Knowledge Base
Starlink IP Passthrough (public ip) Using WTI dual Ethernet and Cellular
Starlink IP Passthrough (public ip) Using WTI dual Ethernet and Cellular
Network Overview WTI Upstream device
| Interface | Purpose | Example IP | Notes |
|---|---|---|---|
| qmimux0 | Cellular backup | 166.130.74.223 | For remote access |
| Eth0 | Starlink (WAN) | 98.97.123.99 | set default gateway |
| Eth1 | Downstream connection | 192.168.1.1 | DHCP server + IP Passthrough to downstream |
Network Overview WTI Downstream device
| Interface | Purpose | Example IP | Note |
|---|---|---|---|
| Eth0 | DHCP Client | 192.168.1.3 | (get DHCP lease from upstream Eth1) |
Complete the following steps to setup IP passthrough. The following steps will pass the WTI’s unit’s public IP through a device connected to Eth1. Similarly, Eth0 can be used.
WTI Upstream Device configuration
1. Configure Eth1
At the WTI CLI, enter /N1, configure the IP. Any dedicated private IP will work (i.e. 192.168.1.1), as it will normally not be accessible and only exists between the WTI upstream device and the downstream device.
2. Configure DHCP server
- At the WTI CLI, enter /N1
- Select 4 for DHCP
- Select 2 for DHCP Server
- Enable DHCP Server
- Set the gateway as the IP of eth1 (i.e. 192.168.1.1)
- Enter a Primary/Secondary DNS server (i.e. 8.8.8.8/8.8.4.4 for google DNS)
- Modify Domain Name, Default Lease, and Maximum Lease if desired
- Modify Pool Start/End to define the IP range that will be served to LAN clients. Ensure that the pool range does not contain the IP of eth1 (i.e. Start = 10, End = 30)
3. Enable IP Passthrough
- At the WTI CLI, enter /N
- Select 35 for IP Passthrough
- Select 1 to enable IP Passthrough (LTPs will automatically be configured when feature is enabled)
- Select 2 set Upstream Interface as eth0
- Select 3 set Downstream Interface as eth1
- Select 4 to set the MAC address for the downstream device which you would like to pass the ip address to. If no MAC is selected, the last device to request a DHCP lease will be used.
4. Add Static Route
- At the WTI CLI, enter /N
- Select 6 for static route
- To allow your network to access cellular ip remotely.
- i.e. what is my ip: 74.125.147.123
- i.e. cellular gateway ip: 166.130.74.125
route add 74.125.147.123 gw 166.130.74.125
ip route add default via 98.97.123.1 dev eth0 metric 100
ip route add default via 166.130.74.125 dev qmimux0 metric 200
When Eth0 fails, the kernel will automatically switch to the higher-metric route.
WTI Downstream Device configuration
1. Configure Eth0 as a DHCP (Client)
- At the WTI CLI, enter /N
- Select 4 DHCP
- Select 1 DHCP Client
- Select 1 enable DHCP
- Select 2 Host Name (optional)
- Select 3 Lease Time Off
- Select 4 Obtain DNS address auto set to On
- Select 5 DNS Server Update set to On
- Select 6 Default Gateway set to On
Connect Downstream Device
Connect downstream device to the upstream device on eth1. Make sure the device is configured to acquire an IP address via DHCP. If downstream device is another WTI device, set options 4, 5, and 6 to ON. Your downstream device should acquire an IP address in the range set in upstream device step 2 DHCP Configuration Pool start/End range above. The downstream device should now behave as if directly connected to the internet at the upstream device starlink router public IP.
Test Internet Connectivity
Ping 8.8.8.8 or google.com from downstream device
Test Connecting to upstream device via cellular ip (where x.x.x.x is cellular ip)
http://x.x.x.x should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x should securely connect to the command line interface of the upstream device (connection not passed to downstream device)
Test Connecting to downstream device (where x.x.x.x is the starlink ip)
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface
Test Locally Terminated Ports (where x.x.x.x is the starlink ip)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)
Starlink IP Passthrough (private ip) Using WTI dual Ethernet and Cellular
Network Overview WTI Upstream device
| Interface | Purpose | Example IP | Notes |
|---|---|---|---|
| qmimux0 | Cellular backup | 166.130.74.223 | For local and remote access |
| Eth0 | Starlink (LAN) | 172.10.10.10 | set default gateway |
| Eth1 | Downstream connection | 192.168.1.1 | DHCP server + IP Passthrough to downstream |
| VPN Tunnel (optional) | Secured connection | IPSec or Open VPN | Remote User Access |
Network Overview WTI Downstream device
| Interface | Purpose | Example IP | Note |
|---|---|---|---|
| Eth0 | DHCP Client | 192.168.1.3 | (get DHCP lease from upstream Eth1) |
| VPN Tunnel (optional) | Secured connection | IPSec or Open VPN | Remote User Access |
Complete the following steps to setup IP passthrough. The following steps will pass the WTI’s unit’s public IP through a device connected to Eth1. Similarly, Eth0 can be used.
