I see some of these questions pop up often on the HughesNet community support forums. Note: I am not affiliated with HughesNet (other than being a customer).
GEN4 (HT1000 modem) Networking FAQ
Q. Is the HT1000 a modem or a router?
The HT1000 is an interesting device. It seems to qualify as both a router and a modem. (So, a Rodem?) It gives out IP addresses via DHCP and IPv6 addresses via radvd/DHCP6. The modem functions as a DNS forwarder. It also has an onboard HTTP proxy (see Web Acceleration, far below). However, it does not provide any sort of NAT functionality. There is no port forwarding on the HT1000 because there is no NAT mechanism to forward ports through. This might sound appealing for remote access; however, the current residential GEN4 systems do not have public IP addresses, so it doesn’t matter either way. (Read further down.)
You have several choices when integrating this device into your network. You can plug a single computer directly into it. The computer will be configured via DHCP/DHCP6/SLAAC. You can connect up to 5 devices to it via a hub or switch. Or you can connect it to a router. Just be aware that it wants the IP address 192.168.0.1 for its status webpage. If your router also uses this IP address, change it before connecting it to the modem. Also be aware that it has no firewall.
Q. Why can I only connect 5 devices to the HT1000?
You can only connect 5 devices directly to the HT1000. Its built-in DHCP server imposes a limit on the number of leases it will give out because IPv4 addresses are disturbingly finite. If you are using a router, there is no limit from HughesNet as to the number of devices you can use with your HT1000, so long as the devices are connected to the router and not the modem.
Q. Does HughesNet filter any ports? -or- Can I configure port forwarding on the HT1000? -or- Is there a firewall on the HT1000?
No and no and no. However, even when directly connected to the modem, you’re behind a CGN (Carrier-Grade NAT) layer; HughesNet masquerades many customers behind a handful of massive NAT gateways. If you’re planning on remote access, you’re in for a disappointment. (See below.)
Q. Do I have a public IP address? -or- Can I access my computer remotely? -or- Can I access my security camera? -or- I have a dynamic DNS provider so I can still access my network at home, right?
The answer for the first is “no” and for the next three is “No, not without creative workarounds.”
The IPv4 address given to your networked devices via the HughesNet modem is not a public IP address. It is a private IPv4 address in a range reserved for ISPs via RFC6598 for use in Carrier Grade NAT (CGN) systems. So, most customers with home routers are behind two layers of NAT–sometimes called “double NAT.”
CGN functions much like your home router; many computers are “hidden” on a private network behind a single public IP address (which may be dynamic or static) using a mechanism called Network Address Translation (NAT). In this case, the scenario has been scaled up. Many HughesNet customers are situated behind large NAT gateways run by HughesNet. The network traffic of all the customers behind each gateway appears, to the rest of the Internet, to originate from one IP address. This practice is common among cellular wireless providers and some other ISPs. Among other reasons, it attempts to stave off IPv4 starvation/exhaustion by assigning many customers to one IP address, as opposed to giving each customer their own IP address.
Opening a port on your home router will not help, because the upstream HughesNet NAT gateways break end-to-end connectivity.
There are various workarounds, depending on what you want to do:
- OpenVPN (complete access to your network)
- SSH reverse port forwarding (useful for forwarding one or two services)
- LogMeIn Himachi (easy setup for a simple VPN)
- TeamViewer (remote control of one or two computers)
It’s worth noting that the IPv6 addresses handed out by the modem are reachable from the Internet, although the prefix may change if your modem roams between gateways. If your network is IPv6 ready, you can take advantage of HughesNet’s IPv6 infrastructure.
Q. So, can I get a public IPv4 address with the GEN4 system?
“Maybe.” You’ll have to call HughesNet and find out if it’s available in your area. Mind you, it seems that it’s only available for business class plans…
Q. What’s the difference between a static and dynamic IP address, or between a public and private IP address?
A public IP address can be reached from the Internet. A private IP address cannot and is usually in one of several reserved ranges. (See RFC1918 and RFC6598.)
A static IP address is one that can be expected to never change. This may be handed out via DHCP or set manually. A dynamic IP address is one that may change, although it often does not.
