Has anyone managed to access Starlink Stats from the LAN side of their MX? I can see packets leave the MX but never return when I use the capture capability on the MX for this. I suspect the Firewall is dropping had a ticket open with Meraki but then got busy at work and wasn't able to follow up. Though in the back and forth I did have going on with them before getting busy the thought was the MX is delivering the packet out its WAN interface following the 0.0.0.0 route and it should not be Meraki. If I look at other routers they always have to define a static route to 192.168.100.0/24 out their WAN interface to make this work (Which I guess adjust's their Firewall rules for inbound).
I believe I need to build an inbound rule and static route but that doesn't seem possible as static routes are only for LAN interfaces and you cannot create an inbound for IPv4.
Thoughts?
Regards
Solved! Go to solution.
Static routes can only be added to the MX where the next hop is on a local subnet.
From what I've read, most people are working around this by placing a switch between dishy and the MX. They then connect both the MX's WAN port and LAN port to the switch, and create a vlan on the MX with the 192.168.100.x subnet in order to reach the stats page.
Can't say its elegant but apparently it works...
All unknown destinations follow the default route. In you case the wan/nat interface. Packets are going out but nothing comes back. That makes me think its a starlink side problem
If you connect a pc directly to starlink can you access the stats ip?
Static routes can only be added to the MX where the next hop is on a local subnet.
From what I've read, most people are working around this by placing a switch between dishy and the MX. They then connect both the MX's WAN port and LAN port to the switch, and create a vlan on the MX with the 192.168.100.x subnet in order to reach the stats page.
Can't say its elegant but apparently it works...
Thanks this was what I was thinking but couldn't bring myself to build this. Guess I have to now as I cannot think of anything else. 🙂
And don't forget a strict access-control from this VLAN as it is outside of your network.
Thanks... This solution still have challenges. If I have a device on that VLAN then I can read the stats page. If I am on another VLAN I cannot. It looks like that DISHY must have some ARP issues as it can never return the packet to a off VLAN device as it never finds a gateway.
That's a good point. By the sound of it, the dishy stats interface doesn't have a default gateway, so you won't be able to reach it from other subnets.
This is where an outbound NAT rule would resolve this, however Meraki MX's do not support outbound NAT on a LAN interface.
That lack of outbound NAT I think is the challenge. I'm going to stick with this setup and start a nano-pi-w and see if I can plug in a Mirco Usb LAN interface (gotta find one first) and use that to act as a VNC accessbile bridge like device. I can connect to the Pi via WiFi and access the stats page from it via the Micro USB Ethernet link. I know I have some connectivity problems and really want the stats to help troubleshoot.
I would put the Pi into this DMZ-like network and run a proxy server on it. With that you don’t have to explicitly connect to the Pi wireless.
Hey I like that idea. I've ordered a micro usb RJ45 ethernet adapter. When I get that I'll have a look and see what I can do. Only wish this was more a API than a l web page...
I have a router running OpenWRT between the Dish and the WAN interface on my MX.
The router has a static route in it pointing back to the dish.
This allows anything on the LAN side of the MX to reach the IP address of dish (192.168.100.1).
Here's what the static route looks like.
Since Starlink started enforcing only one IP address per dish, the router also acts a NAT device, allowing multiple devices, including the MX, to all access the Starlink network simultaneously.