Starlink IP Passthrough Using WTI dual Ethernet

Knowledge Base

Starlink IP Passthrough (public ip) Using WTI dual Ethernet

Starlink IP Passthrough (public ip) Using WTI dual Ethernet

Network Overview WTI Upstream device

Interface Example IP Role
Eth0 98.97.123.99 Starlink WAN (port forwarding)
Eth1 192.168.1.1 DHCP Server + IP Passthrough to downstream

Network Overview WTI Downstream device

Interface Example IP Role
Eth0 192.168.1.3 DHCP Client (get DHCP lease from upstream Eth1)
In this scenario, the user can access the WTI upstream & downstream device remotely via Starlink (public IP), while IP passthrough mode passes any connections to the Starlink router (public IP) to the downstream device.

Complete the following steps to setup IP passthrough. The following steps will pass the WTI’s unit’s public IP through a device connected to Eth1. Similarly, Eth0 can be used.

WTI Upstream Device configuration

1. Configure Eth1

At the WTI CLI, enter /N1, configure the IP. Any dedicated private IP will work (i.e. 192.168.1.1), as it will normally not be accessible and only exists between the WTI upstream device and the downstream device.

2. Configure DHCP server

  • At the WTI CLI, enter /N1
  • Select 4 for DHCP
  • Select 2 for DHCP Server
  • Enable DHCP Server
  • Set the gateway as the IP of eth1 (i.e. 192.168.1.1)
  • Enter a Primary/Secondary DNS server (i.e. 8.8.8.8 / 8.8.4.4 for Google DNS)
  • Modify Domain Name, Default Lease, and Maximum Lease if desired
  • Modify Pool Start/End to define the IP range that will be served to LAN clients. Ensure the pool does not contain the IP of eth1 (i.e. Start = 10, End = 30)

3. Enable IP Passthrough

  • At the WTI CLI, enter /N
  • Select 35 for IP Passthrough
  • Select 1 to enable IP Passthrough (LTPs will automatically be configured when enabled)
  • Select 2 set Upstream Interface as eth0
  • Select 3 set Downstream Interface as eth1
  • Select 4 to set the MAC address for the downstream device you want to pass the IP to. If no MAC is selected, the last device to request a DHCP lease will be used.
Note: When IP passthrough is enabled, Locally Terminated Ports are automatically configured to the original port number plus 5000 for HTTP, HTTPS, and SSH. This prevents the unit from becoming inaccessible and guarantees out-of-band access. Use options 5/6/7 to enable/disable services or change locally terminated port numbers. When the feature is turned off, ports return to their original states.

WTI Downstream Device configuration

1. Configure Eth0 as a DHCP (Client)

  • At the WTI CLI, enter /N
  • Select 4 DHCP
  • Select 1 DHCP Client
  • Select 1 enable DHCP
  • Select 2 Host Name (optional)
  • Select 3 Lease Time Off
  • Select 4 Obtain DNS address auto set to On
  • Select 5 DNS Server Update set to On
  • Select 6 Default Gateway set to On

Connect Downstream Device

Connect the downstream device to the upstream device on eth1. Ensure the device is configured to acquire an IP address via DHCP. If the downstream device is another WTI device, set options 4, 5, and 6 to ON. The downstream device should acquire an IP address in the range set by the upstream DHCP pool and should behave as if directly connected to the internet at the upstream Starlink router public IP.

Test Internet Connectivity

Ping 8.8.8.8 or google.com from the downstream device.

