I am currently living with my parents and we have just started an Internet contract with a 5G wireless company.

The issue is the MFND settings are behind a password and likely not allowed access by the ISP. Even if they weren’t doing port forwarding on 5G likely isn’t possible because of CGNAT. I think I can use cloudflare tunnels or tailscale to get around this, and not many things need to be directly accessible from the Internet.

The more annoying thing is that setting DHCP reservations likely isn’t possible without getting access to the settings. It’s going to make setting up static IPs difficult too.

Before anyone asks fixed line Internet almost certainly isn’t practical in this area. Getting our own modem while possible is more expensive and potentially difficult, and would mean cancelling the contract.

Is there a reasonable way to work around these issues?

Any help or advice would be appreciated.

  • dudeami0@lemmy.dudeami.win
    link
    fedilink
    English
    arrow-up
    12
    ·
    8 months ago

    I use my own router with DD-WRT in-between the ISPs router/modem and my LAN, and use a different subnet. I haven’t had any issues with this myself, and my router just sees the ISP router/modem as the WAN.

    • i_am_not_a_robot@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      5
      ·
      8 months ago

      Normally this is bad advice, but if you already have CGNAT you’d be going from double NAT to triple NAT and it probably won’t make anything worse. At least it shouldn’t make things worse for IPv4. If you have 5G internet with CGNAT there’s no excuse for your ISP not giving you proper IPv6. Putting a second router between will complicate your IPv6 setup.

      There are some tricks you can do for IPv4 in the precense of hostile DHCP servers. Serious OSes should allow you to configure a second IP address on the same physical interface, so you could have a dynamic 192.168.0.x assigned by the ISP’s DHCP server and a static 192.168.1.y assigned statically by you, and then you should be able to set up an additional route table entry to access 192.168.1.0/24 using the source address 192.168.1.y. As long as the ethernet/wifi switching between devices doesn’t filter ARP packets based on IP subnet, you should be able to communicate between your machines using fixed IPs on the second subnet.

      • BombOmOm@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Unlikely. The main issue comes with port forwarding, but you are locked out from doing that already. I say go for the triple NAT, put your own router after the ISP’s modem and then you have full control of your LAN.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 months ago

    Do you even need reservations? You can also just set a static IP on the computer and it should be fine. Most DHCP servers test the IP before handing it out just in case.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      3
      ·
      8 months ago

      That is bad practice as if the machine is powered off for any period of time you may get a different device with the same IP.

      • IsoKiero@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Most, but not all, do. So it might be as simple as setting a static address, or it may overlap in the future.

        You could ask from ISP (or try it out yourself) if you can use some addresses outside of DHCP pool, my ISP router had /24 subnet with .0.1 as gateway but DHCP pool started from .0.101 so there would’ve been plenty of addresses to use. Mine had a ‘end user’ account too from wehere I could’ve changed LAN IP’s, SSID and other basic stuff, but I replaced the whole thing with my own.

        • areyouevenreal@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          Yeah, I did try and find out from them what the DHCP range is. Unfortunately didn’t have any luck.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      That is bad practice as if the machine is powered off for any period of time you may get a different device with the same IP.

  • Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    8 months ago

    In this scenario you could just get your own firewall to serve as an NAT gateway and connect its WAN port to the LAN side of your ISP’s gateway. You’d then have your own LAN you can do whatever you want on. The ISP’s device would provide the WAN IP to your gateway via DHCP, but that DHCP wouldn’t work through your gateway. You’d just make sure your new internal LAN(s) subnet is different from the one that exists between your firewall and your ISP’s gateway. The only problems this would cause in your scenario are because there’s now double the NAT going on, but if you’re already dealing with CGNAT then you’d already have those same problems.

    Outbound traffic should all work just fine, and your ISP’s device would no longer have access to your LAN.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    8 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CGNAT Carrier-Grade NAT
    IP Internet Protocol
    NAT Network Address Translation
    VPS Virtual Private Server (opposed to shared hosting)

    4 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

    [Thread #571 for this sub, first seen 4th Mar 2024, 18:45] [FAQ] [Full list] [Contact] [Source code]

  • rambos@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Afaik tailscale will work with CGNAT and you can get your own router to sort out DHCP (or just pihole on your server?). Others can probably provide better answer

      • rambos@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        Honestly I think someone else should answer this, but I believe you can just use different IP range (example 192.168.0.x on ISP device and 192.168.1.x on new router). Reading other comment it looks like its not the best idea, but we have that kind of setup in office and it works fine. There is no selfhosting involved tho

  • cron@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Maybe call your provider and ask them? Sometimes they hide settings in the user UI but can easily disable DHCP for you.

    Another option that is sometimes offered by the provider is another, more capable router model. This might cost a little more.

    • areyouevenreal@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      It’s not a lack of settings on the router. It’s that I can’t login to the router because only they have the password. I will double check but it’s not in the normal place on the router, and it wasn’t included in the paperwork.

      I did the research on the company, and both routers seem to have roughly the same capability. They are selected seemingly at random for the package I am on.

        • areyouevenreal@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          8 months ago

          Not an option. Costs too much, and my family have already agreed to this provider. It would mean sending their device back. Then there is the risk we get a device and it doesn’t work, which already happened once.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    8 months ago

    First off get your own router. You can pickup a device capable of running OpenWRT from Walmart, Bestbuy or most other stores.

    Once that’s done you will have way more control. For remote access I would use Netbird and if you need to expose services use a VPS and wireguard.

    • areyouevenreal@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      8 months ago

      I already have a router from another house. Not helpful given it doesn’t have 5G. Also walmart? I am not an American lol.

      So what this would actually mean, is cancelling a 24 month contract, buying two devices, one a 5G modem, and another to run OpenWRT, for well over £300. Shipping the other device back to the ISP. All with no guarantee any of it will work, given my experience with buying cellular modems previously. This would take probably 1 week plus, and cause more disruption to my parents after having already moved house and one of them being in hospital. That’s not taking into account anything that goes wrong with using OpenWRT, which is any number of things given it’s unofficial firmware that I have no previous experience with.

      Yeah no that’s not going to happen. They aren’t going to go for that and honestly I don’t blame them that’s a horrible deal, even if I pay for half the equipment.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        You totally misunderstood. I’m recommending that you keep your current modem and plug a new router into it. That will give you the control you are looking for.

        A new device won’t run you £300. If you are ok with WiFi 5 you can get one for about £50