Question

T-Mobile Cylinder, pfSense and Google Wifi

  • 5 October 2021
  • 5 replies
  • 1077 views

Userlevel 3
Badge +2

Trying to figure out a solution to the no bridge-mode\no port forwarding in T-Mobile’s dumbed down appliance.

A pfSense firewall will port forward so I can get Plex and ChannelsDVR among other things from outside the network. This solves the bridge mode and port forward problem. It also does DHCP and NAT. Add to that my Google Mesh WiFi system (5 units.) 

So what I’m looking at is T-Mobile appliance>pfSense appliance>Google Router. Only now I’ve got triple NAT (disaster) unless I put the Google in Bridge mode. But then I’m pretty sure the mesh won’t work.  

Anyone using pfSense with a mesh system? I know I could try ZeroTier but really like the capabilities of pfSense. It can really improve the network in addition to some good protection. 


5 replies

From what I’ve heard you only get an IPv6 address from TMobile, not an IPv4 (they do IPv6 to IPv4 translation like they do on their phones on the mobile network). You can get around this by using a VPN with reverse port forwarding, or if you’re technically apt, grab an unlimited bandwidth VPS somewhere and setup a VPN / port forwarding through that using something like OpenMPTCPRouter or similar.

Userlevel 1
Badge

Depends on you use case, but Tailscale solved all of my access problems. :-)

I use Jellyfin instead of Plex because of Plex’s requirement of being seen by their servers. Although with some tweaking this can be overcome.  

 

Let us know what your final solution is. :-)

I’m using the T-Mobile gateway as a secondary Internet connection at home.  Primary Internet is with the cable company, and the T-Mobile appliance and cable modem are configured as a gateway group on my pfSense firewall.  I use Google access points for home WiFi.  My primary WiFi network uses two Google access points in a mesh configuration.

Unfortunately the T-Mobile device cannot be configured for bridge mode.  I’ve disabled the T-Mobile WiFi and connected it to my pfSense appliance on an Ethernet port.  As a result, I do have a bit of NAT madness going on.  Direct WiFi speed through my T-Mobile gateway to the Internet clocks in at around 100Mbps, but traffic through my pfSense drops down to ~ 40Mbps.  (I tested direct WiFi through T-Mobile before disabling it.)

Though the T-Mobile gateway is configured as my failover Internet connection, your question got me wondering about external Plex access.  I like to access Plex from hotels when my family is on vacation, but had not tested it out through the T-Mobile gateway.  So I switched my default pfSense gateway over to T-Mobile, disabled WiFi on my phone, and tested Plex access across the cell phone network.  It works.  I monitored the pfSense firewall logs and verified that the client traffic (phone) was coming from a T-Mobile IP address.  I was streaming a Plex movie on my phone while my kids were on the home WiFi using tablets for YouTube, and a baseball game was streaming on a Roku player in the other room.

I realize that my home setup isn’t exactly what you were looking for, but hopefully it’s close enough to help answer your question.  The T-Mobile gateway isn’t flexible enough for me to want it as a primary Internet connection.  But it’s been a great secondary/failover option for me.  And for $50/mo it’s certainly better than no Internet connection, which is where I used to find myself when cable Internet outages hit.

I’m using the T-Mobile gateway as a secondary Internet connection at home.  Primary Internet is with the cable company, and the T-Mobile appliance and cable modem are configured as a gateway group on my pfSense firewall.  I use Google access points for home WiFi.  My primary WiFi network uses two Google access points in a mesh configuration.

Unfortunately the T-Mobile device cannot be configured for bridge mode.  I’ve disabled the T-Mobile WiFi and connected it to my pfSense appliance on an Ethernet port.  As a result, I do have a bit of NAT madness going on.  Direct WiFi speed through my T-Mobile gateway to the Internet clocks in at around 100Mbps, but traffic through my pfSense drops down to ~ 40Mbps.  (I tested direct WiFi through T-Mobile before disabling it.)

Though the T-Mobile gateway is configured as my failover Internet connection, your question got me wondering about external Plex access.  I like to access Plex from hotels when my family is on vacation, but had not tested it out through the T-Mobile gateway.  So I switched my default pfSense gateway over to T-Mobile, disabled WiFi on my phone, and tested Plex access across the cell phone network.  It works.  I monitored the pfSense firewall logs and verified that the client traffic (phone) was coming from a T-Mobile IP address.  I was streaming a Plex movie on my phone while my kids were on the home WiFi using tablets for YouTube, and a baseball game was streaming on a Roku player in the other room.

I realize that my home setup isn’t exactly what you were looking for, but hopefully it’s close enough to help answer your question.  The T-Mobile gateway isn’t flexible enough for me to want it as a primary Internet connection.  But it’s been a great secondary/failover option for me.  And for $50/mo it’s certainly better than no Internet connection, which is where I used to find myself when cable Internet outages hit.

Almost exactly the same setup I have.  Tmo home internet for backup at $50/month, and local cable company in Dallas for primary connection.  I use 2 Nest routers (1 as a bridge) and 1 Google wifi pod for my mesh.  Tmo doesn't seem to interface with the Google Home app, which shows the network as down if Tmo is serving as the router and ISP. 

I’m about to attempt this exact same setup. I’ve currently got an Orbi mesh network set up, I want to turn those into a mesh AP set, then use pfsense for routing, using Spectrum as primary and T-Mo home internet as failover. I too use Plex heavily when traveling - good to hear that it works. Was there anything specific you needed to configure, other than port forwarding in pf for it to work?

Reply