" That is quite strange, your DHCP lease is set to never expire and its on 10.xx.xxx.128. Our tier 3 is on later tonight and I’ll get with him to look at all of this to see what needs to be done to make this work."Next day: I sent this email along with screenshots of tracert and pings, I figured out today that the reason I was able to ping and tracert these addresses is because I have them provisioned on my router as an Additional IP in the UDMP settings. I also sent screenshots of the browser connecting to their Edge Routers"Ok doing a little more investigation today into the assigned IP address *2xx.xxx.xxx.51* when I perform traceroutes you'll notice that it makes a hop to my local gateway and then straight to the 2xx.xxx.xxx.51 ip address! Sounds like that is provisioned correctly, not 100% sure as I am a little out of touch with ISP grade routing. If you take note, when I tracert my current public ip address the 6x.xxx.xxx.85 It makes a hop to my local gateway, then the ISP gateway 10.xx.xxx.1 then to the displayed public ip address 6x.xxx.xxx.85, This is also the case when I tracert another 216.200.127.5x ip address in my assigned pool of addresses. 1st hop, local gateway, 2nd centric's gateway, then to the 2xx.xxx.xxx.51 address. It seems that I can also ping the 2xx.xxx.xxx.51 address but no others, which is probably ok since they're not routed to my gateway.I have configured some port forwarding and a small wordpress webserver on port 80 to point traffic coming in on the public ip 2xx.xxx.xxx.51 to my wordpress server at 192.168.1.8 to no avail.. I can connect using that ip locally on the lan but not off the lan on a different isp. I've even redirected the ports from 80 incase the isp isn't releasing that port to the www and still no dice. I honestly believe there is something small and simple that we are overlooking, either on my end, or in the forwarding of the public ip address on the backend. "He replies last night with - " I like how thorough you are, this is quite interesting because I have not set up a public IP address yet. I have sent this to our Network Engineer to look into and once I get an update I’ll get back to you. Worst case scenario I will get a port forwarded for you to use until we can get this sorted. "I was kind of perturbed because I had thought the public ip was already set up to be used? as per every email before last night that's all we had talked about so I replied," I was being thorough due to being under the impression that I was already provisioned a public ip address as per our email chain. I won't be needing ports opened, I have implemented an offsite tunneling platform to allow remote VPN into the network for the time being. Although it is janky and not what is preferred it will work for now. I am currently in the process of setting up multiple IP cameras at my house and will need the direct link back to the home platform though. "and got this email this morning from the NOC Tech - " Our Netowkr Engineer said .50 should be your gateway and .52 your IP address. Let me know if this works. "It does not work, I have set up addresses in routers for the last 25 years. I worked for an ISP building OSP fiber to the node, fiber to the business, setup many routers in head ends and dealt with network engineers for a good portion of my adult life. Not to mention the home lab experiences I have.I haven't replied, because I feel I am getting the run around about something, not sure why they would do that.. but feel like there is a different reason I am oblivious to. Either its correct and they're not giving me a run around and there is some obscure setting dealing with how CGNAT works which I admit, I have no experience with and the UDMP doesn't support it or hell idk, I am completely at a loss." title="Assigned Static/Public IP |--- CGNAT ---> LAN_GATEWAY(UDMP)">full image - Repost: Assigned Static/Public IP |--- CGNAT ---> LAN_GATEWAY(UDMP) (from Reddit.com, Assigned Static/Public IP |--- CGNAT ---> LAN_GATEWAY(UDMP))
Mining:
Exchanges:
Donations:
Little backstory to get you acquainted with the situation;I moved into a new home in July, figured out my FTTH isp (only one servicing the neighborhood) is utilizing CGNAT for ip distribution. No problem right? Just give them a call and get a static/public ip setup and I should be golden for VPN, etc .. (no I would prefer to not use Cloudflare of anything of the sort.)\August 9thDay #1 got information from neighborhood premises technician for my public ip and the dude tells me my subnet mask is 255.355.255.248 ( first red flag of the day) I told him that was a typo and wanted to confirm it was indeed 255. Obviously I knew it was 255, and he said "Umm let me ask" He also told me that my Gateway IP was 2xx.xxx.xxx.51 and that my IPv4 was 2xx.xxx.xxx.51 * Second red flag and I called him out on it again. Either way, this ended that conversation right then and I decided I would call back the next day and get someone different.Day #2 I actually decided to submit an online ticket with support and get a return email. At first it was just a regular customer service representative who asked if I was using my own router to which she confirmed, and noted that I wasn't using a router from the ISP(since that was the way I requested when I initiated service. So, I wouldn't be Double NAT) and she advised that I would set up the static ip using DMZ rules in my router. Little known to them, my router doesn't have a clear cut option for DMZ and requires a little bit of port forwarding, traffic and firewall rules. Oh its a Ubiquiti Dream Machine Pro. I asked for escalation, and received a phone call from their NOC a little later in the day. We go through the normal back and forth, try this, try that.. yada yada. which the conversation eventually ended this day as From the NOC Tech " I’ll take a look at this when I get home, we are only ipv4. I’ll also ask out network engineers to get some insight. "Day #3 NOC tech sent out an email that says " I believe the IP address of the router is supposed to be 216.200.127.52, gateway should be 216.200.127.51, subnet should be 255.255.255.248 I'm still researching this."like how in the hell are you a NOC tech and not able to look at a screen and determine what IP is assigned to me, what the gateway and subnet?I replied with, this knocks my LAN offline.. and got a response, " I just messaged our Network Engineers, I’m waiting for a response. " and got a response the following day of ----Day #4 " Ok, so I was incorrect and you had it set up right from what I've gotten so far. Our Tier 3 has minimal signal where he is so I'm getting bits of info sporadically. It should work, as they had to add the Public IP to an additional filter for the broader internet