When can I JUST use TM internet modem as ONLY a modem, in BRIDGE mode, with NO NAT, NO firewall, and frankly NO Wifi.

  • 28 December 2021
  • 19 replies

Userlevel 2

PLEASE let me know when can get a PLAIN modem from T-Mobile, or BUY my own modem, or SET their modem up to DUPLICATE the functionality of Spectrum.   I can’t and won’t change, until and unless I can get that kind of service.  Frankly, I am shocked that TM didn’t spec that into their design.  Instead, based on about a 20 minute search, that is IMPOSSIBLE today…  and here are just a few of the problems that will prevent me from even considering TM:

  • There’s NO bridge mode --- This means I CAN NEVER treat TM device like my Spectrum cable modem, and treat it JUST like a modem.
  • Since I can’t treat it as just another modem, I have to REDO and RETHINK, and REDESIGN my whole network, to adopt to their design -- This is NOT going to happen!
  • No Bridge means that I’m limited to whatever they designed into their modem, to provide services like DHCP, NAT, port forwarding, DNS, ETC.
  • Since their software UI is the only way I can provide services I depend on, then unless they perfected their software, their UI, and their firmware, and their firewall software that is better than all the other devices I have, some of which are extremely sophisticated and expensive, their device makes using these devices not only redundant, but also DISABLED services, without a lot of workarounds, assuming I both want to do the work, and I can actually achieve configs that work for me.  

I’m still using Spectrum, and it appears I won’t have a viable good option of changing everything over to T-Mobile, until they somehow figure out how to produce a service that is COMPLETE plug and play with a CABLE MODEM…. By modem, I do NOT mean a firewall, a router, a WiFi, or ANYTHING more than a stable MODEM with ONE IP address, DHCP in order to pass an IP to my firewall, and that’s it.  NO, I do NOT even need DNS services, either. 

I hope I just misunderstand the current TM design.  If this is how it works today, it reminds me of when I first put a DSL modem in my company in the early 1990’s.  The first thing they gave me was a contract that said I had to PAY EXTRA, for EACH device I connected, I’d have to notify them in advance, and EACH IP was extra cost.  After I rewrote their contract, and informed them I only wanted ONE device connected, and ONE IP, and bought my SonicWall “Internet gateway” “NAT Firewall”, and “DHCP server”.  Although that one device was about $300-400 at the time, we were able to use that to service over 50 computers at a time for the next 15 years.  I guess we were ahead of our time as a small company.  Most everyone else was paying 10-15 per user, and we never EVER paid for more than ONE user.  But then, we had 20 or more engineers working for us at the time as well.

C’mon T-Mobile --- Get a real great network designer involved so it only takes plugging my EXISTING 1,000-T WIRED internet cable and then everything works, out of the box.  Then, also provide the means to MANAGE and MONITOR that modem remotely.  That’s all I need or want, and suspect that is all most all users want today..




19 replies

Userlevel 1

I have my T mobile gateway connected to my existing network with a Cat5 cable.  Works fine, current network provides all services, gateway just connects to tower.  T mobile internet app provides monitoring and settings.  Hope this helps.

Userlevel 2

Agree that is the perfect solution if all you are using internet for is a very limited number and type of device, and need zero configurations to enable other services.  For instance, my mother’s setup is ONE WiFi connection to ONE computer, unless I’m visiting.  If that’s the market TM is after, then fine.  But cord cutters are likely going to be connecting 20-30 devices, and then add thermostats for my AC and heat, all the new cameras, doorbells, garage door openers, sprinklers, my plumbing connections, and eventually toasters and my refrigerator.  Does TM really expect to make these types of customers happy??  Good luck with that, but it is NOT going to go well for TM if they try.

But, my point was that it is MORE difficult to provide settings, setup and especially tech support than it is to SIMPLY ENABLE PASS-THROUGH with a minimum of services and settings.  That way, there’s a clear line of responsibility from them to me.  More importantly, TM can provide 100% of what I need at extremely low cost, and high reliability.

