HughesNet GEN4 Networking FAQ

I see some of these questions pop up often on the HughesNet community support forums. Note: I am not affiliated with HughesNet (other than being a customer).

GEN4 (HT1000 modem) Networking FAQ

Q. Is the HT1000 a modem or a router?

The HT1000 is an interesting device. It seems to qualify as both a router and a modem. (So, a Rodem?) It gives out IP addresses via DHCP and IPv6 addresses via radvd/DHCP6. The modem functions as a DNS forwarder. It also has an onboard HTTP proxy (see Web Acceleration, far below). However, it does not provide any sort of NAT functionality. There is no port forwarding on the HT1000 because there is no NAT mechanism to forward ports through. This might sound appealing for remote access; however, the current residential GEN4 systems do not have public IP addresses, so it doesn’t matter either way. (Read further down.)

You have several choices when integrating this device into your network. You can plug a single computer directly into it. The computer will be configured via DHCP/DHCP6/SLAAC. You can connect up to 5 devices to it via a hub or switch. Or you can connect it to a router. Just be aware that it wants the IP address 192.168.0.1 for its status webpage. If your router also uses this IP address, change it before connecting it to the modem. Also be aware that it has no firewall.

Q. Why can I only connect 5 devices to the HT1000?

You can only connect 5 devices directly to the HT1000. Its built-in DHCP server imposes a limit on the number of leases it will give out because IPv4 addresses are disturbingly finite. If you are using a router, there is no limit from HughesNet as to the number of devices you can use with your HT1000, so long as the devices are connected to the router and not the modem.

Q. Does HughesNet filter any ports? -or- Can I configure port forwarding on the HT1000? -or- Is there a firewall on the HT1000?

No and no and no. However, even when directly connected to the modem, you’re behind a CGN (Carrier-Grade NAT) layer; HughesNet masquerades many customers behind a handful of massive NAT gateways. If you’re planning on remote access, you’re in for a disappointment. (See below.)

Q. Do I have a public IP address? -or- Can I access my computer remotely? -or- Can I access my security camera? -or- I have a dynamic DNS provider so I can still access my network at home, right?

The answer for the first is “no” and for the next three is “No, not without creative workarounds.”

The IPv4 address given to your networked devices via the HughesNet modem is not a public IP address. It is a private IPv4 address in a range reserved for ISPs via RFC6598 for use in Carrier Grade NAT (CGN) systems. So, most customers with home routers are behind two layers of NAT–sometimes called “double NAT.”

CGN functions much like your home router; many computers are “hidden” on a private network behind a single public IP address (which may be dynamic or static) using a mechanism called Network Address Translation (NAT). In this case, the scenario has been scaled up. Many HughesNet customers are situated behind large NAT gateways run by HughesNet. The network traffic of all the customers behind each gateway appears, to the rest of the Internet, to originate from one IP address. This practice is common among cellular wireless providers and some other ISPs. Among other reasons, it attempts to stave off IPv4 starvation/exhaustion by assigning many customers to one IP address, as opposed to giving each customer their own IP address.

Opening a port on your home router will not help, because the upstream HughesNet NAT gateways break end-to-end connectivity.

There are various workarounds, depending on what you want to do:

  • OpenVPN (complete access to your network)
  • SSH reverse port forwarding (useful for forwarding one or two services)
  • LogMeIn Himachi (easy setup for a simple VPN)
  • TeamViewer (remote control of one or two computers)

It’s worth noting that the IPv6 addresses handed out by the modem are reachable from the Internet, although the prefix may change if your modem roams between gateways. If your network is IPv6 ready, you can take advantage of HughesNet’s IPv6 infrastructure.

Q. So, can I get a public IPv4 address with the GEN4 system?

“Maybe.” You’ll have to call HughesNet and find out if it’s available in your area. Mind you, it seems that it’s only available for business class plans…

Q. What’s the difference between a static and dynamic IP address, or between a public and private IP address?

A public IP address can be reached from the Internet. A private IP address cannot and is usually in one of several reserved ranges. (See RFC1918 and RFC6598.)

A static IP address is one that can be expected to never change. This may be handed out via DHCP or set manually. A dynamic IP address is one that may change, although it often does not.

Note that an IP address can be dynamic but public, or static but private, or any combination of the above. A static IP address is not a requirement for accessing your computer from the Internet–but a public IP address is.

