Really quick, I am moving and the ISP there may not allow port forwarding on their routers. If they offer static IPs, do I still need to port forward? What are my options?
What do you mean by their routers? The router in your home? Or the router at ISP office?
the router they provide for the home network
Easy. You ask them to put it in bridge mode and you put your own router (Asus, Mikrotik, Ubiquity, etc) after that. All the settings you will do on your router. Their router becomes transparent. First copy all the settings from that, the user, pass and other connection settings, and than you put those in your router.
Because you can’t access their router afterwards.
You put the wan cable it their router, and from port 1 (usualy) on theirs you go to wan port on yours. You always need the port forward, because the firewall will block unforwarded traffic. And you don’t want to disable the firewall on your router.
1 Like
Got it. How about if the provider and router supports IPv6? Still need to port forward?
Edit: I do have a basic router I was given still in a box, don’t know if it would be good enough or capable of doing what is required. Model: belkin WiFi 6 RT1800
Regardless of if they offer static IP or not, you will require to port forward.
Port forwarding essentially opens a door from the outside to your device so clients can connect.
If you dont port forward they wont be able to connect.
Regarding the router, pretty much any router should be able to handle the “load” of a node, just make sure it has the features needed (90% of routers, if not almost all, should have port forwarding) and that your ISP will allow bridge mode and port forwarding (no CGNAT).
If it has port forward (I didn’t found one that dosen’t) and 1Gbit ports for wan and lan, you are ok. It must support the router mode, not just some wifi AP. The Storj network supports IPv6 but I’m not expirienced with it. We all use IPv4 I believe. One good and somehow cheap model that I use in a few locations is Asus TUF Gaming AX 3000. It has Wireguard server which I use to access the local network and node and pretty good specs. Minimum 256MB RAM (or 512?!) and good CPU. Better is a model with 512MB or 1GB RAM. CPU 3-4 cores and AX wifi. These means they are newer.
All argue Mikrotik is the best. I’m pretty happy with all my Asus models, they are very user friendly and have all that I need.
You should use the autoupdate function and restart schedule (at least weakly), and disable the IPv6 and UPnP. Firewall enabled, access from WAN disabled, SSH and Telnet disabled, DDoS prevention disabled (interferes with storj node).
Change the default password and admin name if possible. Use longest passwords that are supported for web admin page and wifi.
I believe Asus supports 32 chars admin pass and 64 wifi passwords.
The node should be connected through Ethernet cable, but for wifi you should use WPA2/3 preshered key and AES encryption. WPS disabled.
Just opening port on a firewall won’t be enough. Port forwarding is not just a firewall configuration, it’s also a type of DNAT, configurable based on ports (DNAT can do more weird and interesting things).
Yes, IP being static has no effect on external hosts being able to access your internal services. It just absolves you from needing to configure DDNS.
You options:
-
as @snorkel described, put their equipment to bridge mode (you can google the model number and find instructions or ask ISP, and use proper router, that you fully control and can do whatever you want. This is unless your provider does not offer it because they have deployed carrier grade NAT. In this case you have two options:
-
Ask them to forward port for you, or
-
Bridge your node to the VPS, e.g. like so Hosting services, like Storj, behind firewall/GNAT, using Wireguard on a VPS and DNAT (Port Forwarding) with iptables. · GitHub
That’s really strange. Are you sure, you actually don’t mean it’s an GC-NAT provider? Actually port forwarding is an option on virtual all routers nowadays.
It’s Comcast/Xfinity. When I asked about it they said that it’s not allowed but when I emphasized the need for it, they said that they can enable it on their 2 higher tier plans only after I sign up.
Many ISP block port forward on their routers. They modify the firmware so you can’t update it and you can’t access many options from the original firmware. And ofcourse, this is pretty normal because they have to put their backdoor in it. If you would update it, their backdoor would be gone. I don’t know why they block some options though. The most used option is the port forward, so many users wouldn’t bother to get their own router if the port forward would function.
It’s like they shoot themselfs in the foot.
Once I discovered bridge mode, I changed all their routers in all locations, including friends. This is the first best thing you can do once you contract an internet service provider.
