I recently signed up for T-Mobile internet, and I am VERY disappointed that I could not even forward NAT traffic to my home security system. I saw that this was discussed 7 months ago in a previous thread, and hope the developers will notice this. The speed is great, and the same as was advertised in the chat.I would like this issue to be resolved so that I don't need to continue with Optimum (Morris Broadband).

I'm fairly confident that this device (Nokia) is able to handle all of these things. I think what has happened here is T-Mobile threw a very locked down firmware on the device to make setup easy. The following things need to happen.Provide settings to place the gateway in bridge mode. This will allow customers to keep their existing setups and NAT fine.Provide settings to turn off the wifi in the gateway COMPLETELY. Turning off broadcast and reducing power to minimal is not sufficient.Make all of these settings accessible only through the web admin page. The average consumer doesn't need this stuff, but the power user who is smart enough to know how to login to the admin web page should be able to modify these settings. Ultimately, I just want "a dumb modem" just like I get with the cable co. I don't want or need T-Mobile helping me by dumbing down the device.

T-Mobile Home Internet uses CG-Nat - which means end users share IP addresses. Unless they move away from that (which they will not since it would require completely new infrastructure) you will not be able to do port forwarding. There simply is no way to identify YOUR unique address since you do not have one - it is shared. However, there is a solution which does work - I am using it. Paketriot https://packetriot.com/ allows tunnels to be created which will have a unique endpoint which will then allow you to hit a port in YOUR internal network. There are other providers like Packetriot. I like Packetriot because it has the option to create a Windoze Service for all your tunnels. Nice when the machine reboots because you can have the service autostart. Most of the providers offer a free tunnel so you can try it out.They should not call this Home Internet it is really a home hotspot.

They need to fix their screwy xlat464/cgnat style network first.As long as they continue to filter that unsolicited inbound traffic at the higher network layers, won't matter what options are available/configured on our local modems/routers. It is actually getting nixed at the outer edges of the networks, so it never makes it to the modem, much less the router.

I spoke with TMobile Home Internet technical support over the past week. They are working on the port forwarding feature within their 5g modem/router, but it's not available or ready yet. 2 different techs said they have a workaround, however (& it doesn't require 3rd party services).I haven't tested it yet, but what you need to do is, & many of us have this setup already, connect via Ethernet (wire) the garbage can LAN port <-> YOUR own router. Then configure port forwarding on YOUR router. That's it. (Your router needs to support ipv6! Not sure if we need to allow ipv6 passthrough for this.)Now, I was educated a long time ago on IPv4 & they barely touched on IPv6, so I don't know a lot about it, but this would never work this way with IPv6. Ipv6, however can allow passthrough so public "internet" can pass through a router, which is why I'm "buying" this theory. Ie, you can go through T-Mobiles garbage can, and then your router, and you device (call it a PC) could have a public IPv6 IP, which is why port forwarding could work this way.Anyone have time to test & report back? Or comments?I previously had a dynamic public IP (ipv4) that I made work with my domain name via ZoneEdit that allowed my PC to update ZoneEdit with public Ip changes since it was dynamic. With this NEW setup, I'm not exactly sure how that would work, or if my DNS service will play nicely or even support ipv6 or if ZoneEdit will either. And I have numerous services that I need to "hit" MY router & forward internally, such as a VPN, RDP, FTP, website, etc - not sure if all that will play nicely - or if all the services, like VPN client, can point to a domain->ipv6 ip & work. Like will the VPN client config & SW accept this new format?Anyways, lot of testing & messing around needed! Please report back with any updates!

I was researching a project I was doing and came across this thread. I have T-Mobile @ home internet. The speeds are amazing compared to what I had prior to T-Mobile. On the T-Mobile router, I have three bars out of 5. I have on average 300Mbps ↓ and on average 20-45Mps ↑. I'm very happy with the speeds. However, I can't connect to my Home Assistant, security cameras, and my media center. I have an ASUS router that I have flashed with OpenWRT and I have tried several tricks, including doing DDNS updates every 10 minutes to my DNS server, CloudFlare. Nothing really worked. I spoke to T-Mobile technical support. That was just painful. I went to a supervisor. Finally, I had to state, "I'm a 4th decade computer engineer, I have the highest licenses from the FCC in amateur radio communication. And what you are saying is so horribly incorrect". I spent an hour teaching the supervisor. Finally, I decided to try their business internet. It was the same price as the home internet. Plus, for an extra $3.00 I could have a static IP address. They send me this Inseego router. It wasn't even a quarter of the size of the @home internet router. It was about 1/8th of the size of the @home router. Before turning it on, I knew this was not going to work. Surprise, Surprise, it did not! Most of the time, I had the blue flashing light, meaning I barely had a signal. Sometimes it would switch to 4G. When I had only one bar (very weak signal), I was getting 14 Mbps ↓ and 2 Mpbs ↑. I found a spot in the house that I was getting three bars (good signal strength) and the speed was even worse. 8-14 Mps ↓ and 0.5 Mps ↑. This was not going to work. I cancelled the business account.I did find a workaround. Or the best that is possible with the situation we are all in.CloudFlare has a very generous free tier. I have many domain names. I have one that my entire family uses. CloudFlare has a very generous free tier on their Zero Trust feature. I use a Raspberry Pi Zero that costs $15.00. They're back in stock. If they are out of stock, they come back in stock very quickly. I have already received for this month (July 2023). I installed CloudFlared on the Zero W. Then in CloudFlare's Zero Trust I can set up sub domains to each device that I want. Home Assistant can have ha.familydomain.tld. Media Server, jellyfin.familydomain.tld, etc. Works with no problem. HOWEVER, there are two downsides. One, Zero Trust free tier does not "allow" and I use rapid quotes on allow. If you want to stream video, such as with your Plex or JellyFin Media server, you have to upgrade your Zero Trust plan to their $5.00 streaming service. However, as long as it's not to much, I heard they don't really say anything. But, technically, you could be cut off.Second, is that I have a NextCloud server for my family too. When, uploading files to NextCloud outside your LAN, you can only upload a max file size of 100mb due to CloudFlare's restrictions on their network unless you upgrade. Even if you upgrade, it's not that much. That's the only thing that's really horrible with this alternative work around to T-Mobiles restrictions on port forwarding. Other than that, it works very well!I'm going to create a YouTube video next week on how to set this all up. When I finish the video, I'll post an update with the link.Good luck!