Note that an IP address can be dynamic but public, or static but private, or any combination of the above. A static IP address is not a requirement for accessing your computer from the Internet–but a public IP address is.
The addresses given out by the HT1000 modem are dynamic, private IP addresses.
Q. What’s up with HughesNet’s “DNS Acceleration”?
The HT1000 runs a little caching DNS server. (Hint: it looks like it’s DNSMasq.) When any DNS reply passes through the modem, it is cached. Future queries for that domain name are then served from the modem. This reduces the need for repeated tiny DNS queries to go out over the satellite link and back, with an average round trip time of about 700ms. A laudable effort to improve responsiveness, but it has a major flaw: you cannot clear the cache short of rebooting the modem.
By default, the modem advertises itself as a DNS server via DHCP options. It then takes any queries sent to it and forwards them to HughesNet’s DNS servers. It seems you can specify your own DNS servers (see below), but the cache will still see the reply to any query and holds the reply until it expires, or until the modem is rebooted.
Q. Can I specify my own DNS servers? Can I use OpenDNS/Symantec Parental Controls?
Yes; specify an alternate nameserver on your router or computer. Try OpenDNS or Google Public DNS, or any other DNS server of your choosing.
Some parental controls will work. For example, OpenDNS has some filters built in to its nameservers and requires no setup beyond specifying their nameservers. DNS-based filters that require the customer’s IP address (usually ones with custom rules and options) will not work, because many HughesNet customers are placed behind a small number of IP addresses; it is impossible for the DNS service to tell which client made the query.
Q. What routers are compatible with the HT1000?
Any decent home/small business router will do, so long as you change its IP address (and the IP address range it reserves for clients) so that it doesn’t interfere with the HT1000, which grabs 192.168.0.1. (See RFC1918 for your choices. People don’t use the 10.0.0.0/8 netblock very much…)
I personally like routers running the open-source DD-WRT firmware for added flexibility and features. Other open-source firmware packages include OpenWRT and Tomato. A few routers come with DD-WRT pre-installed. (Note that I don’t recommend installing it yourself unless you know you have a supported router and you know what you’re doing. It’s easy to render a perfectly good router non-functional!)
HughesNet recommends:
- Cisco E1200 v2 (I’ve never had the chance to test one of these).
Routers I’ve personally used and like:
- Homemade Linux box (900MHz Celeron, 512MB RAM, 2x Realtek 10/100 NIC, 1x dual 1Gbit Intel NIC) running CentOS 6
- Belkin F5D7231-4 v1213 802.11g router running DD-WRT
- Linksys WRT55AG v2 dual-radio 802.11 a/g router. (Supports up to WPA AES, no WPA2.)
If you feel adventuresome, you can often find old Wireless-G routers at thrift stores for very little money…
And if you’re the tech type: find an old PC, add an extra network card or two, slap Linux on it, and build your own router. Some software you might find useful:
- Firewall: iptables (wrapper scripts like Ubuntu’s ufw may be helpful for beginners) with a MASQUERADE rules on the WAN interface.
- DNS: dnsmasq, or ISC BIND if you want to go nuts. Specify the modem (192.168.0.1) as a forwarder or your preferred DNS provider (OpenDNS, Google Public DNS)
- DHCP: dnsmasq (newer versions will do DHCP6 as well), or ISC DHCPD if you want a more traditional solution.
- VPN: OpenVPN
- hostapd if you want to make your own wireless hotspot.
- FreeRADIUS for WPA2 Enterprise wireless security.
- SNMP daemon and Cacti for bandwidth monitoring.
- Ntop for network/bandwidth monitoring.
All of this software is free and open-source. Most of these programs are present in your distribution’s package manager.
Thanks, Much needed as there is no Sticky @Hughes or DSLR forums and this is an issue that pops up daily it seems.
Good work. Somebody needs to start explaining these things. HughesNet sure isn’t.
Thank you SO much for creating this site! Great input and very much needed!!
Great Job! I run Ubuntu and want my desktop machine to be 192.168.0.2. I had no problem with that. But setting up DNS just crapped out. If I want to just use the modem cache, do I set the nameserver to 192.168.0.1?