If they are going to maintain all the settings of my network, then they will very often need to send a networking expert out, since I generally have at least one device that isn’t working properly.  Then sometimes the problem is setup, firmware on the device OR the WiFi, or physical cable, or sometimes it is my router setup.  Someone that has that capability to straighten out all my networking problems is going to cost TM at least $50 PER call, and most often, it will NOT be their problem.  In short, they’d be crazy to even want to try to provide that level of service.  NO internet provider that I know of today, provides that kind of service.

I’ve never had any need to even try to log into my Spectrum Modem.  Why would I ever need to??  regardless of what the problem is, assuming it is getting 115 VAC, a tech MUST come out to do the repairs to either the cable or a modem replacement.  The ONLY thing Spectrum ever has to do, is to read the logs, which tell them how many times it rebooted, what the signal level and bandwidth is now, and the history.  They can also see if it has DNS, DHCP to the first device, and even if it is connected properly to my hardware.  Then, they might send a tech out.  Most often they replace connectors on the cables, inside or outside my house, or sometimes the cable modem itself.  But, ALL of that troubleshooting is INSIDE the modem.  My only involvement might be to reboot it via power down, and to make sure it is still getting power.   If there’s ANY OTHER network problem, it is MY SOLE responsibility and labor.

Userlevel 1

The t-mobile gateway is just a pass through device that connects to my mesh router setup by hard wire.  Connected to that, I have a hub for 1 Pc and 1 printer and wifi to 1 other printer, a photo scanner, a laptop, 2 ipads, 3 iphones, 2 smart tvs streaming multiple services, 3 echo devices, and several appliances.  We can be streaming on both tvs and using both ipads with no service issues.  I will say it depends on how close  you are to a tower.  We are about 2 miles away, line of sight.  I do not know the full details of your network, but it may be more than the t-mobile gateway was designed to handle.

Userlevel 2

OK -- Sounds good, but let me ask to confirm a few things:

-- I’m assuming then that your mesh router is providing the DHCP so that is the device that is handing out the IP’s?  This is critical, since it was at least reported that the DHCP was limited to 20 dynamic IP’s internally.  I assume then also, you are at least ignoring their WiFi and using only yours.

-- Someone else mentioned that it did NOT support IPv6 properly. Going forward this will be more of an issue than it is today.

-- Double NAT -- There are a few people I’ve heard that had significant issues, since this caused some services to be rerouted

-- Static IP’s and port forwarding -- There are many reasons and situations where this is critical.  For instance, I’ve got some very old devices that I need to reach on demand, some from outside my network, on the internet.  If I can’t predetermine the IP’s for these devices, AND specify which ports and traffic is routed to them, then these devices will not work, or will be randomly unavailable.

-- Bridge Mode -- The reports that I heard that originally caused me to ask / report these issues, is that they said it would NOT support bridge mode.  This means that their device must first be configured, and then if you are “lucky” or brilliant, you can force your router to UN-do the TM router, and then apply it’s own settings.   

-- How do you overcome the requirement for bridge mode?  I know in the past with several home WiFi routers that wanted to add their own NAT, DNS, and DHCP, if you didn’t disable DHCP, DNS and enforce bridge mode, you just couldn’t get your devices working properly, nor could you get these devices all on the same subnet.

Each problem I mentioned above have caused a lot of work to overcome at some point, which is why once you get everything set up, you really do not want to make any changes to your network.  Some problems are just virtually impossible to easily overcome.  Even today, I’ve got an old “WiFi CELL SPOT” with T-Mobile firmware.  It’s a fine WiFi as long as I only use bridge mode, do not use their firewall, NAT, DNS, DHCP etc.  But, that firmware will NEVER EVER be updated by T-Mobile and the hardware vendor, NetGear.  But then, since they support BRIDGE mode, there’s no problem, either.

REALLY, let me know, or someone else can report these issues.  The only reason I’m writing this is that I WANT to see this working easily and reliably.    


Userlevel 5
Badge +5

464XLAT/CGNAT topology breaks all the use cases people are citing when asking for this change.

This approach, by design, is not there to provide typical dual stack functionality.  It basically cannot do it without specific care taken for additional translation/preservation of details needed to provide the desired NAT functionality.


Makes bridge mode/port forward options irrelevant  because it breaks everything in higher layers.


Even the older Askey LTE only model that provides most every typical router functionality (sans bridge mode) cannot resolve the issues.  Not even the DMZ option would resolve things properly.