NAT (Forwarding) in T-Mobile Gateway

inteller
Roaming Rookie
Hace 3 años
I can't use noip with t-mobile because it doesn't support it, but if it was just bridging I could.

I'm not willing to wait around for another device when the speeds I get right now are just fine and the device I have is capable of the functions I need.
teckel
Roaming Rookie
Hace 3 años
inteller wrote:

The Nokia 5G 3.1 is the newer device. That's why I was very specific in the model I was discussing.

I don't want hackery 3rd party services, I need this functionality in the hardware. Noip and dyndns solve this anyways, my current router supports this natively.

The Nokia 5G is the latest released modem. But T-Mobile is releasing a newer 5G modem (which I was referring to) which is not made by Nokia and will also support the higher higher frequency 5G frequencies which the current Nokia modem doesn't support.
ZeroTier isn't a hack, it's method to create a secure link between devices, even through secured networks like T-Mobile. You can't use NOIP or DynDNS with T-Mobile. It's not that the IP address changes, it's that the connection is like a VPN connection, so even with the IP address you can't route to your in-home modem. There could be thousands of people using the same IP address.
You're thinking it's just a port forwarding issue, when that's not really the problem. The reason T-Mobile disabled port forwarding and bridged mode is because it won't work on their network.
teckel
Roaming Rookie
Hace 3 años
.
inteller
Roaming Rookie
Hace 3 años
The Nokia 5G 3.1 is the newer device. That's why I was very specific in the model I was discussing.

I don't want hackery 3rd party services, I need this functionality in the hardware. Noip and dyndns solve this anyways, my current router supports this natively.
teckel
Roaming Rookie
Hace 3 años
inteller wrote:

I'm fairly confident that this device (Nokia) is able to handle all of these things. I think what has happened here is T-Mobile threw a very locked down firmware on the device to make setup easy.

The following things need to happen.

Provide settings to place the gateway in bridge mode. This will allow customers to keep their existing setups and NAT fine.

Provide settings to turn off the wifi in the gateway COMPLETELY. Turning off broadcast and reducing power to minimal is not sufficient.

Make all of these settings accessible only through the web admin page. The average consumer doesn't need this stuff, but the power user who is smart enough to know how to login to the admin web page should be able to modify these settings.

Ultimately, I just want “a dumb modem” just like I get with the cable co. I don’t want or need T-Mobile helping me by dumbing down the device.

But, since they really need a new modem anyway that supports the higher frequencies, it's probably easier to replace the current units with new units that support the higher frequencies as well as adds the lacking features.
Also, it's more than just port forwarding and bridged mode. Even with this, you still can't access your home remotely as there's not an ip address assigned to the device. This is why a solution like ZeroTier is needed. It doesn't have anything to do with port forwarding or bridged mode, it's that there isn't even an IP address assigned that you can point to. It's like being behind a VPN, which is what ZeroTier allows you to get around.
inteller
Roaming Rookie
Hace 3 años
I'm fairly confident that this device (Nokia) is able to handle all of these things. I think what has happened here is T-Mobile threw a very locked down firmware on the device to make setup easy.

The following things need to happen.
Provide settings to place the gateway in bridge mode. This will allow customers to keep their existing setups and NAT fine.
Provide settings to turn off the wifi in the gateway COMPLETELY. Turning off broadcast and reducing power to minimal is not sufficient.
Make all of these settings accessible only through the web admin page. The average consumer doesn't need this stuff, but the power user who is smart enough to know how to login to the admin web page should be able to modify these settings.

Ultimately, I just want “a dumb modem” just like I get with the cable co. I don’t want or need T-Mobile helping me by dumbing down the device.
teckel
Roaming Rookie
Hace 3 años
Kevin71246 wrote:

I spoke with TMobile Home Internet technical support over the past week. They are working on the port forwarding feature within their 5g modem/router, but it's not available or ready yet.