“Yes.” But I have no idea if the modem will like your desktop being on the 192.168.0.0/24 subnet. The HT1000 tries to give you an address in the 100.64.0.0/10 range, which is part of a much larger (but private) network of HughesNet-attached devices. This is a difference compared to the HN9000 and such, which apparently gave out addresses on the 192.168.0.0/24 range like any router would.
I have a router attached to my HT1000, and the router’s DNS cache forwards requests to 192.168.0.1. Note that none of my internal (LAN) interfaces have addresses on the 192.168.0.0/24 segment (I use 192.168.1.1…254), so when a computer behind the router attempts to find the modem, the default route (given by the HT1000) takes over and the packets go out the 100.64.0.0/10 interface to the modem. It’s a very curious system, but it does work.
For me it was easier to switch my LAN addresses over to a new netblock, since addresses are handed out via DHCP except for a few machines I updated manually.
Hmmmm . . . . more useful information here than I have found in hours wandering round HughesNet forums and their own pages . . . I need port forwarding but can’t have it with HughesNet . . . oh well, that sucks ,,,
But thanks for making this easier to understand and for telling it like it is as opposed to the vague promises about business packages they’ve been throwing out for the past year.
I guess a second slower land line based wet string solution is the only answer . . . . along with some serious coding to mail stuff out . . .
Thanks
John
As you’ve noticed, there’s no port forwarding with the HT1000 because the addresses it gives out aren’t public addresses. If you really need access to your home network, you could try a few things:
1) Get IPv6 working. The IPv6 addresses given out by the modem are routeable from the outside world.
2) Use OpenVPN or similar.
3) Use Himachi (less of a learning curve than OpenVPN).
4) Use SSH reverse port forwarding to a machine you control at the office, if possible. This requires the office machine being publicly reachable, of course…
Wow, you know your stuff. I just spent thousands on a camera system. It was working fine with viasat, but I had to switch to Hughes for line of sight. My camera guy says there is no way to make it work now. Can I pay you a consulting fee to help figure it out? Thanks,
Unfortunately, I don’t have much time for consultation. However, I’m flattered you asked. :)
Ask your camera guy about a VPN (such as LogMeIn Hamachi). I don’t know much about security systems, but a VPN may help. It creates a tunnel from a computer on your LAN to an endpoint beyond HughesNet that you control.
I’m using the Cisco Linksys E1200 router but it’s crap, ever since I upgraded from the HN900 (I think) to the HT1000 it drops the signal all the time. I don’t knhow if it’s the version 2 or not, how can I tell? HughesNet is giving me zero help so thanks for this info you’ve posted, but I’m not a tekkie and don’t understand much of what you’ve posted :).
Usually the version is posted on a sticker on the underside of the router. I don’t know about newer routers though, since most of my equipment is from the stone age. :) You may also be able to find out more information about your router somewhere in its configuration pages.
As for dropping the signal…an upgrade of the modem modem shouldn’t cause that…unless, perhaps, it was moved? Wireless signals can be easily blocked or distorted by (for example) desktop computers, refrigerators, thick walls, and, of course, distance.
I know someone who had a router that was mounted down low on a wall. Wireless signal strength dropped drastically for him one day because he had set a computer in front of it…
I have version 1 of the E1200 and I’ve had problems ever since I upgraded to the Ht1000 modem. Hughesnet has reconfigured my modem a couple of times and said I had “bad packets” and the fix seemed to work for 4-5 days then the same old thing. My laptop is about 10 feet away from the E1200 router and 12 feet away from the modem but I keep getting error message “Hughesnet Modem Can’t be found”. Shoud I bite the bullet and get the e1200 version 2. I was well pleased with the e1200 before the HT1000 modem was sent to me. Thanks again Cody for responding, I truly appreciate it.
Also, one last question, since I have 3 Apple products and 2 Windows products connecting to the modem should I step up to the Airport Express Extreme?
Oy, I’m more awake now, and I *think* I may know what’s going on.
Visit this page: http://192.168.0.1/
Does it bring up the HT1000’s configuration page or the E1200’s configuration page? If it’s the latter, there may be an IP address conflict between your modem and your router.
I don’t know if this would cause dropped packets, but it’s a place to start looking. From what I remember, the HN9000’s built-in DHCP server gave out different IP addresses than the HT1000 does.
