I can't get port forwarding to work on my Vigor 2620Ln using LTE. My mobile provider has only a few TCP ports which are available for port forwarding (500 and 2222-2231) which I've had no problem using when I was using their own Huawei B315 router with their branded firmware, but now when I try and do the same using the 2620Ln it doesn't work. I also cannot access the 2620Ln management interface from the internet either. It seems that incoming connections are not getting through using the 2620Ln.

When I set up the Dynamic DNS account on the router I had two options to determine WAN IP, either WAN IP or Internet IP. These IP addresses are different and neither seems to work with the port redirection. Is there something I need to do with internal routing or something to get the incoming connections working, perhaps between the WAN IP and Internet IP?

I've used many different Vigor routers in the past for port forwarding without issues but these are all connected to FTTC or building fibre internet connections which don't seem to have different WAN IP and Internet IPs.

Could there be a firewall setting that is blocking connections? I haven't changed any of the default settings in the router and I couldn't see anything obvious that out be doing anything to hinder connections.

I wonder if I should try a different mobile provider? Could the custom firmware in the Huawei B315 have been doing something non-standard to make port forwarding work?

Obviously, there is no issue with outgoing connections, I can connect to web sites, email, etc.

I forgot to add that trying to use L2TP VPN in the router also doesn't work via LTE.

OK I've just realised the WAN IP issued by the mobile provider is a private IP address (currently 10.172.67.232, but it changes frequently) so for the DDNS setting I obviously need to choose Internet IP which shows a public IP address but I still have the problem of getting ports open in the router.

So I'm thinking do I need to do something with the static routes section in the router to route the data from the private IP address to the public one?

I seem to remember the limited number of open ports available on the mobile network was due to the mobile provider having a limited number of public IPv4 addresses and using NAT within their network to share IP addresses, but I can't get my head around how that would help since everyone gets issued a public IP address with the same few ports available for port forwarding.

Until I can get this issue fixed I've gone back to using the Huawei B315 supplied by the network but it crashes reasonably frequently and as it's in a remote location it's highly inconvient.

timo_w2s wrote:
I obviously need to choose Internet IP which shows a public IP address

Does that match an outbound connection to https://whatsmyip.net ?

So I'm thinking do I need to do something with the static routes section in the router to route the data from the private IP address to the public one?

An interesting idea - using Routing could potentially avoid double-NATing...I'm not sure that you can stop the Vigor from NATing though (except, perhaps by having that 10. address specified for the 'IP Routed' sub-net?)

What's the actually issue with 'opening the ports'? (Are you using Port Redirection, Open Ports, or DMZ Host?)

...but I can't get my head around how that would help since everyone gets issued a public IP address with the same few ports available for port forwarding.

I assume to make this scheme work, they have to allocate a few different ports to each user. Since none of the port numbers will be 'well-known', presumably this scheme can't be used to implement Mail Servers and the like. A Web Server interface would be do-able, but only if the client knew the port number.

This isn't exactly my specialist subject, but I'm supposed to be tiling the bathroom - anything to get out of that :lol:

hornbyp wrote:
Does that match an outbound connection to https://whatsmyip.net ?

Yes.

hornbyp wrote:
An interesting idea - using Routing could potentially avoid double-NATing...I'm not sure that you can stop the Vigor from NATing though (except, perhaps by having that 10. address specified for the 'IP Routed' sub-net?)

Yeah I've never needed to do any routing issues as everything has just worked in the past with other routers so I really don't know anything about it or where to begin.

I'm guessing the ISP's own router with custom firmware is doing something non standard in the background when I set up port forwarding.

hornbyp wrote:
What's the actually issue with 'opening the ports'? (Are you using Port Redirection, Open Ports, or DMZ Host?)

No inbound initiated connections work. I can't view the Vigor control panel from the internet even if I say to enable it for access via the internet, I can't set up VPN within the router, and I can't host any servers within my home network using port forwarding.

hornbyp wrote:
I assume to make this scheme work, they have to allocate a few different ports to each user. Since none of the port numbers will be 'well-known', presumably this scheme can't be used to implement Mail Servers and the like. A Web Server interface would be do-able, but only if the client knew the port number.

But that's the weird thing, everyone is assigned the same limited port numbers. They are not personalised in any way as the information on which ports can be opened are on the support pages of the ISP's website and in various discussion topics. I would understand if we all got assigned our own set of unique ports, but we all use the same ones. I use the ports to run a few web cameras at a remote location and it's worked very well for five years (except the times when the router crashes or dies completely!).

hornbyp wrote:
This isn't exactly my specialist subject, but I'm supposed to be tiling the bathroom - anything to get out of that :lol:

:mrgreen:

After Christmas I'm planning on trying another mobile provider to see if the port issue is the same. I'm a little more hopeful with the new ISP as they provide SIM cards meant for devices like web cameras and they say they have public IPv4 addresses specifically for running services off (no mention of any port restrictions). The downside with this service is the download speed is limited to a max of 0.5Mbit/s but the upload is up to 5Mbit/s which should be OK for video streaming.

This intrigued me, so I did a bit of a Google Search

There's really only one hit for that strange TCP port range: https://tuki.dna.fi/org/dna-en/d/opening-port/ - which I'm guessing is not who you're using (though it might be a related company).

Just reading down the list of messages posted, I noticed one, which said (to paraphrase) "You have to have subscribed to the public IP service AND changed the APN in use by the modem to match". Given that you had your service working previously, maybe that's the missing ingredient?

It could be that using a different APN, gives the 2620 a real-world IP address, rather than that 10.x.x.x address.