[I've reposted this as a new thread because it took me a long time to research and write up the information included within. I do not wish the essence of my original post to be overlooked in light of the replies it received which have somewhat diverted it onto being about something completely different. ]

I travel with a Draytek 2820 so I can create a private LAN in my hotel room, use its built in IPsec cabailities to connect to remote LAN VPN's and to ensure that my laptop is not tethered by an Ethernet cable to a desk port.

I've come across a hotel room, this weekend, which is blocking NAT. Usually I setup the router first, connect my laptop to it and authenticate against the hotel Internet web site using the information I am supplied with at reception or where ever. In this hotel, I can get to the authentication page and enter the login information provided by reception to authenticate, through the router as usual. However as soon as I authenticate, everything goes dead (pings, web, the lot) and nothing will route. If I remove the router from the equation and connect my laptop directly to the hotel Internet, everything works fine. The hotel is not allowing me to use NAT.

I have tried spoofing the router WAN port MAC address and making it the same as my laptop wired MAC address. That does not work here! Smile

I've disabled NAT and DHCP on the Draytek, and plugged the Internet cable into a LAN port, and my laptop into another LAN port. This is effectively using the Draytek as a switch. This works but I cannot plug additional devices into the other switch ports to get Internet on those because the hotel will only allocate me one IP address per payment. Of course this is why I want to use NAT. Smile

I believe the problem relates to practices described at both of these URLs:

http://www.sflow.org/detectNAT/
http://www.sevenrains.ro/?p=ispnat

There is also forum discussion here: http://forums.macrumors.com/showthread.php?t=833193

I am wondering if it is possible to do some post routing on the 2820 to make all outbound packets the same size. That way the hotel could not detect NATed packets and block them as it currently appears to be doing.

I have never come across a hotel with such restrictions before. I assume they do not want one person setting up a wireless router, and sharing one paid for connection amongst several rooms via wifi. What this does prevent is someone wanting to use a laptop and other wireless devices with their own router for legitimate purposes in their own room. I cannot use any wireless only device on the Internet because I cannot set up a wireless router in my room.

There is no wifi in this hotel and the room only has one Ethernet cable so it would be great to be able to use a router with NAT and not have to pay to authenticate every individual device against their system which is what I have to do if I use the 2820 in switch only mode. Even if the hotel did have wifi, some of me of my IP enabled wireless devices cannot connect to hotspots because they have no web browser capability to allow me to authenticate, hence me wanting to use my own router.

The macrumours thread, linked above, mentions acquiring an old Cisco PIX 501 or using a router running DD-WRT to do this. Obviously I'd prefer to be able to do it on my Draytek 2820 to save carrying another piece of equipment for this eventuality!