Portforwarding on Edgerouter X over Trustpower VLAN and dynamic IP

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Portforwarding on Edgerouter X over Trustpower VLAN and dynamic IP

djotter

38 posts

Geek
+1 received by user: 4

Trusted

#207654 7-Jan-2017 01:02

Hello networking gurus of Geekzone,

First up, I have limited knowledge of networking, but strap together solutions from forums and a bit of Google-fu. But I have run into a problem where I either do not know the correct terms to search for or may be rare enough to make it hard to find.

I have put together a home network of an Ubiquiti Edgerouter X and Unifi AP. This is all running well following this lifesaving guide http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=205740

Where I am stuck now is I want to access my Plex server remotely, and maybe try to host a personal webserver once I learn a little more.

Following the port forwarding rules in the EdgeOS GUI following this tutorial https://www.youtube.com/watch?v=R9eynv1Pyvo and this one https://www.youtube.com/watch?v=7QSRNwFo6os to try it manually, I am still not able to see my forwarded port on canyouseeme.org.

Looking further, the public IP on canyouseeme.org does not match the IP on my router dashboard, canyousee me being 150.107.xxx.xxx and router showing 100.69.xxx.xx. A bit of looking around and reading, shows that I am on a VLAN from my ISP and have been assigned a Shared Address Space or Carrier Grade NAT.

Is there a way to access my Plex server and webserver remotely in this configuration? Trustpower offer a static IP for $5 a month, would that fix it? I would rather not have to pay extra if I don't have too.

Thank you for your help :)

richms

29117 posts

Uber Geek
+1 received by user: 10231

Trusted

Lifetime subscriber

#1699681 7-Jan-2017 05:04

Sounds like it wasnt made clear to you what you were buying from trust power when they signed you up for internet. I would discuss that with them since they probably told you that it would be the same as your old internet but faster and cheaper, and clearly it is not. This would let you get out of the contract hopefully and you could go to another ISP that offers real routable IP addresses as part of their standard plan, or else one like bigpipe that just charge a one off fee to have a static added and do not want a monthtly charge.

Richard rich.ms

michaelmurfy

meow
13586 posts

Uber Geek
+1 received by user: 10931

Moderator

ID Verified

Trusted

Lifetime subscriber

#1699682 7-Jan-2017 05:24

I did post but then noted I didn't read the part about the IP. You're on carrier grade NAT. As @richms said move to a competent ISP like BigPipe (with a static IP). I had to do a hunt on Trustpowers website for any mention of carrier grade nat - it is hidden deep in their terms of service:

"Services are provided with a dynamic IP address or Carrier Grade NAT. A static IP address can be allocated on request at an additional cost. Only one IP address is supported however, in some cases more than one IP Address may be allocated on specific services. Trustpower may need to recall IP Address space for administrative purposes, which may require you to update your systems. If you change between services provided by Trustpower, your IP Address may also change, which may require you to update your systems. Trustpower is not liable for any charges associated with the change of IP addresses resulting from a service change."

It bugs the crap out of me when providers can't be up-front about using CG-NAT these days - somebody could well sign up expecting everything to work the same as their previous ISP and suddenly find out it doesnt all because a provider isn't fully transparant. About a year ago one of my friends signed up to an ISP and had the same issue - port forwards not working and their solution was a $20 per month static IP but they'll offer it free for 3 months.

What BS. If there is no way in hell of leaving them without paying any fees then request them to move you to a dynamic IP.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1699683 7-Jan-2017 06:21

To slightly summarise the above two posts which m at be a little too technical -

You have a CG-NAT IP address. This is not a public IP address and is not routable from the Internet, therefore you can't do a port forward so it's impossible to access your network remotely. It's a bit like having a dummy phone number meaning nobody can make inbound phone calls to you, but you can call out and talk to other people fine.

If you want to be able to port forward you either need to pay extra for a public IP address or move to another provider that offers public IP addresses, remembering that CG-NAT is the norm now for a number of low cost providers.

mikesmac

17 posts

Geek
+1 received by user: 8

#1699711 7-Jan-2017 09:14

I would ask them to have your profile updated so that you are moved onto a public address range. There is no charge for this that I am aware off. There is a charge if you are wanting a static, as there is with most ISPs. You could also use IPv6 if you liked.

djotter

38 posts

Geek
+1 received by user: 4

Trusted

#1699747 7-Jan-2017 10:25

Thanks heaps for the responses guys. Really helps me understand abut more about my setup and what I need to do to get the access I need. I'll give trustpower a call on Monday to ask what they can offer for a rout able IP. If all they say is $5 a month, then that is a deal breaker and I'll find someone else.