Fortunately, you can change the E1200’s IP address range, but not the HT1000’s.
As for the Apple wireless products, I’ve heard that they’re very good at what they do, but some of the older ones may have issues when coupled with a HughesNet modem. (They published a “fix” I believe: under the Advanced menu, in the General tab, there is a “User Router Preference” that needs to be toggled to “alt. router” with Apple products.)
Cody, the e1200 I have is version 1 and it hasn’t moved location. I’m only 10 ft away from router w/my laptop w/windows 7. It worked fine before the Ht1000 modem came to stay with me. My question, should I buy the e1200 version 2, try to download the dd-wrt myself or since I have 2 windows and 3 apple products trying to connect to the router should I upgrade to maybe the Airport extreme and if so do I need the base station. I have a one floor ranch house and the furthest connection is about 40 feet away. Thanks in advance for your answer.
You’d made reference to the Web Acceleration (transparent HTTP caching proxy) feature on the HT1000: “see Web Acceleration, far below”. I don’t see anything related to the WA. I’ve had some problems with certain types of web traffic. Was wondering what you knew about WA. Is it squid?
I split off the FAQs into two sections but forgot to update that link. You can find the analysis of the Web Acceleration proxy under the “General” HughesNet FAQ.
I think the remote end is Squid (there’s no shortages of screenshots of squid error messages on the community support boards), but there’s also some bizarre homebrew software running on the modem and (presumably) the remote endpoints.
When you have the web acceleration software enabled on the modem, it actually modifies HTTP pages (but not HTTPS) pages as they pass through the modem to add some JavaScript, which HughesNet uses to time page load times through different web acceleration proxies to determine load (I think). You may be able to spot requests to 1.2.3.4–otherwise a bogus IP–when this is happening.
For what it’s worth, I always, always, always keep web acceleration off. Without it, I can hit 10Mbps, as promised. With it…heh.
You can disable it in the System Control Center’s “Advanced” page.
Thanks for pointing out the typo!
Hello,
Wondering if you can help with this issue. There’s a little confusion at a remote site. We have DynDNS setup in a Linksys router behind a HT1000 modem. We’ve noticed that the IP address the computer is seeing from the webservice ‘whatismyip’ is different from what DynDNS is telling us. We are attempting to use UltraVNC for remote access but can’t use it because neither the IP address listed on the webservice nor the DnyDNS IP are allowing a connection. You mentioned using OpenVPN, but how would that work if we don’t know the correct IP address on the remote machine?
You would need to have the remote machine act as a client and have it connect to a server machine somewhere else on the Internet. The server needs a public (not necessarily static–you can use DynDNS) IP address. If you only have two machines, you could probably get away with using static keys, but there’s no reason you couldn’t go nuts and use TLS for everything (it scales better).
OpenVPN has a “float” keyword that allows the server to accept packets from roaming clients. There are other configuration keywords that would most likely be useful. Try to think of the remote site as a roaming client or “road warrior” (and indeed, the HT1000 does like to roam between gateways/IP addresses). There are many good tutorials for OpenVPN online, but it can be a pain to set up the first time. I’ve never actually set it up on a HughesNet connection because I don’t have a stable endpoint on the Internet to use as a server.
The reason the IP addresses differ is that the IP address listed on the computer is actually a private address on a very large LAN containing many other HughesNet HT1x00 modems, which are then filtered through a router at a ground station to be masqueraded behind one public IP address. It conserves IPv4 addresses but it makes it very difficult to establish end-to-end connectivity…
hey Cody, wow, thank you very much for posting this information. as others have stated, you’ve answered many questions i searched hours for all over the net and on Hughes’ sites.
also like others, i’ve been trying to setup a wireless IP camera, as well as use remote control such as Logmein and VNC. i couldn’t get any of this to work, even with No-IP and their DUC software running on a pc connected to my network (Linksys WRT54G2).
one interesting thing is i had a Belkin WEMO switch working, and i was able to control this switch remotely, so not sure why that works…
my question is this, why would Teamviewer work and not VNC or Logmein? what are your thoughts on No-IP?
any comments would be greatly appreciated!