to be able to see it. " I sent him screenshots of me trying to ping my public ip which showed it was unreachable, and got the response " I’m waiting to hear back from our Tier 3, he’s out at the moment. I’m going to do some more digging and see if I can find anything else. I had the same issue trying to ping that address yesterday." after a few more back and forth emails I got "I think I figured it out, under the internet tab it should be;IPv4 Address should be 2xx.xxx.xxx.52Subnet should be 255.255.255.248Router should be 2xx.xxx.xxx.51"To which is already a direct contradiction of what the "engineers" told him that was correct which was me setting up the static CGNAT ips IPv4 10.x.x.128 SN 255.255.252.0 Gateway 10.x.x.1 with an additional ip address setup as 2xx.xxx.xxx.52/29. My reply was - " So set that up as my static ip and dont use the CGNAT 10.x.x.x one anymore? " reply to me was - " That is what I would try, because the 10.x.x.x isn’t really relevant if you have a Public IP. The packets should find your router regardless of the DHCP lease. " tried again, knocked my router offline. A for more emails were passed around and got the final reply " Well I found out why, that didn’t work. The public ip we assigned you isn’t active yet, it doesn’t go active until September 1st, a miscommunication happened. Our Tier 3 said that if you are just trying to VPN into your home system and access it remotely, we can do the port forwarding for you and we have reserved your ip address to remain the same."No big deal, I am sorta patient.. I set up a back door vpn using cloudflare, but there are other reasons I want a Public IP so using cloudflare as an end all be all doesn't apply.Fast forward to 9/7/2022hadn't heard from the isp since the beginning of August so, I sent him an email, let him know that the static CGNAT Address they set up for me times out and knocks my router offline and then comes back on after setting it to DHCP, then back to static with no ip change or anything and back online. Told him during their last maintenance window that my public ip changed from 2xx.xxx.xxx.xxx to 6x.xxx.xxx.xx and got this reply. " I’m going to look at this shortly, I’m getting caught up with a few things and will get you an answer tonight. If you went from 219 to 64 then it was defaulted to our cellular back up we use for emergencies instead of our fiber connection. I’ll get with our engineers to get the details for the set up. "Next day: I informed him that my UDMP was trying to adopt their UISP Edge Router into its system.. and that I am able to access their UISP's Router login page by entering my CGNAT Gateway address into a browser, got the reply " This is quite interesting, I’m getting with the engineers to figure out what’s going on so we can get you set up. " had a couple more emails about my static CGNAT address which keeps getting booted and me having to do the STATIC-DHCP-STATIC switcharoo and got this reply -" That is quite strange, your DHCP lease is set to never expire and its on 10.xx.xxx.128. Our tier 3 is on later tonight and I’ll get with him to look at all of this to see what needs to be done to make this work."Next day: I sent this email along with screenshots of tracert and pings, I figured out today that the reason I was able to ping and tracert these addresses is because I have them provisioned on my router as an Additional IP in the UDMP settings. I also sent screenshots of the browser connecting to their Edge Routers"Ok doing a little more investigation today into the assigned IP address *2xx.xxx.xxx.51* when I perform traceroutes you'll notice that it makes a hop to my local gateway and then straight to the 2xx.xxx.xxx.51 ip address! Sounds like that is provisioned correctly, not 100% sure as I am a little out of touch with ISP grade routing. If you take note, when I tracert my current public ip address the 6x.xxx.xxx.85 It makes a hop to my local gateway, then the ISP gateway 10.xx.xxx.1 then to the displayed public ip address 6x.xxx.xxx.85, This is also the case when I tracert another 216.200.127.5x ip address in my assigned pool of addresses. 1st hop, local gateway, 2nd centric's gateway, then to the 2xx.xxx.xxx.51 address. It seems that I can also ping the 2xx.xxx.xxx.51 address but no others, which is probably ok since they're not routed to my gateway.I have configured some port forwarding and a small wordpress webserver on port 80 to point traffic coming in on the public ip 2xx.xxx.xxx.51 to my wordpress server at 192.168.1.8 to no avail.. I can connect using that ip locally on the lan but not off the lan on a different isp. I've even redirected the ports from 80 incase the isp isn't releasing that port to the www and still no dice. I honestly believe there is something small and simple that we are overlooking, either on my end, or in the forwarding of the public ip address on the backend. "He replies last night with - " I like how thorough you are, this is quite interesting because I have not set up a public IP address yet. I have sent this to our Network Engineer to look into and once I get an update I’ll get back to you. Worst case scenario I will get a port forwarded for you to use until we can get this sorted. "I was kind of perturbed because I had thought the public ip was already set up to be used? as per every email before last night that's all we had talked about so I replied," I was being thorough due to being under the impression that I was already provisioned a public ip address as per our email chain. I won't be needing ports opened, I have implemented an offsite tunneling platform to allow remote VPN into the network for the time being. Although it is janky and not what is preferred it will work for now. I am currently in the process of setting up multiple IP cameras at my house and will need the direct link back to the home platform though. "and got this email this morning from the NOC Tech - " Our Netowkr Engineer said .50 should be your gateway and .52 your IP address. Let me know if this works. "It does not work, I have set up addresses in routers for the last 25 years. I worked for an ISP building OSP fiber to the node, fiber to the business, setup many routers in head ends and dealt with network engineers for a good portion of my adult life. Not to mention the home lab experiences I have.I haven't replied, because I feel I am getting the run around about something, not sure why they would do that.. but feel like there is a different reason I am oblivious to. Either its correct and they're not giving me a run around and there is some obscure setting dealing with how CGNAT works which I admit, I have no experience with and the UDMP doesn't support it or hell idk, I am completely at a loss.
Social Media Icons