@mikesmac could you please explain your suggestion a little more? Would that be asking to be still on a dynamic iP but not be behind the CG-NAT? Also what does IPV6 mean here?

mikesmac

17 posts

Geek
+1 received by user: 8

#1699758 7-Jan-2017 10:56

It sounds like you have been setup as a CGN customer, you just have to tell them that you need a public address, and they should be able to change your connection setup. As I said previously, I am not aware of any charge for this. The public address assigned will be dynamic however, unless you specifically ask for a static address - at which point there is probably a monthly charge. In relation to the IPv6 comment, even if you are on a CGN range, you will be able (if you have configured your router for it -which is a bit of minor rocket science on the edgerouter) use IPv6, this is not nat'd. I am not sure if that helps to much in the case of Plex.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

taneb1

544 posts

Ultimate Geek
+1 received by user: 213

ID Verified

Trusted

Mercury

#1699790 7-Jan-2017 11:27

As Mike and Others stated above, it would appear that you have been set up with a Carrier Grade Nat IP Address.

We can move you onto Dynamic Public IP free of charge, which should allow you to access Plex remotely without any issues.

If you need port forwarding for other things, I would recommend a static IP which is $5 per month, but for just plex you shouldn't need a static (I have tested this setup with others before and works fine)

If you PM me your account details, I should be able to get this resolved for you.

Alternatively if you ring the Technical Support Team (They are available over the weekend for faults) and advise you need them to turn off CGN, they can action this for you (Make take around 30 minutes and a reboot of your router to take effect).

Any comments made are my personal views and does not represent those of my employer

djotter

38 posts

Geek
+1 received by user: 4

Trusted

#1699843 7-Jan-2017 13:17

@mikesmac thanks for the explanation :) I had no idea that you could ask to be non-CGN.

@taneb1 thanks for offering to help! I haven't had any other issue with the services I get from Trustpower, so wasn't looking forward to reorganising everything. I'll PM you now.

taneb1

544 posts

Ultimate Geek
+1 received by user: 213

ID Verified

Trusted

Mercury

#1699862 7-Jan-2017 13:59

@djotter Have responded to your message now.

Just to confirm to those above

As Michael has stated, in the terms and conditions Trustpower does advise we use Carrier-Grade NAT - but we also can provide Dynamic and Static IP's

Some Plans are delivered over CGN by default as most standard users do not require port forwarding or remote access.

At this stage (Subject to change) customers are welcome to request a Public IP and a Dynamic IP can be provided free of charge.

If they require a static IP, this is currently $5 per month and takes around 48 hours to be applied.

Both can be actioned via Our Webchat Team on http://www.trustpower.co.nz or by contacting our Technicial Support Team on 0800 87 87 87.

Any comments made are my personal views and does not represent those of my employer

michaelmurfy

meow
13586 posts

Uber Geek
+1 received by user: 10931

Moderator

ID Verified

Trusted

Lifetime subscriber

#1699874 7-Jan-2017 14:22

Good job @taneb1 for stepping up here offering to sort it. A recommendation is to make CG-NAT prominant on the website for the plans that have it as there will be people who otherwise won't know. If it is a free option for Dynamic IP you may want to offer this during the signup process but also explain the benifits of CG-NAT (Security) if customers were to sign up.

taneb1

544 posts

Ultimate Geek
+1 received by user: 213

ID Verified

Trusted

Mercury

#1699876 7-Jan-2017 14:33

michaelmurfy:

Good job @taneb1 for stepping up here offering to sort it. A recommendation is to make CG-NAT prominant on the website for the plans that have it as there will be people who otherwise won't know. If it is a free option for Dynamic IP you may want to offer this during the signup process but also explain the benifits of CG-NAT (Security) if customers were to sign up.

Not a problem, happy I could help get this issue sorted.

We have recent introduced a set of questions into our sign up process to help identify if a customer may require a Public IP, but are always looking at ways to improve. Will send your feedback onto the Team when I am back in the office on Monday

Any comments made are my personal views and does not represent those of my employer

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

richms

29117 posts

Uber Geek
+1 received by user: 10231

Trusted

Lifetime subscriber

#1699892 7-Jan-2017 15:31

Their sales reps don't seem to know about it. Breaks many things so not clearly advising upfront imo is as misleading as it comes.

Richard rich.ms