The addresses given out by the HT1000 modem are dynamic, private IP addresses.

Q. What’s up with HughesNet’s “DNS Acceleration”?

The HT1000 runs a little caching DNS server. (Hint: it looks like it’s DNSMasq.) When any DNS reply passes through the modem, it is cached. Future queries for that domain name are then served from the modem. This reduces the need for repeated tiny DNS queries to go out over the satellite link and back, with an average round trip time of about 700ms. A laudable effort to improve responsiveness, but it has a major flaw: you cannot clear the cache short of rebooting the modem.

By default, the modem advertises itself as a DNS server via DHCP options. It then takes any queries sent to it and forwards them to HughesNet’s DNS servers. It seems you can specify your own DNS servers (see below), but the cache will still see the reply to any query and holds the reply until it expires, or until the modem is rebooted.

Q. Can I specify my own DNS servers? Can I use OpenDNS/Symantec Parental Controls?

Yes; specify an alternate nameserver on your router or computer. Try OpenDNS or Google Public DNS, or any other DNS server of your choosing.

Some parental controls will work. For example, OpenDNS has some filters built in to its nameservers and requires no setup beyond specifying their nameservers. DNS-based filters that require the customer’s IP address (usually ones with custom rules and options) will not work, because many HughesNet customers are placed behind a small number of IP addresses; it is impossible for the DNS service to tell which client made the query.

Q. What routers are compatible with the HT1000?

Any decent home/small business router will do, so long as you change its IP address (and the IP address range it reserves for clients) so that it doesn’t interfere with the HT1000, which grabs 192.168.0.1. (See RFC1918 for your choices. People don’t use the 10.0.0.0/8 netblock very much…)

I personally like routers running the open-source DD-WRT firmware for added flexibility and features. Other open-source firmware packages include OpenWRT and Tomato. A few routers come with DD-WRT pre-installed. (Note that I don’t recommend installing it yourself unless you know you have a supported router and you know what you’re doing. It’s easy to render a perfectly good router non-functional!)

HughesNet recommends:

  • Cisco E1200 v2 (I’ve never had the chance to test one of these).

Routers I’ve personally used and like:

  • Homemade Linux box (900MHz Celeron, 512MB RAM, 2x Realtek 10/100 NIC, 1x dual 1Gbit Intel NIC) running CentOS 6
  • Belkin F5D7231-4 v1213 802.11g router running DD-WRT
  • Linksys WRT55AG v2 dual-radio 802.11 a/g router. (Supports up to WPA AES, no WPA2.)

If you feel adventuresome, you can often find old Wireless-G routers at thrift stores for very little money…

And if you’re the tech type: find an old PC, add an extra network card or two, slap Linux on it, and build your own router. Some software you might find useful:

  • Firewall: iptables (wrapper scripts like Ubuntu’s ufw may be helpful for beginners) with a MASQUERADE rules on the WAN interface.
  • DNS: dnsmasq, or ISC BIND if you want to go nuts. Specify the modem (192.168.0.1) as a forwarder or your preferred DNS provider (OpenDNS, Google Public DNS)
  • DHCP: dnsmasq (newer versions will do DHCP6 as well), or ISC DHCPD if you want a more traditional solution.
  • VPN: OpenVPN
  • hostapd if you want to make your own wireless hotspot.
  • FreeRADIUS for WPA2 Enterprise wireless security.
  • SNMP daemon and Cacti for bandwidth monitoring.
  • Ntop for network/bandwidth monitoring.

All of this software is free and open-source. Most of these programs are present in your distribution’s package manager.

40 Responses

  1. Greg
    Greg July 20, 2013 at 10:57 am |

    Thanks, Much needed as there is no Sticky @Hughes or DSLR forums and this is an issue that pops up daily it seems.

    Reply
  2. steve
    steve July 20, 2013 at 2:08 pm |

    Good work. Somebody needs to start explaining these things. HughesNet sure isn’t.

    Reply
  3. Sandy
    Sandy July 21, 2013 at 1:50 am |

    Thank you SO much for creating this site! Great input and very much needed!!

    Reply
  4. Ric Moore
    Ric Moore October 18, 2013 at 11:37 pm |

    Great Job! I run Ubuntu and want my desktop machine to be 192.168.0.2. I had no problem with that. But setting up DNS just crapped out. If I want to just use the modem cache, do I set the nameserver to 192.168.0.1?

