Skip to main content

We launched a new site in June 2025. If you are a previous customer, you will need to set a new password.

  • Blog
  • 3 min read

Options to Remotely Access LAN Devices behind Cellular Gateways

Dennis Mathew | July 6, 2015
Options to Remotely Access LAN Devices behind Cellular Gateways

Note: All comments in this post are written for cellular gateways deployed on the public internet and may or may not apply to gateways deployed on carrier private networks.

By default, cellular gateways behave like traditional routers—that is, they allow communications originating from the LAN side (devices behind the cellular gateway) and block unsolicited incoming communications from the WAN side (cellular network/Internet). Therefore, unless the connection was initiated from a LAN device, the LAN device is not reachable from the WAN. To remotely access LAN devices, you will need to use one of the following methods:

  1. IPPT (IP Passthrough)
  2. DMZ
  3. Port Forwarding
  4. VPN (site-to-site or Road Warrior)

IP Passthrough Mode (IPPT a.k.a "Bridge mode")

IPPT is a routing mode where the cellular gateway authenticates with the cellular carrier network (obtains a WAN IP) and “shares” that IP address with a single device connected to the gateway. IPPT allows only one connected device to be accessible from the WAN. It is commonly used when the gateway serves as a WAN uplink to a firewall. Firewalls often require a public static IP directly on the WAN interface for certain functions to operate correctly.

ip-passthrough-mode-1.jpg

Pros:

  • Easy to configure – typically just requires selecting the IPPT mode and performing a reboot.

Cons:

  • Supports only a single LAN device for inbound and outbound traffic
  • LAN device is not firewalled by the gateway
  • Communication to LAN device is unencrypted (unless the application provides encryption)
  • Communication is unauthenticated and allowed from any IP (typically mitigated by pairing with a firewall)

Demilitarized Zone (DMZ)

DMZ mode allows a single device to run outside the firewall, exposing all ports to that device. It is useful when many ports need to be forwarded to a specific device (e.g., mail server, web server, media server).

dmz-2.jpg

Pros:

  • Easy to configure – only requires setting the LAN device’s IP for DMZ
  • Supports multiple LAN devices for outbound traffic, in addition to the DMZ host

Cons:

  • Supports only a single LAN device for inbound traffic
  • DMZ host is not firewalled by the gateway
  • Communication is unencrypted (unless the application provides encryption)
  • Communication is unauthenticated and allowed from any IP (some gateways support Access Control or "Friendly IP" lists)

Port Forwarding

Port forwarding allows remote devices to send traffic through the gateway’s firewall to specific hosts or services inside the LAN.

port-forwarding-3.jpg

Pros:

  • Supports multiple LAN devices and services for inbound traffic

Cons:

  • Communication is unencrypted (unless the application provides encryption)
  • Communication is unauthenticated and allowed from any IP (some gateways support Access Control or "Friendly IP" lists)

Virtual Private Network (VPN)

A VPN allows the user to access the private LAN as if physically connected at the site. Unlike port forwarding, VPNs provide security through tunneling protocols, authentication, and encryption.

vpn-4.png

Pros:

  • Supports multiple LAN devices and services for inbound and outbound traffic
  • All traffic is encrypted

Cons:

  • Configuration and setup can be complex depending on equipment and network size
  • Throughput may be reduced due to encryption overhead
  • Some VPNs require client software (e.g., for mobile or remote users)

The best remote

Tags

Related Posts

View All Insights
!