ISP allow incoming connections?

Gandorf · 03-03-2005 9:26am #1

Hi there,

I'm looking for some info on different ISPs. Which ones do NOT block incoming connections for home users?

My new ISP has just told me that all home users are NAT'd (I think this means that lots of home users share the same public routable IP address) and therefore _no_ incoming connections are allowed. I have the offer of paying for a static IP which will not be NAT'd.

So this means no web server, p2p, incoming SSH, FTP etc. This seems very restrictive to me - but is this the same for everybody?

Gandorf.

garthv · 03-03-2005 9:32am

Pretty much
No BB provider will give you a static IP off the cuff without charging you for it.Oh,except for NTL but they have to be in your area. How much did they say you would have to pay for a static IP?

Gandorf · 03-03-2005 9:53am

Thanks GaRtH_V, but now I'm a little confused between NATing and dynamic/static public IP addresses.

I've friends with UTV/esat who use a router/firewall. This is what they've told me:

1. When they enable port forwarding on a specific port (say a p2p one) their pc can accept incoming connections on that port.
2. When they do a port scan on their public ip address (not static) the port scan shows the condition of their firewall - all ports stealthed except for those they've forwarded.
3. This seems to indicate that their publicly routable IP address is dynamically assigned to them by the ISP (not a static one) but that this address is unique to them, not NAT'd between different users. Is this right?

(They seem pretty certain about this and this is not my area so I'm accepting this for the moment.)

For me:

1. When I enable port forwarding on any specific port my pc can still not accept incoming connections on that port, as it's blocked at the ISPs NAT, beyond my router.
2. When I do a port scan on my public ip address the port scan shows the condition of the ISPs NAT/firewall.
3. This seems to indicate that my publicly IP address is the same as lots of other users due to the NATing.

I'm quite confused now. Do you need a static public IP in order to accept incoming connections?

Bogger77 · 03-03-2005 12:04pm

Irish BroadBand Breeze, gives a public IP address and no blocking of any ports, I'm running a webserver on my pc, have there's a .com domain pointed to it.
Whose your New ISP? perhaps what they meant was static IP address, as in you'll only get a dynamic address that changes every time you connect?

Chalk · 03-03-2005 12:13pm

im running a webserver and ftp on eircom....

what isp blocks incoming connections?
that sounds ridiculous altogther, youd be unable to run almost any internet apps

Gandorf · 03-03-2005 12:16pm

Thanks Bogger77,

My ISP is a fairly small east-coast outfit.

To simplify the question.... Do all ISPs block _all_ incoming connections for home/soho users?

If so there wasn't much point in me buying my own router firewall then..... :rolleyes:

But from what people are telling me:

UTV, ESAT, Eircom, IBB (Bogger77??)
Paid extra for static IP: No
ISP blocks all incoming connections: No.

Gandorf · 03-03-2005 12:20pm

Thanks Chalk,

Unless I'm totally misunderstanding this, I'm getting a little annoyed as this appears to be something that should have been in the t&cs or I should have been informed of before signing up.

I don't want to jump to conclusions as this isn't my area, so I'll see what others have to say.

Gandorf.

tomk · 03-03-2005 12:21pm

Any ISP that I've used, including my current one UTV, has dynamically assigned a public routeable IP address from the pool that they have available to them. Your brief description suggests that your ISP assigns private IP addresses to its subscribers, and NATs these upstream against a smaller pool of public routable IPs. Am I getting the picture?

If that is their setup, then you will have to pay for a static public address from them if you want to make incoming connections. For me, your UTV/Esat friends, and most other internet users, incoming connections are possible against dynamically-assigned public addresses, unless of course the ISP chooses to block the selected port.

Re your last three points:

1. How do you know your forwarded port is blocked by the ISP? Have you asked them?
2. You mention "my public ip address", whereas I understood you were being given a private address. Does your router have a user interface - web, CLI, other? Can it show you the address assigned to its WAN interface?
3. Is there any way you can contact another subscriber and compare notes?

Naturally, you have no particular reason to trust me, but I would be happy to scan whatever public IP address your using - I might not see anything, but the offer is there. If you want to discuss this further PM me.

By the way, is there any reason that you don't want to name your ISP? They've all had their share of praise and condemnation around here......

Gandorf · 03-03-2005 12:46pm

Hi tomk,

What you say agrees 100% with what my friends have been saying to me (re the dynamically assigned public IP addresses).

To answer your questions:

1. Yes they block all the ports. When I asked my ISP they replied with:
"Home users are NAT'ed, meaning that incoming connections are blocked at our NAT decice. To run a webserver you will require a static Public IP address, we can arrange this for you for an additional €10 per month"

2. My ISP is using NAT as you've stated. For example my router (Linksys WRT54G) web interface is showing a private IP in the 192.168.xx.xx range. This is the dynamic private IP assigned to me by my ISP's NAT router.

