Avoiding double NAT on LTE tl-mr6400v1

Hello everyone. I have recently got a game console. I wanted to play online and I got a problem related with double NAT.
As far as I understood this is happening because of my modem/router (tp-link mr6400 v1)

I have already tried DMZ, Upnp, and port fwd, but non of those things were helpful because my ISP didn't provided me a personal IP address.

Booting openwrt allowed me to reach the LTE module of my modem. But I can’t figure out how to set the router in bridge mode. Which should allow me to have only one NAT

In another post I find out I should modify the scripts that OpenWRT uses to bring up QMI/MBIM Intefaces.
After installing the necessary packages I wasn’t able to find the devices cdc-wdm0

I can’t find anything related to the version of my hardware which is v1, only v4 . I don’t think that is going to work since they mount 2 different chip (ath79 vs mt76x8)

I feel like I am going in circles . And I don’t know how to proceed from here. Am I missing something? Do you have any tip? Shall I change router? Change ISP choosing one with public IP? Wouldn't this make me network more exposed ? Change from LTE to fiber glass?

thanks a lot for your support and my apologies if I am misusing some terminology . I just wanted to play not to become a network engineer.

Yes to all.

1 Like

Not convinced single NAT will solve anything, but try to move the LTE modems interface to the LAN zone, and disable the DHCP running on the mr6400.

Most cellular ISPs don't hand out globally routable IPs in the first place, so that would be the first thing to confirm before spending any time on rethinking your network infrastructure/ setup. For that (apart from checking the contract details), you'd have a look at the WAN IP reported by your outer-most router (the 'modem') and compare that to the IPv4 address reported by an external IP checker - if they differ, you're behind your ISP's cgNAT and don't get a public IP in the first place, if they're the same, you can try to streamline your own setup to avoid double NAT.


If I understood you well, you have not a problem of double NAT, but a problem of CG-NAT.

You can solve problems with double NAT (when you use a router with NAT activated behind the router of the ISP with NAT activated) in several ways, by yourself. You can put the ISP router in bridge mode (if it allows that), you can use DMZ or configure static routes in the ISP router to direct traffic for your internal IP network to the router of that network.

But if the problem is cg-nat you can do nothing without the cooperation of your ISP.
The best thing is to get a public IP from it (even a dynamic ip would be better than cg-nat).

If that is not possible, the ISP could create static routes for you, but if it is using cg-nat is because you are sharing the public IP with other users SIMULTANIOUSLY, so probably ISP won't want to do that (as it will forces him to manage that internal private ips and assign different one for its clients). DMZ won't help in that case (as DMZ can only be redirected to one destination, and there may be several users wanting the traffic redirected to them).

So best solution would be to change ISP first.


you are right, I have finally understood that I am behind a cg-NAT. I just got off the phone with my ISP and I will get a public IP.

Let's see how this is going to evolve

1 Like

Great that would be the best solution.

Sharing the IP with other people puts you in danger, if they do something bad that blocks the ip, it will affect you.

With a dynamic IP it can happen too, as you can get a blacklisted IP, but you don't share it with so much people.

Best is your own IP, but that is not allways possible (or using IPv6, but not so easy in some countries).

Here is not easy to get a dedicated IP, I have one dynamic but changes not that often.

With phone numbers is beginning to ocur the same problem: you can get the number of an enterprise that sells things by phone (they change the number often) and you will be blocked by many, many people.