Yes, you are right about Starlink using CGNAT. I got in contact with them and they gave me some reading to do but they summerised it as:
Starlink offers two IPv4 configurations: 'default' and 'public.' The 'default' setting uses Carrier-Grade NAT (CGNAT) with private addresses, while the 'public' option provides a publicly reachable IPv4 address for certain plans. Starlink also supports native IPv6 for all routers and service plans, ensuring IPv6 addresses are assigned to compatible devices.
So I'll have a read and find out what they mean by "certain plans" for the public address.
From quick google search, Starlink use CGNAT which makes it's impossible to receive incoming connection. You'll need to use either Tor or VPN (which accept incoming connection or allow opening port) as workaround.
When you say VPN, do you mean running VPN on the Start9 node, or running VPN on the Router?
The problem with the latter is that there are so many websites (including this very forum) that marks the exit point IPs as being "bad" and thus can screw your internet experience... I don't think having EVERYTHING going through VPN (even though that sounds ideal) is a workable reality. Only becuase if a site does have a problem, then it would annoy me to have to dive into the route config to turn it off and on again.
I don't know who said that you must allow incoming connections. This is not true.
In fact, when a connection is established you send and receive date regardless of who initiated the connection.
If the initiator was you, then it's an outgoing connection, if it wasn't you then it's an incoming connection.
But, after it's established, everything works properly.
Thanks. I have to admit my knowledge of how the Bitcoin network works is going to show here... because what I don't understand is how a Node announces itself on the network and says "Oh hi, I have a copy of the full blockchain if anyone wants it".
The youtuber that said you need to open both ports also showed on Bitcoin Core how to show how many connections you have going in and out and it was different once he opened the inbound port.
But I can't seem to find a way to get to that screen he displayed, not on my Start9 setup, anyway.
The best way to allow incoming connections without messing with port configuration, as for this you may need assistance and permission from your ISP, is to allow TOR.
Do I have to do anything on my router to allow that? Because it *seems* like I can do TOR from any other machine.
Thanks for the reply and the info.
From quick google search, Starlink use CGNAT which makes it's impossible to receive incoming connection. You'll need to use either Tor or VPN (which accept incoming connection or allow opening port) as workaround.
This is directly from Starlink:
The Starlink public IPv4 policy is an optional configuration available to Priority and Mobile Priority customers. A public IPv4 is reachable from any device on the Internet and is assigned to Starlink network clients using DHCP. Although truly static IPs are not available, a reservation system retains the public IPv4 address and IPv6 prefix even when the system is off or rebooted. However, relocating the Starlink or software updates may change these addresses. Public IPv4 address are not available for Standard and Mobile plans. The public IPv4 option can be enabled from the account dashboard, see instructions here. Note: Starlink WiFi routers do not support port forwarding or firewall rules for IPv4 or IPv6.
Now if the Starlink router is in Bridge mode... Would my TP-Link router be able to use any static IP address assigned (if I pay the extra amount I assume the Premium plan does)?
