User Profile
jarrodsfarrell
Network Novice
Joined 3 years ago
User Widgets
Contribuciones
Re: NAT (Forwarding) in T-Mobile Gateway
@arcanenox OpenVPN here since our existing ADSL with TDS allows our public IP to be reached. But for your issue specifically I don't have a tidy solution given I was going to suggest Cloudflare's Argo Tunnel, but it looks like it might be limited to protocols that can give a hint to what service they're trying to access or require software on the client otherwise for some turducken solution. https://danishshakeel.me/creating-an-ssh-tunnel-using-cloudflare-argo-and-access/ Full disclosure, I'm not certified in any capacity for network engineering: I'm a hobbyist. But having to establish a tunnel with Argo then OpenVPN for local access is obviously not a nice solution. If someone has a better solution it'd be nice, but my working theory if I have to deal with this is renting a cheap VPS and set up OpenVPN to connect my firewall to with some route trickery to route traffic from the VPS to the firewall over OpenVPN. And if I'd want to expose a service from within my network then I'd use a IP Table rule to port-foward the traffic. E.g. VPS OpenVPN announces it handles IPs going to 192.168.0.0/16, 192.168.7.0/24 is where VPN clients live, and 192.168.1.0/24 is where the home network lives. IP route on the VPS to direct 192.168.1.0/24 to whatever IP the firewall is given by OpenVPN (192.168.7.2 as example.) IP route on the firewall (if needed) to direct 192.168.7.0/24 to the VPS (192.168.7.1 as example.) So when I'm connected to the VPS VPN, accessing a service on 192.168.1.5 routes to the VPS, the VPS routes to the firewall, and the firewall routes it to the service. And the service can reply back in reverse order. Overall hopefully reducing cruft in the connection. But does mean trading the OpenVPN job from my firewall to the VPS and losing some convenience (I can mint config files in pfSense to quickly get my devices working as an example.)9Visto0likes0ComentariosRe: NAT (Forwarding) in T-Mobile Gateway
On the waiting list 'ere. As far as I'm reading there's passthrough which'll let me reuse our existing network and maybe treat the modem as a dumb modem like we're doing to our ADSL modem. Our modem doesn't even do the job of providing DHCP; effectively as if we connected directly to our ISP's network. However, from reading it sounds like T-Mobile is doing carrier level NAT for IPv4 similar to what I've been hearing with Starlink on their equipment; basically I could be sharing 18.0.12.3 between five other customers. And IPv6 is not our silver bullet since it sounds like T-Mobile's network is filtering requests before it even hits the equipment if I'm understanding what I'm reading. IPv4 is a nice-to-have but at the same time it's deadweight going forward since IPv4 served it's purpose and is more of a nuisance. I can grab a IPv4 address---until IPv6 reigns supreme on public Wi-Fi---and set up tunneling and be happy with that so I can control my smart-home server wherever.12Visto0likes0Comentarios