Airtel Xstream Zyxel PMG5617-R20B ONT Port Forwarding

[mayank0623]

Recently due to some connection issue where my speeds would go down from 40 mbps to 2-3 mbps after half an hour of restarting the router, the Airtel technicians changed my router from the Nokia ONT to a Zyxel PMG5617-R20B. There's an option to forward ports inside this router's configuration page as well but it's not taking hold because I can't access my media server from outside the network. Microsoft Remote Desktop isn't working either. Has anyone successfully gotten port forwarding to work on this model?

 

[Emperor]

I think all service providers PSUHING 3G/4G users towards 5G and thus all of sudden all over internet users facing speed/connection etc. issue.

Service providers (AirTel, Jio), luring all 3G/4G users that 5G is free for now so upgrade, but in actual it will be NOT FREE for ever and one they start charging it will certainly cost more than 3G/4G connections we Indians are using now.

 

[jayanttyagi]

I think all service providers PSUHING 3G/4G users towards 5G and thus all of sudden all over internet users facing speed/connection etc. issue.

Service providers (AirTel, Jio), luring all 3G/4G users that 5G is free for now so upgrade, but in actual it will be NOT FREE for ever and one they start charging it will certainly cost more than 3G/4G connections we Indians are using now.

No relation with OPs post.

 

[Emperor]

No relation with OPs post.

so your reply is ?

 

[enthusiast29]

Airtel uses CGNAT for dynamic public IP, forwarding ports behind a CGNAT router won't do anything as your public IP is shared with multiple users and not unique to you.
You need a static IP for this to work or use something like tailscale or NordVPN's meshnet.

so your reply is ?

Stop being paranoid. Don't spread FUD.

 

[jdp861]

I recently port forwarded on zyxel modem provided by Airtel(Not sure it's the same one as your's, will have to check). But I also have static IP. I am not sure if it will work for you.
One more thing to note is that port 80 and 443 are not availbale for port forwarding as the modem won't allow it.

 

[mayank0623]

Airtel uses CGNAT for dynamic public IP, forwarding ports behind a CGNAT router won't do anything as your public IP is shared with multiple users and not unique to you.
You need a static IP for this to work or use something like tailscale or NordVPN's meshnet.


Stop being paranoid. Don't spread FUD.

That's unfortunate. I only got the router switched, I could forward ports on the previous router easily. I'll see if I can get the technician to give me another router of the older model

I recently port forwarded on zyxel modem provided by Airtel(Not sure it's the same one as your's, will have to check). But I also have static IP. I am not sure if it will work for you.
One more thing to note is that port 80 and 443 are not availbale for port forwarding as the modem won't allow it.

I'm forwarding ports 8096 and 3389 for my media server and remote desktop respectively, and I was forwarding ports successfully even with dynamic IP with my previous router, I'm not sure how the change of router caused me to go from dynamic public IP to CGNAT, but I'll try to contact them

 

[jayanttyagi]

What's the ip assigned to router?
Is it public or private?
If its pvt range then you're behind cgnat.

If public, can you borrow someone's router and test it? This will clear the doubt if you're behind cgnat or not.

They may have switched your connection with router change.

Get static ip or use tailscale for time being.

 

[n1r0]

You need 2 things to forward ports successfully:

1. Not be behind a CGNAT. If you could forward before, your ISP was not using CGNAT
2. A router that actually does port forwarding. Cheap all in one ONT + router + wireless AP may show the option in the device web UI, but they won't actually be implemented. One POS device I used couldn't even reserve IP addresses for specific MACs.

The best way to setup a network is to get a separate router with all the features you need, and use the ISP provided device in bridge mode to just convert optical signal to electric. This way even if you need to change it for some reason, all your network config remains on your own device.

 

[mayank0623]

What's the ip assigned to router?
Is it public or private?
If its pvt range then you're behind cgnat.

If public, can you borrow someone's router and test it? This will clear the doubt if you're behind cgnat or not.

They may have switched your connection with router change.

Get static ip or use tailscale for time being.

The IP I can check inside my router's config page and the IP I get by googling whatsmyIP are the same, I'm not sure if that's the private IP range or not.

You need 2 things to forward ports successfully:

1. Not be behind a CGNAT. If you could forward before, your ISP was not using CGNAT
2. A router that actually does port forwarding. Cheap all in one ONT + router + wireless AP may show the option in the device web UI, but they won't actually be implemented. One POS device I used couldn't even reserve IP addresses for specific MACs.

The best way to setup a network is to get a separate router with all the features you need, and use the ISP provided device in bridge mode to just convert optical signal to electric. This way even if you need to change it for some reason, all your network config remains on your own device.

I'll get a new router if I can't forward with this one, but I need to confirm first whether forwarding is still possible

 

[jayanttyagi]

The IP I can check inside my router's config page and the IP I get by googling whatsmyIP are the same, I'm not sure if that's the private IP range or not.

So it's a public IP. You should be able to port forward given that it worked before as well and only change airtel did was router and nothing else. Get a new router or borrow from someone to test it.
I'll still advise you to setup vpn like wireguard and access your services through it. Or use tailscale. As both are much secure options.

 

[mayank0623]

So it's a public IP. You should be able to port forward given that it worked before as well and only change airtel did was router and nothing else. Get a new router or borrow from someone to test it.
I'll still advise you to setup vpn like wireguard and access your services through it. Or use tailscale. As both are much secure options.

Are there any user friendly quickstart guides you know for setting up either?

 

[n1r0]

The IP I can check inside my router's config page and the IP I get by googling whatsmyIP are the same

Then my money is that the new ISP router is a crappy one with unimplemented features. whatismyIP can only see your Public IP, not your private/home stuff

 

[jayanttyagi]

Are there any user friendly quickstart guides you know for setting up either?

Tailscale guide here:

Wireguard would be too much work if you're new to homelab stuff. So see if tailscale works for you if not then move to wireguard.

 

[meehatpa]

Wireguard is pretty simple if you have used docker before. I personally use wirehole and can't recommend enough. I have have zerotier as a backup.

 

[mayank0623]

Wireguard is pretty simple if you have used docker before. I personally use wirehole and can't recommend enough. I have have zerotier as a backup.

Don't have any experience with docker yet, I'll give wireguard a shot if tailscale doesn't work

 

[meehatpa]

It is straightforward. Install docker compose as described here. Assuming you are using debian based OS

sudo apt-get update sudo apt-get install docker-compose-plugin


And then bring up the container using

# Clone the WireHole repository from GitHub
git clone https://github.com/IAmStoxe/wirehole.git

# Change directory to the cloned repository
cd wirehole

# Update the .env file with your configuration
cp .env.example .env
nano .env  # Or use any text editor of your choice to edit the .env file

# Replace the public IP placeholder in the docker-compose.yml
sed -i "s/REPLACE_ME_WITH_YOUR_PUBLIC_IP/$(curl -s ifconfig.me)/g" docker-compose.yml

# Start the Docker containers
docker compose up

Once that is done, install a wireguard app on the client side and configure it from http://{YOUR_SERVER_IP}:5000 either by pasting or scanning the QR code.
And that's it.

 

[mayank0623]

It is straightforward. Install docker compose as described here. Assuming you are using debian based OS

sudo apt-get update sudo apt-get install docker-compose-plugin


And then bring up the container using

# Clone the WireHole repository from GitHub
git clone https://github.com/IAmStoxe/wirehole.git

# Change directory to the cloned repository
cd wirehole

# Update the .env file with your configuration
cp .env.example .env
nano .env  # Or use any text editor of your choice to edit the .env file

# Replace the public IP placeholder in the docker-compose.yml
sed -i "s/REPLACE_ME_WITH_YOUR_PUBLIC_IP/$(curl -s ifconfig.me)/g" docker-compose.yml

# Start the Docker containers
docker compose up

Once that is done, install a wireguard app on the client side and configure it from http://{YOUR_SERVER_IP}:5000 either by pasting or scanning the QR code.
And that's it.

I'm using windows, don't have experience with Linux. I'll try it if nothing else works

 

[meehatpa]

Sure thing, I have no experience with windows but here's some instructions https://docs.docker.com/desktop/install/windows-install/.

 

[mayank0623]

I don't know if the router configuration page is just faulty or if the router itself is faulty, but I was able to forward the ports I needed after restarting the router 5 or 6 times. Thank you for the suggestions everyone, I don't know why it started working but anyway it's working now