1
Ask
2
Reply
3
Solution
.png "Moderator (Retired)"){kind=icon}
Hi RoyP,
While we do not block any standard ports by default, our system does not use Public IP addressing, which means if you're trying to use any application or service which requires a direct connection with your PC, it will not work. The IP address being seen by your external server does not match the IP address of your actual modem, because of the way it is routed through our network - so any attempts to connect to ports on that IP address will not reach their intended destination.
The reason we have to do this, is because there are not enough IP addresses assigned to us to be able to give a unique public IP to all of our customers. We therefore need to share the same IP between multiple customers at once, using a combination of Network Address Translation and Port Address Translation. Unfortunately this does mean that certain services, such as Remote Desktop, will be unavailable.
I'm afraid we are not able to support any direct IP connections while using Mobile Broadband, although we are looking to switch to a Public IP system at some point in the future.
Jon
eForum Team
While we do not block any standard ports by default, our system does not use Public IP addressing, which means if you're trying to use any application or service which requires a direct connection with your PC, it will not work. The IP address being seen by your external server does not match the IP address of your actual modem, because of the way it is routed through our network - so any attempts to connect to ports on that IP address will not reach their intended destination.
The reason we have to do this, is because there are not enough IP addresses assigned to us to be able to give a unique public IP to all of our customers. We therefore need to share the same IP between multiple customers at once, using a combination of Network Address Translation and Port Address Translation. Unfortunately this does mean that certain services, such as Remote Desktop, will be unavailable.
I'm afraid we are not able to support any direct IP connections while using Mobile Broadband, although we are looking to switch to a Public IP system at some point in the future.
Jon
eForum Team
Hey Bacupian,
Not really sure what to advise here as I don't have the information you're needing. This isn't an area we often get questions on - can you perhaps try what connection you're trying to achieve please, and let us know any error's you get? It helps us to know as much as possible about your setup to give us a clearer picture.
I'll pass this on to Jon for his knowledge and opinion come next week
Daz
eForum Team
Not really sure what to advise here as I don't have the information you're needing. This isn't an area we often get questions on - can you perhaps try what connection you're trying to achieve please, and let us know any error's you get? It helps us to know as much as possible about your setup to give us a clearer picture.
I'll pass this on to Jon for his knowledge and opinion come next week
Daz
eForum Team
Hey Bacupian,
Not really sure what to advise here as I don't have the information you're needing. This isn't an area we often get questions on - can you perhaps try what connection you're trying to achieve please, and let us know any error's you get? It helps us to know as much as possible about your setup to give us a clearer picture.
I'll pass this on to Jon for his knowledge and opinion come next week
Daz
eForum Team
I was qerying Jon's answer.
I've never tried connections on port 8085, or 8080 but I don't see why this shouldn't work.
I can't make any sense out of Jon's explanation. Usually NAT remembers all outgoing private
IP to public IP translations and will match up return packets within a give period to maintain
the connection between user on private IP to the destination public IP.
What NAT can't do is accept incoming connections to Vodafone public IP and direct it to a
user. NAT also fails where return connection is on a different random port but can be fudged
by using a proxy (or in some cases just by making a good guess).
Possibly the application mentioned in original question needs to make a distinct return
connection on port 8085 or some other port, but I don't think there was enough information
given. My guess was that it was outgoing port being requested to be opened (already is)
rather than incoming (not possible).
David
Hey Bacupian,
Whilst I'm awaiting Jon's thoughts on the matter, I wanted to chime in and comment - currently, our NAT system won't allow for incoming connections if you're trying to emulate a static IP connection (albeit one that dynamically changes). This may change in the future with the advent of IPv6, but that's beyond the horizon at the moment.
I'm sure Jon will be able to answer your questions - I look forward to learning a little something too
Daz
eForum Team
Whilst I'm awaiting Jon's thoughts on the matter, I wanted to chime in and comment - currently, our NAT system won't allow for incoming connections if you're trying to emulate a static IP connection (albeit one that dynamically changes). This may change in the future with the advent of IPv6, but that's beyond the horizon at the moment.
I'm sure Jon will be able to answer your questions - I look forward to learning a little something too
Daz
eForum Team
Hey Bacupian,
Whilst I'm awaiting Jon's thoughts on the matter, I wanted to chime in and comment - currently, our NAT system won't allow for incoming connections if you're trying to emulate a static IP connection (albeit one that dynamically changes). This may change in the future with the advent of IPv6, but that's beyond the horizon at the moment.
