search

natecarlson / quectel-rgmii-configuration-notes

Notes on using a Quectel modem directly connected to Ethernet
68 stars 18 forks source link

Double NAT + Firewall? #4

Closed qy2009 closed 12 months ago

qy2009 commented 1 year ago

Not sure if you have any ioT devices?

Since I changed to Ethernet, my Awair, Rachio, Range(General Electric), cannot get internet connection anymore. I ran their troubleshooting tools, from the support, they say the network is under double NAT, and is blocking their 8443, 443 ports...

I use to run Cloudflare WARP for my VPN, and it seems not working also. When I was using Instigram app on my phone, it seems cannot load the page as well. However, other things seem ok for internet access.

On my ASUS router, the WAN IP is 192.0.0.2.

PS. At first I always failed at using Qflash 6.4 to upgrade my firmware, I got these two new firmware from the support: RM520NGLAAR01A07M4G_01.202.01.202 RM520NGLAAR03A01M4G_01.202.01.202

Luckily , I still have my WG1608 router, so I connected the USB into the router, and used QFirehose to upgrade the firmware without any issues. Before I was using QFlash 6.4 on windows, and it always failed at DL Firehose.

After I upgraded to the R03, I was able to run IP passthrough finally. It's interesting that the first time I ran, it said OK. if I tried to run it again, it will say "ERROR".

thanks :)

natecarlson commented 12 months ago

Double NAT is always a thing for IPv4 on TMobile (and most carriers), as you will be running NAT on your firewall, and then they use cgnat (in T-Mobiles case, combined with 464xlat) to provide you with v4 connectivity. The exception would be if you get a static IP address.

Did this work with the same plan before moving to the rj45 sled? If so, it's possible it was using IPv6.. on many T-Mobile plans v6 will allow incoming connections, with the exception of ICMPv6. I haven't yet figured out how IPv6 prefix delegation to a router works with the sleds, haven't had time to play with it. If your devices have v6 addresses and are working already, this probably wouldn't be it though.

If your devices rely on being able to open an IPv4 hole in the firewall with upnp, I am fairly sure that T-Mobile doesn't support that - but could be wrong! If the services establish an outbound connection to their cloud host which tunnels traffic back to the network, that should work fine.

I haven't had any issues with Cloudflare WARP, either with a client behind the modem or a server tunneling to the internal subnet. What errors are you running into?

qy2009 commented 12 months ago

I think there is something wrong with my mesh router(ASUS running Merlin firmware). when I set it up with AP mode(not router mode), some of my iOT devces back online. I did a troubleshoot with the quectel tech support, he did TCP Dump, and it turned out the router keep offering DHCP address, but the iOT devices are keep requesting for an address, funny, right? LOL

my Cloudflare WARP is back to normal now. I think mostly just something wrong with my router.

natecarlson commented 12 months ago

Interesting! Should we close this out for now, and you can reopen if you find that it seems like something on the modem?