What's new

Skynet Skynet + Diversion behind CG-Nat Address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Mogsy

Senior Member
Hello,

Anyone here using Sky and Diversion behind CG-Nat 100.6x.2.xx? Not sure about Diversion. But when installing Skynet previously, there was a warning about CG-Nat address
 
Hello,

Anyone here using Sky and Diversion behind CG-Nat 100.6x.2.xx? Not sure about Diversion. But when installing Skynet previously, there was a warning about CG-Nat address
This is a known warning. As I recall by @Adamm , it generally can be ignored if everything is working properly. Diversion should work properly regardless of CG-NAT.
 
Thanks @Tech9 and @SomeWhereOverTheRainBow . Skynet + Diversion works well with my current ISP, but moving flat and getting fibreoptic from Hyperoptic UK. And I know they are behind 100.x.x.x address.
You should be good. The biggest challenges with CG-NAT comes more from the ISP end, than the userland. I really wish you luck switching to it. The only challenges I have seen in the userland is Dual WAN( or really any WAN) misconfigurations with it, meaning it is easy to misconfigure and everything still will appear to be working correctly until one day it doesn't.
 
You should be good. The biggest challenges with CG-NAT comes more from the ISP end, than the userland. I really wish you luck switching to it. The only challenges I have seen in the userland is Dual WAN( or really any WAN) misconfigurations with it, meaning it is easy to misconfigure and everything still will appear to be working correctly until one day it doesn't.
Planning to use ISP's DNS at least for 24 hours or follow @L&LD's guides
 
Installed Skynet + Diversion. Diversion working good but not Skynet
These error message pops up

Skynet: [*] Private WAN IP Detected 100.6x.x.xx - Please Put Your Modem In Bridge Mode / Disable CG-NAT

[*] Lock File Detected (start skynetloc=/tmp/mnt/pk/skynet) (pid=24017)
[*] Locked Processes Generally Take 1-2 Minutes To Complete And May Result In Temporarily "Failed" Tests

IPTables Rules | [Failed]


But Lock File was fine after a few minutes
 
Normal. I'm more interested in this message - how the user can disable CG-NAT?
Lol, looking at the message I thought there was a way.

No blocked inbound. Before this at least 10 blocked inbounds in 20 minutes
 
Most likely you had nothing blocked by Skynet. The built-in firewall blocks all unsolicited connections. What you see in Skynet logs is mostly matched in blocklists IP addresses. You'll get the same logs without Skynet if you have this setting in Firewall GUI page:

1663850363511.png


Behind another firewall it may stay quiet as well. Otherwise it flows like a river from standard Internet background noise. Bots, scanners, etc. not real hackers. You'll get a full log page every minute.
 
Last edited:
Most likely you had nothing blocked by Skynet. The built-in firewall blocks all unsolicited connections. What you see in Skynet logs is mostly matched in blocklists IP addresses. You'll get the same logs without Skynet if you have this setting in Firewall GUI page:

View attachment 44366
Yes I have that and no dropped logs. Before this I switched logged packets type to None before installing Skynet

In Syslog. The default log level is Notice and log only messages than Debug?
 
Behind another firewall.
What does this mean? I switched to log packet for Both and plenty ACCEPT IN=br0 OUT=eth0
 
Outbound originate from your network.
 
Uninstalled Skynet. Started to get dropped logs again but mainly from none risky IPs from Microsoft and Apple (checked on abuseipdb). Will leave it at that I think and probably find host list to include in Diversion
 
Finally :)) 1 blocked inbound *block outbounds was crypto something . Sorry guys, before this, it was just setup and leave it work and update occasionally. This 100x.x.x address zzzzzz. Also noticing type64 for Apple devices for arpa resolver I presume in Diversion


Skynet: [#] 187837 IPs (+0) -- 9249 Ranges Banned (+0) || 1 Inbound -- 131 Outbound Connections Blocked! [stats] [3s]

Using @Viktor Jaep 's list from other thread

 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top