Unsolicited inbound traffic is filtered/blocked at a higher layer, so packets never even make it to the modem in the first place.


Search on the terms bridge mode or port forward.  You will get a LOT of hits dating back a year or longer about this problem.


There have been hints/rumors/hearsay that changes to their stack MAY eventually come that could resolve issues, but nothing has been officially stated.


Until such time, about the only thing people can do is pay extra for third party workarounds, like perhaps a VPN service that supports P2P properly enough to allow you to assign specific ports to forward through that VPN.

Userlevel 2

Then, my only question is this:  What does it take to equal the capability and setup parameters that my Spectrum Cable Modem / Router has? 


AFAIK, these modems I am using in several locations that I support are pure plug and play.  I could simply move my whole network to another city another cable modem with a similar set up and the only changes would be the IP and other Gateway settings for that one connection to the first device, which is MY firewall, INSIDE my LAN. 

Userlevel 5
Badge +5

I run my Asus off the Askey just like I did my Netgear modem when I was on Spectrum... auto Config options for the WAN and all picked things up just fine.

Even IPv6 Passthrough seems to work... somewhat.  At least my phone uses it fairly consistently.  Windoze stuff can be kinda squirrely when it comes to IPv6.

Our market got 5g up after the shortage hit for the Nokia modems, so we are still on the Askey LTE boxes.  Even while connecting things directly to their modem by wire or wifi, DMZ and port forwarding (via UPnP or manual rules) would NOT get around that double-NAT behavior.

That box's wifi is pretty lackluster though, so I disabled it and use my Asus instead.  Other than that, my network "worked" out the box just like it did on my Netgear did with Spectrum as far as getting the uplink to the internet.  Only caveat is the whole XLAT/CGNAT mess that breaks P2P and the like.


No changes were needed for my local network, since everything was already looking to my Asus as their gateway for DHCP and such.  I literally could just run the Asus to the TMO LAN 1 and reboot it to resolve things via DHCP.  I just went the extra bit to change the TMO subnet to match my Spectrum numbers and password so my existing shortcuts would work. We can actually turn off their firewall and all... basically making it behave as a dumb passthrough (just not an actual bridge mode).  But it makes no difference because of the screwy crud they are doing on the upper layers.


No matter how configured the Askey while wired directly to the TMO LAN 2, I couldn't get a fully open NAT for the PS4.  Best was NAT2, and things were just still broken because of TMO's topology.  Even using DMZ made no difference.  So I put it back on my Asus and just run their modem as a dumb device, basically.  So everything is still managed by my Asus, just as it was with Spectrum.

No matter what you do, things will still actually behave as a double-NAT scenario because of that xlat/CGN crud they are doing.

Dug around and figured out I could likely fix that with Windscribe VPN running on my Asus.  But even on annual plans, setting up their cheaper data center option to get a more static IP and up to 10 ports forwarded, it would be about the same cost after haggling with Spectrum for a discount each year.

If I get to the point I NEED that full functionality again, I will likely just flip back to Spectrum at that point IF TMO hasn't fixed their networks.  The extra cost won't bother me as much since it will also give me the benefit of better routing to reduce pings.

But for now... streaming and playing casually on the PS4... I am sticking with the cheaper TMO option to give Spectrum the 1-fingered salute for a while.



Userlevel 2

Sometimes I’m sorry I brought up a specific point or question.  “NAT” as I knew and defined it is obviously implemented simply, but only in simple implementations.  I searched for the terms, “XLAT/CGNAT” that you used, and learned I didn’t have a clue what’s going on in designing carrier level internet services.

First, I found an “old” 2016 Cisco article that clued me in on how little I knew:

It turns out, TMO, starting from scratch is solving several problems that now face all providers.  One of them is the dearth and cost of carrier IP ranges.  According to this article, everyone eventually will be using these types of technology.  So, NAT as I knew it will no longer exist.  Similarly, although I love my hard drive based DVR since the days of Replay TV, it is a dead technology that will quickly be eliminated.  [At least I resisted long enough that skipping commercials while streaming became a real issue that had to be solved, or endured, rather than ignored.

