RM520N-GL IP Passthrough with Network Adatper Mode

Hi,

I am using M2 RM520N-GL with RJ45 board, and setup the auto dialing, however, I have issues with my ioT devices like Rachio and Awair, they said I have a firewall blocking their ports with double NAT. However, my router is wide open, I didn’t open firewall at all.

I can only get WAN IP: 192.0.0.2 from my router. How I can get the public IP address to my router? IP Passthrough mode?
I have tried at+qmap=“mpdn_rule”,0,1,0,1,1,“FF:FF:FF:FF:FF:FF” , but it just said “ERROR”.

When I tried with ADB, here is the result with ifconfig

  1. your provider should give such an address to your modem
  2. your modem should pass it to the attached host

Until #1 is resolved, there is no point in proceeding to #2.
The simplest test is to put the SIM into a phone, configure the proper APN and check the address(es) in the phone interface.

I have t-mobile, so it’s not the public IP.

however, right now I cannot use all my ioT devices, before I have IP passthrough, and that seems no issues. now my router gets 192.0.0.2 and all my ioT devices are not working now.

I cannot revert back to the IP passthrough mode :frowning:

Does anyone know how to disable the double NAT/firewall?

or factory reset my RM520N module?

I have tried with AT+QCFG=“nat”, 0. got me “ERROR”.

thanks so much.

Dear @Ray_Anton
Which firmware did you use? Please query via AT+QGMR

Your LAN clients will always go through (at least) double NAT for IPv4 - one introduced by your provider and another by your router. The modem itself can only add the 3rd NAT.
In IPv6-only case it’s even more complex as you will need to deal with 464XLAT.

My firmware version is RM520NGLAAR01A07M4G_01.202.01.202

Make sure you use correct quotation marks, copy/paste from a forum post will not work in some cases.
This should be good for copy/paste:
at+qmap="mpdn_rule",0,1,0,1,1,"FF:FF:FF:FF:FF:FF"

I did change the quotation marks when I tried the command.
I talked to quectel tech support, it turned out that when you are running the internet via RJ45 on M2 module, you cannot have IP passthrough. it only works when you connect to the internet via USB.

Dear @Ray_Anton
Could you try to disable firstly and configure again?
at+qmap=“mpdn_rule”,0 =>disable

This is really confusing because <IPPT_mode> allows selection between (ETH) and (USB-ECM/RNDIS).

can you confirm if IP Passthrough supported in both Ethernet and USB mode? or just USB mode only?

Could you please share some information, specifically:

  • AT+CGPIAF=1,1,1,0;+CGPADDR output from the modem
  • ifconfig or ip a or equivalent output from the host (router, etc) that is connected to the modem via Ethernet

Please do not mask IP addresses completely and leave a few initial digits visible.

+CGPADDR: 1,“26xx:FBxx:xx07:xx8A:xxD4:xx51:xxC1:xx52”
+CGPADDR: 2,“0.0.0.0”,“0000:0000:0000:0000:0000:0000:0000:0000”
+CGPADDR: 3,“0.0.0.0”,“0000:0000:0000:0000:0000:0000:0000:0000”
+CGPADDR: 4,“0.0.0.0”,“0000:0000:0000:0000:0000:0000:0000:0000”
+CGPADDR: 5,“0.0.0.0”,“0000:0000:0000:0000:0000:0000:0000:0000”
+CGPADDR: 6,“0.0.0.0”,“0000:0000:0000:0000:0000:0000:0000:0000”

OK

wan Link encap:Ethernet HWaddr xx:F1
inet addr:192.0.0.2 Bcast:192.0.0.31 Mask:255.255.255.224
inet6 addr: fe80::fxxe:3cff:fxx3:5xx1/64 Scope:Link
inet6 addr: 2607:xxxx:ed07:xx8a:xx5e:3xxf:xx43:xxf1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7031720 errors:0 dropped:68395 overruns:0 frame:0
TX packets:5800827 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6565543700 (6.1 GiB) TX bytes:4958851246 (4.6 GiB)
Interrupt:22

Well, that adds some clarity. You have only IPv6 address assigned by the carrier, so for IPv4 connectivity your will need to utilize mechanisms like 464XLAT and DNS64.

inet addr:192.0.0.2 allows us to assume that CLAT (customer-side translator) is active on the modem itself. That should allow IPv4 communication when the host will need to reach any destination by its IP address. You can check this by pinging any literal address like 8.8.8.8. However, in a fully transparent mode I would expect the modem not acting as a CLAT. You can probably get rid of it and setup it on your router instead, please check the current setting with AT+QCFG="CLAT", not sure it is available in your modem/firmware though.