If you want to go this way, and don’t know what to buy, you can always ask for help with choosing a model, or between some models that you like.
If you are in a CG-NAT situation, you are stuck with their mercy and paying premium for port forward.
Before contract a higher tier just for Storj, do your ROI and if it’s worth it. And beware of their traffic limits. For Storj you should have unlimited traffic or at least a very big limit. I can’t advise you about that; the traffic changes and we can’t predict the future.
1 Like
They have 2 router options when signing up for a plan. Their first is only 1.2TB limit a month at $15 a month after the first year (my node uses ~2TB a month). The second is unlimited data at $10 a month and $25 after the first year. Their top teir plans are only about $100 for 1200 down, 40 up (way more than what I have now for the same price).
As for ROI, my node costs ~$2 in electricity a month at this location and I am making a profit on the earned storj and it’s not even have full.
If anything, id rather just have the ability to port forward at my discretion and not be blocked from doing so. Like I said above, I have a router that was given to me in it’s box (Belkin AX1800 WiFi 6) so idk if that’s good enough.
As for bridging, does this mean that the router they provided does nothing for routing devices now and that everything has to go through my own that it was bridges to? Or can some devices be on the ISP router and storj alone on the bridges one for port forwarding?
The bridged one becomes just a bridge: one cable in, one cable out.
If you have TV and phone cables that comes out from it, they stay there. Only the network cables for your LAN moves to your new router. The bridged one continus to route TV and phone signals, but becomes transparent for network/internet traffic. So in short, no, you won’t link any other PC to it, only your router. You should ask them to turn off the wifi on it also. You will use the wifi on your router. If they forget, just use the buttons: long press or short press the wifi button until the leds go off.
The steps are:
- take note of all the WAN settings in the router; copy paste them in a txt file and save it.
- call the ISP and ask them to put your router in bridge mode.
- wait untill you can’t access the internet anymore and reboot the router (turn it off, wait 1 min, turn it on).
- from the port 1 (hopefully) of bridged router get a cable to port WAN of your new router.
- from your new router get cables to your PCs from ports 1-4. Port 1 has admin privileges on some older routers, so link that to your main PC.
- enter your router admin page and set WAN connection from the txt file notes.
- if everything is OK, you should see the WAN IP in your router’s interface. If you see a local IP, than the ISP router is not in bridge mode. They can fail sometimes to switch it. Call them back.
- check the bridged router’s wifi to be off and you are done with it.
Bridge mode, in short, deactivates the NAT service on the router, and this dosen’t do routing anymore. Makes the router just an interface between ISP cable and WAN port on your router. The NAT service will be on your router.
Edit: in case your new router can connect directly to ISP’s cable, than you don’t need their router and you can replace it with yours, taking it out of the equation. But nowdays the optic fiber is pretty standard and you have to use their modem too.
1 Like
Got it, thank you for explaining that.
1 Like
You can fire up the Belkin and let us see the wan interface. There are also the port forwarding settings. Just connect the PC to it and nothing else. Make some screen shots and come back online. Be sure to use auto IP on your PC and disable MS Edge DNS options in Edge browser. Those things can block you from accesing the web interface of a new router.
I will try google it, and update this post. Please read what I added above. I ususaly add more info after first posting.
If you know the settings from your ISP, often you can even leave out the ISP router totally and just only keep the router of your own choice.
2 Likes
Yes, if the WAN connection is a standard ethernet cable, than you can replace directly their router.
You only need it bridged if your router can’t use their connection, like a DSL or optic fiber.
I got so used to optic fibers that I forgot about old ways. 
Belkin is very nice. It has everything you need. You can use it.
You should edit the topic’s title and add “Bridge mode” in it, just for other users to find it. I tend to add more info than ones needs, in the hope others will come across a topic and find useful info.
Regarding the static IP, you also need it. If you wouldn’t have one, you would have to use a DynDNS service provided by your ISP or a public one, like No-IP.
Sometimes you also need to mirror the MAC address of that router, if the ISP doesn’t allow to specify your own.
1 Like
