Hi,

I’m trying to set up a WireGuard VPN server at home using an XB7-CM (Xfinity gateway) + my own router (GL.iNet Flint 2).

I'm a newbie and have been learning about port forwarding, and my goal is to understand what the “cleanest” setup is so I can avoid headaches.

Goal:

• Run WireGuard server on the Flint 2

• Be able to connect remotely with travel router (so need port forwarding working reliably)

• Use DDNS so I changes to my public IP won't break things

Where I’m confused

1. Bridge mode vs non-bridge mode (XB7-CM)

From what I understand:

• Non-bridge mode

  • XB7 is acting as router

  • Flint gets a private IP (like 10.0.0.x)

  • I’d need to:

    • port forward on XB7 → Flint

    • then Flint → WireGuard

  • This seems like double NAT

• Bridge mode

  • XB7 becomes just a modem

  • Flint gets the public IP directly

  • Only need to configure everything on Flint

• Is bridge mode basically the recommended / easiest way for this kind of setup? Or is there any downside I should be aware of?

2. DDNS behavior

• If I stay in non-bridge mode, Flint’s WAN IP is private (10.0.0.x)

  • Does DDNS (on the Flint) still work reliably in this case?

  • Does Flint figure out the public IP automatically or is it hit/miss?

• If I go bridge mode, I assume DDNS is straightforward since Flint has the public IP?

3. IP reservation on XB7

• In non-bridge mode, I assume I should reserve an IP for the Flint (like 10.0.0.50) so port forwarding doesn’t break?

• Is IP reservation even supported on the XB7 (via app or admin page)?

• If I go bridge mode, I’m assuming IP reservation on XB7 is irrelevant?

I'd appreciate any advice on how to set it up with minimal headache in a reliable way.

Thanks