The issue I guess I need to resolve is not the specific implementation TMO has today.  The criteria for how great will be determined simply by how committed TMO is to winning this market, and do they have the technical excellence to solve whatever issues arise while they get there.  Sure, it will have rough patches, but if they are committed, they will win.  If not, someone else will.

Picking the right company and technology is not a trivial exercise, and the stakes for a consumer are sometimes huge.  Legere’s office himself saved my butt years ago before he was at TMO.  He was around when ATT came up with the brilliant idea of merging landline divisions with a cell company.  The result??  My first bill went from $60 to $1,200 in one month, and they only saw I hadn’t paid.  No proof that I didn’t owe, and had paid any bills could convince them to keep my cell phone on.  Why??  the merger forbid one company from accessing ANY of the billing records from the other.  So, when some moron merged the databases, some companies that owed millions, only had to pay my $60 bill.  IOW, it was so screwed up, no one could sort it out.  Legere’s office saw it all, and at least would overrule the turn off orders immediately.  After a year, I got a full refund for the year.  I suspect experiences of stupidity like that is why and how he shook up not just TMO, but the whole cell industry.  In short, I bet big on him and his management about 15 years ago, and I’m happy to say it was the best decision I could have made.  I will be interested to see if TMO can fix and control everyone from Sprint, or horrible practices of Sprint will win, and ruin both companies.

Thanks for your detailed analysis, and it sounds to me like ALL next gen modems, including from the cable companies, must have the type of control built into them to build out a carrier based internet provider.  IOW, these design decisions are not accidentally created problems.  They are simply artifacts of the newer technology that we must all adapt to in the future, and eventually, it will work extremely well. 

Isn’t TMO the only company that implemented using all the existing Wifi bandwidth for phone service??  THAT was revolutionary, and innovative solution that had huge benefits from both a technical and a business perspective.  Other companies either didn’t follow, or did so slowly. 




Userlevel 3
Badge +2

Bridge mode, double NAT and all the rest has been talked about her ad nauseum. We all know it sucks and T-Mobile is fully aware of our frustration. Just about every week a new user comes here to complain. The can is dumbed-down for sure. Designed for the non-technical plug and play.

For me it’s an irritant but not worth staying with Spectrum. Not even close. Their constant price increases are offensive. Would never consider going back to that company. 

For $50 a month I get great speed, better than Spectrum was and reliable service. I’m in Dallas so I’m sure that helps. I’ve found workarounds for the port forwarding and the rest. Hopefully these limitations are temporary.

I just ordered the 5G home Internet hoping I too would be able to dump Spectrum. From the great information above, particularly regarding carrier grade NAT, I see I would have to totally revamp how I think about “internet facing” when it comes to my Pfsense WAN interface. I’ve depended on having a public IP on that box for IPSec purposes as well as some port forwarding. This will be a long and tricky road to finding ways that I can satisfy all my needs around this new architecture. This is especially the case since we (the customer) have no power in the upper layers. I hate working on my home internet because of this. Once you’ve been spoiled in the professional networking world where you can control everything from the public facing BGP routes of a company to a local workstation’s RFC1918 address, it sucks to get stuck back into the “consumer” box. It sure would be nice to have that kind of power with my own home internet! I guess we’re just going to have to collect our knowledge and work together to find new ways of accomplishing our goals within the bounds of new carrier tech which we cannot control. :pensive:

Userlevel 2

I’ve done the research now, and have concluded that this is definitely not ready for prime time.  Not only that, but I’ve concluded that TM is sadly only going to cater to low end users.  IF TM is going to go after networking and the ISP market, then it will fail unless it is also fully supports the “business office environment”.  Where is that located today??  Most employees’ offices are no longer in an office building.  Call their office, and you’ll find that it is really located in their home, and not down a long hallway.

Call most business’s main office number, and instead of a PBX, you will most often reach that person’s cell phone-- their PERSONAL cell phone.  Businesses are moving most all their workers to work offsite, and much of that “branch office”, is really at the employee’s home. or where ever they happen to be at that time.  So, if our cell phones are now acting in the role of the extension at my office, it is ALSO my business phone. 

