FlightAware Discussions

WAN access

Got a pi 4 that has been going ok with piaware for a while. I have intentions of relocating it to a remote site. I have a 4G wireless device to connect to the net. Trouble is that no matter what I do I cant access the pi over the WAN.

I can browse to the 4G device from the WAN that the Pi is connected to via wifi. I cant see the pi from the WAN but it is online and reporting. I have placed it in the DMZ so in theory it should be visible.

What am I missing here?How should I be connecting to the pi? Just to be able to SSH would be great. To see the traffic a bonus.

Never mind. looks like the carrier is blocking the ports. Not a lot I can do about it except buy a new sim

I have a similar problem where the Pi is on cellular network.

The phone company used CGnat which is effectively a double NAT.

I have a Pi 3 set up with TeamViewer which will give me access to a GUI on the Pi where I can see both the radar and SSH into the Pi.

I’ll be testing the double NAT in the next few days.

S

Have you looked at zerotier?

1 Like

would https://www.dataplicity.com/ help you out? It will give your pi a web address and ssh access. Simple install and I use it on my piaware for wlan access.

In my router I map an arbitrary external WAN port to the pi on my internal network. Then I connect can from anywhere regardless of an ISPs port blocking.

For this needed Hamachi

What router do you use? The Actiontec provided by my ISP supports port forwarding, but only to the same port number - for example, I can set it up to forward port 22 to my Pi for SSH (I don’t, but I could), but I can’t set it up to forward an arbitrary external port, say 10222 to port 22 on my Pi.

It’s kind of a pain for me because I am already forwarding services from other servers - port 80, 8080, and 443 are already in use - so I would need to set up nonstandard ports on my Pi to be able to access it remotely. Life would be a lot easier for me if I could just find a VDSL2 modem/router that supports arbitrary port forwarding.

My router is provided by my ISP, Spectrum aka Charter. It is a Sagemcom F@st 5260. Virtually every router has the ability to forward an incoming WAN port to a different LAN port.

When setting up port forwarding define a service with TCP protocol add the external host (wildcard), external port, internal host and internal port. Note that WAN port assignments must be unique but LAN port assignments are only unique for a given IP address as shown in the set of forwarding rules posted below.

Here is how I define a rule.

Here is the first page of my rule set.

Like it was already recommended above, install ZeroTier on all the devices that you want to be in the same virtual network.
It doesn’t need any port forwarding efforts.

I have it installed on Windows, Linux x86, Linux on Pi , Android phones… all in the same virtual network that I control.

This is exactly what I want to do. I understand the process, but my router doesn’t support forwarding to a different port. See my interface and some of my rules:

Mine is an Actiontec from CenturyLink for my DSL service. No Cable where I am .

If remote access to your pi’s is essential, I suggest that you connect an inexpensive router on your LAN between the Actiontec and your devices.

Can you not define a remote port if you choose the “Define ip Address” option instead of “All ip Addresses” in section 4 ?

“Essential” is a strong word. “Desire” would be a lot more accurate. I could go the router route (see what i did there?), but then I would have to reconfigure my Actiontec as a bridge, and that introduces new complications.

I could also port-forward all ports to an internal router which would then be able to handle my needs, but then I would be double-NATing all of my traffic, which doesn’t seem very efficient. I suppose I could just double-NAT the Pi connections, but again, it’s not very elegant.

The point is that I know how to do what I need to do - it’s just that my current router doesn’t allow that level of granularity. That was why I asked the router model in the original question - rather than asking how to do port forwarding.

Unfortunately, no. That defines a source IP for the connection - i.e. "forward a connection on port 22 to internal IP 192.168.0.x, but only if the request comes from 205.103.99.65 (those are made up IPs and I don’t know what they connect to

Is there no option though to select a port in that section? If there is, then setting the Source IP to 0.0.0.0 will be the same as accept from any IP.