External Sierra Modem/Router: Google WiFi external access

Hello all,

Apologies in advance for my lack of networking knowledge. I hope I can be clear with my questions and that you are patience with my relative naiveté.

We are in a rural area where our only reliable access to the internet involves the use of an external "gray label" (China purchased) modem/router which includes the Sierra 7455 as its modem component. Our net access is with an AT&T LTE sim, actually intended for use with an iPad. Given we're applying use of the sim through un-supported hardware, AT&T tech support will be of no use to us.

The software in use for configuration of our mystery modem/router (which we love, it has proven to be the only reliable solution for low-latency acceptable net access) is OpenWRT. When I log in to the config console, it is displayed as Hostname "Rooter", Model "Atheros AP147-010 reference board", Firmware "GoldenOrb_2018-11-02 / LuCI Master (git-19.140.37900-6afc832)". The Network Status tab shows the modem is the "Sierra Wireless, Incorporated EM7455" and the provider is AT&T. I have physically inspected the modem, it is indeed a Sierra.

The external modem/router is powered by POE and the power supply comes with two ethernet ports, one for POE and the other labeled "LAN". Our Mesh system (Google WiFi) is attached to the LAN port. We connect the GWiFi main router through its LAN port to a switch and the switch feeds the rest of our mesh "pucks" through ethernet backhaul. One of the pucks also has a "dumb" switch attached to it and it is from that switch that the server which serves Plex (more on that below) is attached. Nearly everything on the network is hard-wired with a few exceptions.

My problem is this: As mentioned, we have a Plex server which we like to access when traveling (for movies and TV stored on our server) or even from my office (so I can listen to my personal tunes, also hosted on the Plex server). We also use Alexa to send commands to the Plex server and because of the way in which that skill is configured, Alexa requires the Plex server to be connected to the net and available for public access.

It is the public access which has stopped working. Prior to using the gray-label Sierra modem/router setup, we had Exede by Viasat. That was a royal pain-in-the-butt for many reasons, but I did manage to configure it for external access. With this new setup, I've not been able to do that. There are clearly many options available via configuration through the OpenWRT console GUI, but I am scared to screw it up, so I've only played a little with port forwarding and that has led me nowhere.

What do I need to do in order to expose my Plex Server to the public net? I have read enough to understand that I am probably in a "double NAT" situation, but I'm not sure I really understand the full scope of the meaning and I definitely can't come up with an effective way to deal with it. Is there any hope for us?

Again, as you can probably tell, I am not very well versed in networking practices or lingo... so please be gentle.

Thanks in advance for any help!

Regards,
Rique

The firmware on that router is from an OpenWrt project called ROOter that expands OpenWrt to add support for Cellular Internet using various modems. The current version is named 'Goldenorb'.

The router itself is manufactured by a firm with varying names including DualQ and M2M and is an Qualcomm AP147-010 reference board clone. It uses PCie so your modem must be in an M.2 to PCie adapter.

I developed the firmware for this router so I know quite a bit about it.

You are unable to access your Plex server from outside your network because you do not get a Public IP from your ISP. Instead, you are given a Private IP on the ISP's network.

You can confirm this by looking at Status->Overview in the Network section. The IP Address you see there is the IP assigned to you by the ISP. Look farther down the page to the External IP section and you'll see the IP that the Internet sees for you.

They will be different.

Without a Public IP you can not access your network from the outside as your ISP has you on a private network and controls your Internet access. This is normal for Cellular Internet but obviously wasn't the case for your Sat Internet.

Unless AT&T will give you a Public IP address you will not be able access your network from the outside. They usually charge extra for this if they will do it at all.

People have gotten around this by using a reverse VPN to a server with a public IP but that is a major work to undertake.

Looks like you won't be accessing Plex from outside.

Thanks! So simply enabling "IP Passthrough" in the config settings would have no effect?

And you are correct w.r.t. the IPs the public (EDIT: I mean PRIVATE) IP assigned by the ISP is in the 10.xx.xx.xx range and the private IP (shown when scrolling further down the page, as you said) is in the 192.168.xx.xx range.

EDIT: Also, what about the zone settings for Firewall? No joy there?

I don't have anything to add to this particular topic except to say thank you to @Dairyman for participating in these forums. It is (unfortunately) somewhat uncommon to see the developers from OpenWrt forks/offshoots, especially when it comes to specific device firmware. So thank you for being part of this conversation!!

There is nothing you can do on the router to get around this problem.

Unless the ISP will assign you a Public IP you simply cannot get access to your network from the outside.

Unless you are using a reverse VPN tunnel to a server with a Public IP. This has been done by some people that need access to a remotely located router that doesn't have a Public IP. But it is a major job to do and not for the beginner.

This one of the realities of using Cellular Internet.

The upside is you are more secure since everything must go through your ISP to get to you. Outside access is much harder for hackers.

For the most part I don't post here simply because I have my own forum to look after so there just isn't time. But I do read this everyday.

It would be nice if developers would at least drop in here once in a while and answer question that directly affect their product since they know more about it than anyone.

Dairyman, thanks so much for patiently explaining this. I do have one other question. I actually do know my Public IP and it rarely changes. I realize its optimal to have a static IP and I will definitely look into that. Having said that, since I do know my public IP is there nothing I can do, armed with that info?

The public IP is in the 107.xx.xx.xx range, so I know that it is a public IP.

Am I still stuck or can I put that info to use? Even just for testing purposes? Thanks again for all of the great info.

Doesn't do any good.

That IP will go to the ISP's network and stop there. I have both Internet from Cellular and from a WISP so I can test this from my home.

If I try to ping the External IP of my Cellular it doesn't even respond.Same if I use the private IP assigned by my ISP.

No access at all from outside.

OK, thanks! I guess remote access is out of the question. At least I can still use VPN to get out (access my office). If I couldn't do that, I'd be well and truly screwed.

If it is not too much trouble to share it, you mentioned you have a forum. Can you say how to access that? The reason I ask is because it would be great to learn more about Rooter. There are several of us rural folk with a similar setup and we are rather clueless, collectively. Since I at least have an IT background (I'm a Business Analyst, but networking is definitely not my strong suit) - the others always run to me for help (and then I tend to flounder).

Anyhow, if you could share how I might access your forum, I'd appreciate it. Or else I guess I can just find you here?

Once again, really appreciate the help! You've saved me a lot of time and frustration.

The web site for ROOter is http://www.ofmodemsandmen.com and from there you can go to the forum which is on Whirlpool Australia at https://forums.whirlpool.net.au/thread/3vx1k1r3?p=-1#bottom

People are always welcome there.