NAT (Forwarding) in T-Mobile Gateway

  • 9 December 2021
  • 44 replies
  • 42706 views

Userlevel 1
Badge

I recently signed up for T-Mobile internet, and I am VERY disappointed that I could not even forward NAT traffic to my home security system.   I saw that this was discussed 7 months ago in a previous thread, and hope the developers will notice this.  The speed is great, and the same as was advertised in the chat.

I would like this issue to be resolved so that I don’t need to continue with Optimum (Morris Broadband).


44 replies

Hello Everyone.

If anyone needs to port forward for a DVR security camera system. Forget it.

However, if your DVR has a Cloud P2P option, it will work.

I have a HikVision DVR and I successfully connected my phone with their Cloud P2P.

 

I would imagine that any DVR that uses a Cloud P2P service will work because it bypasses the need to Port Forward.

Hope this helped someone.

Good Luck!

Not to be pessimistic but TMO has known about this issue since inception. They aren’t going to fix it. Or they aren’t knowledgeable enough to do so. Needless to say, TMO is just a step to getting better services in my rural location. TMO doesn’t seem to care. They laud themselves as customer-centric but TMO is just another business innit for the money. Yay capitalism. 

If they could fix this issue for us their customers, maybe they wouldn’t be viewed as they are. 
 

So I’m having NAT Issues for my ps4 where I’m trying to connect with people in elden ring which I need a NAT 2 and I have no idea how to change the NAT type from 3 to 2 on my 5g gateway please help help help help help is there any way around this or a way 

I recently purchased a new home that came with a “Home Automation Kit”. This included a Ring doorbell, Samsung Smartthings Hub (to connect to Z-Wave thermostats) and a Genie Aladdin Connect garage Door Control Module. I have the T-Mobile 5G modem with WiFi turned off and a Netgear AP connected for WiFi. 

The Ring doorbell works over WiFi. The Samsung Smartthings Hub will not connect (using Ethernet port on T-Mobile modem or WiFi). The Aladdin Connect module will not connect via WiFi. 

The installer immediately indicated that the Smartthings hub would not work with my “hot spot” and it didn’t. 

Has anyone been able to get a Smartthings Hub working with the T-Mobile 5G modem.

Badge

I use smarthing hub mesh system with 6 hubs places around home.  I was using xfinity before and tmobile now.  This uses the Plume technology and yours may be different mine but it does work

 

 

Not sure if anyone answered this exactly yet.....But, sounds like you can port forward. What you need to do is switch over to a business account. The monthy cost is the same, but you have to add $5 per month for a static IP address and also get their FX2000 modem. Then you can port forward. I have not tested it yet, I literally just ordered it.
Service:
https://www.t-mobile.com/business/solutions/business-internet-services/small-business-internet

Modem:
https://inseego.com/products/fixed/fx2000-tmobile/

Thanks for the responses.

I ended up taking the SmartThings hub to my current home (where I have Frontier FIOS service) and I got the SmartThings hub online there. I then moved the hub to my new home (T-Mobile 5G service) and connected it via Ethernet to the modem. It came online and has been working well. It appears the issue is only with the initial registration. 

Badge

Thanks for the update,  I ordered one too.  Not sure what I am getting but it is coming.  Will update when it arrives

Not sure if anyone answered this exactly yet.....But, sounds like you can port forward. What you need to do is switch over to a business account. The monthy cost is the same, but you have to add $5 per month for a static IP address and also get their FX2000 modem. Then you can port forward. I have not tested it yet, I literally just ordered it.
Service:
https://www.t-mobile.com/business/solutions/business-internet-services/small-business-internet

Modem:
https://inseego.com/products/fixed/fx2000-tmobile/

@Jackson300zx: Just to follow up if you have successfully tested the NAT and Port-forwarding features of inseego FX2000 gateway. I talked to T-mobile rep about this and she told me that

Small Business Internet (SBI):
Gateway: Nokia 5G21 and Arcadyan KVD21
Note: Static IP eligibility - Not Included

