Community discussions

MikroTik App
 
accarda
Member Candidate
Member Candidate
Topic Author
Posts: 208
Joined: Fri Apr 05, 2019 4:06 pm
Location: Italy

SXT LTE6 passthrough info to control 2nd NAT ?

Thu Dec 31, 2020 9:37 am

Hello everyone,
I'd like to understand whether this is possible or not, without making too much tests, risking to lock myself out as SXT is on a pole and not easy to reach now.
However, currently, I have RoMON enabled and working on SXT and main router (would this always allows me to log into SXT if a screw something ?)

Today I have my SXT LTE6 setup without using passthrough and my provider gives me private IP on LTE interface.
Therefore I have 192.168.x.y on ETH1 -> 10.xx.yy.zz on LTE1 -> public IP.
For this reason while I can control the first level of NAT for LTE1, I can do nothing for the other NAT due to private IP assigned from provider.
By reading around I have seen that passthrough will remove one level and assign the IP directly to client (would be my main router RB4011) connected to ETH1 of SXT (in my case).
Does it mean that by applying passthrough, the RB4011 will get a public routable IP on its interface ?
Or will it get again, directly, the private IP 10.xx.yy.zz ???
I guess this depends on provider (APN and ISP profile) and so I guess even using passthrough it won't solve the problem of controlling inbound traffic with NAT rules to open ports, right ?
So if that's the case I guess it won't make any difference using/not using passthrough, beside eliminating one NAT level.

Thanks in advance for any info that you can share.
Armando
 
andynormancx
just joined
Posts: 1
Joined: Sun Feb 14, 2021 4:08 pm

Re: SXT LTE6 passthrough info to control 2nd NAT ?

Sun Feb 14, 2021 4:16 pm

As you have guessed the RB4011 will get the same 10.x.x.x IP address that you see on the LTE interface on the SXT.

So you'll only remove one level of NAT by doing it.

However, some (but very few) mobile providers let you bypass CGNAT and get a public IP address by using a different APN. Three in the UK for example provide the 3internet APN which will give you a public IP address.

But that for example is the only mainstream UK mobile provider in the UK that does that, all the rest as far as I know all only provide CGNAT (though I think maybe some will give you a public IPV6 range).

One less level of NAT is sometimes enough to solve the problem you're having though, so...

I have always regretted not running a second Ethernet cable to the second interface on my SXT, which would have allowed me to easily mess about with things like passthrough, without the ever present risk of locking myself out of the SXT and having to go and get the scaffold tower out :(
 
accarda
Member Candidate
Member Candidate
Topic Author
Posts: 208
Joined: Fri Apr 05, 2019 4:06 pm
Location: Italy

Re: SXT LTE6 passthrough info to control 2nd NAT ?

Tue Feb 16, 2021 7:09 am

Thank you for sharing your opinion on this.
Currently I have a second LTE router (managed by the provider), which uses the same 4G carrier as the SXT, but in this case the SIMcard has some sort of business profile.
With this connection I get a public IP on its interface, so I'm using this to manage what ports can reach the RB4011.
As far as APN settings on SXT, even though I know the APN setting for the provider, I cannot use anything but "internet", otherwise I don't get the IP assigned to the LTE interface.
So I think the SIM card is somehow limited to the setup, so I'm using it as load-balance/failover WAN without other scopes.
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: SXT LTE6 passthrough info to control 2nd NAT ?

Mon Sep 27, 2021 1:10 am

if both SXTR use passthrough feature then remember that one of them must have more APN Profiles (count, even disabled one) becasue this count of APN Profile set internal IP used for hiden DHCP... .
Other words, when you have 2 SXTR with differ APN Profiles count and both SXTR use passthrough then that setup will be working.
Your Main Router who receive two dhcp-clients as wan1, wan2 can use some PBR or PCC for failover/loadbalance traffic per this WANs.

Who is online

Users browsing this forum: nickhoulton and 21 guests