3. Yep I think there's one or two around boards. I'll PM some and see.

ShieldsUp! scans on my public IP address show all ports closed except for SSH (which the ISP uses to remotely manage the router). This is what alerted me to this setup. If the port scanner was scanning _my_ router the ports would be "stealthed" - i.e. not respond to pings. When I asked the ISP they replied:

"Your connection is alredy passing through a firewall from the internet on our side - the checking program you are using is detecting our firewall - we use SSH to remotely manage it."

I'm just being cautious re naming the ISP. I do think I should have been informed of this setup before I signed up - seeing as I got the SOHO package and told them it was for teleworking. So no incoming p2p,ssh,ftp etc..... :mad:

Chalk · 03-03-2005 12:47pm

www.whatismyip.com

what does that show?

Gandorf · 03-03-2005 1:19pm

It shows the same IP as does ShieldsUp!, or any other port scanner. Why?

seamus · 03-03-2005 1:58pm

Gandorf wrote:

I'm just being cautious re naming the ISP. I do think I should have been informed of this setup before I signed up - seeing as I got the SOHO package and told them it was for teleworking. So no incoming p2p,ssh,ftp etc..... :mad:

Name them. It won't affect you. And we can check out their T's & C's. You see, they wouldn't get away with "HTTP traffic is an internet service", they'd be killed. But "Outgoing IP network services is an internet service" could very easily fly. Technically, any program, or part of a program that listens on a network port for a network connection, is a server, and if they state that your internet package is not for running servers, then you have no comeback really.

Gandorf · 03-03-2005 2:09pm

Hmmm. OK then

The ISP is Net1, Net1

The Ts&Cs are here

I must say the service seems good so far, but the wholesale blocking of incoming ports is very annoying.

Gandorf.

Gandorf · 03-03-2005 4:24pm

Well just after I posted that, my new broadband connection died! (I'm posting from my dialup now)

So is it a coincidence or have I been spiked for naming names? :eek:

Chalk · 03-03-2005 4:50pm

i wasnt asking you to post it.

just its unusual for an isp to give you a private ip like you stated earlier.
it will be impossible for anyone to do anything web based with you if your isp provide a private ip like that.
when you go to shields up they would be scanning your isp, not you.

petty much useless.
stick with the dial up or get a new provider, that doesnt seem like its worth the money.

kasintahan · 03-03-2005 6:06pm

Private IP addys?

Weird, I don't know any other ISP doing that.

Gandorf · 03-03-2005 6:59pm

Great, so I got a turkey? And not too reliable it seems. Seeing as today is the first time I've used it and it's been down since 2pm.

:mad:

There's nothing in the Ts&Cs about not being able to run a server

Cabaal · 04-03-2005 9:50am

GaRtH_V wrote:

Pretty much
No BB provider will give you a static IP off the cuff without charging you for it.Oh,except for NTL but they have to be in your area

Esat BT Business DSL gives you a static IP as standard, but you have to be in a certain area to get it, ie: Waterford, Kilkenny etc

taoiseachjoe · 04-03-2005 10:19am

Section 5.1 of Net1's T&C refer to the use of a "Mail Server" and requires (as is normal practice) that you don't allow mail relay.

In practice, it would not be possible for a user to run a mail server for incoming mail without opening up certain ports to the public internet.

So, you could argue that the underlying assumption in the T&Cs is that you have a publicly routable IP address.

Joe

tomk · 04-03-2005 11:25am

There's something odd about those T&Cs. Some of the sections have numbered subsections e.g. 5.1, 5.2, etc, while others have (a), (b), etc. And almost at the end, there is section 17, "SERVICE AND REPAIRS", followed by Section 5, "Internet Access", even though there is a Section 5 further up entitled "Your Use of the Broadband Services".

More to the point, the "Internet Access" section states the following:

(e) Net1 will assign to you (If requested) a Net1-owned Internet Protocol address ("IP Address") which is the exclusive property of Net1 and is not portable. Net1 may change the IP Address at any time without liability and without prior notice to you. Net1 will use reasonable efforts to avoid any disruption to you by notifying you via email before changing your IP Address.

Finally, AFAICS there is no mention anywhere on their site about additional charges for fixed public IPs.

Have you signed a contract with these guys?

Gandorf · 04-03-2005 11:37am

Hi tomk,

You're right. Possibly the Ts&Cs were cobbled together from a number of sources, as the format is not consistant throughout.

Yes I have signed a contract based on these Ts&Cs.

However, as the ISP options are limited in my area and I need BB for work, I seem to have little choice in who I go for.....

EDIT: there was an "options" sheet sent to me (routers etc) which included an option for a "static external IP address", however as I thought that all ISPs allocate dynamic external IP addresses (which would be suitable for my needs) I was unaware that I'd need this.

Gandorf.

ISP allow incoming connections?

Comments