How to bypass Excitel (or any other isp) firewall and NAT

Sidharth P

[OP]
Regulars
May 10, 2015
167
35
For nearly a year, I have been trying to find a way to punch through excitel's firewall to make my LAN accessible through WAN.

As Excitel uses carrier grade NAT to provide its services, we weren't able to access our home servers, cameras etc .

Recently, I found a software called ZeroTier One, it is an open source software which allows the user to create a Virtual Peer to Peer Network and bridge multiple networks. The magical thing is this software is able to traverse through the NAT and firewall like it's normal business.
This software allows you to create a virtual network and assign a local static IP to every one of your devices which can then be accessed from WAN if you login. It can do this and punch through NAT at the same time without any need for port forwarding from your or ISP side.

Here is how you set it up:

1. Go to www.zerotier.com/download.shtml and download the software for your phone or computer and install it.

2. Create a new virtual network on my.zerotier.com and set the network to public. It can be set to private if you want to manually allow the devices.

3. Copy the network ID from my.zerotier.com and paste it into the zerotier software you just downloaded and connect.

Now all the devices are on same network and can communicate directly with each other.

Heres what I tested out:
1. Parsec and NVIDIA Gamestream works flawlessly with minimum latency.

2. I turned ICMP Echo on my PC on Excitel and it pinged perfectly fine with my 4G Network from outside the LAN.

3. PLEX servers work fine as well from outside LAN with zerotier.

The software is free and open source and supports up to 100 devices and even more if you are willing to pay.
 

Rohan Chawla

Member
Aug 10, 2015
13
1
I am in the same boat as you but zerotier dowsnt solves the issue for me I still cant access plex from outside the network. What am I doing wrong??
 

Sidharth P

[OP]
Regulars
May 10, 2015
167
35
Can you see the server and the files?
Please send me a screenshot of zerotier window.
Here are a few steps you can take to troubleshoot this issue:
Network related:

1. Put your PLEX Server on DMZ
2. Disable the windows firewall temporarily
3. Assign static IP to all machines on the LAN using Static IP setting or DHCP Reservation, I usually prefer the latter.

On my.zerotier.com :
1. Disable auto assign from range setting for both ipv4 and ipv6 .
Source

2. Assign IP addresses manually let's say 172.29.0.10 for server and 172.29.0.20 for Client. This is done by typing in the IP address and clicking on + sign
Source


3. Enable Network bridging by clicking on the spanner next to your Server .
Source


4. If you are on android make sure that the key notification appears on top.

On PLEX:
1. Try opening your Plex server from browser on WAN with the IP address you manually assigned earlier.
Source


2. Try playing videos to see if it works.

I'll put some screenshots soon
 


Last edited:

Sidharth P

[OP]
Regulars
May 10, 2015
167
35
No problem. For better security I would recommend the following:

1. Set your Zerotier network access to "Private" after setting it up. If you want to add more machines, you can manually authenticate it from my.zerotier.com .


2. Enable Windows Defender and Firewall which you disabled earlier for troubleshooting . Usually this isn't a problem since ZeroTier creates an exception.

3. Instead of putting your machine on DMZ you could instead forward port 9993 (Both TCP and UDP) on your router. This isn't that big of a problem since you are already behind a carrier grade NAT but it'll make the network more secure.
 
  • Like
Reactions: Rupeshwar

RadiatedTofu

Member
Aug 7, 2017
16
3
This has to be installed on both the mobile and desktop devices right? Suppose I want to acess my desktop from outside then both the desktop and mobile device should be on the same zerotier network?
 


Sidharth P

[OP]
Regulars
May 10, 2015
167
35
Yep, both the devices must be on the same Zerotier network. Zerotier is on Windows, Linux , iOS, Mac and can be installed as add-on on most NAS.
 
  • Like
Reactions: Rohan Chawla