Question Pepwave and inbound ports

[jmltech]

Does anyone know if AT&T allows inbound ports? - I’m using the Pepwave. @Neal - since you work from your RV?

I have a portforward set up on the WAN to forward to an internal server on the LAN port 80, but can’t get it to work. When I switch my priority to WIFI WAN (from my home WIFI) and move cellular 1 to disable (AT&T sim), it works perfectly.

If AT&T is blocking, do they block all ports, or certain ones? What about Verizon?

thanks all,
Joe

 

[Neal]

AT&T is not blocking, they don't care. I don't know which port you're talking about so I can't say that with a blanket situation but I use port forwarding in my coach. In my case the item I'm forwarding to is connected via ethernet cable so it's on the same IP net i.e. I was forward port 5000-5001 to 192.168.50.5, my Synology NAS. In my case I'm using a separate WiFi system so it's more complicated. If you're using the Pepwave's WiFi then it shouldn't matter as I believe that's all on the same IP network, i.e. 192.168.50.x otherwise you may need to deal with NAT.

Now as I blab the above and read what you're asking you cannot forward port 80, why would you do that? That's HTTP. So what I should have started with is please explain what you're trying to do as I started blabbing before reading or asking so forget all of the above other than yes it works.

Are you trying to use a separate WiFi system as I'm doing? I don't use Pepwave but instead a Netgear Orbi which I would not do if I did this over again, that was done for a different reason and pre-pepwave. If that is what you want then your secondary wifi needs to be plugged into the LAN port on the Pepwave so it gets the network activity and be on a separate network such as I use 10.0.0.x.

I hope you're confused because that's what I do best by blabbing before learning.

 

[jmltech]

Thanks @Neil.

I have a raspberry pi that is running CoachProxy - basically, Node-Red server that monitors the CANBus and let’s you control the Tiffin from an IOS or Android phone. Turn lights on/off, thermostat settings, generator, etc. It is no longer available, but he has made the software opensource.

So, when connected to AT&T via Pepwave, would like to open a webpage on my phone pointing to the IP address of the WAN (currently AT&T in cellular 1: 10.0.x.2) and have the portforward forward port 80 to the Pi (192.168.50.12) so that I can open/close vents and/or turn A/C on for the cats if we are out away from the RV.

I had setup a similar rule as the WiFi WAN when connected to my home network (Coach is in the driveway) and it works perfectly. (Pointing to 192.168.168.3) as the WAN, and portforward Port 80 going to 192.168.50.12. Internet facing port was 8181, but I tried a few different ones, including 8080.

but when I disable WiFi WAN and enable cellular 1, no joy.
Even tried rebooting after the disable WiFi WAN and enable cellular 1

the attachment doesn’t show the rule checked for Cellular 1, but I have been playing around, so the screen grab happened to be when it was unchecked.

i should mention that I could use Ngrok. But was trying to stay away from 3rd party proxy services.

 

[Neal]

I would put your custom creation on a custom port such as 8800 and then port forward 8800. Do not forward standard ports such as 80 or 443.

 

[jmltech]

I’ll give it a try. But port 80 and 443 are on the pepwave LAN, not on the Wan. Here is what i was testing:

• phone on Pepwave WiFi: 192.168.50.12:80 (works)
• Phone on home WiFI (192.168.168.x) and pepwave using WiFi as WAN (WAN ip address 192.168.168.3), port forward rule: 192.168.168.3:8181 -> 192.168.50.12:80 (works)
• phone on verizon, and pepwave on cellular 1 (AT&T, WAN IP address 10.0.x.3), port forward rule: 10.0.x.3:8181 -> 192.168.50.12:80 (doesn’t work).

After all that typing, I just realized why it doesn’t work, and can’t work. AT&T is using a non-routable network address (class a private network).

looks like I’ll have to install and set up an Ngrok service after all. This is probably easiest, since then I don’t have to worry about port forwards into my raspberry pi, and will work on anyone’s WAN (AT&T, Verizon or even a campground WiFi). The bad part of Ngrok is that it establishes a VPN out to their hosting services, and keeps the tunnel open. So, you are using precious internet bytes across the AT&T service, whether you are using the tunnle or not. I don’t know how much it eats into the service plan, but I guess I’ll find out. I guess i could also just disable it when we are in the Coach

 

[Neal]

One thing that confused me was your IP's are changing for your internal assignments. Isn't your device on a fixed IP inside the network? I also configure my router so that DHCP goes from .50-.254 so I can use below .50 for static assignments.

 

[Joe Hogan]

Neal on my Pepwave unit I feed the WIFI Ranger, via ethernet, into the Pepwave. The Pepwave manages the two sources, VZN data and Campground WiFi. This approach can be a bit fluky but sometimes I can increase bandwidth using a throttled campground WiFi and a throttled VZN data connection. Does this make sense to you?

 

[Neal]

Does this make sense to you?

You had to ask, okay, re-reading to comprehend...in progress

I feed the WIFI Ranger, via ethernet, into the Pepwave

That is fine, that is a WAN source just like cellular. You can even put both into Priority 1 and let the Pepwave decide which to use unless you want to manage the WAN sources such as bandwidth limits, i.e. you only want to use VZW when you need good bandwidth but don't want to burn up your cap.

The WiFi ranger can help you assuming you have a roof mounted antenna. The alternative is to use the Pepwave's WiFi (depending on your model, BR1 MINI is 2.4 only) and a roof mounted antenna. Rabbit ears sometimes work better, roof sometimes work better, reboot sometimes works better, the joys of testing Internet meaning my first 2 hours at a CG

 

[jmltech]

To close the loop on this...

tried Neal’s suggestion about changing ports. No matter what I did, or whatever forwarding rule I had for the cellular 1 WAN (AT&T), i couldn’t make a connection inbound from the internet into the raspberry in my RV.

Neal also made a comment about my WAN networks changing. To clear up any confusion, my WAN networks stayed the same, but are on different network addresses depending on which wifi service I was connecting to (WiFi as WAN) to my house network for internet. For example, if the pepwave connected to my home wifi on the 2.4 wifi band, the WAN network IP address is 192.168.168.x. If the pepwave connected to the 5Ghz wifi band, the WAN IP address is 192.168.168.3. The Pepwave LAN is the default address 192.168.50.x. and never changed. Of course, connecting to AT&T created a WAN address of AT&T’s choosing.

my goal was to make a connection from the internet, thru the pepwave to my raspberry Pi that is in the RV. As mention in the previous post, this works as long as the pepwave is connected to my home WiFi as WiFi as WAN. As soon as the Cellular 1 service (currently using the AT&T sim) is enabled and set as priority as the WAN, no access can be made. I believe after researching and asking questions to our network experts at work, it is because AT&T uses a non routable network for their cellular internet service on their data plans. Hence no ports are allowed inbound. However, apps and software can make outbound internet requests, and AT&T handles those fine -which allows us to access the internet and stream, etc.

so, I made a guest account using the ngrok tunneling service and configured the raspberry pi. Now I can reach my raspberry Pi in the RV from anywhere on the internet, no matter what data service I’m using (AT&T, verizon, or even a public wifi connection.)

this is because ngrok creates a tunnel to their servers, and acts as a reverse proxy back to your device. While this works, I don’t like it because being paranoid, I don’t want to be one of those guys that get their server hacked. So, I’ll create a quick switch using my Node-red on the CoachProxy sotware to turn this service on and off. Off by default, but on whenever I will be away from the RV.

I’m also going to see if I can lock my access to the server to be just my iphone or ipad. In theory, ngrok should discard any request made from the internet that isn’t coming from one of my designated devices (based on the MAC address of the device)

Sorry for all of the tech talk. Just wanted to share how you can expose a server in your RV, through the pepwave, while connecting to a cellular data plan.