User Profile
Icarus
Newbie Caller
Joined 3 years ago
User Widgets
Contribuciones
Re: Home Internet Static IP
ArthurZey wrote: DTV says it is a T mobile problem and when I called T Mobile they claim it is a DTV problem, that they need to find a better way to track my location…… @scottyj: I basically concur with@Jrinehart76. Yes, it's definitely a DirecTV problem in terms of how they're attempting to "secure" legitimate access to their service. But T-Mobile isn't exactly making it easier, either. My static IP address from T-Mobile resolves to Bellevue, WA, which is about 1000 miles (and a whole timezone) off from where I am in Colorado. Because of my need to access various network services at my home while I'm away, it's important that I have publicly accessible IPv4 addresses. (I don't actually care if they're static or dynamic, but I need durable port forwarding.) So with my Starlink connection, which, like the conventional T-Mobile 5G Home Internet, uses CGNAT and only a public IPv6 address, I need to make sure that individual connection is always VPNed. So I bought a static IPv4 address from my VPN provider so that I could get all the right ports forwarded, and I have a VPN router sitting between my multi-WAN router and my Starlink equipment. My static IP address from my VPN has GeoIPresolution closer to my actual home than my T-Mobile-assigned static IPv4 address. My multi-WAN router establishes connections over whichever link (Startlink, T-Mobile, etc) is least saturated and has sufficient bandwidth. So sometimes, my video streams to these services go out over the VPNed Starlink connection. (The reason that all outbound connections--and not just inbound connections--need to go over the VPN IP address is related to how my Dynamic DNS client updates my public hostname with the IP address of whateverlink is up.) The irony for me is that Hulu, Disney+, and Netflix all block streams when they detect that I've happened to connect to them over the VPNed Starlink connection, all claiming that VPNs obscure my location and violate their terms of service. Reading their terms of service, that's not actually true, but more to the point, T-Mobile is more severely obscuring my location than my VPN is...not that any of this matters, since there are no content license differences between Colorado and any other state in the US. So I have to find my own workarounds totheirviolation of their terms of service. The obvious solution here would be to have their apps on my phone report their location based on GPS, which would give them accurate information to within a few meters at worst, rather than 1000 miles off. And they could even correlate the app on my phone with apps on TVs and such by looking at whether the devices are on the same network. And voilà--you know where your users are without worrying about whether VPNs are obscuring someone's location. Ugh. Whatever. @Jrinehart76: to use IP Passthrough, first change the LAN settings of the Inseego to a subnet not found on your own router. I set my Inseego to 192.168.12.1/24 subnet (because I had the Nokia trashcan before) and my own equipment is on the 192.168.1.1/24 subnet. Once that was set, I then enabled IP Passthrough and I am still able to access the webGUI. So yes, every segment is on a different subnet. My T-Mobile gateway is on 192.168.20.0/24, and my multi-WAN router is on 192.168.47.0/24. (And behind that, my Ubiquiti networking equipment is on 10.10.32.0/20.) I have it on good authority from my colleagues who know more about network performance than I do that the fact of additional NATting is a drop in the bucket in terms of added latency compare to the mere fact of there being an additional device needing to forward/route packets at all. So I'm not that fussed about using IP Passthrough, since the DMZ solution works just fine. That said, I'm curious about your recommendation, since I'm fuzzy on the technical details of network routing: If I do IP Passthrough, it will assign my public T-Mobile IPv4 address to the WAN port of my ER605 multi-WAN router. So from the ER605's perspective, that port's IP address will be that public IPv4 address, not 192.168.20.10 (which I had configured statically to be on the Inseego FX2000's subnet). What you're saying suggests to me that the Inseego FX2000's192.168.20.0/24 subnet still somehow remains active, and that its 192.168.20.1 address remains accessible.Is that right? In this configuration, I totally don't get what the network configuration is of the Inseego FX2000 and which of its ports have what IP address attached to them. I'm also confused about how, from a routing tables perspective, traffic to 192.168.20.1 would know to go out over the link whose IP address is 162.191.x.y (my T-Mobile-assigned IPv4 address). As I'm thinking about it, I wonder if that's a non-issue when there's only one path, but in my case, since I have 4 WAN links a connection could go over, maybe I have to create a static route on my ER605 that traffic destined to 192.168.20.0/24 needs to have its next hop beover the WAN port that the Inseego FX2000 is connected to. Thoughts? You are right. In pass-through mode, the router is MOSTLY bridging the WAN to the LAN as a layer-2 network switch. This allows your personal (non-T-Mobile) router to broadcast THROUGH the Inseego, to T-Mobile, a request for an automatic (static or otherwise) IP, and to get that IP. But then, if your personal router has a public WAN IP (which is assigned a T-Mobile default gateway located in T-Mobile's network center to forward all packets to that are not destined for your home LAN... basically to "the cloud")... then you may wonder why the packets intended FOR your Inseego wouldn't slip through your Inseego, reaching T-Mobile's internet gateway, which in turn would drop the packets just because the destination IP is a private (non-internet-routable) IP? Remember, I said it is... MOSTLY... a layer-2 switch? Well, it also doubles as a layer-3 IP device attached to (and listening on) that little switch. And it intercepts packets with its own IP as the destination, during passthrough. So even though the packet was being sent to the internet gateway in T-Mobile's building, the router breaks the rule and "opens someone else's mail". It would be like if you were writing a letter to a friend (who happens to work for the post office as a mail carrier) but you put the wrong house address. Normally, it wouldn't make it to the correct recipient, if you put the wrong address on the envelope, but this mail carrier checks every mail piece for his name, and if the name is his, he opens the mail and reads it, instead of delivering it to the house address written on the envelope. This is why he always gets his mail, by virtue of being the delivery middle man, no matter what address you write on the envelope. The Inseego in pass through mode has a rule, "transparently pass all packets between the WAN and LAN ports... UNLESS the destination IP happens to be my IP zof 192.168.1.1 (or whatever it's set to).. I'm going to steal those packets and pluck those out of the stream and not forward those through to the cell tower."2Visto1like0Comentarios