Home internet service IPv6 traffic is all filtered even when using a Netgear LTE router. No port forwarding. Plz fix!

  • 22 January 2021
  • 57 replies

Show first post

57 replies

Userlevel 1

Wow, That’s really bad.

I already signed up for TMO Home Internet, but the routers are backordered until March.

Now I am reading so many bad things about the service, I guess I should cancel the order. Too good to be true to think I could get 5G speeds for $50/month.


Is this issue only with the new (Nokia) gateway? I still have the original gateway and I’m able to access a local camera from the public internet. 

Userlevel 5
Badge +5

Great report. Does this issue prevent the ability to remotely access Wyze cameras, ring alarm system, Ooma phone and video doorbells.  Thanks

yes.  any unsolicited inbound connection will get blocked.  basically, if an app or device requires a port to be opened/forwarded to work properly, it can knacker it up.  peer to peer games/applications, remote desktops, inbound VPN’s… all manner of things are getting hosed because they are forcing us to use a 464XLAT approach instead of a more proper dual stack--or even full IPv6.

Userlevel 1

Great report. Does this issue prevent the ability to remotely access Wyze cameras, ring alarm system, Ooma phone and video doorbells.  Thanks

Userlevel 4


Would be really great if you post this over in the Reddit r/tmobileisp forum.  Lots of people there working on the same issue, appears to be their use of CG-NAT.  Agree?

Agree. I’m active there - posted here as I don’t think T-mobile suits care about reddit and I may get someone at actually T-mobile to help raise the awareness of these issues.


Here are some of my discussions in r/tmobileisp in:re T-mobile home internet.


Netgear LAX20 with ATT SIM card = IPv6 can be pinged and ports forwarded. T-mobile should fix their home internet and remove filtering on IPv6



Unstable or "hung" SSH sessions when using the Nokia?



Xbox One NAT / UPnP results for the Nokia modem for those that asked.



I also posted this issue in DSLreports for those oldtimers like me that remember that site. https://www.dslreports.com/forum/r33010714-Connectivity-Incoming-traffic-filtering-by-Tmo-Home-internet-no-IPv6-DN

Userlevel 4
Badge +1

My background is in IT / networking and I started using Tmo Home Internet for the past 2 weeks. The router being shipped today to customers is missing very important features for power users - it actually broke my ability to remotely access my home via direct-connection using public IPv6 and IPv4 that I used on comcast. 

Contacting support for help is pretty much useless, although I have raised a few tickets regarding the major issues affecting me since switching ISPs, namely:

  • Unable to ping my IPv6 WAN address given by T-mobile (to remotely monitor my internet connection)
  • Unable to remotely access my home via my VPN server which listens to connections on the WAN IPv6 address (again, T-mobile is filtering ALL my incoming traffic - comcast, att fiber, other major players in the market don’t do this filtering to endpoints except for spam port 25)
  • Connecting to a VPN server hosted on the internet is unreliable and unstable.
  • T-mobile does not offer IPv6 Prefix Delegation (comcast has it, att fiber does too)

I’ve spent the majority of my time trying to figure out ways to make this work. Most folks out there are blaming the Nokia router firmware which is really locked down by T-mobile, so being the IT engineer I pretend to be I purchased a Netgear LAX20 which is T-mobile and AT&T certified - I swapped SIMs for my Home internet service and tested both.


Even with a router that I fully control, with firewall disabled and allowing WAN icmp/ping responses T-mobile seems to continue to filter traffic (even pings!) incoming towards my service equipment… to make a fair comparison I got an AT&T SIM card and repeated the tests. On AT&T I can ping and access my device remotely when it is on the AT&T LTE network on the same Netgear LAX20. 


Decided to post here to vent and share some findings, as this is somewhat frustrating that other LTE carriers that do not offer ‘home internet’ service do allow you to control and manage your network as you see fit while the new “home internet” service does not give you any control at all. Those users who wish to be able to remotely manage their smart home should perhaps stay away for now until T-mobile decides to do the right thing which is for “home internet” service subscribers to have different security network rules than cellphones on the network.

T-mobile please fix your business model for this new service, starting with adding the ability to request zero network filtering for home internet subscribers and the ability to get IPv6 prefix delegated.

Would be really great if you post this over in the Reddit r/tmobileisp forum.  Lots of people there working on the same issue, appears to be their use of CG-NAT.  Agree?

Userlevel 5
Badge +5

Agreed... still on the older white box, and it is doubly frustrating because we have access to  the normal features (dmz, forwarding, firewall, etc) but none of the features work.

Can see their v6 details... set up my Asus to link up and try to run v6 instead of v4.  No joy.... appears to work at first, but doesn't.

We are forced through a 464 tunnel.  Any traces run show no nothing once you leave the LAN until you exit that tunnel on the other side.

Even setting up OVPN in the router gets knackered up.

No bridge mode on their devices... no v6 support on the LAN side... no proper way to manage port traversal…

Just so many ways they are missing the boat here.

Don't really need all of that to work right now (though it does suck not having remote access to a couple things)... but when I get around to doing multiplayer on the consoles again it WILL become an issue.  May force me to switch back to a wired service again.