Dear All,
I am working on a POC and searching for a 4G router with a special spec that not every device has.
The local network under the 4G router will be reachable from outside with only port 443. But with basic Nat I can have 1 service with that port. What I am looking is to NAT with domain prefix. You may see sample below. I am doing same with HA Proxy addon with pfsense. Includes SSL offloading as well.
If a request reach to 4G router with a link like https://mail.peplink.com, system will see the “mail” prefix and send the request to mail server behind the 4G router.
if request with https://data.peplink.com, it will go data server which is another server.
cisco may have similar in ACE technology.
Does Peplink have a this kind of technology in their routers? which models?
Welcome to the forum.
What you are asking for is reverse web proxy capabilities. Peplink devices do not have that inbuilt in the firmware.
Two points. Inbound services like that over 4G very rarely work due to the fact that most 4G SIMs use CGNAT and don’t allow inbound traffic. You can of course get SIM cards with fixed IP SIMs but these cost more, the data can be more expensive and the whole idea of Peplink routers is to support multi-WAN - which I think is an opportunity for you.
The right way to do this in my opinion is to use multi-WAN (or multi-SIM / single active WAN) connections at the remote site. Use Speedfusion VPN bonding to get that connected to a FusionHub virtual appliance in the cloud and then host a reverse proxy in the cloud alongside it and forward inbound requests over that VPN connection to the devices on the LAN of the remote router.
The benefit of this approach is that even when the WAN links or their IP addresses change at the remote location, because your DNS is instead pointing to the public IP of the reverse proxy in the cloud and you are using SpeedFusion bonding everything continues to work.
You could have a MAX router connected via 4G, wired WAN, wifi WAN, moving in a vehicle or moved from one country to another using SIMs from any provider and your services will still be accessible.
That’s the benefit of SDWAN in this instance.
For reverse proxies / application load balancers to self host in the cloud look at Kemp and traefik.io
If you would like help setting up a PoC let me know.
2 Likes
Thank you Martin,
Because of the POC will be for a government entity and they will provide only 1 static IP m2m sim card, cant go another technologies you mentioned. Last solution I’ll have is to place a raspberry pi like computer with HA proxy installed and divert all traffic over it.
But looking for a solution in router first.
That will work of course. Upsell it by using the Raspberry PI for network and service monitoring - all government departments like pretty reports and data 
​
It’s the wrong approach though. I believe very strongly that unprotected public IPs on metered connections (like cellular and satellite) is a terrible idea. DDOS attacks and general brute force / scans can generate tremendous bandwidth usage that the end customer has to pay for.
​