At&t MicroCell & NAT can't connect.
I first posted this under "NAT" but didn't receive any replies so I'm trying Firewalling. I can sure use the help of a keen eye on this to get my MicroCell going and any help is appreciated…
I am having great difficulty getting my at&t MicroCell to connect and initialize. Part of my issue is that the MicroCell sets up an ipsec VPN back to at&t and the ports that it requires are:
123 - time
443 - SSL
500 - VPN key
4500 - ipsec tunnel
I am also running a WebDAV server with SSL on port 443 on a different subnet and when I setup an alias with the IP addresses of both my WebDAV server as well as the MicroCell for port 443 there was conflict and a couple of my users complained that the WebDAV server did not work.
I do have a subnet that is totally untrusted where the MicroCell resides that I'd really like to work as a DMZ in the Linksys sense. I tried to configure this but when I go to the grc.com's "shieldsup" site the above 4 ports all show up as stealthed on the proposed DMZ subnet.
I've attached screenshots of the rules to allow everything to the DMZ subnet and block DMZ to LAN access.
In the near future I'd also like to add an ipsec VPN to work with iOS devices and my laptop so am hoping that a solution can be found to allow all these future plans. I thought that the DMZ would be best because I can just hang the MicroCell and a Blu-Ray player and any future untrusted gadgets on that subnet.
I'm using version 1.2.3-Release.
Have you gotten the Microcell to work with PFSense? Has anyone?
I'm on PFSense 1.2.3 and have fiddled with many of the IPSEC/Firewall rules with no luck. The Microcell gets an IP on the LAN, connects on GPS, but fails to connect to AT&T. I would love to get my iPhone a working signal at home.
No, I never got it working again. Funny thing is that it did work for months with the NAT port forwarding that I put in my original post. I sometimes wonder if Verizon is now sabotaging the connection to at&t MicroCell's…
As soon as I have a little time and my wife does not need the Internet for a period of time I'm going to upgrade to the latest pfSense 2.0 Release Candidate and see how it goes.
I'm using Comcast in the SF Bay Area, which probably has equally negative feelings towards AT&T as Verizon, so who knows.
Still, like you, I'd like to keep trying.
I gave the Microcell a static internal IP (10.1.1.31) in Services: DHCP server.
Then in Firewall: NAT: Port Forward, created the following four rules (in this order):
1. Port 123 (NTP) on WAN forwards to 10.1.1.31, Port 123;
2. Port 443 (HTTPS) on WAN forwards to 10.1.1.31, Port 443;
3. Port 4500 (IPsec NAT-T) on WAN forwards to 10.1.1.31, Port 4500;
4. Port 500 (ISAKMP) on WAN forwards to 10.1.1.31, Port 500.
None of these four ports are forwarded elsewhere in other rules.
In VPN: IPsec: Tunnels, I checked Enable IPsec, but I have no tunnel defined as I have no idea what AT&T's gateway address is (could this be the key to the problem?).
The above are what I figure are the pertinent PFSense 1.2.3 settings, though I would not be surprised if I am missing other important ones.
The Microcell's Ethernet and GPS LEDs are both solid green. The Computer LED is off (as it should because I'm not using it). The 3G signal, unfortunately, never stops flashing, even with repeated power cycles/90+ minute waits.
Is the Microcell just not going to work using PFSense port forwarding. Is my only choice to install the Microcell between the bable modem and the PFSense box, meaning all internet traffic will travel through an external device just to provide a cell signal at home?
Or is there something else to try?
My microcell works perfectly under 2.0 and has worked perfectly under 1.2.3. I did not have to forward any ports at all.