General Discussion
  >> Mobile Broadband (3G, 4G etc)


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User SNR6
(newbie) Thu 06-Aug-15 14:11:38
Print Post

WISP'ers are closing TCP ports?


[link to this post]
 
To open a VPN there is a need to link through an outgoing TCP port. Are all home satellite and wireless ISP's obliged to close all their outgoing TCP ports because they need a geographical location. No such restrictions apply to registered business accounts.
Standard User nemeth782
(member) Fri 04-Sep-15 08:15:06
Print Post

Re: WISP'ers are closing TCP ports?


[re: SNR6] [link to this post]
 
In reply to a post by SNR6:
To open a VPN there is a need to link through an outgoing TCP port. Are all home satellite and wireless ISP's obliged to close all their outgoing TCP ports because they need a geographical location. No such restrictions apply to registered business accounts.


This doesn't make sense.

By connecting to any website over HTTP, a TCP port will be opened for the connection. It's an outgoing connection in that it was initiated from the home PC. If "all outgoing TCP ports are obliged to be closed" then the connection is pretty useless as you can't even open a website.

Some ISPs close some ports for various reasons, such as preventing SMTP relays.

There is no link between having a geographical location and opening ports.

Satellite ISPs have a geographical location - the satellite modem needs to know where it is to within ~60 miles or so to come in to network (hence mobile platforms have GPS receivers to update them, static installs are configured on install.)

Edited by nemeth782 (Fri 04-Sep-15 08:15:53)

Standard User SNR6
(newbie) Fri 04-Sep-15 12:07:16
Print Post

Re: WISP'ers are closing TCP ports?


[re: nemeth782] [link to this post]
 
I wasn't certain it was happening. Now I actually have a 4G LTE router (using an EE data addon) when I do a grc.com shields up test all the ports are stealthed except 113 which is exposed but closed. My worry was that going LTE would prove problematic, it hasn't. Not got satellite broadband which is where the original concern came from. Thanks for taking the time to reply.


Register (or login) on our website and you will not see this ad.

Standard User jchamier
(eat-sleep-adslguide) Fri 04-Sep-15 19:34:17
Print Post

Re: WISP'ers are closing TCP ports?


[re: SNR6] [link to this post]
 
What you are probably confusing is that the mobile networks (LTE/4G, 3G etc) and some of the WISPs cannot obtain sufficient IPv4 addresses for everyone to have a direct public IP on the internet. (as you have on an ADSL, FTTC, Cable connection today).

So they use what is known as "carrier grade NAT" (CGNAT) which shares a public IP address with a lot of users.

This means unsolicited incoming traffic to you hits the CGNAT and cannot determine which user to pass the traffic to, thus showing "stealthed".

GRC was good in 1999 / 2000 when high speed internet in the US was a single PC connected to a cable modem, and no home router. The UK has always been different. The GRC site hasn't really been updated, so much of its advice is just aging gracefully. Not wrong, but not always directly applicable.

plusnet unlimited fibre 80/20 - Since 2 Jun 14 - Aug 15 Sync: 56575/9911 - G.INP download only frown
16 years UK broadband (Since 1999 ntl:cable trial), Asus RT-AC68U & HG612 - BQM - Flash Speedtest - HTML Speedtest
Standard User francisuk25
(learned) Mon 21-Sep-15 23:46:58
Print Post

Re: WISP'ers are closing TCP ports?


[re: jchamier] [link to this post]
 
In reply to a post by jchamier:
What you are probably confusing is that the mobile networks (LTE/4G, 3G etc) and some of the WISPs cannot obtain sufficient IPv4 addresses for everyone to have a direct public IP on the internet. (as you have on an ADSL, FTTC, Cable connection today).

So they use what is known as "carrier grade NAT" (CGNAT) which shares a public IP address with a lot of users.

This means unsolicited incoming traffic to you hits the CGNAT and cannot determine which user to pass the traffic to, thus showing "stealthed".

GRC was good in 1999 / 2000 when high speed internet in the US was a single PC connected to a cable modem, and no home router. The UK has always been different. The GRC site hasn't really been updated, so much of its advice is just aging gracefully. Not wrong, but not always directly applicable.


When you said "carrier grade NAT" (CGNAT) which shares a public IP address with a lot of users" Three/3 Mobile broadband must have a open NAT as in the past i could open a port on my torrent client and it come back as port open we can see you however tryed doing this on t-moobile uk now EE was a no go! completely blocked.

So my question is what type of NAT is Three using?

Virgin Media -> 50Mb DL / 3Mb UP

Edited by francisuk25 (Mon 21-Sep-15 23:49:02)

Standard User jchamier
(eat-sleep-adslguide) Tue 22-Sep-15 22:53:54
Print Post

Re: WISP'ers are closing TCP ports?


[re: francisuk25] [link to this post]
 
In reply to a post by francisuk25:
So my question is what type of NAT is Three using?


If its a voice plan then I always seem to get a NAT (private, RFC 1918) address.

If its a data (mobile broadband) plan then I seem to get a public IP address.

Depends on the account in use with Three. With Vodafone and EE its always a private address, unless you pay more I believe.

plusnet unlimited fibre 80/20 - Since 2 Jun 14 - Aug 15 Sync: 56575/9911 - G.INP download only frown
16 years UK broadband (Since 1999 ntl:cable trial), Asus RT-AC68U & HG612 - BQM - Flash Speedtest - HTML Speedtest
Standard User David_W
(fountain of knowledge) Wed 23-Sep-15 10:27:41
Print Post

Re: WISP'ers are closing TCP ports?


[re: jchamier] [link to this post]
 
In reply to a post by jchamier:
In reply to a post by francisuk25:
So my question is what type of NAT is Three using?


If its a voice plan then I always seem to get a NAT (private, RFC 1918) address.

If its a data (mobile broadband) plan then I seem to get a public IP address.

On a consumer mobile broadband account the 3internet APN gives you a public IP address. The three.co.uk APN gives an RFC 1918 address with network side NAT.

I don't know whether a voice account can access the 3internet APN and, if it can, whether you get a public IP address.


I use a Three mobile broadband SIM for failover on my main router. Using a dynamic DNS provider, I use the public IP address to serve incoming VPN traffic in a failover scenario. I also bring up a Hurricane Electric IPv6 tunnel over the mobile broadband connection to provide failover IPv6 connectivity.

  Print Thread

Jump to