What about the “company LAN” or our shared apps, shared data, and security?  That too is being replaced in teh cloud so it will increasingly not matter, where the physical office is located.  Google WorkSpace which we use as a small company, is also now scaled up to handle thousands of employees.  So, now our “company network” is not behind a firewall as it was years ago.  The engineers at Google really do know what they are doing for enterprise customers.  We had to migrate our “network instance” to a large company, and that only took our IT staffs an hour, with Google’s help to implement the transfer.

Recently, I had to work with troubleshooting significant problems with a 5 year old ARRIS cable modem, remotely from 100 miles away.  THIS IS a “consumer product”, and I’m going to reverse my stance and say that most all vendors that are providing services for consumers and companies ARE providing FULLY ALL the features for both styles of customers.  It’s the only strategy that makes sense.  And, instead of less capabilities, there are significantly more options and capabilities in all the new modems.  They are all ready and capable, and designed specifically so the identical hardware can front end a $20,000 Cisco router, or my XBox and Roku.  And in today’s market, TM is planning on eliminating “business use”??  Most homes ARE GOING to be all types -- SOHO, SMB and enterprise offices, as well as homes.  Those that are not, will become fewer and fewer.  

Even though this ARRIS device I was troubleshooting appeared to be defective, from the consumer’s side I was able to use their PC to configure more than most commercial routers, and this was as it designed over five years ago.  Likewise, many of the detailed logs are available to the users and even more detailed logs and configurations are available to Spectrum, remotely.  I found their support engineers, and we could both work on that device together, remotely.  We both could see that in the past week, this was going on and offline about every two minutes.  We also determined that the problem was likely the wiring, and not the modem.  No guessing in the dark, the on-site techs had to rewire a fair amount of connectors, both inside and outside the house.  Then, perfect internet

At this point, I really can’t justify wasting my time redoing things another way, just because TM is too stubborn to provide a device that could be used in business OR home use.  You can always hide features, but you sure can’t add them if they don’t exist.   ADD PASS THROUGH and BRIDGE MODE!

I have a number of calls from the “business reps” at TM.  Here’s some of the things I will report:  When providing a new service or new hardware, you are choosing to not only cripple the devices as you’ve done with the modem, but you’ve also chosen to not even allow pass-through to work.  That means that your new devices and services are specifically designed so that they can’t possibly work in a business environment.  Even your old obsolete “Cell Spot Wifi Router” designed by NetGear, had bridge mode where I could use it as a pass through, or as a Wifi dumb target within a LAN, (which I am still doing today).  You can easily add a UI “dumb mode” for users that might cause more service config problems, and that will keep it simple for them, while providing an advanced mode for regular users. 

I’d also talk to them about TM’s DIGITS initiative.  It too, seems like it had a great start to provide a means for a SOHO business with a cloud based Mini-PBX.  Instead, it appears the product was abandoned… Not only is there no further development, even what they did release, cannot be used.  The Android app hasn’t had an update in years--That said, the app actually stays logged in and mostly works, although synchronization between the app and the phones doesn’t work reliably.  PC’s --- Both the installed DIGITS app, and the web based version of Digits is a joke.  Both log out after 20 minutes, and can only be logged back in with a new text message code, sent to your regular cell phone.  Whoops…  To me, these are rather glaring problems that won’t ever be solved and brought up to business standards.  

I was really bullish on TM providing inexpensive ISP services.  but someone that is a strategist must get involved or TM will fail, and us users with them.  I’ll have to stay with Spectrum for now, even if it costs more $$.  Overall with my time, it is a much better and less costly.

I agree with what you’re saying. Work from home/remote is becoming a standard, for better or for worse, and we’re already running into issues with that. This is particularly the case with some users in the sticks who want to work off of Hughes Net satellite internet. To state the obvious: most of them end up coming on-site in the end lol

I will likely end up back with Spectrum, at least for some period. The reality for now is that I only need a temporary, cheaper, hold-over until I move here in the next couple of months. I wanted to give Spectrum the middle finger as long as possible due to price gouging since they’re the only “Real” ISP that can service over 50mpbs to my current address. Hopefully the other ISP in my area will have fiber availability to my new condo here soon and I can pit them against each other finally.

