3 UK Mobile Broadband - Carrier-Grade NAT Appears to Block Port Forwarding

Roon Core Machine

ROCK Intel NUC i5 gen8 8GB RAM

Networking Gear & Setup Details

ZTE MF286D → TPLink TL-SG108S unmanaged switch → ROCK

Connected Audio Devices

N/A

Number of Tracks in Library

21820

Description of Issue

I manually set up port forwarding to the ROCK’s IP address (this is fixed as is set using the router’s DHCP from a MAC address) and to port 55000 as per the guide, set the same port in the ARC settings but received the following message:

{
“connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“xxx.xxx.xxx.xxx”,“router_external_ip”:null},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“status”:“NotFound”}
}

1 Like

A post was split to a new topic: Port Forwarding Timeout, Port 55000 Not Forwarding

Did you go to Roon - Settings - Roon ARC to check the port. Mine is slightly different.

Do you mind creating your own thread with your own issue? Thanks.

Yes, it’s set to the same port 55000 as I set in the port forwarding section of my router admin but the message is as above.

No reason to create multiple threads.
If the Roon people want to, they will separate the threads.

I’d agree if your issue was identical but it doesn’t sound like it from what you’ve said.

Hi @norliss,

Thank you for the report and I’m sorry to hear that you’ve encountered a persistent issue after manually configuring port forwarding. The 504 suggests there might still be a double NAT layer at play here, but the culprit may additionally be elsewhere in the LAN or network settings.

If you don’t mind, can you provide the following details about your network setup to help expedite troubleshooting? I’ve filled in some details for you.

  1. Who is your internet service provider?

  2. Do you have a modem/router combination in addition to the ZTE MF286D?

  3. Does your network have any VPNs, proxy servers, or enterprise-grade security?

We’ll be watching for your response.

Hi and thanks for your prompt reply.

  1. ISP is Three UK
  2. No other router in addition. The ZTE is acting as modem & router alone i.e. no additional networking hardware.
  3. I don’t have any VPNs, proxy servers or enterprise-grade security.

Hi @norliss
just another user here trying to help:
Your ZTE MF286D is a LTE modem/router, right?
The ZTE can be configured in two operation modes:
Router mode, what you have now, and bridge mode.
To avoid a double NAT layer, your ZTE must be configured in bridge mode.
For better understanding:

And you will also need a PUBLIC ipv4 adress, have to contact your provider?

Here’s a guide for your router how to set it up bridge in mode:

https://tunkkaamo.cloud/index.php/2020/10/28/how-to-change-zte-4g-modem-from-route-mode-to-bridge-mode-and-get-a-public-ipv4-address-on-your-firewall/

I have a LTE/5G router, Huawei CPE PRO 2, set up im bridge mode with a public ip, it works.

All the best!

Thanks for your reply but it’s not set up in Bridge mode because I don’t have an additional router and I need it to act as a DHCP server, do NAT etc. I don’t think this ISP offers static, public IP addresses in all honesty so perhaps this ARC feature won’t work for me or many others like me.

Indeed UK “Mobile” ISP’s do not offer fixed IP , same for me with EE.

Seems that ARC as well designed as it might be will not work without Static IP’s from IPS.

Crazy when I think I can access any of my PC’s on my home network from anywhere in the world using remote access tools…

Currently having a live chat with someone from the ISP. They are currently “checking with their manager” which probably means they don’t have a clue what I’m talking about and will ask me to switch the router off and on again :joy:

I’d be surprised if I get anywhere here but let’s see…

Seems that to get a static IP here in the UK, you generally need a business account

Can’t imagine that Roon didn’t have one user in the UK in their BETA group…

Shame as I’m SO! excited to use Roon Mobile :frowning: :frowning:

As I expected, I got someone that just doesn’t understand the issue. These first-line support people aren’t remotely technical, they’re just there to answer easy questions. As you said, majority of people won’t be able to get a static IP address here unless they either have a business account or are with a specialist (i.e. much more expensive) ISP.

You don’t need a static IP for ARC to work. It works fine with dynamic IP.

What you do need is a publicly routable IP that allows for unsolicited inbound connection requests. If you’re connected to an ISP that has implemented CGNAT or some some kind of filtering to block inbound connections to consumers than ARC will not work.

1 Like

Yeah, I think that’s the problem - lots of ISPs seem to use CGNAT…

1 Like

Hi @norliss,

Thank you for the update; I know internet service provider chats are not a particularly cozy experience and I’m hoping we can provide a better setting here. I wanted to provide a little more context here.

It’s true that carrier-grade NAT has been particularly widely implemented in the UK since before 2015. Most mobile broadband residential-tier accounts will have CG-NAT; some offer DS-Lite or equivalent, but these IPv4 tunneling solutions generally won’t work seamlessly with ARC.

Hyperoptic, Toob, and several of the small- to mid-sized broadband providers in the UK offer static IPv4 addresses for a small monthly fee. Some users have posted about their experience in the router/ISP list here. BT has a much greater diversity of package offerings - any initially grandfathered accounts with static IPv4 addresses in certain tiers - but usually reserves IPv4 addresses for their business tier.

3 Uk falls in the middle. As a larger provider with more simplified service offerings, I believe they implemented IPv6 earlier than many UK or continental providers in to address a dire IPv4 address shortage.

Port forwarding is the solution for ARC in its initial form, but we’re actively researching solutions that are more adapted to the evolving landscape of internet service offerings and will open on-the-go playback through ARC to more customers. We’re certainly aware that wide swatches of our user base will have extra hoops to jump through to evade increasingly standardized network infrastructure. With certain ISPs, it may not work in its initial inception. I absolutely empathize with the frustration of feeling put on hold, but trust that we’re working to improve the connectivity mechanism. For now, it’s always worth checking with Roon tech support and the Community here, in case we can identify an issue in your local network disguised as carrier-grade NAT. It’s also worth engaging with your internet service provider, as flexible workarounds are sometimes available even with the old guard of cable.

Feel free to pass along these questions in particular to 3 UK if you have a chance to engage with them again:

  • Do you have static IPv4 address available for my account tier level?

  • Have any customers inquired about port forwarding solutions for online gaming, and are you aware of any solutions you’ve provided them or they’ve suggested?

  • Are there any ports you have reserved that I should be aware of?

Thank you again for your patience, everyone.

CGNAT is not an issue, the problem will be how it is used or implemented by them.

On your ISP router check what the WAN address is and then compare this to whatsmyip.com

1 Like

Hi and thanks for such a considered reply.

I called Three today and had to go through a bit of a pain barrier since these tier 1 tech support people really aren’t remotely technical…

Anyhow, after several back and forths between her and whoever she was consulting, the net result was she said a static IP address wasn’t possible and didn’t think it would be possible to do what I wanted. Not being a gamer, it never occurred to ask about online gaming…

1 Like