Port forwarding O-WRT behind Cellular pppoe modem

boris099 · May 6, 2025, 4:53pm

Problem: Cannot forward ports for my seafile server.
The server sits on OWRT IP 192.168.2.100 and all is working when connected via classic DSL. There I just forward port 443 to that IP address. Sure I use NGINX and DDNS as well.

Now I am testing a new environment with an OWRT router behind a cellular 5G modem.
This a Zyxcel 5G router in PPPoe mode. I deactivated firewall as well even I think when
in PPPoe mode there will be no firewall active, right?
I have installed and activated DDNS in the OWRT router and forwarded port 443 but nothing, no access to the server on .100
What can be wrong?
I have tried to forward 443 in the Zyxel modem as well but no success, tried forwarding to the OWRT WAN IP address, to the local IP, even activated firewall on the Zyxcel - all no success.
Anyone an idea?

frollic · May 6, 2025, 5:39pm

You could be CGNAT:ed.

boris099 · May 6, 2025, 6:33pm

Do you know if o2 Germany is doing CGNAT? I couldn´t really analyze this.

frollic · May 6, 2025, 6:34pm

Compare the wan IP of your Openwrt router to the one shown by some whatsmyip site.

boris099 · May 6, 2025, 6:38pm

Yes I did and this was confusing me therefore I didn´t understand it.
First is t only showed me an IPv6 only no IPv4, later after performing a speedtest
it displayed me an IPv4 and this was complately different to that displayed in the router.

So assumption is - this is CGNAT and this also means no NAS in that environment ...

slh · May 6, 2025, 10:05pm

That more or less confirms a cgNAT situation, but you may still get access over IPv6.

Just in general, (re-)consider if you really need port-forwardings - or if a road-warrior style VPN (wireguard) might solve your problem as well.

sfx2000 · May 7, 2025, 2:24am

More and more - the 5G operators are doing 464XLAT - because it works, not because it's good...

IPv4 lands in 192.168.x.y/24 space, and IPv6 doesn't get a PD, so that's done there...

boris099 · May 7, 2025, 4:07pm

Yes the wireguard solution is the way to go, I agree

I am still in testing mode with that 5G internet, not sure if I will keep that even I am getting 500/50 Mbit I face some slowdowns or interruptions for a few seconds till half a minute.
This is disturbing a lot and isn´t really acceptable.
Just trying to figure out if a cellular lock will solve, but never worked with that so I am trying to understand how that lock functionality is working LTE Lock or 5G lock or both .....

sfx2000 · May 7, 2025, 7:58pm

In my experience with 5G-FWA, dropping MaxMTU size down helps quite a bit because of the PPP overhead - try 1420 and then increase it until...

boris099 · May 8, 2025, 2:58pm

Where to set MTU?
In the Zyxel I don´t think I see the possibility but I also don´t find it in OWRT

Edit: Found it in Interfaces - devices - WAN, right?

sfx2000 · May 8, 2025, 5:14pm

Yep, if that's the interface downstream from the 5G device

boris099 · May 9, 2025, 12:38pm

I played a bit with the MTU settings and coming to the conclusion that the 1492 setting is best. Unfortunately still having these stupid delays better compared to 1500 but still there.

Opening a new topic cause I am interested in testing the router mode instead of the PPPoe mode but this requires some additional settings to avoid double NAT ... and I am not that deep inside how and what to change to avoid trouble if possible