WTI Upstream Device configuration
1. Configure Eth1
At the WTI CLI, enter /N1, configure the IP. Any dedicated private IP will work (i.e. 192.168.1.1), as it will normally not be accessible and only exists between the WTI upstream device and the downstream device.
2. Configure DHCP server
- At the WTI CLI, enter /N1
- Select 4 for DHCP
- Select 2 for DHCP Server
- Enable DHCP Server
- Set the gateway as the IP of eth1 (i.e. 192.168.1.1)
- Enter a Primary/Secondary DNS server (i.e. 8.8.8.8/8.8.4.4 for google DNS)
- Modify Domain Name, Default Lease, and Maximum Lease if desired
- Modify Pool Start/End to define the IP range that will be served to LAN clients. Ensure that the pool range does not contain the IP of eth1 (i.e. Start = 10, End = 30)
3. Enable IP Passthrough
- At the WTI CLI, enter /N
- Select 35 for IP Passthrough
- Select 1 to enable IP Passthrough (LTPs will automatically be configured when feature is enabled)
- Select 2 set Upstream Interface as eth0
- Select 3 set Downstream Interface as eth1
- Select 4 to set the MAC address for the downstream device which you would like to pass the ip address to. If no MAC is selected, the last device to request a DHCP lease will be used.
4. Add Static Route
- At the WTI CLI, enter /N
- Select 6 for static route
- To allow your network to access cellular ip remotely.
- i.e. what is my ip: 74.125.147.123
- i.e. cellular gateway ip: 166.130.74.125
- route add 74.125.147.123 gw 166.130.74.125
ip route add default via 98.97.123.1 dev eth0 metric 100
ip route add default via 166.130.74.125 dev qmimux0 metric 200
When Eth0 fails, the kernel will automatically switch to the higher-metric route.
5. Add IPTABLES
- At the WTI CLI, enter /N
- Select 5 for IPTABLES and add the below
#Enable NAT on both eth0 and cellular so traffic from LAN (eth1) gets masqueraded properly
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o qmimux0 -j MASQUERADE
#Allow forwarding eth0 and eth1
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
WTI Downstream Device configuration
1. Configure Eth0 as a DHCP (Client)
- At the WTI CLI, enter /N
- Select 4 DHCP
- Select 1 DHCP Client
- Select 1 enable DHCP
- Select 2 Host Name (optional)
- Select 3 Lease Time Off
- Select 4 Obtain DNS address auto set to On
- Select 5 DNS Server Update set to On
- Select 6 Default Gateway set to On
Connect Downstream Device
Connect downstream device to the upstream device on eth1. Make sure the device is configured to acquire an IP address via DHCP. If downstream device is another WTI device, set options 4, 5, and 6 to ON. Your downstream device should acquire an IP address in the range set in upstream device step 2 DHCP Configuration Pool start/End range above. The downstream device should now behave as if directly connected to the internet at the upstream device starlink router public IP.
Test Internet Connectivity
Ping 8.8.8.8 or google.com from downstream device
Test Connecting to upstream device via cellular ip (where x.x.x.x is cellular ip)
http://x.x.x.x should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x should securely connect to the command line interface of the upstream device (connection not passed to downstream device)
Test Connecting to downstream device (where x.x.x.x is starklink ip)
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface
Test Locally Terminated Ports (where x.x.x.x is starklink ip)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)
Test Connection via VPN Tunnel for upstream device for remote access (where x.x.x.x is vpn virtual ip)
https://x.x.x.x:5443 should securely connect to the web interface of the upstream device (connection not passed to downstream device)
ssh super@x.x.x.x -p 5022 should securely connect to the command line interface of the upstream device (connection not passed to downstream device)
Test Connection via VPN Tunnel for downstream device for remote access (where x.x.x.x is vpn virtual ip)
https://x.x.x.x should securely connect to downstream interface's web interface
ssh super@x.x.x.x should securely connect to downstream interface's command line interface