When your host will need to reach an IPv4 destination by its name, DNS64 capable resolver (typically on the ISP side) will respond with the synthetic IPv6 address. Try pinging ipv4.tlund.se, you can also check with nslookup ipv4.tlund.se to see how the name is resolved.
If all that works then I do not see any major issue. What’s the current +qmap configuration btw?

Everything that is IPv6 based should work natively. I assume that there is an exact match between +CGPADDR: 1,“26xx:FBxx:xx07:xx8A and inet6 addr: 2607:xxxx:ed07:xx8a, so you’re in a pretty standard configuration with a single /64 IPv6 subnet allocated.

Going back to the initial issue with some IoT devices I suggest to look deeper into what and how they do, are they IPv6 capable, what protocols they use, what hosts they cannot contact, etc.

@silvia could you please share the document describing AT+QCFG="CLAT" command syntax?

thanks, @jfrog .

here is the result:
AT+QCFG=“CLAT”
+QCFG: “clat”,1,1,“”,0,“ipv4only.arpa.”,0,0,1,1,2,2

at+qmap=?
+QMAP: “WWAN”,(0,1),(1-42),<IP_family>,<IP_address>
+QMAP: “DMZ”,(0,1),(4,6),<IP_address>
+QMAP: “GRE”,(0,1),<IP_address>
+QMAP: “LAN”,<IP_address>
+QMAP: “LANIP”,<LAN_IP_start_address>,<LAN_IP_end_address>,<GW_IP_address>,
+QMAP: “MAC_bind”,(1-10),<MAC_address>,<IP_address>
+QMAP: “VLAN”,(2-255),(“enable”,“disable”),(1-3,11-13)
+QMAP: “MPDN_rule”,(0-3),(1-16),(0,2-255),(0-3),(0,1),<IPPT_info>
+QMAP: “IPPT_NAT”,(0,1)
+QMAP: “connect”,(0-3),(0,1)
+QMAP: “auto_connect”,(0-3),(0,1),(1-16)
+QMAP: “MPDN_status”
+QMAP: “AP_rule”,(0-3),(0-3)
+QMAP: “SFE”,(“enable”,“disable”)
+QMAP: “domain”,<domain_name>
+QMAP: “DHCPV4DNS”,(“enable”,“disable”)
+QMAP: “DHCPV6DNS”,(“enable”,“disable”)
+QMAP: “NAT_timeout”,(1-4,6),

OK

I ran the ping and nslookup from the modem itself:
C:\Users\Administrator\Downloads\xadb>adb shell ping ipv4.tlund.se

  • daemon not running. starting it now on port 5037 *
  • daemon started successfully *
    PING ipv4.tlund.se(2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3)) 56 data bytes
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=1 ttl=37 time=180 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=2 ttl=37 time=185 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=3 ttl=37 time=179 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=4 ttl=37 time=181 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=5 ttl=37 time=184 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=6 ttl=37 time=178 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=7 ttl=37 time=181 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=8 ttl=37 time=179 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=9 ttl=37 time=197 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=10 ttl=37 time=192 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=11 ttl=37 time=186 ms
    64 bytes from 2607:7700:0:1b:0:1:c10f:e4c3 (2607:7700:0:1b:0:1:c10f:e4c3): icmp_seq=12 ttl=37 time=188 ms
    ^C
    C:\Users\Administrator\Downloads\xadb>adb shell nslookup ipv4.tlund.se
    Server: fd00:976a::9
    Address: fd00:976a::9#53

Non-authoritative answer:
Name: ipv4.tlund.se
Address: 193.15.228.195
Name: ipv4.tlund.se
Address: 2607:7700:0:1b:0:1:c10f:e4c3

Almost good. Please run pings and nslookup from the attached device like a router, not from the modem itself. Please don’t forget to ping something by its IP address, not a name.
For +QMAP we need to be more specific and check the current configuration with AT+QMAP="MPDN_rule"

How to enable RM502Q-GL IP Passthrough with Network Adatper Mode?