2 different techs said they have a workaround, however (& it doesn't require 3rd party services).

I haven't tested it yet, but what you need to do is, & many of us have this setup already, connect via Ethernet (wire) the garbage can LAN port <-> YOUR own router. Then configure port forwarding on YOUR router. That's it. (Your router needs to support ipv6! Not sure if we need to allow ipv6 passthrough for this.)

Now, I was educated a long time ago on IPv4 & they barely touched on IPv6, so I don't know a lot about it, but this would never work this way with IPv6. Ipv6, however can allow passthrough so public "internet" can pass through a router, which is why I'm "buying" this theory. Ie, you can go through T-Mobiles garbage can, and then your router, and you device (call it a PC) could have a public IPv6 IP, which is why port forwarding could work this way.

Anyone have time to test & report back? Or comments?

I previously had a dynamic public IP (ipv4) that I made work with my domain name via ZoneEdit that allowed my PC to update ZoneEdit with public Ip changes since it was dynamic. With this NEW setup, I'm not exactly sure how that would work, or if my DNS service will play nicely or even support ipv6 or if ZoneEdit will either. And I have numerous services that I need to "hit" MY router & forward internally, such as a VPN, RDP, FTP, website, etc - not sure if all that will play nicely - or if all the services, like VPN client, can point to a domain->ipv6 ip & work. Like will the VPN client config & SW accept this new format?

Anyways, lot of testing & messing around needed! Please report back with any updates!

This doesn't work because the ports can't route from the T-Mobile gateway to the router. Also, the way T-Mobile's network is setup, it's basically a no-go.
I did get some things to work using the ZeroTier software. But, it needs both the ZeroTier server software running on the local device you want to access and the ZeroTier client software running from the device you want to connect from. This works from my phone (running the ZeroTier client) to my NAS (running a ZeroTier server on a Docker container).
It's a clunky "solution" that only solves some problems. Really, the T-Mobile internet modem needs to add a few features (DNZ as minimum, but port forwarding and assigning an IP address).
I hear there's a new T-Mobile internet modem coming soon that will not only add these features, but also support the higher 5G frequencies for higher speeds. This is great for me as I have a T-Mobile millimeter wave tower on the boulevard right across the street from my house (formally a Sprint tower). But, no word yet on when this will be released.
GroundLoop
Newbie Caller
Hace 3 años
T-Mobile Home Internet uses CG-Nat - which means end users share IP addresses. Unless they move away from that (which they will not since it would require completely new infrastructure) you will not be able to do port forwarding. There simply is no way to identify YOUR unique address since you do not have one - it is shared.
However, there is a solution which does work - I am using it. Paketriot https://packetriot.com/ allows tunnels to be created which will have a unique endpoint which will then allow you to hit a port in YOUR internal network. There are other providers like Packetriot. I like Packetriot because it has the option to create a Windoze Service for all your tunnels. Nice when the machine reboots because you can have the service autostart. Most of the providers offer a free tunnel so you can try it out.
They should not call this Home Internet it is really a home hotspot.
djb14336
Bandwidth Buddy
Hace 3 años
They need to fix their screwy xlat464/cgnat style network first.
As long as they continue to filter that unsolicited inbound traffic at the higher network layers, won't matter what options are available/configured on our local modems/routers. It is actually getting nixed at the outer edges of the networks, so it never makes it to the modem, much less the router.
Kevin71246
Newbie Caller
Hace 3 años
I spoke with TMobile Home Internet technical support over the past week. They are working on the port forwarding feature within their 5g modem/router, but it's not available or ready yet.
2 different techs said they have a workaround, however (& it doesn't require 3rd party services).
I haven't tested it yet, but what you need to do is, & many of us have this setup already, connect via Ethernet (wire) the garbage can LAN port <-> YOUR own router. Then configure port forwarding on YOUR router. That's it. (Your router needs to support ipv6! Not sure if we need to allow ipv6 passthrough for this.)
Now, I was educated a long time ago on IPv4 & they barely touched on IPv6, so I don't know a lot about it, but this would never work this way with IPv6. Ipv6, however can allow passthrough so public "internet" can pass through a router, which is why I'm "buying" this theory. Ie, you can go through T-Mobiles garbage can, and then your router, and you device (call it a PC) could have a public IPv6 IP, which is why port forwarding could work this way.
Anyone have time to test & report back? Or comments?
I previously had a dynamic public IP (ipv4) that I made work with my domain name via ZoneEdit that allowed my PC to update ZoneEdit with public Ip changes since it was dynamic. With this NEW setup, I'm not exactly sure how that would work, or if my DNS service will play nicely or even support ipv6 or if ZoneEdit will either. And I have numerous services that I need to "hit" MY router & forward internally, such as a VPN, RDP, FTP, website, etc - not sure if all that will play nicely - or if all the services, like VPN client, can point to a domain->ipv6 ip & work. Like will the VPN client config & SW accept this new format?
Anyways, lot of testing & messing around needed! Please report back with any updates!