Unable to Access SmartLink Server Using Port Forwarding

Henry Boze

Problem: Port Forwarding Issue

My in-house network set up:

The internal house router is a TP-Link, ER-605, with multiple WAN provider inputs of which I use two. This router provides IP addressing to all of my in-house equipment, including my FlexRadio systems, using other Ubiquiti routers and an Ubiquiti, AmpliFi Alien Wi-Fi unit in “bypass” mode for Wi-Fi distribution. I use two separate ISPs for “Load Balancing” and “Automatic Switchover” in case of an ISP failure.

My two ISP providers are: “Starlink” (LAN) input, which I know does not allow port forwarding, and “All Points Broadband” fiber (WAN/LAN1) input, which does. The TP-Link, ER-605, multi WAN router, allows you to select which WAN input will be used for “Port Forwarding”. I set it up to “Port Forward” through “All Points Broadband”, WAN/LAN1, and it shows up correctly in my router under the “UPnP” configuration, as shown below. The IP address of 192.168.0.129 is my Flex 6600M radio, which is up as a “Permanent” IP address, as is my FlexRadio 6600.

ID: Description: Protocol: Interface: IP Address: Ext Port: Int Port:
1 FlexRadio
SmartLink TLS Port TCP WAN/LAN1 192.168.0.129 21000 4994

2 FlexRadio
SmartLink UDP Port UDP WAN/LAN1 192.168.0.129 22000 4993

I have totally disconnected the “Starlink” ISP from its WAN input on the ER-605 router and only left the “All Points Broadband” WAN/LAN1 port active. When I run a “SmartLink” test from the 6600M it comes back “Red”, not Green. The 6600M radio and the other 6600 are “Registered” correctly.

I have also tried a totally different router (NETGEAR) with using just the “All Points Broadband” fiber as the ISP service provider and connected to the WAN input port, totally eliminating the TP-Link ER-605 router and “Starlink” as the ISP. That router also recognizes the correct TCP and UDP “Port Forwarding” using UPnP, but also fails when executing a “SmartLink” test. It comes back “Red”.

I’m at a total loss as to what might be going on. Has anyone experienced this issue and what I might try to get it to work?

Henry, N4HB
Email: n4hb@arrl.net

Mike-VA3MW

In order for SmartLink to work correctly, it has to connect the same WAN address as the Gateway the outbound data heads out to the SmartLink server.

Saying this another way, imagine calling your friend and asking him what number am I calling from and you need to call me back on the same number. You likely already know this.

The first part is how are you handling the outbound data from clients are your network. Which ISP do they use? This is the WAN port that SmartLink will call you back on.

In order to make this work, you'll have to set up rules so that the radio only uses 1 ISP as a priority. It can't be load balanced as then there is no guarantee which ISP you are on.

I am not sure what All Points Broadband does. Can you explain more?

You are on the correct track by just testing one ISP. You do need to make sure the ISP is not providing you a CGNAT IP address. A CGNAT (Carrier-Grade Network Address Translation) IP address is part of a technology used by Internet Service Providers (ISPs) to extend the life of IPv4 by allowing multiple end devices to share a single IP address.

As we know, IPv4 addresses have become scarce due to the vast number of devices connecting to the internet. CGNAT helps alleviate this issue by assigning private IP addresses to devices within the local network and then mapping them to a single public IP address for internet communications. SmartLink can't correctly resolve a private IP address. Essentially, you are behind another router. This is often the case when the setup looks ok, but it still doesn't work.

Carrier-Grade NAT (CGNAT) often utilizes specific IP address ranges designated for private networks, as defined by RFC 6598. The IP range set aside specifically for CGNAT is:

• 100.64.0.0 to 100.127.255.255

This range encompasses 4,194,304 IPv4 addresses (100.64.0.0/10), specifically earmarked for use in CGNAT setups.

It's important to note that these IP addresses are distinct from other private IP ranges commonly used in home and business networks (such as 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8) because they are specifically allocated for use in CGN environments.

Devices assigned an IP within the 100.64.0.0/10 range are behind a CGNAT system, meaning they share a public IP address with other devices for their external internet connections. This setup can have implications for certain online activities that require unique IP addresses or port forwarding, such as online gaming, peer-to-peer services, and hosting servers.

Henry Boze

Thanks Mike! I'll continue to look into it, but I'm not sure there is anything I can do, given what you just explained.

"All Points Broadband" is a regional ISP type carrier that is connecting areas inside Virginia, mainly rural communities with fiber. If I'm looking at my modem router (TP-Link, model ER605) correctly, it shows that on the "WAN/LAN1" input of my two "WAN" router, they are showing an IP address of 100.67.28.131, with a default Gateway of 100.67.0.1 and a Primary DNS of 64.79.51.246 So, it looks like they may well be behind a CGNAT type system.

When I asked their "technical" support person if they allowed "port forwarding" they said yes, but if they are behind the CGNAT, as you noted, it may not work. Maybe that's why it still would not "port forward" correctly when I switched to a simple, Netgear, modem type router with a single "WAN input", and eliminated Starlink, Load Balancing and Auto Switchover altogether.

I really appreciate your help. I'm about at the end of my knowledge of networking, particularly when they are using tricks like you explained. I'm not sure there is anything I can do at this point, but thanks again!

73,

Henry, N4HB