Troubleshooting Port forwarding/DDNS issues on LTE Gateway Routers
Hi, All,
Occasionally there are some inquires about the IPv4 address (or internet IP address) on the 4G routers.
Here I will list some common cases and hope they will provide some help.
Case 1: the IP address via https://www.whatismyip.com/ is not the same as IPV4 IP on the 4G routers.
Case 2: DDNS/Port Forwarding /Remote Management is not working even though the configurations have no mistakes.
For example:
Neither can I access the camera nor can I remotely administer MR600
IP address on MR400 is not the same as NoIP
Case 3:Xbox/Playstation shows NAT type as strict or type 3 when playing online games.
The reason for the above issues is, when the router connects using your standard 4G Data SIM card, the mobile network provider will allocate your router with a PRIVATE IP address on their network. In other words, outside of the 4G routers, there would be another powerful firewall/gateway on the ISP side to monitor and protect your network.
Private IPv4 addresses are IP addresses that fall within any of the following ranges shared by @woozle and Thank you:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
100.64.0.0 - 100.127.255.255
If you have the same issue, please check the IPv4 address on your router and compare it with the IP on https://www.whatismyip.com/. If you found they are different and the IPV4 address is in the private IP range, please contact the SIM carrier to ask for a public IP.
Please feel free to comment below if you found something new that might be related to this issue.
Thank you very much.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@TP-Link This not really a solution when all 4G suppliers use CGNAT.
- Copy Link
- Report Inappropriate Content
I am trying to get to the bottom of the problems that I am having with this on a MR600 4G router but there does seem to be one thing at least which may not be working correctly within the firmware.
This issue is the DDNS client, for which I have an account with No-IP which the router logs into successfully. However the IP address that gets sent to No-IP is NOT the same as the IP address which the router says is its public IP address. I do understand about CGNAT but I am puzzled why the IP address that the DDNS client sends to No-IP is not the same as the one reported on the Status page of the router.
Onto the rest of the issue which I think I understand, which is that if I try to connect to the IP address given by the router on its Status page I get a 403 Forbidden message. I assume that this is probably because the device I am connecting to at that IP address is not the router, simply because of CGNAT.
If I were getting to the router it should not be responding with such a message because I have Remote Management enabled (assuming this works!). I therefore think the most likely explanation is that CGNAT is causing the IP address to be translated without the knowledge of the router, and the connection is therefore going to some other random device rather than to the router.
Finally, is there any prospect that the DDNS client will also implement PCP to punch a route through the CGNAT - what I don't know is whether the carrier needs to do anything so that the PCP transaction isn't simply discarded?
- Copy Link
- Report Inappropriate Content
@TP-Link Most (possibly All) mobile data providers “such as Three & EE” do not provide a static or public IP. Their mobile networks use Carrier Grade NAT (CGNAT) resulting in a double NAT, which means that you don't get your own public IP address but share it with other users. So, you can't be uniquely identified on the Net & therefore your LAN cannot be addressed from outside for unsolicited accesses. You are provided with a private IP address on the mobile network. This can't be used to remotely access the router or to port forward access to network devices.
Steve
- Copy Link
- Report Inappropriate Content
@SteveF2 Thanks, yes, I do know about CG-NAT.
However I have now been told that Three uniquely do not use CGNAT if you use the an APN of "3internet". In this case your connection apparently bypasses CGNAT and has a public IP address. Whether this will continue is unknown and may possibly depend on how many IPv4 addresses Three can afford to use in this way. Given that it is not widely known about it is possible that this is not a big problem for them.
What I have been questioning is why the MR600 DDNS client is not reporting the IP address which the UI says is the "internet" address (on its status page) to No-IP. Where is it getting the IP address which it is sending?
My speculation now after thinking about it is that this may be the actual public IP address the other side of the CGNAT translation, which it is picking up from the information fed to it when the connection is established.
This would not, however, be enough to establish an inbound connection to my device because without a route to my device the packets will just go to (probably) port 80 at the public IP address, which will be blocked for obvious reasons. I can only imagine that this is the explanation.
I will be obtaining a Three data-only SIM shortly and will see whether it all works or not.
There are two things which it would be helpful to have in the DDNS client - firstly an indication of which IP address it will report, and secondly the ability to prompt a DDNS update. At present there is no indication of why and when the DDNS information gets reported to the server.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@TP-Link I am doing the same. My Three SIM is winging its way to me as we speak.
- Copy Link
- Report Inappropriate Content
Hi, your conversation has provided a lot of useful information and I am sure both new users and I have learned a lot.
As for “why the MR600 DDNS client is not reporting the IP address which the UI says is the "internet" address (on its status page) to No-IP. Where is it getting the IP address which it is sending? I will share my own understanding and It might be not right and I would love to hear your ideas and check with the senior engineers.
When you set up the DDNS on the MR600, the DNS domain name is successfully linked to the internet IP address of the 4G router.
Then you tend to access the domain name, the first hop will go to the firewall of the SIM carrier and it would be blocked since it did not know whether the request is secure or not.
If you wish the SIM carrier to bypass this DNS request, you might need to create an internal connection between the SIM carrier and the 4G router, and normally port forwarding would be suggested. So next time, the same DNS request came again, the ISP firewall could check whether this request is booked or not.
@SteveF2 you are right, it is not a final solution for the CGNAT service since not all SIM carriers allowed port forwarding for third-party devices or are willing to provide public IP. Currently, based on the feedback we have received, an IPV6 connection would be more promising. But if you have any other brilliant ideas, it would be highly appreciated.
Thank you very much for your time and patience.
- Copy Link
- Report Inappropriate Content
you have literally saved me on the back end of 8 hrs of troubleshooting. Couldn't connect to any Escape From Tarkov games AT ALL. I tried absolutely EVERYTHING.
low and behold.
change APN to 3internet. I'm running an unlimited sim from Smarty which uses Three as a carrier, £20/pm. Can confirm this 100% worked for me you legend!!!
- Copy Link
- Report Inappropriate Content
@SuperFocus Hi did any one get a solution to the TL-MR6400 router not being able to send its public IP address to the NO IP server. i have the seem problem and yet my router seem to hv the latest firmware v5.2.
I would wish to connect to my router remotely but apperantly i didnt have any success. Yet the DNS NO IP log in shows successful.
Any kind help i will be happy.
- Copy Link
- Report Inappropriate Content
Hi,
May I know if your WAN IP address displayed on Advanced->Status->Internet part is a public IP address or not? and who if your ISP?
Please note that the DDNS domain name is bound to the real public IP address, if your router Internet IPv4 address is a private address or CGNAT address, the IP address bound to the DDNS will be different from your router Internet IPv4 address.
In that case, the remote access to the router or local server will not work, because it means there is another one or more NATs in the front of your router, you will need to open related ports on the front NAT products as well.
However, for LTE Gateway Routers working on 3G/4G Router mode, it uses SIM card to get internet access, if the Internet IPv4 address is not public IP address, it means the front NAT is on your ISP side, so you are unable to open related ports on front NAT product, please contact your ISP to see if they could assign you a public IP address directly or if there is any special APN that could get public IP address.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 6225
Replies: 10
Voters 0
No one has voted for it yet.