I don’t know how Logmein works these days–it’s been awhile–but I’m surprised that it doesn’t. No-IP doesn’t surprise me, however; their service gives you a subdomain/domain name that points to a (dynamic) public IP, which HughesNet’s Gen4 system does not offer. There is a “translation” layer between the public Internet address you have and your modem, which allows them to hide many customers behind one IP address.
TeamViewer works because the connection is established through TeamViewer’s servers. I’m not sure if the servers handle all the traffic, or if they’re just used to punch a hole through the translation (NAT) layer, but either way, that’s what allows their service to work even if both ends are firewalled/NAT’d.
LogMeIn *should* work if it works like it used to…:/
Cody, thanks for great info, just figured out how to get to the Advanced section of SCC to turn off Web Acceleration. I was wondering about gigabit LAN support — am considering upgrading my router to a gigabit/AC wireless to take advantage of the fact the modem is communicating faster externally than I might be internally — but if the ethernet out port of the modem is only 100, it would be a waste — nothing would be talking to the modem at gigabit speed. Thoughts? I haven’t been able to find specs on the ethernet port on the modem.
Thanks for your time!
The HT1000 has a 10/100 Ethernet port on it; the HT1100 has a gigabit port. Either way, the satellite connection isn’t fast enough to take advantage of even a 10/100 port at 100Mbps.
That’s not to say that upgrading your router would be a waste. If you have devices on your network with gigabit Ethernet adapters (or Wireless-N adapters or better) they will be able to communicate with each other much more rapidly. Wireless-N starts at 150Mbps and I don’t remember what Wireless-AC can pull, but it’s impressive. If you have a local file server or transfer large files between computers often, the new router might be worth the cost!
The HT1000 has to be rebooted 5+ time per day. Is this unusual? It is aggravating.
That’s very odd. My HT1000 has 13 days of uptime (from when the last software update rebooted it, I think) and it rarely reboots on its own.
A few thoughts, in order of ease of checking/fixing:
1) Modem may be running out of RAM. If you go to the Advanced menu in the System Control Center, one of the three large numbers at the top is the amount of available memory. Mine idles at about 17,700kB or so. When the amount of available RAM drops too low or runs out, I believe the modem reboots itself after the onboard operating system tries to kill random processes to free up memory. An easy way to free up RAM is to disable Web Acceleration if you can live without it. (I prefer to keep it off at all times.) This tends to free up about 5-10MB of RAM. Torrenting may also cause the modem to run out of RAM because a torrent client opens so many connections, and each one takes up a few kB of memory.
2) Bad power supply. No easy way to check this that I know of.
3) Failing modem.
4) Bad power in your home or business. A long shot, but I’ve heard of more unusual circumstances.
You can also check the Reboot Log in the Advanced menu of the System Control Center to see why it’s rebooting. It should be filled with entries such as “Power Cycle” (modem unplugged/power outage), “Rebooted due to software upgrade”, and “Rebooted manually from web”.
Good luck!
so is there any way to make this work for xbox live other than a public /static ip address . tech support said a router with ddns should work but dont want to buy one and it doesnt work
I’ve never used XBox Live (or any other console gaming service) so I’m afraid I don’t know. However, without the public IP address (not necessarily static, just public), a router with ddns support won’t help, because your router will be behind HughesNet’s (very large) NAT routers at their data centers, and those routers are the ones that don’t know how to forward traffic to your XBox.
You might have more luck asking on the HughesNet support forums or the HughesNet forums on DSLReports…good luck!
I just installed hughesnet at my vacation home. I have a compuer/dvr on the premises. No-IP doesn’t work but logmein works perfectly. the video management system I have can act as a webserver but since no-ip doens’t work. I have to log in via logmein and view the clips off the onsite computer’s screen.
Very good information. Much of it disappointing but at least it’s good to know. If I set up am IPV6 router directly behind my HT1000, will the IPV6 address I’m served be persistent. How can I then leverage an IPV6 connection?
It won’t be persistent; the address can change, so you’d need some sort of dynamic DNS service to have a domain name that updates its IP address record every so often.
You’d also have to consider what kind of connection you’re looking for. Your router may have an IPv6 address, but that doesn’t do much good unless it also hands out IPv6 addresses to machines inside the network on the network prefix given to it by HughesNet. (This is called prefix delegation.) Some routers do, some don’t. I suppose that, if your router had IPv6 but the rest of your network didn’t, you could use it as a VPN endpoint.
