Know the operators that use CG-NAT in their Internet connections

In mobile broadband networks, operators have used this technology for many years, because in our smartphone we receive a private IP address and not directly a public IPv4 address that can be routed on the Internet. However, CGN technology in residential connections has quite serious drawbacks, and that is that we will not be able to open ports on our router, because they simply will not work. By having a second NAT at the network level, it does not matter that we open the ports or use the DMZ, because we will continue to be behind the NAT of the operator. So if you use any service that needs to open ports, CGN just won’t work for you.

Why is it important to know if I have CG-NAT?

For a residential user it is very important to know if our operator has put us inside the CG-NAT, with the aim of knowing if we are going to be able to open ports or are we going to have big problems with it. If as a home user you use your Internet connection to access services from the Internet to within your local network, with CGN you will not be able to do so. For example, if you try to use any of these services:

  • Web server to access your page from the Internet.
  • FTP or FTPES server to access your files and folders from anywhere, just by having an Internet connection.
  • SSH server to remotely manage your server or your router.
  • VPN server to connect to the Internet safely when we are connected to a WiFi network, or simply to remotely access your local network as if you were physically there.
  • Reverse proxy to access different web services within your local network.

have your NAS server

None of them will work for you, because for them to work it is completely necessary to open one or more ports in the router’s NAT, to redirect packets appropriately to the server that is listening on the same device or on multiple devices. Of course, you will also have problems when playing certain online games, because many of them require us to open one or more ports for the proper functioning of the equipment, so in these cases you will also have problems when using your Internet connection.

There are very common services in home networks such as video surveillance with IP cameras, in this case you will not have problems because most manufacturers such as D-Link, EZVIZ, Xiaomi or TP-Link have services in the Cloud, and the connection with this IP camera is made through reverse connections, and we will never connect directly to them, so there is no need to have a public IPv4 address.

Other aspects that we should be concerned about being in CG-NAT are:

  • More connection latency: in many cases the latency when using CGN is somewhat higher in comparison, since we depend on the traffic and NAT of other connected users. Latency in games is very important, so you have to take it into account.
  • Blocks on websites or limitations: if other users who have the same IP address that we have downloaded in bulk from MEGA or Google, we will also be affected because we are sharing the same public IP address.

In the case of crimes on the Internet, even if we share the IP address with other users, the operator will always keep a record of all connections, so we will be very easily identifiable in the face of possible crimes.

How to know if my operator has CGN

To find out if your operator has you within CG-NAT, it can be done in several ways, but the easiest is to get into your router and check what IP address we have on the Internet WAN. If this IP address corresponds to the public IP address of your connection then you will not be within CG-NAT, this means that the Internet WAN port of your router has a public IP address that is routable on the Internet.

In the event that this WAN IP address does not correspond to the public IP, and, furthermore, that router IP begins with “100.XXX”, it means that you are within CG-NAT, so you will have all the problems we described earlier about opening ports and hosting different services. Our recommendation is that you choose an Internet operator that does not use CG-NAT, or at least, allows you to get out of this completely free of charge, because there is some operator that will charge you an extra on the bill for providing a public IP address.

Operators in Spain that use CG-NAT

Knowing which Internet operators in Spain make use of CG-NAT is very important, because we must choose Internet operators that do not use this technology, or at least, that allow us to get out of it easily and quickly, without having to wait too long. time or have to pay more.

Moremóvil Group: Másmóvil, Yoigo and Pepephone

This was the first operator to incorporate this technology into its FTTH networks, as we informed you in RedesZone as soon as we discovered it. All the brands of the Masmóvil Group such as Masmóvil, Yoigo or Pepephone make use of this technology by default.

The Masmóvil Group allows you to leave the CGN whenever the client requests it, either by phone, email, or a direct message on the social networks of the different operators. If you have contracted your Internet connection with any of these companies and you need to host services on your local network, such as the services that we have indicated before, then you will need a public IP address for everything to work properly.

In our experience, it takes the operator 24-48 hours to make the change, and we will need to restart the router in most cases.

Orange Group: Orange and Jazztel

These operators do not use CG-NAT in their connections, but they are using DS-Lite technology in their networks, to provide Internet connectivity both with the IPv6 protocol and also with the IPv4 protocol. In the IPv4 part they do use CG-NAT and not a public IP address directly, but they use a protocol called PCP that allows the central router that makes CG-NAT to open certain ports, so we should not have many problems if we want to host services in our home.

In order to open the ports, we will simply have to open the ports as we would normally do in a Livebox router, and automatically the PCP protocol will act to open the ports. Of course, the port to open cannot be the typical 80 or 443 among others, but will be random ports, so the solution is not entirely good if you intend to host web servers or a reverse proxy that you access via HTTPS. Old clients of these operators may still maintain a public IP address.

Fi Network

This operator compulsorily uses CGN in its connections, so you will not be able to pay an extra to go out or ask for it, because they simply do not provide Internet connections without CG-NAT. If you use this operator, you can only use reverse connections to access the services of the local network, using a service such as Zero-Tier is a valid option that works really well, and you will not have the inconvenience of CG-NAT, but you should Know that you will not be able to connect to your services directly, you must always go through Zero-Tier or similar services.

We hope that very soon Fi Network customers will have the opportunity to obtain a public IP address outside of CG-NAT.


This operator does use CG-NAT in its networks to save public IPv4 addressing, in addition, this operator does not allow leaving the CGN for free, you will have to pay € 1 more per month to enjoy all the advantages of having a public IP address in your home connection. Digi generally assigns about 32 clients for each public IP address, very basic home users should not have problems because they will not host any service, however, we must bear in mind that some online games require a public IP address and open ports.

It is also true that the vast majority of Internet users do not need a public IP address because they continually make use of reverse connections without them knowing it, but if you are going to host any service or play certain games, then it is absolutely necessary to leave CGN.

Movistar and O2: CGN free

The Movistar and O2 operators are the only ones that are completely free of CG-NAT or CGN, in these operators we do not have the possibility of using this technology, they will always provide us with a public IPv4 addressing, so we will have no problem hosting our services, such as a web or FTP server, nor to play games since we can open ports on the router without inconvenience.

As you can see, currently many operators in Spain make use of CG-NAT in their networks because the public IPv4 addresses are completely exhausted, and they are trying to continue providing service without having to buy addresses from other operators or companies that they have. Choosing the right operator without CG-NAT, or at least with the possibility of exiting CGN, is essential.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *