dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7624
share rss forum feed

toohott7718

join:2013-06-12
Wright City, MO

how to port forwarding with hughes satellite internet

hello, I have a hughes satellite internet and I am trying to use port forwarding so I can see our surveillance cameras while away from home. Everyone I have talked to tells me that it isn't possible but no one can give me a reason. Has anyone here been able to port forward using satellite internet? Please let me know. thank you for everyone's help

sharkyyoung
Premium
join:2012-03-15
Reno, NV
The reason is that you need a static IP for the security cameras on the Gen4 system and Hughes does not offer that "so they say at this time". If I was you I wouldn't hold my breath as to when it will be available.

You can read this and more on the Hughes community forum.
»community.myhughesnet.com/hughes ··· e_future


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
reply to toohott7718
Expanding slightly on the topic of "static IP": In order to reach any destination on the internet that destination must have a *public* IP.

By default, Hughes does not provide public IPs on the customers side, and the modem's IP is dynamic (meaning it may change). With earlier accounts (4000/6000/7000/9000 modems) Hughes offered static IPs that included either a single public IP or a block of 5 public IPs on the customer's side.

Traditional ISPs like DSL and Cable usually provide a public IP even though it is dynamic. Hughes could do it either statically or dynamically, but apparently has chosen to do neither with Gen4.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380


gwalk
Premium
join:2005-07-27
West Mich.
reply to toohott7718
I don't have a link but there was a post by Sara in the last few days threatening to offer a Static/Public IP option for Gen$4 Business accounts sometime this summer.
However Hughes isn't known to be "on time" with much.


yolarry

join:2007-12-29
Creston, WV
If you behind a router. port forwarding is simple. Also you can try this program »www.noip.com/ but you would have to leave your computer on.
--
Frontier HT1000 - Linksys E3000 DD-WRT

toohott7718

join:2013-06-12
Wright City, MO
reply to sharkyyoung
you don't need a static ip if you are using a dyndns service.

toohott7718

join:2013-06-12
Wright City, MO
reply to dbirdman
all internet services have to have a public ip address, otherwise you wouldn't be able to get on the internet


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5

1 recommendation

said by toohott7718:

all internet services have to have a public ip address, otherwise you wouldn't be able to get on the internet

That is absolutely correct, while being absurdly incorrect at the same time.

"on the internet" a device has to have a public address. Devices connected to those devices do NOT have to have a public address. If you think your satellite modem is "on the internet" you have a misunderstanding of what the internet is, at least as it refers to the backbone.

Many ISPs issue only private addresses on their systems, using NAT to convert to public addresses downstream.

In the case of Hughes, at least with the 4000/6000/7000/9000 modems (hopefully a Gen4 user can say whether this applies there), the WAN side of the modem has a public address, and the LAN side has only private addresses, and there is nothing forwarded inbound from public to private, only outbound and responses to outbound requests. When they give you a static IP, that IP is public and is on the LAN side, with all ports forwarded from WAN to LAN.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
reply to toohott7718
I note that you have never said what Hughes system you are using, so a lot of assumptions here. If you have an older system you can get a static IP that will be public, for a fee. As noted that option is not yet available for Gen4.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380

toohott7718

join:2013-06-12
Wright City, MO
I have a gen4 system, model ht1000 modem


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
Then as noted you are out of luck, at least for now. No ports are open inbound from WAN to LAN, and no way to open them.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380

toohott7718

join:2013-06-12
Wright City, MO
I don't doubt your knowledge, but how do you know this? I can't even tell you how long I have been on the phone with tech support and the only answer I've gotten out of them is either we don't support port forwarding or call dishNET tech support. They were no help at all, I have got more answers from you guys here in a shorter time than the actual company that sells these systems

toohott7718

join:2013-06-12
Wright City, MO
reply to dbirdman
I forgot to add- hughes net states that they don't close any of their ports and all ports are open, are they just bs'ing me?

JacksonTech

join:2013-06-01
United State
Reviews:
·HughesNet Satell..

1 edit

1 recommendation

Here's what's going on.

Internet IPv4 addresses are expensive and rare nowadays. (There's only 4 billion, and IIRC they've all been assigned in some way by now.) So, to stretch them further, people started using Network Address Translation (NAT), which hides many computers on a private network behind a single public IPv4 address. Each computer has a "private" IP address (one that isn't reachable from the Internet). Examples of private address ranges are the famous 192.168.x.x, 10.x.x.x, and 172.16.x.x.

NAT functions by keeping track of each open connection opened by a computer behind the NAT router. It then forwards related connections from the Internet back to the requesting computer. (For example, it will associate a loading web page with the initial request from a certain computer.)

If someone tries to connect to the public-facing IPv4 address from the Internet, it is treated as a new connection. Which of the computers on the private network should receive the data? Unless you set up port forwarding (sending all traffic on a specific port to a certain computer on the private network) or DMZ (sending all unknown traffic to a certain computer on the private network), the NAT router does not know what to do with it and so it drops the connection.

This breaks end-to-end connectivity; not every device can be reached directly from every other device.

ISPs liked NAT because it allows home customers to hide many computers behind a single public IPv4 address, which may or may not be static.

When IPv4 addresses became rarer, ISPs took it one step further and started hiding many customers (which may or may not be using NAT routers on their home networks) behind large, "carrier-grade" NAT routers, which may masquerade hundreds of customers behind a single Internet-facing IPv4 address. There's a special address range for the "private" Carrier Grade Nat (CGN) networks: 100.64.x.x - 100.128.x.x. Like other private addresses, they're not routeable from the Internet. They only serve to connect customer devices to ISP devices.

So, most people are behind two NAT layers. One at their router, and one at HughesNet's "IP Gateways." Even if you open ports on YOUR router (punching a hole through the firewall and specifying *which private address on your network should receive traffic to a certain port*), the same is not being done at HughesNet. Why?

Consider it. They have one IPv4 address for hundreds of customers. A computer knocks on port 80 on one of these IPv4 addresses--how would HughesNet know which customer to forward the packet to? What if more than one customer wanted to use that port?

NAT was introduced to stave off IPv4 elimination, but it breaks the "end-to-end" reachability that we expect from the Internet.

IPv6, which is in its infancy still (*sigh*, STILL), has so many addresses that the main reason for adopting NAT is now dead. However, it's annoying to set up. HughesNet's HT1000 modem does provide IPv6 addresses that are globally reachable, but the prefix (first few bytes of the address) likes to change...which makes it hard to set up IPv6 addresses on your LAN computers if you're behind a router. Sigh.

If you do use IPv6, be sure to firewall accordingly. NAT gives a false sense of security by dropping connection attempts that aren't explicitly allowed...

Does this make sense?


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
reply to toohott7718
said by toohott7718:

I don't doubt your knowledge, but how do you know this?

Primary answer is "experience." While I do not expect to ever have Gen4 (no need), and I currently do not have satellite service at all, I do have more than 10 years of experience with their systems, both business and consumer varieties. I've had static/public IPs, and I've had dynamic/private IPs, as the need has occurred. If you look over to the left at the Links section, then "Satellite FAQ - Tweaks and Tips" then scroll to the very last tip you will find an article I wrote 7 years ago about Hughes static IPs.

A great deal about Hughes is hidden, and not imparted to their low-level techs either. It gets exposed slowly by users in forums like this.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380

JacksonTech

join:2013-06-01
United State
Reviews:
·HughesNet Satell..

1 recommendation

said by dbirdman:

said by toohott7718:

I don't doubt your knowledge, but how do you know this?

Primary answer is "experience." While I do not expect to ever have Gen4 (no need), and I currently do not have satellite service at all, I do have more than 10 years of experience with their systems, both business and consumer varieties. I've had static/public IPs, and I've had dynamic/private IPs, as the need has occurred. If you look over to the left at the Links section, then "Satellite FAQ - Tweaks and Tips" then scroll to the very last tip you will find an article I wrote 7 years ago about Hughes static IPs.

A great deal about Hughes is hidden, and not imparted to their low-level techs either. It gets exposed slowly by users in forums like this.

I wish HughesNet would explain at least a little more. All I know about their network I have learned by experimenting and extrapolating off little clues (like that my IPv4 address on my Linux router is a 100.65 address, which is in the range reserved for CGN, or that websites report my public IPv4 address as different than the address on the router). I'm sure there's gaps in our (the collective HughesNet Customers') knowledge, but some things seem pretty certain.

Also, from what I've seen: the techs have NO technical experience at all, no matter what HughesNet says. At least, I've never gotten far enough up the ladder to find otherwise...


james1979
Premium
join:2012-10-09
Quinault, WA
reply to dbirdman
said by dbirdman:

In the case of Hughes, at least with the 4000/6000/7000/9000 modems (hopefully a Gen4 user can say whether this applies there), the WAN side of the modem has a public address, and the LAN side has only private addresses

On my Gen 4 system, my private address is 100.89.x.x. According to »dawhois.com/what_is_my_ip/ , my public address is currently 72.171.x.x. The way that I interpret this excerpt of HN's WHOIS record of:

NetRange: 72.168.0.0 - 72.171.255.255

HughesNet has reserved 65536 * 4 == 262144 IPv4 addressses, right?


james1979
Premium
join:2012-10-09
Quinault, WA
reply to JacksonTech
said by JacksonTech:

I wish HughesNet would explain at least a little more.

I would speculate that they don't want to publish proprietary information.