Userlevel 2

Y--- Evidently, the fiber person that was in charge of “Fi”? at Google moved over to TuCows, and they are intending to go after that market.  I was studying TuCows, who got heavily into the domain name business, and has bought several companies in that space.  If you remember, they were hosting most every applications in the world many years ago.   They could become a force.  He’s been fighting against Network Solutions’ horrible business practices for years.  (SEE their Wikipedia article to read about just how bad they have been and still are.)  This cancel Culture must stop, and he may be a force that accelerates that effort.  (NWS and separately, GoDaddy have already decided that some companies should not exist, and ERASED them from the internet.)  I’d strongly suggest a boycott of any company that practices cancelling anyone for other than really heinous reasons.  If not, eventually they will come to erase you too, and in the mean time, you will have lost freedom of choice and speech.

It would be nice to have some new entrants into that market.   Elon Musk is also talking about putting up a ton of small satellites to provide cell and internet service, worldwide.  Just watch, to say that these leaders of today, Amazon, FB, Twit, Google et al can’t be replaced hasn’t been in the computer business for “very long”.  Eventually, they too (most of them), will disappear as well, for hurting their customers, lousy products, or overpriced bunk.  Replace NASA?  Sure, that’s impossible.  Disrupters rule, at least the great ones will, eventually.


Bridge mode, double NAT and all the rest has been talked about her ad nauseum. We all know it sucks and T-Mobile is fully aware of our frustration. Just about every week a new user comes here to complain. The can is dumbed-down for sure. Designed for the non-technical plug and play.

For me it’s an irritant but not worth staying with Spectrum. Not even close. Their constant price increases are offensive. Would never consider going back to that company. 

For $50 a month I get great speed, better than Spectrum was and reliable service. I’m in Dallas so I’m sure that helps. I’ve found workarounds for the port forwarding and the rest. Hopefully these limitations are temporary.

I agree with everything you’ve said.  Double NAT isn’t ideal, but it’s what we have to live with in today’s IPV4 world.  I’m also in Dallas with great speeds (320/45 or thereabout).  Can’t complain for $50.

I’m hanging an ASUS router off of the 5g gateway and am not seeing any problems. Including playing online game.  Haven't seen it here yet but 1 possible work around is a VPN.  VPN services can be had pretty cheap.  I specifically bought the router that could support a VPN client.

To the average TMHI customer, double NAT is not going to be required. Most users will put the trashcan up, take down their old ISP provided combo modem / router device and run the same way they did with their previous ISP.  Hell, most home internet users don’t even have the motivation to change the Wi-Fi password provided by the ISP installer when their home internet was originally setup. They just write down the 20 character complex password and stick it to the refrigerator with a magnet. When visitors need internet access, they just give them the password. 

As for me, I am an IT professional, and I do work from a home office, but I have no need for port forwarding. However, I do want to manage my DHCP / DNS, and have an isolated guest network. To do so, I have do use double NAT. I have no problem with that. The performance of my TMHI is still better than what i was getting form Spectrum, for 20% less cost. Couple that with the fact that I am unlikely to see a yearly price increase as long as I stay on my existing plan, and it is a win-win. Now, I may be the exception in the IT world, and the fact that I am close enough to a tower to get high through-put has probably influenced my decision.

For those who have a complex setup requiring port forwarding and D-DNS, this setup is probably not for you. I mean, you probably would not run your home network off of a cell phone either. The tech is basically the same. There are limitations with cellular service that just cannot be overcome.

Just realize, that for 90% of T-Mobile Internet customers, this system, as it is, will be more than adequate.


When I was complaining recently to TMo support that without Port Forwarding and support for Port 6767 I could not use the IP Phone system I had just installed the Rep told me there is a new, second generation router to be released in the first or second quarter of 2022 and that she believed it would allow Port Forwarding.  So I am waiting and checking the media for announcements of the new router.  I am also going to see if Verizon Wireless is serving my market and if they can meet my needs.

I just found this information regarding the soon-to-be released new T-Mobile modem…..

I just found this information regarding the soon-to-be released new T-Mobile modem…..

Just as useless unfortunately… no bridge mode, uPnP, DMZ, or port forwarding. You can separate wifi into 2 SSID (2.4 and 5Ghz) and change the SSID and passwords, but that’s quite literally the extent of it.

Was not able to plug into my existing router without jumping through hoops.