Community discussions

MikroTik App
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Mobile WAN

Thu Apr 01, 2021 10:21 am

Hello,

I have just purchased router hAP ac 2 (RBD52G-5HacD2HnD-TC) which offers USB port for 3G/4G modem.
I have successfully connected it to local T-Mobile network using E3131 3G modem.

My problem is with the public IP, to which I cannot ssh connect (even ping).

The public IP is (say) 46.204.54.28, and the command from the router

/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.88.1/24 192.168.88.0 bridge
1 D 100.100.172.156/32 10.112.112.131 ppp-out1

This address (100.100.172.156/32) or network (10.112.112.131) is not even near my public IP, but anyhow, these are not my public IP, so I assume this is how the ppp connection works.

But then from WAN, neither ping, or ssh works
ping 46.204.54.28
Pinging 46.204.54.28 with 32 bytes of data:
Reply from 192.168.1.61: Destination host unreachable.
Reply from 192.168.1.61: Destination host unreachable.

ssh admin@46.204.54.28
ssh: connect to host 46.204.54.28 port 22: Connection timed out

ping 1.1.1.1
Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=235ms TTL=53
Reply from 1.1.1.1: bytes=32 time=245ms TTL=53

I have contacted T-Mobile, they claim no specific ports are blocked by them. Also they offer to setup a fix IP address, but for me this is not a problem since this is only a temporary setup.

The firewall on the router is as per default router setup, i.e. allowing ICMP.


Thanks,
Adam
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Mobile WAN

Thu Apr 01, 2021 11:23 am

If your public IP is in 100.64.0.0–100.127.255.255 range, you are behind the NAT and you will not be able to connect from Internet to your network.
In most cases one phone call to provider should solve the problem..

Good Luck
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Thu Apr 01, 2021 1:29 pm

Thanks for the lead.
Now I have sent an email to T-Mobile. That is likely where the problem is.

From technical term, this IP as I can see by googling "my ip address" is not a real public IP?
Even when it does show it as a public. Now, what establishes that - a masquerade, or - NAT, or simply that that way ppp works...

Ta.
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Mobile WAN

Thu Apr 01, 2021 5:34 pm

the 100.64.0.0–100.127.255.255 range is so called Carrier Grade NAT and even they "look as public" many operators use them to NAT their users to save V4 public IP's but if you ask them to put you on "real public IP", in most cases there are no problems.

Good Luck again...
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Sat Apr 03, 2021 8:08 pm

Yes, indeed, with a charge they provided the solution needed.

Thanks!
 
jaceqp123
newbie
Posts: 25
Joined: Wed Mar 01, 2017 4:42 pm

Re: Mobile WAN

Tue Apr 06, 2021 9:46 am

Yes, indeed, with a charge they provided the solution needed.

Thanks!
Just wondering... Is it a one-time payment or additional monthly fee for that? Could you share a price for that aswell?
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Mobile WAN

Tue Apr 06, 2021 9:54 am

You can use DDNS in Cloud Section of Mikrotik router then use VPN or port forward for SSH to your none public IPs
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Tue Apr 06, 2021 10:03 am

Could you share a price for that aswell?
Monthly fee , roughly $4 each month, but no duration contract.
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Tue Apr 06, 2021 10:08 am

then use VPN or port forward for SSH to your none public IPs
Can you share details? If I do not need to pay this top up of $4 that would be nice...
I have fixed IP on my second router with no additional cost, yet in case of mobile WAN - used for testing , this is only with a charge.

Thanks.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Mobile WAN

Tue Apr 06, 2021 10:23 am

Can you share details? If I do not need to pay this top up of $4 that would be nice...
I have fixed IP on my second router with no additional cost, yet in case of mobile WAN - used for testing , this is only with a charge.

Thanks.
If you have MT then you have DDNS In IP/Cloud you can use it, It is reachable through the internet you can config VPN to access local resources or forward SSH port from your WAN to dst address local
VPN is more secure than port forward or redirects if you want to access the MT only then you don't need to do VPN or port forward

Image
Image
Last edited by own3r1138 on Tue Apr 06, 2021 11:33 am, edited 1 time in total.
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Tue Apr 06, 2021 11:23 am

Thanks for the screens, and the second screen is?
I assume this should be a VPN provided (Irancell) of any sorts...
But again, will it then be free?
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Mobile WAN

Tue Apr 06, 2021 11:43 am

Thanks for the screens, and the second screen is?
I assume this should be a VPN provided (Irancell) of any sorts...
But again, will it then be free?
Your very welcome, The Windows Putty terminal showed that I used the local IP for the connection although the DDNS worked correctly so I checked with none local network like my phone LTE just to be sure it's working through the Internet too. Sure Its a FREE service like https://www.noip.com/what-is-dns or https://account.dyn.com/ Build-in into RouterOS.
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Tue Apr 06, 2021 1:48 pm

 I checked with none local network like my phone LTE
Sorry, I do not fully get it. Does it mean, that I could cancel T-Mobile's public APN service, and even then - use DDNS name for ssh access to mikrotik, and also below (hosting a web server) ? Yes, that would be great... yet I have a doubt that this will work...
If that is the only price to pay, (use DDNS name, instead of IP) ... would be happy.

Ta
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: Mobile WAN

Tue Apr 06, 2021 3:01 pm

 I checked with none local network like my phone LTE
would be great... yet I have a doubt that this will work...
If that is the only price to pay, (use DDNS name, instead of IP) ... would be happy.

Ta
That's completely on you to cancel your service but it will provide some functionality and yes you can host web services with some firewall and NAT rules.
But not in a production environment. For example, you cant req CERT for it with DDNS (no self-signed certificate ) or if you wanna use CMS for web server like Cpanel or DirectAdmin then as the license is on the IP address of the server then you cant get one. it is complicated.
 
aniecki
just joined
Topic Author
Posts: 19
Joined: Fri Jul 29, 2016 10:02 pm

Re: Mobile WAN

Tue Apr 06, 2021 3:09 pm

Thanks for the explanation. Good to know - as in this time of my IT career one has to learn new tricks, so tips are advised!

Who is online

Users browsing this forum: Bing [Bot], lurker888 and 43 guests