    Reply
  5. John Phillis
    John Phillis October 27, 2013 at 7:41 am |

    Hmmmm . . . . more useful information here than I have found in hours wandering round HughesNet forums and their own pages . . . I need port forwarding but can’t have it with HughesNet . . . oh well, that sucks ,,,

    But thanks for making this easier to understand and for telling it like it is as opposed to the vague promises about business packages they’ve been throwing out for the past year.

    I guess a second slower land line based wet string solution is the only answer . . . . along with some serious coding to mail stuff out . . .

    Thanks

    John

    Reply
  6. Brian
    Brian October 30, 2013 at 7:11 pm |

    Wow, you know your stuff. I just spent thousands on a camera system. It was working fine with viasat, but I had to switch to Hughes for line of sight. My camera guy says there is no way to make it work now. Can I pay you a consulting fee to help figure it out? Thanks,

    Reply
  7. Jeff Hilton
    Jeff Hilton November 21, 2013 at 2:21 pm |

    I’m using the Cisco Linksys E1200 router but it’s crap, ever since I upgraded from the HN900 (I think) to the HT1000 it drops the signal all the time. I don’t knhow if it’s the version 2 or not, how can I tell? HughesNet is giving me zero help so thanks for this info you’ve posted, but I’m not a tekkie and don’t understand much of what you’ve posted :).

    Reply
  8. Anonymous
    Anonymous January 16, 2014 at 6:20 pm |

    You’d made reference to the Web Acceleration (transparent HTTP caching proxy) feature on the HT1000: “see Web Acceleration, far below”. I don’t see anything related to the WA. I’ve had some problems with certain types of web traffic. Was wondering what you knew about WA. Is it squid?

    Reply
  9. Rob
    Rob January 24, 2014 at 10:06 am |

    Hello,

    Wondering if you can help with this issue. There’s a little confusion at a remote site. We have DynDNS setup in a Linksys router behind a HT1000 modem. We’ve noticed that the IP address the computer is seeing from the webservice ‘whatismyip’ is different from what DynDNS is telling us. We are attempting to use UltraVNC for remote access but can’t use it because neither the IP address listed on the webservice nor the DnyDNS IP are allowing a connection. You mentioned using OpenVPN, but how would that work if we don’t know the correct IP address on the remote machine?

    Reply
  10. derek
    derek February 2, 2014 at 8:36 pm |

    hey Cody, wow, thank you very much for posting this information. as others have stated, you’ve answered many questions i searched hours for all over the net and on Hughes’ sites.

    also like others, i’ve been trying to setup a wireless IP camera, as well as use remote control such as Logmein and VNC. i couldn’t get any of this to work, even with No-IP and their DUC software running on a pc connected to my network (Linksys WRT54G2).

    one interesting thing is i had a Belkin WEMO switch working, and i was able to control this switch remotely, so not sure why that works…

    my question is this, why would Teamviewer work and not VNC or Logmein? what are your thoughts on No-IP?

    any comments would be greatly appreciated!

    Reply
  11. David Yauch
    David Yauch February 11, 2014 at 8:58 pm |

    Cody, thanks for great info, just figured out how to get to the Advanced section of SCC to turn off Web Acceleration. I was wondering about gigabit LAN support — am considering upgrading my router to a gigabit/AC wireless to take advantage of the fact the modem is communicating faster externally than I might be internally — but if the ethernet out port of the modem is only 100, it would be a waste — nothing would be talking to the modem at gigabit speed. Thoughts? I haven’t been able to find specs on the ethernet port on the modem.
    Thanks for your time!

    Reply
  12. Grady
    Grady March 27, 2014 at 10:01 am |

    The HT1000 has to be rebooted 5+ time per day. Is this unusual? It is aggravating.

    Reply
  13. hobbles
    hobbles April 11, 2014 at 2:18 am |

    so is there any way to make this work for xbox live other than a public /static ip address . tech support said a router with ddns should work but dont want to buy one and it doesnt work

    Reply
  14. richie
    richie June 14, 2014 at 7:54 pm |

    I just installed hughesnet at my vacation home. I have a compuer/dvr on the premises. No-IP doesn’t work but logmein works perfectly. the video management system I have can act as a webserver but since no-ip doens’t work. I have to log in via logmein and view the clips off the onsite computer’s screen.

    Reply
  15. John Mountcastle
    John Mountcastle September 27, 2014 at 8:12 am |

    Very good information. Much of it disappointing but at least it’s good to know. If I set up am IPV6 router directly behind my HT1000, will the IPV6 address I’m served be persistent. How can I then leverage an IPV6 connection?

    Reply
  16. Kathy M. M.
    Kathy M. M. October 12, 2014 at 3:46 pm |

    I just got HughesNet and for the first time I keep getting blocked from websites I’ve used for years and from all the US (and Canada)with the message “your connection is not private”
    Attackers might be trying to steal information from (website)for example passwords, messages or credit cards…

    ‘reloading’ doesn’t help and I’ve tried adding the sites as extensions but it doesn’t work

    Besides that I’m pretty angry that I was lied to …it was the installer who told me that the 15 gigs I considered to be plenty for a FB activist turned out to be 5…….the other 10 was only available between the hours of 2am – 8am!!! AAAAND they were NOT authorized to deduct their payment automatically…..but they do starting with the first month…

    anyway…back to the privacy issue…is there a way around it?

    Thanks, Kathy

    Reply
  17. clay cone
    clay cone November 2, 2014 at 1:28 pm |

    My Hughes Net has been down for 2 days the LAN and power lites are the only two on I’ve checked all the cables no cuts or breaks what else could it be

    Reply
  18. John Harris
    John Harris December 12, 2014 at 5:31 pm |

    How do you get to the Advanced section of the SCC to turn off Web Acceleration? I have the HT1100 modem? I do not see any advanced section!

    Reply
  19. Sam Jones
    Sam Jones January 4, 2015 at 7:19 am |

    Mr. Jackson and fellow posters,

    First of all thank you very much for taking the time to set up this site to help those of us who are having trouble with our connection. I hope you may be able to give me some advice as well. My grandmother has highs net internet service through Dish Network, she has a Dish rebranded HT1000 modem that is currently hooked directly to her computer. Being the loving grandson that I am, I took it upon myself this Christmas to get her set up with wireless internet for her new iPad. To do this I was given a previously used Linksys E1200 ver 1 router. Connecting this to the modem has proven to be a challenge. When connected to the modem (via the WAN port) there are no lights where the Ethernet cable is attached. The router simply will not connect to the modem. I’ve checked the IP addresses and they shouldn’t pose a problem (router is 1.1 and modem is 0.1). So my question is just how can I get this thing to connect? Will installing the DD-WRT help? Or is there some other fix that I should try? I did try resetting the router to factory settings and doing the power cycles, neither of which fixed the problem. What can be done?

    Reply
  20. Dave
    Dave January 21, 2016 at 8:51 am |

    This was very useful. I spent way too much time in chat with ASUS and HughesNet trying to setup DDNS before finally understanding the issue.

    Given that, if I wanted to remotely access my router connected to a HughesNet HT-1100 modem, can I do that? Use VPN? I simply want to be able to reboot the router remotely in hopes that it re-establishes a connection with a wi-fi thermostat.

    Using an ASUS rt-n66u router.

    Reply
  21. John W. Bales
    John W. Bales June 20, 2016 at 6:59 pm |

    Hughesnet is in the process of switching out the HT1000 modems with the allegedly new and improved HT1100 modems. Unfortunately the HT1100 is a worthless piece of junk. If you are forced to switch to the HT1100 expect your uplink to go down repeatedly during which time you will not be able to connect to the web, your email or whatever because your signal will not get through to the satellite. Out of 12 five minute periods per hour expect the uplink to be down in four of them–one third of the time. In the three weeks since this modem was foisted upon us we have spent hours on the phone with Tech Support and had two technician visits without resolving the problem.

    Reply
  22. Troy Foster
    Troy Foster December 20, 2016 at 8:35 am |

    Hi Cody,
    I am trying to set up a biometric time clock at a few group homes for staff to punch in on. The clocks run through the internet, but the clocks cannot connect to the server when connected to a switch and then to the Hughesnet HT1000. I have tried directly connecting as well. Hughesnet support has been no help. I am thinking that we need to add a router instead of the switch and then try to change the address as you have said above. Any thoughts?
    Troy

    Reply
  23. margaret
    margaret January 31, 2017 at 7:47 am |

    tanks for the info.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.