Kermit67 Posted October 6, 2023 Share Posted October 6, 2023 The first time we had connected Starlink routeur in "passthrought mode" behind our Sonicwall firewall, access to Internet works fine. The Sonicwall ip interface was 192.168.100.100 with 192.168.100.1 (Starlink router) as gateway and the Sonicwall made the NAT for all clients coming from Lan interface. But after a power problem we replace the Starlink kit. And now with the same configuration we can't access to internet from the Sonicwall. But Sonicwall can "ping" the 192.168.100.1 ip of the Starlink routeur. If we connect a client computer directly to Starlink ethernet adaptater in place of Sonicwall, the pc client get an IP in 100.79.XX.XX (mask 255.192.0.0) with 100.64.0.1 as gateway and Internet works fine. I don't understand why the interface of the Sonicwall can't get a DHCP adress from the Starlink routeur but a pc client can get it... Thanks for your help Quote Link to comment Share on other sites More sharing options...
RicochetStarlink Posted October 6, 2023 Share Posted October 6, 2023 @Kermit67 There's a lot going on here. First off, sorry to hear you had to replace your SL Kit due to a power problem. I always recommend using a UPS (battery backup) between your power outlet and your SL Kit. It's not worth the risk to go without it and you can get one for $45 at Walmart... Secondly, its interesting that the Sonicwall router was once using 192.168.100.100 as it's external address (on the SL side) and now your PC is getting a 100.79.x.x address. Sounds like the old router might not have been in bypass mode. Not sure that this matters. Anyway, I wonder if it's possible that your Sonicwall router might have had the old IP address (192.168.100.100) manually assigned instead of taking it from DHCP on the Starlink Router. That could definitely cause these symptoms. Thirdly, it remotely possible that the power problem that took out the old SL Kit might have done some damage to the Sonicwall Router's WAN port. A high voltage coming into the SL router could have resulted in a high voltage on the Ethernet cable to the Sonicwall causing damage to the port on the Sonicwall. However, I don't think this is the right answer because the Sonicwall can ping the new SL router at 192.168.100.1. Not sure what else to offer here. Hate to hear you're having trouble. Thanks! Quote Link to comment Share on other sites More sharing options...
Kermit67 Posted October 8, 2023 Author Share Posted October 8, 2023 (edited) First, The wan port of the Sonicwall works fine with another Internet router provider in DHCP mode. Using this mode with the Starlink kit (DHCP mode for Sonicwall WAN interface) i don't obtain any IP adress (even in 100.79.X.X like a pc client...) but link is up on this interface. I don't find wath type of IP range (public or private ?) 100.79.0.0 range is. Maybe the Sonicwall don't wants that range of IP adress. Edited October 8, 2023 by Kermit67 Quote Link to comment Share on other sites More sharing options...
RicochetStarlink Posted October 8, 2023 Share Posted October 8, 2023 @Kermit67 Firstly, 100.79.x.x is definitely a public IP address range. Secondly, I can't image that SonicWall has any preference for or aversion to a specific IP address range (other than 169.254.x.x which is "special" in a whole other way). I am pretty certain that your SonicWall is not "rejecting" the 100.79.x.x address. Thirdly, while I can't say for sure what is keeping the SonicWall from connecting to Starlink, there is one Starlink-specific detail that may have some bearing here. Starlink assigns IP addresses using something called CGNAT (Carrier-Grade Network Address Translation). I won't attempt to explain the details of CGNAT -- not sure I can, LOL -- but suffice it to say that your Starlink connection may not be the only connection using your IP Address. You might be sharing it with other users. Maybe the SonicWall sees all this and says, "No thanks! Not playing!" ??? FWIW, this is a total guess on my part. I'm grabbing at straws here. Not having experience with SonicWall, I just looked them up. SonicWall is an enterprise-grade firewall -- a real boss piece of equipment. There are sooo many things that can be done with these commercial-grade firewalls, it's impossible to say wha the issue might be. Do you control the configuration of your SonicWall? If so, you might need to reach out to SonicWall support for assistance with this. If the configuration is controlled by a corporate IT department, I'd suggest reaching out to them. If you do reach out for assistance elsewhere, be sure to mention Starlink's use of CGNAT. FWIW, when I go to the Starlink Support Web site and search on "NAT". I see the following Quote Will enterprise site-to-site VPN or SDWAN appliances work on Starlink? Yes. Like client VPN applications, NAT traversal support via TCP or UDP is required on the Starlink side of the VPN/SDWAN appliance. VPNs that rely on protocols 47 (GRE), 50 (ESP), 51 (AH), 115 (L2TP) are dropped by CGNAT at this time. Quote Does Starlink work with VPNs? Yes. Starlink supports VPNs that use TCP or UDP. SSL based VPNs typically work best to traverse CGNAT. NAT traversal support is required by the VPN. We are unable to provide support for troubleshooting services for VPN connectivity issues. The Starlink App also may not work correctly when using VPN. Please contact your VPN provider for further support. Quote What IP address does Starlink provide? Starlink provides two IP policies, "default" and "public". The default IP configuration is Carrier Grade Network Address Translation (CGNAT) using private address space assigned to Starlink clients with DHCP from the 100.64.0.0/10 network. Network Address Translation (NAT) translates between Starlink private and public IPs. The Starlink public IP policy is an optional configuration available to Priority and Mobile Priority customers. A public IP is reachable from any device on the internet and is assigned to Starlink network clients using DHCP. While we do not provide a static IP option at this time, we utilize a reservation system so that the public IP address is reserved even when your Starlink is turned off or rebooted. Our system is dynamic where moving the Starlink to another location and Starlink software updates may cause the public IP to change. Starlink does not currently offer the ability for Standard or Mobile customers to receive a public IP. The public IP option can be enabled from the account dashboard. See instructions here. Each Starlink is allocated one IPv4 address and delegated a /56 IPv6 prefix for network clients. All Starlink network clients are assigned an IPv6 address. IPv6 is supported on all Starlink routers. The default IP policy using CGNAT blocks all inbound ports. Customers requiring inbound ports should consider products with a public IP option. The following outbound ports are blocked for all customers per information security best practices: TCP/25 (SMTP) and TCP/445 (SMB). As Starlink continues to expand and upgrade our global internet service infrastructure and rollout new capabilities, some users may see different IP address behavior (for example, publicly routable addresses, IPv6, non-CGNAT). HTH... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.