Business Internet (BI)
Gateway:
• Nokia 5G21
• Inseego FX2000
• BYOD (Bring your own device)
Note: Static IP eligible (Inseego only)

Only BI can ask for static IP, not SBI

Badge

So you can learn from my mistakes.  First you will need a reason to switch to a business account,  it is not unlimited data.  Comes with 100 for 50 and 300 for 70/month. Can I do port forwarding?  Don’t know yet but will post the results

 

@carSmart: Actually, I already successfully opened a small business account with unlimited data for $50/month with TMO by using my EIN (TMO allows SBA under your SSN but because I already have a TMO family plan under my SSN and I don’t want to convert my family plan to biz plan) and got inseego FX2000 gateway (after several phone calls to the right department) and tried it out.

I configured gateway port-forwarding for my security camera system, however, it seemed only working when my iPone connected to LAN. When I tried to view my camera remotely from work, either connected to work WiFi or TMO network, I was unable to view them at all. I think it was not just simply port-fowarding issue, TMO might block port-access request in the front end.

  TMO also blocked access to some websites due to their contents or securities. 

  I also found speeds of FX2000 unstable. Speed of ethernet gave 200Mbps and above, while 5G WiFi speed went down to 10Mbps and 2,4G WiFi speed went down to 10Mpbs, both WiFi speed changed frequently, unless I placed the gateway next to my computer. I have very strong TMO 5G coverage in my area. FX2000 came without external antenna, which I think that was the reason and T-mobile should provide external antenna to FX2000 users.

  Anyway, after trying it for a week, I decided to cancel  it and stayed with ATT U-verse.

I will re-consider TMO internet once it can offer bridge-mode on their gateway. At this monent, it just couldn’t meet my requirement. 

So you can learn from my mistakes.  First you will need a reason to switch to a business account,  it is not unlimited data.  Comes with 100 for 50 and 300 for 70/month. Can I do port forwarding?  Don’t know yet but will post the results

it comes with unlimited data, at least on my plan it does

 

I’ve been monitoring this thread for a year or so for the same issues. In my case I needed to get my webserver to allow incoming traffic from outside T-Mobile Home Internet to preview development sites.

Long story short, if you’ve got a similar use case, Tailscale did the trick for me. Installed the webserver as a VM on a Synology NAS, and Tailscale has a package that can be run on DSM. I add development site subdomains to public DNS and route to the tailscale address using an A record. Then I share the webserver tailscale node with whoever I want to preview the site, they connect to tailscale, type in the domain, and it works pretty great. Won’t solve all issues I know….

For local development, I use VirtualMin and configure the primary IP address as the tailscale address, and I add the local address to the site-enabled entries in Apache and my hosts file. Takes a little configuring but I plan to post some steps on how in time. I added a quick article for now on my blog. Hope this helps somebody 🤷‍♂️

  1. You static ip the PC. 2) Use TCP View to find ports and ip addresses used by app. 3) Open on PC Firewall or Endpoint. 4) Open or port forward ports. 5)Test

My nat was strict and couldn’t play in a party on Xbox.

Great lad at customer service had me run 2 speed tests and that pushed me into whatever and now the nat is open. Yay for cgnat 

What speed tests did he have you run? I’ve been trying to change it on my XBox series X and it won’t even allow me to play a game

Just another success story here, if you’re the type who knows how to use SSH tunneling.

T-Mobile (business, in my case; don’t think it matters) can’t do port forwarding.  But my ssh tunnel(s) worked, at least for a little bit.  I use autossh, which re-establishes connections when they fail (due to routing changes, etc).  It has been very reliable for me in the past to get around bad/broken NAT situations.

But I found that my ssh tunnels would only last for a short time (Arkadyan modem, using a router on the LAN connection).  Then I read from another post somewhere else on this forum that t-mobile simply closes TCP connections without traffic after a period of time (looks like maybe as short as 5m).