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
reply to james1979
said by james1979:

On my Gen 4 system, my private address is 100.89.x.x. According to »dawhois.com/what_is_my_ip/ , my public address is currently 72.171.x.x. The way that I interpret this excerpt of HN's WHOIS record of:

NetRange: 72.168.0.0 - 72.171.255.255

HughesNet has reserved 65536 * 4 == 262144 IPv4 addressses, right?

They have more than that (reserved is not exactly correct - they bought/own them), because that is not their only block. That does not mean that they could assign public addresses to 262144 customers, though. Each static IP they issue uses up 4. If they issue 5 (that was the other "old" option) it used 8.

Each block of four includes 2 unusable (the high and low ones), one for the modem, and one for the customer.

When you use an ip reflector that is http it will return the IP of the Hughes proxy.

To see your "real" public IP, use an https reflector. One I know of is on the Gibson Research "Shields Up" page. go to grc.com and in the tabs at upper left choose Shields Up.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380


james1979
Premium
join:2012-10-09
Quinault, WA
said by dbirdman:

To see your "real" public IP, use an https reflector.

Just as you predicted, with Gen4, I got a different IP address at grc.com: 67.143.x.x.

When I traceroute from my system to 67.143.x.x. it ends up at the proxy's IP of 72.171.x.x. !

With Exede 12, grc.com and dawhois.com report the same IP address.

JacksonTech

join:2013-06-01
United State
Reviews:
·HughesNet Satell..
reply to dbirdman
said by dbirdman:

said by james1979:

To see your "real" public IP, use an https reflector. One I know of is on the Gibson Research "Shields Up" page. go to grc.com and in the tabs at upper left choose Shields Up.

With the HT1000, this still isn't "your" public IPv4 address--it's the IPv4 address of the HughesNet NAT router that passes all of your (non-accelerated/non-HTTP) traffic. The HT1000 and the computers connected to it are *not* reachable from the Internet, period, unless you use their IPv6 addresses (which are globally routable).

I haven't tried an IP reflector with web acceleration, because I keep web acceleration off (it's evil), but it would make sense that it shows a different IPv4 address (the address of the HughesNet proxy).
I have this feeling that we may never see public IPv4 addresses for GEN4, and if we do, they will probably be limited to 1 per customer. I may be wrong, however. In the meantime, IPv6 "works" and there's other workarounds, like reverse SSH port forwarding if you control an SSH server somewhere else.


ptlamb

join:2013-06-25
reply to toohott7718
you do not need to port forward. I have the same thing and had the same problem....You can go to a site and not only access your security cam but your whole computer. Go to....... gotomypc.com. Its a site that cost $10 a month but you can sit at home or where ever and monitor your cam.

ptlamb

join:2013-06-25
what happens on "gotomypc.com" is you access the desktop of the computer your cam is on. You click on the icon for your cam and log in just as though you where there. The site is also free for the first 30 days. I'm still on the free 30 days. It seems to work just fine.....better then nothing at all, untill hughes offers Static.

toohott7718

join:2013-06-12
Wright City, MO
reply to JacksonTech
Is it hard to set up an IPv6 address?


TheTechGuru

join:2004-03-25
TEXAS
kudos:2
Reviews:
·Charter
·HughesNet Satell..
·WesTex Connect
reply to toohott7718
I am surprised no one has mentioned this.

Though my research of my owm HN9000 on the GEN4 ConnectPRO plan I have found that I am in fact assigned my own dynamic IP address that IS PINGABLE from the internet but the HN9000 offers no way to map a port.

Anyone know if the HN9000 supports UPNP?
--
CompTIA Network+ Certified


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
The 7000 also has a public dynamic address with no ports open, and I don't see how supporting UPNP (I don't believe it does) would help anything.

Even with a static IP account all ports remain closed to the 192.168.0.x private address block on the LAN. The static IP is on the LAN side, but is on the same subnet as the WAN side, so essentially the traffic between the two is switched rather than routed.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380


TheTechGuru

join:2004-03-25
TEXAS
kudos:2
Reviews:
·Charter
·HughesNet Satell..
·WesTex Connect
said by dbirdman:

I don't see how supporting UPNP (I don't believe it does) would help anything.

If it supports UPNP one could map ports with a program like »www.addictivetips.com/windows-ti ··· agement/
--
CompTIA Network+ Certified


dbirdman
Premium,MVM
join:2003-07-07
usa
kudos:5
The problem is that you assume supporting UPNP automatically makes everything possible. A device that supports UPNP supports it for it has available, not for everything under the sun. Since the router does not support port forwarding, having UPNP won't cause port forwarding to suddenly appear.

Again, I doubt the router has any UPNP support, but I don't think that is germane.
--
Author of hnFAP-Alert, PC-OPI and DSSatTool traveling in a 2004 Blue Bird M380