Test Connecting to downstream device (where x.x.x.x is the Starlink public IP)

http://x.x.x.x should connect to downstream interface's web interface
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface

Test Locally Terminated Ports (where x.x.x.x is the Starlink public IP)

http://x.x.x.x:5080 should connect to the web interface of the upstream device (connection not passed to downstream device)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)

Starlink IP Passthrough (private ip) Using WTI dual Ethernet

Network Overview WTI Upstream device

Interface Example IP Role
Eth0 172.10.10.10 Starlink LAN
Eth1 192.168.1.1 DHCP Server + IP Passthrough to downstream
VPN Tunnel (optional) IPsec or Open VPN Remote User Access

Network Overview WTI Downstream device

Interface Example IP Role
Eth0 192.168.1.3 DHCP Client (get DHCP lease from upstream Eth1)
VPN Tunnel (optional) IPsec or Open VPN Remote User Access
In this scenario, a local user can access the WTI upstream & downstream device via the Starlink (LAN) network, while IP passthrough mode passes any connections to the Starlink router to the downstream device. For remote users that need access from a corporate network, create an IPSec VPN or OpenVPN of your choice.

Complete the following steps to setup IP passthrough. The following steps will pass the WTI’s unit’s public IP through a device connected to Eth1. Similarly, Eth0 can be used.

WTI Upstream Device configuration

1. Configure Eth1

At the WTI CLI, enter /N1, configure the IP. Any dedicated private IP will work (i.e. 192.168.1.1), as it will normally not be accessible and only exists between the WTI upstream device and the downstream device.

2. Configure DHCP server

  • At the WTI CLI, enter /N1
  • Select 4 for DHCP
  • Select 2 for DHCP Server
  • Enable DHCP Server
  • Set the gateway as the IP of eth1 (i.e. 192.168.1.1)
  • Enter a Primary/Secondary DNS server (i.e. 8.8.8.8 / 8.8.4.4 for Google DNS)
  • Modify Domain Name, Default Lease, and Maximum Lease if desired
  • Modify Pool Start/End to define the IP range that will be served to LAN clients. Ensure the pool does not contain the IP of eth1 (i.e. Start = 10, End = 30)

3. Enable IP Passthrough

  • At the WTI CLI, enter /N
  • Select 35 for IP Passthrough
  • Select 1 to enable IP Passthrough (LTPs will automatically be configured when enabled)
  • Select 2 set Upstream Interface as eth0
  • Select 3 set Downstream Interface as eth1
  • Select 4 to set the MAC address for the downstream device you want to pass the IP to. If no MAC is selected, the last device to request a DHCP lease will be used.
Note: When IP passthrough is enabled, Locally Terminated Ports are automatically configured to the original port number plus 5000 for HTTP, HTTPS, and SSH. This prevents the unit from becoming inaccessible and guarantees out-of-band access. Use options 5/6/7 to enable/disable services or change locally terminated port numbers. When the feature is turned off, ports return to their original states.

WTI Downstream Device configuration

1. Configure Eth0 as a DHCP (Client)

  • At the WTI CLI, enter /N
  • Select 4 DHCP
  • Select 1 DHCP Client
  • Select 1 enable DHCP
  • Select 2 Host Name (optional)
  • Select 3 Lease Time Off
  • Select 4 Obtain DNS address auto set to On
  • Select 5 DNS Server Update set to On
  • Select 6 Default Gateway set to On

Connect Downstream Device

Connect the downstream device to the upstream device on eth1. Ensure the device is configured to acquire an IP address via DHCP. If the downstream device is another WTI device, set options 4, 5, and 6 to ON.

Test Internet Connectivity

Ping 8.8.8.8 or google.com from the downstream device.

Test Connecting to downstream device (where x.x.x.x is the Starlink LAN IP)

http://x.x.x.x should connect to downstream interface's web interface
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface

Test Locally Terminated Ports (where x.x.x.x is the Starlink LAN IP)

http://x.x.x.x:5080 should connect to the web interface of the upstream device (connection not passed to downstream device)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)

Test Connection via VPN Tunnel for upstream device (where x.x.x.x is VPN virtual IP)

http://x.x.x.x:5080 should connect to the web interface of the upstream device (connection not passed to downstream device)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)

Test Connection via VPN Tunnel for downstream device (where x.x.x.x is VPN virtual IP)

http://x.x.x.x should connect to downstream interface's web interface
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface

Published on

Tags: