This site uses cookies to store information on your computer. Some of these cookies are essential to make this site work and others help us to gain insight into how it is being used.
More
These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking some simple links. We also use some non-essential cookies to anonymously track visitors or enhance your experience of this site. If you're not happy with this, we won't set these cookies but some nice features on the site may be unavailable. To control third party cookies, you can also adjust your browser settings. If you wish to view any policies or terms of usage that you cannot find on this website, please contact us. You can change your mind and opt-out at any time by clicking the ✻ icon above.
I consent to cookies
I don't consent to cookies

What is a Gateway?

This page supplements our pages on Rural Internet and WiFi to explain what an Internet Gateway is and basic gateway configuration issues you might come across.

[This page is a work in progress and we hope to add some supporting imagery and additional information in due course].

What is a Gateway?

As mentioned on our Rural Internet with Starlink Page and our Fixing Poor WiFi Page, most Internet Service providers (ISPs) bundle the itnernet connection and the WiFi into a single box.  The third function they bundle in is the Internet Gateway whoich links the Internet (Wide Area Network, WAN) connection to the Wifi and any physical ethernet ports that form the Local Area Network LAN.

The main role of the gateway is to work route traffic from the LAN to the WAN and traffic from the WAN the LAN. to do this most basic internet gateways provide the following functions:

Basic Firewall

This stops unwanted traffic from coming into the LAN from the WAN.  It normally means that the only traffic most gateways will let in is replies to traffic that has gone out, for example when your web browser visits a web page the gateway lets the request out and it accepts the HTTP (web protocol) reply back in that corresponds to that request.  Any other traffic is blocked, though an exception offered by a lot of basic home routers that many people have heard of is something called port forwarding where a specific request type on a specific "port" is allowed through to a specific device. A more detailed discussion of port forwarding and other firewall configuration and functionality is beyond the scope of this article.

Network Address Translation (NAT)

Underlying the human readable "domain names" that we are familiar with like "google.com" and "chalebayfarm.co.uk" the internet works by identifying where data is to be sent using IP addresses.  IP addresses are the groups of four numbers (bytes) you may have seen such as 192.168.1.1.  Each number can be from 0 to 255 meaning there can be 256x256x256x256 or over 4 billion different IP addresses.  In practice there are a fewer usable addresses in total as there are sub groupings and special purpose usages that reduces the total, but that is probably too much detail for here; and of course there are more computing devices than that in the world nowadays (which probably wasn't envisaged in the late 1960's when the four byte number group was invented).

Although there is now a new version of the protocol that co-exists called IPv6 which has probably more addresses than grains of sand in the world IPv6 is still mainly used in large commercial networks and to handle traffic over the wider internet, whilst domestic networks still use the earlier version of the protocol, and thefore use something called Network Address Translation. 

Some IP addresses have therefore been designated as special use and some ranges for example 192.168.x.x has been dedicated to being used internally within small networks.  To make this work the Gateway masquerades as a single IP address on the WAN and only it knows about the devices on the LAN, so when you laptop browses a web page for example, the gateway takes over the request and does it for your laptop and when the reply comes back in knows that reply should be forwarded to your laptop.  This way only one public IP address is needed for the entire LAN, and so typically over 250 addresses are assignable for a typical domestic network and over 65,000 addresses are assignable in a network operated by a big business.

The ISP normally provides the gateway with the public IP WAN address and the gateway provides the devices on the WAN with IP addreses using something called DHCP (see below).

Dynamic Host Configuration Protocol (DHCP)

This is a bit of a techie mouthful but what it means is that instead of you having to configure every device on the local area network, it can be configured automatically using DHCP.  Using the protocol the device, say your laptop or smartphone asks the gateway and says "please can you give me an IP address so I can work on the local area network and other information to use the internet.  The gateway will give the device a "lease" on the information which says "here's your IP address and other stuff to do with the connection; you can have that informaton for a certain amount of time, come back to me if you want to use it longer".

Most gateways supplied by ISPs have sensible default settings so you don't usually need to touch it but In the gateway configuration (often done with a web browser, sometimes on an "advanced settings" screen), you can often change the settings of the IP addresses and other information provided by the gateway.  It's easy to break things if you don't know what you are doing!

Doman Name Service (DNS)

The Domain Name Service is what translates the human readable names into internet addresses (IP addresses).  There are several master Domain Name Servers in the world and from these the lookup information is propagated to trusted sources that provide domain name services.  Most ISPs have their own local DNS servers which "cache" information from the masters (save a copy for a set amount of time to make things more efficient). As well as telling the gateway their WAN address the ISP will usually inform the gateway of the DNS servers to use.  In turn the gateway will normally used DHCP to pass this information on to the devices on the LAN as part of the "other stuff"  mentioned under above.  Many gateways are able to cache DNS themselves, so it's quite common if you were to look at the settings allocated to see your DNS address is the same as the gateway's IP address.

Resolving Problems and Issues in the Starlink Context

There are four principle issues that can occur especially when putting a third party WiFi solution or Wired solution into the Starlink context, or in fact with any ISP (though bceause of the very limited user access to configure Starlink network options, some issues are not so easily worked around)

The first issue is accidently ending up with two gateways.  The second issue is ending up with a gateway without key information configured. The third issue is accidently having no gateway!  The final issue is a clash between Starlink's WiFi and the third party WiFi.

The following advice is trying to generically give people enough to go on from my experience answering questions on the Starlink UK group on Facebook. I'm not providing precise "how to" here as with the number of different network and mesh devices now on the market this would be impossible but hopefuly providing enough key terms for someone who has followed the information to date to look up how to do the thing we are talking about with their device.

Two Gateways

This can occur if you plug a wifi solution that is actually configured by a defaul as a gateway into a ISP equipment like Starlink. 

There are two potential issues with two gateways, the first of which will stop every working dead in its tracks!

In Starlink's case with the current standard equipment you will need the add-on ethernet equipment to do this. A very very common default network address range to be used by gateways is 192.168.1.x, with the gateway itself being 192.168.1.1 and providing client devices with addresses from 192.168.1.2 upwards. So, if for example Starlink is NOT in bypass mode (which bypasses its gateway functionality) and the default configuration of the addon equipment is for it to be acting as a gateway you could end up with two nested gateways and the problem for the inner gateway is that it will probably have been given a WAN address by the outer gateway that looks like it should on its LAN side - if you're  confused just reading that then that's fine - so is the inner gateway and it won't know where to route stuff and even though a client device might think it's connected to the inner gateway's WiFi and indeed it is, that doesn't matter because the inner gateway hasn't go a clue where to send the traffic as it's been effectively told by the outer gateway to send it to itself because of the IP address clash.  The devices two gateways are said to be on the same subnet.

This configuration may explain a very strange symptom that I've seen reported a couple of times which is the Wifi "sometimes" seems to work.  To understand this, let's assume the third party WiFi has the gateway clash as above, and Starlink's WiFi is also on.  In this case a client device connecting to the starlink wifi can get routed correctly as it is connected to the outer gateway, but as you walk around the property it may then connect to the add-on wifi which is connected to the inner gateway and the routing then stops.

The second scenario where the add-on router is not using 192.168.1.x but another private LAN address range, say 192.168.4.x  In this case the addresses don't clash and so although the routers end up nested they don't have conflicting address ranges they are NOT on the same subnet.  What this does cause is something called "double NATing".  Double NATing in a domestic network isn't often not as bad in practice as some people would have you believe but it is rightfully frowned upon by purists as bad practice.  What it means is though is that the NATing as explained above happens twice which is obviously inefficient.  It also creates huge complications if the firewall capability is being used in anything other than default mode.  

To solve both these issues most professionals like it to be possible to turn off the gateway and routing functionality of an ISP gateway.  This is often called "bridge" mode as it as if the the traffic goes across a metaphorical  "bridge" straight from the connection to the WAN port of the preferred gateway.  In the context of Starlink this is why you would turn off the Starlink WiFi and enter what it calls "Bypass" mode, thus turning Starlink strictly into being an internet connection, with the third party solution be it a Mesh solution or wired solution providing WiFI and physical ports as appropriate.

Having said all this, whilst we used Bypass mode with Starlink, we use double NATing if we are in failover mode on our EE 4G connection as the EE router has a very "dumbed down" interface and does not allow us to do otherwise - however of course we do use non-conflicting subnets.

Insufficiently Configured Gateway

This can occur if the ISP does not provide comprehensive DHCP information to the gateway including DNS, but only provides the WAN IP address. In the context of Starlink this appears to happen in some instances where you switch enter Bypass mode.  The symptom then is that client devices seem to connect to the WiFi and indede they are and may even appear to connect to other devices on the LAN (like being able to print or control IoT devices), however functionality like browsing the web isn't working.

The most likely cause is lack of DNS information.  The quick check for this is to open up a command prompt window on a pc or laptop and type "ping 8.8.8.8"  and then "ping google.com".  If the numeric version returns ping times but the human readable version doesn't it is almost definite that DNS is the issue.  The solution to this is to manually enter public DNS servers.  You can google "best public dns" to find examples, but popular ones include Cloudflare (1.1.1.1),  Google (8.8.8.8) and Open DNS (208.67.222.222 and 208.67.220.220).   The other thing we may need to do is make sure these settings are propagated to client devices via DHCP.  They way in which this is done is very dependent on the actual gateway in use and is often under "Advanced" settings.  In some gateways, you need to tell the gateway the DNS servers to use in a master network setting and then configure them for a second time in the DHCP settings.  In some routers the DHCP settings allow the gateway itself to act as a "passthrough" or "relay" or similar terminology for DNS, and offer this as a toggle option meaning it's IP address will be used in the DHCP settings.  The final important thing to remmeber is that client devices probably won't instantly get the new information as the DHCP has a "lease" time associated with it.  You can often forse a refresh by disconnecting the device totally from the network and reconnecting it.

No Gateway

This can occur if you have set Starlink into Bypass mode but the third party WiFi or networking solution isn't offering gateway functions.  It's important when acquiring a Mesh or networking solution that it can act as a gateway.  ASome cheap mesh units are NOT gateways, they are just mesh nodes.  In some more expensive ranges any Mesh node can act as a gateway, in others, there is a difference between a primary node that can be a gateway and secondary ones that can only be mesh nodes.  Similarly with network solutions like Unifi - a basic Unifi switch is not a gateway, you need one of their gateway products for that, whilst a nearly identical looking switch from another provider (and in fact elsewhere in the Ubiquit product sets) might well be configurable as a gateway.  The important thing is to look at the specs and check they key ateway fiunctions are there: having a WAN port as well as LAN ports is the gievaway, as well as other functions like providing NAT, and DHCP.

The other thing to remember is that just as the Starlink can be set to Bypass mode, some gateway devices can also be set to bridge or bypass mode so if they aren't working as planned it may be they are in the wrong mode.  Quite a few devices (Starlink included) can be difficult to talk to directly when in bypass/bridge mode so may need factory resets to re-enable gateway mode.

Interfering WiFi

A final issue is if you have co-existing WiFi.  If they have different WiFi (SSID) names things will normally be OK as long as different channels are chosen to reduce interference, remembering to choose from channels 1, 6 and 11 in the 2.4GHz space and spearate channels in the 5GHz space.

One thing definitely to be avoided is using say the Starlink WiFi as well as the third party WiFi and especially if you use the same having the WiFi (SSID) name.  Not only will you be at risk of the Subnet clash above and double NATing even if you don't have a clash, and not only will you have risk of radio channel choice interference, but WiFi has a lot more going on under the hood that the user doesn't normally see or have to worry about and whilst in a mesh system the nodes coordinate with each other, if you add an alien node into the mix with the same name all sorts of strange symptoms can appear including devices dropping not getting or dropping connection, strange latency delays and overall poor performance. 

This is why the professional view when adding a WiFi solution to Starlink (or in fact any ISP's bundled router), is to use the ISPs router only for the physical internet connection and turn the gateway and wifi facilities off by using a bridge or bypass mode.

In Summary

We hope this information is helpful and sheds some light on many issues we've seen in configuring and operating Internet and WiFI in a hospitality environment including with Starlink..