Netgear 4G modem on WAN port - weird IP address and no internet



  • Hi All,

    I have a Netgear LB2120 4G/LTE modem connected to the WAN port of a Netgate SG-3100 running the latest stable version of pfSense. For additional context, there are two subnets served by the SG-3100: a 10.10.0.0/16 subnet on the OPT interface, and a 10.20.0.0/16 subnet on the LAN interface. All the local networking works totally fine.

    Additionally, when the LB2120 is running the default configuration of NAT it serves a 192.168... address to the WAN port of the SG-3100, as expected, and the internet works no problems.

    However, I would prefer not to run this double-NAT situation so I put the LB2120 into bridged mode so it functions purely as a modem. When I do this it presents a weird IP address to the WAN interface on the SG-3100 of 10.70.... rather than the expected behaviour of the public (internet routable) IP address. As a result, there is no internet access. I have absolutely no idea where it gets that IP address from, as I have never configured the 10.70.0.0/16 subnet anywhere on the router. Making things stranger, when I connect the LB2120 directly to a computer the network interface on the computer does get the correct and expected public IP address and the internet works.

    I have read some threads on the Netgear forum about earlier models of the LB2120 (and LB1120) not working with pfSense because the IP address it provides when in bridge mode provides a netmask of 255.255.255.255 whereas pfSense wants a netmask of 255.255.255.0. However, I can confirm that our LB2120 is running the updated firmware and the netmask provided is indeed 255.255.255.0.

    Even so, I tried using the suggestion here https://community.netgear.com/t5/Mobile-Routers-Hotspots-Modems/LB1120-Bridge-Mode-No-Connectivity/m-p/1403192/highlight/true#M3420 regarding using the supersede modifier on the DHCP settings to force a netmask of 255.255.255.0. But, as I expected, this makes no difference - presumably because the netmask is already that value.

    I'm out of ideas here, any suggestions would be greatly appreciated.



  • Many wireless networks provide only NAT RFC1918 addresses to the customers. Yours could be one of them. This is due to the shortage of IPv4 addresses and there being more mobile devices than IPv4 addresses. The solution is to move to IPv6.


  • LAYER 8 Rebel Alliance

    Here in Germany 4G/LTE is 100% Carrier-grade NAT (CGN) only. 😑

    -Rico



  • Thanks for your replies, but I don't think that's the issue. As mentioned in my question, when the modem (in bridge mode) is connected directly to a laptop the laptop does get a public routable internet address, not a NAT RFC1918 address - indicating that the 4G carrier does indeed provide a true public IP address to clients.



  • Verizon uses Rfc 6598 addressing on everything we have. Even my IPv6 addresses appear to be behind NAT.

    What carrier are you using?

    Have you tried spoofing your MAC address on your WAN page?



  • @mpp-cgs said in Netgear 4G modem on WAN port - weird IP address and no internet:

    As mentioned in my question, when the modem (in bridge mode) is connected directly to a laptop the laptop does get a public routable internet address, not a NAT RFC1918 address

    You said you get an address in the 10.70.0.0/16 range. The entire 10.0.0.0 /8 block is RFC1918. Also, the subnet mask of 255.255.255.255 indicates an address that is used to identify an interface only. It could never be used to directly communicate with another device. That sort of address is typically used in routers and traffic for that address has to be forwarded by the router.



  • @jknott said in Netgear 4G modem on WAN port - weird IP address and no internet:

    You said you get an address in the 10.70.0.0/16 range. The entire 10.0.0.0 /8 block is RFC1918. Also, the subnet mask of 255.255.255.255 indicates an address that is used to identify an interface only. It could never be used to directly communicate with another device. That sort of address is typically used in routers and traffic for that address has to be forwarded by the router.

    Yes, but when that exact same modem is directly plugged into an actual computer the network interface on the computer is given a publicly, internet routable IP address - indicating that our service provider (Vodafone Australia) is not doing carrier-grade NAT and that pfSense is somehow getting that strange 10.70.0.0/16 address from elsewhere, not from the modem. The subnet mask provided to the computer, when it's given the public internet IP address, is 255.255.255.0 and not 255.255.255.255.



  • It's entirely possible that they're using a RFC1918 address for internal routing. There's nothing wrong with that. I have seen that myself.



  • Did you tried to connect the modem before Power and then after Power?
    Some Modems provide a privat IP Adress as long as they dont have the IP from provider.
    Or try to connect it - when it give you the Privat Ip Adress try to release it and catch a new (Status -> Interfaces) after the LEDs show that it is connected now.



  • Thanks for your replies everyone. There seem to be a lot of replies suggesting the provider is serving an RFC1918 address to me - perhaps I am misunderstanding something (or my original question wasn't clear) but when I connect a laptop directly into the modem (in bridge mode) via cabled ethernet and go to the Network Preferences the IP address assigned to the ethernet interface on the laptop is a public, internet routable IP address. The laptop is not being assigned any kind of RFC1918 address.

    So, by my logic, the pfSense is no different to having the computer connected - so it too should be issued with a public, internet routable IP address and not that RFC1918 address.

    @Marv21 Thanks for the suggestion. Unfortunately that doesn't solve the issue.


  • Netgate Administrator

    Did you try spoofing the laptop MAC address on the pfSense WAN?

    It does seem odd that the laptop would pull a real public IP when pfSense does not. Perhaps they require some special DHCP client options? I assume this is DHCP and not a PPP connection?

    Steve



  • @stephenw10 said in Netgear 4G modem on WAN port - weird IP address and no internet:

    Did you try spoofing the laptop MAC address on the pfSense WAN?

    It does seem odd that the laptop would pull a real public IP when pfSense does not. Perhaps they require some special DHCP client options? I assume this is DHCP and not a PPP connection?

    Steve

    Thanks for your reply Steve. Yes, this is a DHCP connection. I haven't tried spoofing the laptop MAC address, will give that a go today and report back!



  • I know this is a old post,
    I had this Issue a few days ago when I registered my APN setting in the Net-gear modem with "three.co.uk" and then when changing it to "3internet" this gave me an public IP.

    I just need to sort out what it will not renew when the lease is up seems to be sticky :)

    Hope this works for you if your with Three, basically it seems like
    Phones >> three.co.uk
    Modem's / routers >> 3internet

    Cheers

    Rich


Log in to reply