this post was submitted on 23 Sep 2023
9 points (100.0% liked)

networking

103 readers
1 users here now

networking

founded 1 year ago
MODERATORS
 

Hi All,

So since Reddit is out for me, I’m turning here to see if anyone has some insight or can comment on this. Anything you’ve got would be great!

Long and short, I made a quick decision and am now living in a “Spectrum Community” - whereby tenants are charged a fixed rate for Internet and TV and connect to a “mesh” network via captive portal where MAC addresses must be registered to the tennants. Everyone shares the same network, sorta, but it’s got that feature where no one can sniff each other (unless MAC addresses are registered to your name).

There’s some debate on posts regarding this, whether connecting your own gateway will cause an issue, but I would like to connect my own gateway / router. Now, I’d also like to port forward, as I run my own mail server, etc… which need this and a public IP address I can register with my domain in order for all the fun stuff to work.

I doubt I can connect the gateway / router and port forward as if the community were offering a “communal modem”, so the question becomes:

Can I defeat this “double NAT” by routing all traffic from MY gateway through a VPS? Then, can I tie my domain / proxy service to the public IP address of this VPS to make all my services work?

Other services I run: PiHole Unbound DNS resolving Emby Wireguard (for mobile access to PiHole) …. And other web based services

Again, thanks. Hopefully someone reads this and knows what I’m talking about. I believe in Lemmy.

top 8 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago (1 children)

My $.02 as an IT guy: live with the double-NAT and use your own router. Keep your equipment segregated from the rest of the other devices in use by the tenants of your building. Arguably they're more of a risk than the rest of the internet because their devices can be compromised and it's easier for you to become a target if you're connected to the same network as them.

[–] tgrowl 1 points 1 year ago

I agree. Whether my stack works fully or not, I plan to use it.

[–] partial_accumen 1 points 1 year ago (1 children)

whereby tenants are charged a fixed rate for Internet and TV and connect to a “mesh” network via captive portal where MAC addresses must be registered to the tennants. Everyone shares the same network, sorta, but it’s got that feature where no one can sniff each other (unless MAC addresses are registered to your name).

Sounds like a wifi vLAN is in place for each user.

There’s some debate on posts regarding this, whether connecting your own gateway will cause an issue,

I can't see how. Do you have any kind of technical details on what problems these other thing will be caused?

I doubt I can connect the gateway / router and port forward as if the community were offering a “communal modem”,

What kind of device is this "communal modem". What kind of interfaces does it have on it?

[–] tgrowl 1 points 1 year ago

That’s what I thought as well.

The reported issues were with Spectrum detecting the device was a router somehow and then blocking the MAC address. Which of course then I could just spoof another. Not sure how long that game of cat and mouse could last.

Sorry, “communal modem” was more of a theory to suggest the idea I could be getting unrestricted (no firewall, rules etc) internet at the wall. Plug in my router and begin port forwarding from there. Problem is, I’d still need the public IP. Wondering if it’d be worth the risk to ask Spectrum to vLAN me a public IP to the MAC of my router or if that’d tip them off to my intentions. Not a physical device I’d have access to.

[–] owenfromcanada 1 points 1 year ago (1 children)

I believe that would work. I'm also behind a "double NAT" (T mobile home internet) and I've used a connection to an external server to route things home (I used a quick-and-dirty ssh tunnel).

[–] tgrowl 1 points 1 year ago

Ok this is good to hear! I just haven’t played around with anything like that yet. I guess all I really need are ports 80, 443, 587, 25, and whatever IMAP is. But I’d have to do this ON my router I think, so that all traffic goes through this VPS. Not yet sure how to do that. I’ve got an Edgerouter.

[–] slazer2au 1 points 1 year ago (1 children)

You might be better asing [email protected]

No doubt someone there has had the same double Nat issue.

[–] tgrowl 2 points 1 year ago

Thanks, I’ll cross post there as well!