17 Mar 2023 01:17 PM - last edited: 17 Mar 2023 03:03 PM
So like most I've got the new FTTP and I need to use the sky broadband hub, due to telephone. Yet I like my own router as it's 100x better and support's a lots more features.
Some moden/router knowledge will help.
In this guide my Sky hub is a SR203
My router is a Asus AX82U.
So to start on the Sky hub, connect to it via cable, then sign in. Once signed in go to wifi and disable wifi.
I removed wifi name and access code for security.
Then head to advance and under DMZ enter a ip with a start range off 100.64.x.x. I used 100.64.20.5 this will be your routers IP.
Next lan IP setup, disable all so nothing is ticked then under ip address enter 100.64.20.1 depending on what your picked for your router say I picked 100.64.20.5.
Next disable Upnp and disable ALG disable.
Next security-firewall rules disable all and under inbound create a new rule allow all and enter your routers ip so for me it was 100.64.20.5.
Once that's done plug your modem in the the sky hub and then connect to your router for me I'm using a Asus AX82U.
Once you has signed in head to WAN, then setup.
You want a static ip
Enable WAN
Enable NAT
Enable Upnp if using.
IP 100.64.20.5
Subnet 255.255.255.0
Gateway 100.64.20.1
DNS servers you can use skys or myself I use Cloudflare DNS
Dns 1.1.1.1
Dns 1.0.0.1
Save and now you should be online.
I use ip range 100.64.x.x so Upnp on the asus will kick in. I use Upnp for my game consoles for open NAT.
17 Mar 2023 01:36 PM
The Asus router you have set up is incorrect, you cannot use a public IP address on that interface it must be in the private address space (192.168,x.x, 10.x.x.x, etc..) and the gateway should point to the Sky Hub at 192.168.0.1 (default gateway)...
17 Mar 2023 02:27 PM
That is not correct, and using 192.168.x.x on the sky hub will then disable miniupnp on the ausus
17 Mar 2023 02:38 PM - last edited: 17 Mar 2023 02:39 PM
You have used the IP address "100.64.20.5" on Asus which is reserved for carrier-grade NAT and is bogus. This should be changed to an IP address in the private address space see RFC 1918.
17 Mar 2023 02:40 PM - last edited: 17 Mar 2023 02:44 PM
Posted by a Superuser, not a Sky employee. Find out more
@mae-3 wrote:
you cannot use a public IP address on that interface it must be in the private address space
I don't know about can't, but you definitely shouldn't ; )
17 Mar 2023 02:48 PM - last edited: 17 Mar 2023 02:56 PM
This is testest and the address used is a CGNAT space,
There are several other reserved ranges out there that are not "private" but not sure what the daemon will detect as public vs private, so rather than trying a bunch, first try CGNAT as that is the "proper" solution.
And this is only needed if you want to use UPNP on the router, like I do for better gaming experence.
17 Mar 2023 02:56 PM
Are you a carrier-grade service provider?
17 Mar 2023 02:57 PM
why are you tyrying to pick at something that works?
17 Mar 2023 03:19 PM - last edited: 17 Mar 2023 03:22 PM
It doesn't work 100% because when a site uses the public IP address and session IP (the CGNAT address space on LAN) then paywalls don't work correctly amount other things...
CGNAT is designed not to be addressable on the public internet or LAN for technical reasons in the RFC!
17 Mar 2023 03:28 PM
"There are several reasons why Carrier-Grade NAT (CGNAT) may not be ideal for use on a private LAN:
Complexity: Implementing CGNAT requires additional hardware, software, and configuration, which can add complexity to the network setup and increase the likelihood of errors and downtime.
Limited resources: CGNAT typically involves sharing a limited pool of public IP addresses among many private devices. This can lead to issues such as port exhaustion, limited bandwidth, and reduced network performance.
Security: CGNAT can make it more difficult to identify and track the malicious activity on the network, as multiple private devices share the same public IP address. This can make it harder to detect and block attacks, which can increase the risk of security breaches and data theft.
Compatibility: Some applications and services may not work properly with CGNAT, as they require direct access to a public IP address to function. This can include services such as VoIP, VPNs, and certain gaming applications.
Lack of control: Using CGNAT means relinquishing control of the public IP address space to the service provider. This can limit the ability to customize and optimize network configurations to meet specific business requirements."
Taken from OpenAI.
17 Mar 2023 03:53 PM - last edited: 17 Mar 2023 04:18 PM
As that says it may not be ideal, Yet every thing runs fine, I even use a VPN and it is only using 100.64.x.x as the BRIDGE, and not on the main lan. Yes there are do and don't, but 192.x.x.x will not enable Upnp when stuff is using a double nat, and then port fwd is needed, also game will use randoms ports so you will end up with a moderated nat type on consoles and get some issues
I have not had 1 problem using it this way since the start of the year.
I watch netflix, paramount all streaming services fine, I play games on 4 consoles, also on my gaming pc. with out issue and all reporting open nat.
I been on the gov.co.uk web sites from sorting tax to road tax. bbc downloads all with out a issue. so far, and taken and recived many VOIP call's 🙂
If I do Firewall checks on the web all come back stealthed and ip leak test show sky ip and cloudflair dns as it should. if they get more info than that then I have a breach.
17 Mar 2023 04:37 PM
How are you opening port(s) on the edge Sky Hub router, UPnP is disabled and UPnP will not work through two routers it is designed for the edge router. 😎
17 Mar 2023 05:59 PM - last edited: 17 Mar 2023 06:15 PM
By disabling Sky's Firewall, creating a rule to counter theirs, and then putting it on a DMZ, this more or less make's the sky hub a bridge, then with the 100.64.x.x ip as the guide explains, this then makes it all work.
So Upnp (everything) works on the Asus under double nat etc. why I have done the guide!
also I'm still able to use the sky hub for VOIP.
18 Mar 2023 10:51 AM - last edited: 18 Mar 2023 10:58 AM
Also wanted to add if you use say cloudflare dns and not skys, then on the asus under lan make a rule for the sky q for a static ip and add skys Dns, else you will have problem streaming / Downloading stuff on the sky box. I've added a picture but removed bit of my ip.
Also but not needed on the asus under admin setting I set NTP server to skys.
ntp1.isp.sky.com I got from the sky hub logs.
Also I disabled ipv6 firewall on the asus and enable dos protection.
21 Mar 2023 10:24 AM
Interesting solution @TrebleTA!
Technically that's quite clever - the 'public' IP address used shouldn't affect anything beyond the Sky router because it's NAT-ted, and the internal network (from the Asus) will have a private IP address range as normal.
If the 'public' IP address was to leak for any reason, it would likely be filtered out by Sky, and packets certainly couldn't be routed back to that address from the internet.
Agreed it may not be a recommended solution per the RFCs - and not something you'd want set up in an organisation - but for home use, it does appear to solve a problem.
No problem. Browse or search to find help, or start a new discussion on Community.
On average, new discussions are replied to by our users within 4 hours
New Discussion