True Gigatex Fibre Modem restricts LAN-side router ? symptom : no internet

[mtls2005]

Full disclosure: I have not followed the OPs machinations.

 

I've never, ever seen an ISP modem failure here, and that's over 15-ish years (back to the ADSL-icene era), and ~ a hundred customer installs. Yes, I will stipulate that that CPE sometimes fails.

 

Planning everything for such an infrequent occurrence seems, well, eccentric, and not in a good way. Sure, if it's a moon-shot, feel free to over-engineer it, but in the end it's still pron and cat videos.

 

Perhaps there is something unique to your environment (heat, moisture, mains) which cause excessive failures?

 

 

 

 

[sometimewoodworker]

2 hours ago, mtls2005 said:

I've never, ever seen an ISP modem failure here, and that's over 15-ish years (back to the ADSL-icene era), and ~ a hundred customer installs. Yes, I will stipulate that that CPE sometimes fails.

You may not have seen one, however I have had one fail that was replaced. It is the first and only router that I have had that has failed, most of the others I have, about 10, are in use daily and have been going strong for years, one is over 20 years old so routers are rather robust usually.

[ETatBKK]

4 hours ago, mtls2005 said:

Full disclosure: I have not followed the OPs machinations.

 

I've never, ever seen an ISP modem failure here, and that's over 15-ish years (back to the ADSL-icene era), and ~ a hundred customer installs. Yes, I will stipulate that that CPE sometimes fails.

 

Planning everything for such an infrequent occurrence seems, well, eccentric, and not in a good way. Sure, if it's a moon-shot, feel free to over-engineer it, but in the end it's still pron and cat videos.

 

Perhaps there is something unique to your environment (heat, moisture, mains) which cause excessive failures?

 

you are a lucky one ???? within this past 12 months, True replaced their fibre modem / routers 3 times, in different area of failures.

 

the concept is right - keep the ISP equipment as universal as neutral, as a single function of connecting to ISP (WAN IP, WAN gateway, WAN DNS), then keep the LAN side configurations behind on own equipment (DHCP, SWITCH, WLAN, AP) and customised them per application. with LAN configurations on own equipment, even ISP modem / router is sick, I still can reach my NAS, connect to smart home devices and IoTs.

 

3 years ago this Linksys router performed exactly the same functions (own DHCP own wifi behind the ISP modem). I switched it off since True comes with big powerful modem / router, for the sake of better wifi coverage.

 

I expect this is a plug and play as it was 3 years ago, nevertheless this exercise today it seems overly complicated and over engineering as some of you suggested. this is never the intention.

[ETatBKK]

PROBLEM SOLVED !!

 

don't blame True Gigatex modem / router ! it has no problem.

don't blame double DHCP , double DNS ! it is manageable.

 

at the end of the line, the Linksys RE6500 wired extender (bridge mode) is hidden in the cable trunk of the ground floor. while configuration updates and power cycles, it out of sync and cause conflict. now be fixed and the network back on and running hard !

 

THANKS EVERYONE who provides information and supports the troubleshooting !!

[johng]

On 8/15/2021 at 1:14 PM, ETatBKK said:

Router has WAN IP and WAN gateway 100.101.xx.x, and it seems working alright.

How do you connect from outside your own network to your NAS and IoT  devices as you seem to be behind  a CGNAT   100.101.xx.x  IP at the WAN interface  and a different internet facing (public) IP address  ?

 

I'm facing this issue and it seems the only answer short of  paying for a fixed IP or some more expensive business plan  is to  use a VPS  install a reverse proxy on it to bounce/route requests to the VPS's  "proper" public IP address  arrggggggg

 

[ETatBKK]

1 hour ago, johng said:

How do you connect from outside your own network to your NAS and IoT  devices as you seem to be behind  a CGNAT   100.101.xx.x  IP at the WAN interface  and a different internet facing (public) IP address  ?

 

for IoTs, I keep them all local, as they are very vulnerable in terms of security. I don't have a solution yet.

 

for data, my most current data that need to be shared or be collaborated, all on OneDrive. then my WD MyCloud NAS comes with a relay service that could be accessed via web or via app. they are personal data and a photo library, usually I only switch on the cloud access when need.

 

yeah, the fixed IP service is not that budget friendly in Thailand. would Dynamic DNS a solution for your application ?

[johng]

15 hours ago, ETatBKK said:

would Dynamic DNS a solution for your application ?

No  it doesn't work   as the dynamic DNS points to the public IP  which is not the same as the WAN IP   the traffic is NATed again which breaks everything. edit  well it obviously doesn't break everything  but breaks connections to  servers on the "homelan"

Edited August 18, 2021 by johng

[GrandPapillon]

On 8/15/2021 at 9:04 AM, sometimewoodworker said:

Humm

A single private IP range is inherently insecure.

for a home network? hardly more insecure than vulnerabilities in WIFI/ADSL/FO Routers,

 

setting up 2 pools of IPs is not going to protect you more against hackers, that was true maybe 20 years ago, but not anymore, the real vulnerabilities are elsewhere, and you will be affected like anyone else with 2 pools of IPs

 

There is no value running running 2 pools of IPs, even for a small SOHO solution, it's just adding headache to manage. Great for geeks wanting to learn and setting up "dynamic" routes between 2 private networks with an option for a public gw, but that's about it. This is 2021, not 2001.

Edited August 21, 2021 by GrandPapillon

[sometimewoodworker]

1 hour ago, GrandPapillon said:

for a home network? hardly more insecure than vulnerabilities in WIFI/ADSL/FO Routers,

 

setting up 2 pools of IPs is not going to protect you more against hackers, that was true maybe 20 years ago, but not anymore, the real vulnerabilities are elsewhere, and you will be affected like anyone else with 2 pools of IPs

 

There is no value running running 2 pools of IPs, even for a small SOHO solution, it's just adding headache to manage. Great for geeks wanting to learn and setting up "dynamic" routes between 2 private networks with an option for a public gw, but that's about it. This is 2021, not 2001.

Your opinion does not change the real security value of the 3 router setup. That the date is 2021 not 2001, doesn’t change the benefits of that. Keeping IOT devices, that will virtually never have their security holes patched on a separate network is still excellent practice. 
 

The only significant changes are that routers now exist that can maintain separation and exclude those from the network of your main intelligent devices like phones and computers so reducing the number of modems needed.

 

that you like simple dose not make it better. That there are many other ways of being insecure doesn’t make keeping everything from your washing machine & toaster to your NAS and computer on the same network a remotely good idea.

 

 

[GrandPapillon]

that's all being academic, since IoT will broadcast their presence to the "world", hence giving away their IPs address and therefore the subnet attached to it, hence giving routing access to any "sniffer" already present on any of the subnets.

 

no advantage, and it's not an opinion, it's simple facts. If it was so easy to have a secure network with 2 pools of IPs, everyone would have taken that solution long ago, and it was what was done in the late 90s, early 2000s, but now, not making any sense, IPs are the least of your problem for security.

Edited August 21, 2021 by GrandPapillon