.io

DoubleNatTests.pdf

Simple, fast, and free PDF uploads. Upload your PDF documents to generate shareable links.
pdfupload.io pdfupload.io

The consensus on another forum, was that modern router hardware, particularly CPUs are more than fast enough, and the difference is likely to be nanoseconds.
 
Last edited:
I've been able to get some decent results with a cheap smart / managed switch. The main issue I noticed with the connection, was high latency when the upload bandwidth was saturated.

But capping the switch to ~35mbps on the egress (total upload bandwidth = 40mbps), seems to solve the latency problem, under load:

HTpMXhH.jpeg
 
Last edited:
Can you explain your setup? Is this using Hub5x with double NAT? As I understand, the issues are not latency alone, but also certain applications like games and video calls, which I use extensively. Also, any approach for traffic ingress (I.e. I self-host some services) is more difficult/impossible/insecure - not clear which yet.

I saw similar upload issues but mine is symmetric 1Gbps. I guess there’s no queue management or similar on the Hub5x. Difficult to saturate 1Gbps though.
 
It's been such a PITA not having modem mode since going to virgin in my new property (old property had a hub 3 , which was fine). Thankfully I have one month left and am moving to a FTTP provider to get away from this.
 
g67575 said:
I've been able to get some decent results with a cheap smart / managed switch. The main issue I noticed with the connection, was high latency when the upload bandwidth was saturated.

But capping the switch to ~35mbps on the egress (total upload bandwidth = 40mbps), seems to solve the latency problem, under load:

HTpMXhH.jpeg
Click to expand...

Yikes, 40mbit upload on fibre, I didn't realise they'd do that - I suppose it's to keep their product offerings the same as what's on coaxial.

The high latency on saturated upload I suppose is just bufferbloat, you can cap your bandwidth as you have or run some kind of QoS on your router.
 
Pulseammo said:
Yikes, 40mbit upload on fibre, I didn't realise they'd do that - I suppose it's to keep their product offerings the same as what's on coaxial.
Click to expand...
Indeed, it's not ideal. But not really a problem (symmetric upload is probably more useful for business users). I don't think there's any capacity issue on Nexfibre's end, it's just something Virgin has decided.

I think they will probably make the download and upload symmetric by 2028, which is when all the lines are targeted to be upgraded to FTTP. You can pay an extra £6 p/m to get symmetric speeds on FTTP, but I don't think they are keen to advertise the fact that FTTP is simply better than most of their current network.

In the meantime, it looks like VM might be gradually upgrading upload speeds on higher tier packages across their network:
community.virginmedia.com

Virgin Media O2 is boosting upload speeds | Virgin Media Community - 5331071

Need for speed - 5331071
community.virginmedia.com community.virginmedia.com

I doubt I will need a 2nd router, since it's possible to use a managed switch to cap the upload bandwidth over the LAN (and avoid any double NAT issues). But it would probably work slightly better.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom