enthusiast29
Skilled
Enabling DMZ means you just basically opened all ports regardless of what your application is running on. You're letting everything in.
Need help in port forwarding (Airtel Xstream with Static IP)
- Thread starter napstersquest
- Start date
How did you do this in bridge mode if you don't mind me asking?
You do the same config on your router (instead of Airtel-provided one)
In bridge mode it will simply convert the fiber optic signal to/fro electric signal, nothing else, so essetially it becomes a media convertor
Yes, it is required. There's a very minute chance you might not be behind CGNAT, check the WAN IP mentioned in Airtel Router dashboard and see if it is the same when you google 'whats my ip' from phone/tablet/pc/laptop. If it is same, you might be on dynamic IP, in that case you might get away without paying for static IP. But if you face issues forwarding port and contact Airtel support, they will say you have to buy Static IP.
N4r35h
Recruit
Yes I'm behind CGNAT, my plan is to use a cloud vps to serve like a front end harnessing it's ddos protection to access services on my home hosted server using a IPSEC+GRE Tunnel but I'm wondering if something like wireguard vpn could do the same without the static ip and would be not too taxing on the hardware any one has some experience?
tanyalovesfood
Recruit
Hi. I recently got a static IP, but unable to forward any ports. Using only DMZ settings does not help, using only port-forwarding rules do not help either. When forwarding port 443 or using DMZ, I do not get the Airtel Router's management page, so, I know something is definitely changing, but I get a "timed out" error when trying to open it. I have the same router and UI as @napstersquest and tried all the settings mentioned in the screenshots. But no luck. What am I missing, or doing wrong?
jayanttyagi
Disciple
What VPS are you planning to use?
Getting one India is not cheap and outside the speeds and latency aren't good tbh. Give cloudflare tunnels a go.
Some routers don't actually have all the features implemented. They are just meant to just plug & play using default settings. Try with a well known router for a sanity test
You don't put your main Airtel router in bridge mode, you put your mesh devices as an "Access point", which will act like repeaters for the router, which will handle all connected devices.
nithin1992
Disciple
You can also put the Airtel router in bridge mode so that you can do things like WAN load balancing and other things which the airtel provided router cannot handle.
In this mode our router can then connect via PPoE to Airtel through the airtel router
Contact net@airtel.com (doesn't work) and raise a ticket with Airtel app as well.
Well, I would recommend putting the Airtel provided router in bridge mode for ease of life. After that, there will be no need of contacting support for every little change of settings.
Even if there are no other routers available, mesh master device will still be a better option for management and performance as a router than the Airtel provided one. All other devices that are directly connected to the Airtel provided router via LAN for internet (not your landline) need to be plugged into the mesh devices directly (or via Switch).
If you can reconfigure your mesh device as a router, then yes it is possible. I was under the impression mesh devices could not act as a stand-alone router, in which case you would have to buy another router as well and use the Airtel one as a bridge.
One more thing to keep in mind is you probably need to clone the Airtel device's MAC to your router where you will be setting up PPPoE. Right now my ISP provided all-in-one device is set as a bridge, to my TP-Link router
You mean setting up bridge mode?
Some routers can set it up at user end, some need setup from Airtel side (locked options in firmware).
Most router, which are configurable, have steps available on broadbandforum. Just search 'Airtel <router model> bridge mode'.
For example 'Airtel Sercomm AOT-4221SR Bridge Mode'
If you're looking for a specific model, let me know. I will try to help.
As for Sercomm AOT-4221SR, only way is via Airtel. Tell the local engineer to tell backend team to enable bridge mode. They'll tell you which port it is enabled on after that's done.
nitin_g3
Adept
The one I mentioned (Deco X60) is far ahead than the Airtel provided router in terms of serving as main router. On top of more CPU power it's got many network management features which make your life easier like QoS etc. App itself is very intuitive for blocking/unblocking certain clients. You can even force certain clients to connect to certain band only.
There is a lot more than that...
Even the cleapest mesh router would be able to server better than the airtel router as main router.
I've done this exact thing at work recently using Tailscale - main server behind a CGNAT, connected to WireGuard mesh, VPS also connected to mesh, and Caddy as a reverse proxy between the two.
As for hardware requirements, it obviously depends on what your load but I've seen benchmarks of Caddy and Nginx handling hundreds of users and thousands of connections with less than 100MB of memory and not much CPU; if it's just a handful of concurrent users, you could probably get away with a 1vCPU 256MB RAM VPS. There are some very cheap options which will give you something like that for like $10-20/year, as long as you don't need dedicated IPv4 - haven't tried them personally, but I've seen people on Reddit recommend NATVPS and the like.
Personally, I'd look into the Oracle OCI free tier - you can get a surprisingly capable VPS for free so long as you're OK with a) providing your credit card, and b) being limited to ARM CPUs. For something like this, that's probably perfectly fine - in fact, I plan to do this same setup at home soon and that's probably what I'll do.