I haven’t played with this as much as I should have…
I just got HughesNet and for the first time I keep getting blocked from websites I’ve used for years and from all the US (and Canada)with the message “your connection is not private”
Attackers might be trying to steal information from (website)for example passwords, messages or credit cards…
‘reloading’ doesn’t help and I’ve tried adding the sites as extensions but it doesn’t work
Besides that I’m pretty angry that I was lied to …it was the installer who told me that the 15 gigs I considered to be plenty for a FB activist turned out to be 5…….the other 10 was only available between the hours of 2am – 8am!!! AAAAND they were NOT authorized to deduct their payment automatically…..but they do starting with the first month…
anyway…back to the privacy issue…is there a way around it?
Thanks, Kathy
You could try disabling web acceleration. I don’t know if it would help in this specific case but I recommend it all the time because web acceleration is the source of quite a few problems that I’ve had.
What browser are you using?
My Hughes Net has been down for 2 days the LAN and power lites are the only two on I’ve checked all the cables no cuts or breaks what else could it be
How do you get to the Advanced section of the SCC to turn off Web Acceleration? I have the HT1100 modem? I do not see any advanced section!
Mr. Jackson and fellow posters,
First of all thank you very much for taking the time to set up this site to help those of us who are having trouble with our connection. I hope you may be able to give me some advice as well. My grandmother has highs net internet service through Dish Network, she has a Dish rebranded HT1000 modem that is currently hooked directly to her computer. Being the loving grandson that I am, I took it upon myself this Christmas to get her set up with wireless internet for her new iPad. To do this I was given a previously used Linksys E1200 ver 1 router. Connecting this to the modem has proven to be a challenge. When connected to the modem (via the WAN port) there are no lights where the Ethernet cable is attached. The router simply will not connect to the modem. I’ve checked the IP addresses and they shouldn’t pose a problem (router is 1.1 and modem is 0.1). So my question is just how can I get this thing to connect? Will installing the DD-WRT help? Or is there some other fix that I should try? I did try resetting the router to factory settings and doing the power cycles, neither of which fixed the problem. What can be done?
Hmm, that sounds like there might be something wrong with the router…are you sure it works properly? Does the WAN port work with other (non-HughesNet) modems?
I have an E1200V2 and I haven’t noticed any quirks…yet…but I haven’t connected it to the modem yet either.
This was very useful. I spent way too much time in chat with ASUS and HughesNet trying to setup DDNS before finally understanding the issue.
Given that, if I wanted to remotely access my router connected to a HughesNet HT-1100 modem, can I do that? Use VPN? I simply want to be able to reboot the router remotely in hopes that it re-establishes a connection with a wi-fi thermostat.
Using an ASUS rt-n66u router.
Hughesnet is in the process of switching out the HT1000 modems with the allegedly new and improved HT1100 modems. Unfortunately the HT1100 is a worthless piece of junk. If you are forced to switch to the HT1100 expect your uplink to go down repeatedly during which time you will not be able to connect to the web, your email or whatever because your signal will not get through to the satellite. Out of 12 five minute periods per hour expect the uplink to be down in four of them–one third of the time. In the three weeks since this modem was foisted upon us we have spent hours on the phone with Tech Support and had two technician visits without resolving the problem.
Hi Cody,
I am trying to set up a biometric time clock at a few group homes for staff to punch in on. The clocks run through the internet, but the clocks cannot connect to the server when connected to a switch and then to the Hughesnet HT1000. I have tried directly connecting as well. Hughesnet support has been no help. I am thinking that we need to add a router instead of the switch and then try to change the address as you have said above. Any thoughts?
Troy
Hmm, you mean that a single clock can’t communicate with the server when directly connected? Where is the server? Is it outside the local network (that is, is it “on the other side” of the satellite link)?
Definitely try the router. One important thing to remember is that the modems only provide a limited number of IPs (I think 5). This is because they’re pulling from an IP pool that has to be shared with lots of customers. By using a router, you can “masquerade” a large number of devices behind a single IP address.
tanks for the info.