Skynet Skynet + Diversion behind CG-Nat Address

Mogsy

Regular Contributor
Hello,

Anyone here using Sky and Diversion behind CG-Nat 100.6x.2.xx? Not sure about Diversion. But when installing Skynet previously, there was a warning about CG-Nat address
 

SomeWhereOverTheRainBow

Part of the Furniture
Hello,

Anyone here using Sky and Diversion behind CG-Nat 100.6x.2.xx? Not sure about Diversion. But when installing Skynet previously, there was a warning about CG-Nat address
This is a known warning. As I recall by @Adamm , it generally can be ignored if everything is working properly. Diversion should work properly regardless of CG-NAT.
 

SomeWhereOverTheRainBow

Part of the Furniture
Thanks @Tech9 and @SomeWhereOverTheRainBow . Skynet + Diversion works well with my current ISP, but moving flat and getting fibreoptic from Hyperoptic UK. And I know they are behind 100.x.x.x address.
You should be good. The biggest challenges with CG-NAT comes more from the ISP end, than the userland. I really wish you luck switching to it. The only challenges I have seen in the userland is Dual WAN( or really any WAN) misconfigurations with it, meaning it is easy to misconfigure and everything still will appear to be working correctly until one day it doesn't.
 

Tech9

Part of the Furniture
Skynet is perhaps telling you it has nothing much to do. You are behind another firewall already.
 

Mogsy

Regular Contributor
You should be good. The biggest challenges with CG-NAT comes more from the ISP end, than the userland. I really wish you luck switching to it. The only challenges I have seen in the userland is Dual WAN( or really any WAN) misconfigurations with it, meaning it is easy to misconfigure and everything still will appear to be working correctly until one day it doesn't.
Planning to use ISP's DNS at least for 24 hours or follow @L&LD's guides
 

Mogsy

Regular Contributor
Installed Skynet + Diversion. Diversion working good but not Skynet
These error message pops up

Skynet: [*] Private WAN IP Detected 100.6x.x.xx - Please Put Your Modem In Bridge Mode / Disable CG-NAT

[*] Lock File Detected (start skynetloc=/tmp/mnt/pk/skynet) (pid=24017)
[*] Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarily "Failed" Tests

IPTables Rules | [Failed]


But Lock File was fine after a few minutes
 

Tech9

Part of the Furniture
But Lock File was fine after a few minutes

Normal. I'm more interested in this message - how the user can disable CG-NAT?
 

Mogsy

Regular Contributor
Normal. I'm more interested in this message - how the user can disable CG-NAT?
Lol, looking at the message I thought there was a way.

No blocked inbound. Before this at least 10 blocked inbounds in 20 minutes
 

Tech9

Part of the Furniture
Most likely you had nothing blocked by Skynet. The built-in firewall blocks all unsolicited connections. What you see in Skynet logs is mostly matched in blocklists IP addresses. You'll get the same logs without Skynet if you have this setting in Firewall GUI page:

1663850363511.png


Behind another firewall it may stay quiet as well. Otherwise it flows like a river from standard Internet background noise. Bots, scanners, etc. not real hackers. You'll get a full log page every minute.
 
Last edited:

Mogsy

Regular Contributor
Most likely you had nothing blocked by Skynet. The built-in firewall blocks all unsolicited connections. What you see in Skynet logs is mostly matched in blocklists IP addresses. You'll get the same logs without Skynet if you have this setting in Firewall GUI page:

View attachment 44366
Yes I have that and no dropped logs. Before this I switched logged packets type to None before installing Skynet

In Syslog. The default log level is Notice and log only messages than Debug?
 

Tech9

Part of the Furniture
Outbound originate from your network.
 

Mogsy

Regular Contributor
Uninstalled Skynet. Started to get dropped logs again but mainly from none risky IPs from Microsoft and Apple (checked on abuseipdb). Will leave it at that I think and probably find host list to include in Diversion
 

Mogsy

Regular Contributor
Finally :)) 1 blocked inbound *block outbounds was crypto something . Sorry guys, before this, it was just setup and leave it work and update occasionally. This 100x.x.x address zzzzzz. Also noticing type64 for Apple devices for arpa resolver I presume in Diversion


Skynet: [#] 187837 IPs (+0) -- 9249 Ranges Banned (+0) || 1 Inbound -- 131 Outbound Connections Blocked! [stats] [3s]

Using @Viktor Jaep 's list from other thread

 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top