I'm sure Jon will be able to answer your questions - I look forward to learning a little something too
Daz
eForum Team
Hi Daz
I think I already said that 🙂
! What NAT can't do is accept incoming connections to Vodafone public IP and direct it to a
! user. NAT also fails where return connection is on a different random port but can be fudged
! by using a proxy (or in some cases just by making a good guess).
I had originally asked what exactly your firewall/nat supports, if it's a very limited range or mostly
open. I'll wait for Jon's reply on that not that I've experienced any problem at all that I could put
down to nat.
Only problem I have is due to your system of compression on some filetypes downloaded via http
which has been an ongoing issue here I believe since March.
David
I was qerying Jon's answer.
I've never tried connections on port 8085, or 8080 but I don't see why this shouldn't work.
I can't make any sense out of Jon's explanation. Usually NAT remembers all outgoing private
IP to public IP translations and will match up return packets within a give period to maintain
the connection between user on private IP to the destination public IP.
What NAT can't do is accept incoming connections to Vodafone public IP and direct it to a
user. NAT also fails where return connection is on a different random port but can be fudged
by using a proxy (or in some cases just by making a good guess).
Possibly the application mentioned in original question needs to make a distinct return
connection on port 8085 or some other port, but I don't think there was enough information
given. My guess was that it was outgoing port being requested to be opened (already is)
rather than incoming (not possible).
David
Hi David,
While what you say about NAT is true, there's a fundamental difference in our network. The Public IP address that is run through the NAT is not assigned to a single modem, but is instead shared between several different users at the edge of our network.
Normally with an internet connection, if you run an ipconfig command on your modem, you'll be able to see your external IP and it's a public one - by which I mean what you see as your IP address on the computer is exactly the same as the one websites see when you connect to them.
With our network however, the IP address that the modem is assigned is not public. It's an internal address connecting within our own private network. It is then routed through several different proxies and hosting environments, including about 4 further NAT systems depending on the type of traffic, before finally being assigned a public IP address and sent out to the internet. That public IP address is NOT unique to an individual customer.
This makes direct IP connections impossible. We cannot support this functionality. In short, there is nothing we could do to make a remote connection possible for you I'm afraid
There are alternatives available which will work however, such as http://www.logmein.com
Jon
eForum Team
Hi David,
While what you say about NAT is true, there's a fundamental difference in our network. The Public IP address that is run through the NAT is not assigned to a single modem, but is instead shared between several different users at the edge of our network.
Normally with an internet connection, if you run an ipconfig command on your modem, you'll be able to see your external IP and it's a public one - by which I mean what you see as your IP address on the computer is exactly the same as the one websites see when you connect to them.
With our network however, the IP address that the modem is assigned is not public. It's an internal address connecting within our own private network. It is then routed through several different proxies and hosting environments, including about 4 further NAT systems depending on the type of traffic, before finally being assigned a public IP address and sent out to the internet. That public IP address is NOT unique to an individual customer.
This makes direct IP connections impossible. We cannot support this functionality. In short, there is nothing we could do to make a remote connection possible for you I'm afraid
There are alternatives available which will work however, such as http://www.logmein.com
Jon
eForum Team
Thanks for your input guys , the main reason I bought my mobile broadband was for this purpuse so now I am tied down to a contract.....
Hi David,
While what you say about NAT is true, there's a fundamental difference in our network. The Public IP address that is run through the NAT is not assigned to a single modem, but is instead shared between several different users at the edge of our network.
Normally with an internet connection, if you run an ipconfig command on your modem, you'll be able to see your external IP and it's a public one - by which I mean what you see as your IP address on the computer is exactly the same as the one websites see when you connect to them.
With our network however, the IP address that the modem is assigned is not public. It's an internal address connecting within our own private network. It is then routed through several different proxies and hosting environments, including about 4 further NAT systems depending on the type of traffic, before finally being assigned a public IP address and sent out to the internet. That public IP address is NOT unique to an individual customer.
This makes direct IP connections impossible. We cannot support this functionality. In short, there is nothing we could do to make a remote connection possible for you I'm afraid
There are alternatives available which will work however, such as http://www.logmein.com
Jon
eForum Team
Hi
can you please tell me where in any of my questions I have asked for any information on incoming
(unsolicited) connections? 🙂
I was just asking for confirmation as to what your policy was on what OUTGOING ports were allowed or
blocked (other than you mangling traffic comming back via http or your email port 25 disaster).
My guess is it's all open from my checks so far and I'm happy with that. I'd just like confirmation you
will not be blocking my ftp, ssh, smtps etc.
In particular I was asking about ports 8085 and 8080 OUTGOING although I don't yet have my own
remote proxy setup, I don't want to waste my time setting it up then finding it's blockked.
David