So I changed the ssh settings on my server to add a keep-alive, and all is working perfectly.  I have three ports forwarded on my LAN through an ssh connection to a server in the cloud; you could probably use ngrok for this (free accounts I think).  I have a camera, ssh to a server, and another port forward to an IoT device, and all three have been working perfectly without interruption for over a week.  I get between 120 and 250Mbps down and 30up pretty consistently.

I’m sold, and am currently on hold cancelling my AT&T DSL account! 

Just another success story here, if you’re the type who knows how to use SSH tunneling.

T-Mobile (business, in my case; don’t think it matters) can’t do port forwarding.  But my ssh tunnel(s) worked, at least for a little bit.  I use autossh, which re-establishes connections when they fail (due to routing changes, etc).  It has been very reliable for me in the past to get around bad/broken NAT situations.

But I found that my ssh tunnels would only last for a short time (Arkadyan modem, using a router on the LAN connection).  Then I read from another post somewhere else on this forum that t-mobile simply closes TCP connections without traffic after a period of time (looks like maybe as short as 5m).

So I changed the ssh settings on my server to add a keep-alive, and all is working perfectly.  I have three ports forwarded on my LAN through an ssh connection to a server in the cloud; you could probably use ngrok for this (free accounts I think).  I have a camera, ssh to a server, and another port forward to an IoT device, and all three have been working perfectly without interruption for over a week.  I get between 120 and 250Mbps down and 30up pretty consistently.

I’m sold, and am currently on hold cancelling my AT&T DSL account! 

Could you run thru a quick setup?? I’m jus tryna to game on my pc and Tmobile internet is blocking some of my games from connecting. I’m using Persistent SSH which is and alternative to autossh.

It would be much appreciated.

From what I understand, T-Mobile deploys 464XLAT. Meaning your IPv4 connections are translated over IPv6. This means IPv4s are not assigned in anyway to a traditional home-ISP, and instead IPv4 WAN are pooled and NAT’d together. This was reportedly done due to IP assignment issues, and used to mitigate and rollout to IPv6 at the same time. Business customers have the option to purchase a static IP which will remove your connection from the NAT pool and begin translating inbound IPv4 connections as if they were direct native IPv4. I’m not sure why T-Mobile is unable to provide this for free to all consumers. It may be a result of simply not having enough IPv4 allocation available, in which case how is that ever going to be fixed without freeing up used IPv4s? Or, it may be a system scalability issue that may need resolved. Who knows, but understand this problem is a little bit more complex than simply clicking a button. Currently for consumer home internet plans, there are no options for inbound IPv4 addresses, or opting out of the NAT system that the rest of the mobile-device network uses.

 

Could you run thru a quick setup?? I’m jus tryna to game on my pc and Tmobile internet is blocking some of my games from connecting. I’m using Persistent SSH which is and alternative to autossh.

It would be much appreciated.

You’ll need to have these two settings enabled on the ssh server into which you are setting up the tunnels:

ClientAliveInterval 60
ClientAliveCountMax 2

Without these, the ssh connection will eventually die, even with something like autossh (presumably also Persistent SSH).

Then there is a tunnel per device/port from some ssh host on your LAN (like a Raspberry Pi or whatever) to the ssh out on the internet which you will be using as a gateway:

autossh -N -p22 -R *:8000:192.168.1.2:8500 user@gateway.host.net

That command sets up a tunnel between your Raspi (or whatever) on your LAN to the gateway machine, with a port 8000 tunnel to the 192.168.1.2 device on your LAN on port 8500.

So now I can reach port 8000 on the 192.168.1.2 device from the outside world from gateway.host.net:8500.

For example, if you want to be able to ssh on a device 192.168.1.33 (on port 22), then you could set up:

autossh -N -R *:8222:192.168.1.33:22 user@gateway.host.net

and then you can do “ssh -p8222 root@gateway.host.net” and you will be ssh’d to root@192.168.1.33 on port 22.

 

 

Reply