Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
03-03-2005, 08:26   #1
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
ISP allow incoming connections?

Hi there,

I'm looking for some info on different ISPs. Which ones do NOT block incoming connections for home users?

My new ISP has just told me that all home users are NAT'd (I think this means that lots of home users share the same public routable IP address) and therefore _no_ incoming connections are allowed. I have the offer of paying for a static IP which will not be NAT'd.

So this means no web server, p2p, incoming SSH, FTP etc. This seems very restrictive to me - but is this the same for everybody?

Gandorf.
Gandorf is offline  
Advertisement
03-03-2005, 08:32   #2
garthv
Hosted Moderator
 
garthv's Avatar
 
Join Date: Jul 2002
Posts: 4,520
HMod: Beer4lyfe
Send a message via MSN to garthv
Pretty much
No BB provider will give you a static IP off the cuff without charging you for it.Oh,except for NTL but they have to be in your area. How much did they say you would have to pay for a static IP?
garthv is offline  
03-03-2005, 08:53   #3
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Thanks GaRtH_V, but now I'm a little confused between NATing and dynamic/static public IP addresses.

I've friends with UTV/esat who use a router/firewall. This is what they've told me:

1. When they enable port forwarding on a specific port (say a p2p one) their pc can accept incoming connections on that port.
2. When they do a port scan on their public ip address (not static) the port scan shows the condition of their firewall - all ports stealthed except for those they've forwarded.
3. This seems to indicate that their publicly routable IP address is dynamically assigned to them by the ISP (not a static one) but that this address is unique to them, not NAT'd between different users. Is this right?

(They seem pretty certain about this and this is not my area so I'm accepting this for the moment.)

For me:

1. When I enable port forwarding on any specific port my pc can still not accept incoming connections on that port, as it's blocked at the ISPs NAT, beyond my router.
2. When I do a port scan on my public ip address the port scan shows the condition of the ISPs NAT/firewall.
3. This seems to indicate that my publicly IP address is the same as lots of other users due to the NATing.

I'm quite confused now. Do you need a static public IP in order to accept incoming connections?
Gandorf is offline  
03-03-2005, 11:04   #4
Bogger77
Registered User
 
Bogger77's Avatar
 
Join Date: Feb 2004
Posts: 1,819
Irish BroadBand Breeze, gives a public IP address and no blocking of any ports, I'm running a webserver on my pc, have there's a .com domain pointed to it.
Whose your New ISP? perhaps what they meant was static IP address, as in you'll only get a dynamic address that changes every time you connect?
Bogger77 is offline  
03-03-2005, 11:13   #5
Chalk
Registered User
 
Join Date: Jun 2004
Posts: 3,222
im running a webserver and ftp on eircom....

what isp blocks incoming connections?
that sounds ridiculous altogther, youd be unable to run almost any internet apps
Chalk is offline  
Advertisement
03-03-2005, 11:16   #6
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Thanks Bogger77,

My ISP is a fairly small east-coast outfit.

To simplify the question.... Do all ISPs block _all_ incoming connections for home/soho users?

If so there wasn't much point in me buying my own router firewall then.....

But from what people are telling me:

UTV, ESAT, Eircom, IBB (Bogger77??)
Paid extra for static IP: No
ISP blocks all incoming connections: No.
Gandorf is offline  
03-03-2005, 11:20   #7
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Thanks Chalk,

Unless I'm totally misunderstanding this, I'm getting a little annoyed as this appears to be something that should have been in the t&cs or I should have been informed of before signing up.

I don't want to jump to conclusions as this isn't my area, so I'll see what others have to say.

Gandorf.
Gandorf is offline  
03-03-2005, 11:21   #8
tomk
Registered User
 
tomk's Avatar
 
Join Date: Jan 2003
Posts: 1,064
Any ISP that I've used, including my current one UTV, has dynamically assigned a public routeable IP address from the pool that they have available to them. Your brief description suggests that your ISP assigns private IP addresses to its subscribers, and NATs these upstream against a smaller pool of public routable IPs. Am I getting the picture?

If that is their setup, then you will have to pay for a static public address from them if you want to make incoming connections. For me, your UTV/Esat friends, and most other internet users, incoming connections are possible against dynamically-assigned public addresses, unless of course the ISP chooses to block the selected port.

Re your last three points:

1. How do you know your forwarded port is blocked by the ISP? Have you asked them?
2. You mention "my public ip address", whereas I understood you were being given a private address. Does your router have a user interface - web, CLI, other? Can it show you the address assigned to its WAN interface?
3. Is there any way you can contact another subscriber and compare notes?

Naturally, you have no particular reason to trust me, but I would be happy to scan whatever public IP address your using - I might not see anything, but the offer is there. If you want to discuss this further PM me.

By the way, is there any reason that you don't want to name your ISP? They've all had their share of praise and condemnation around here......
tomk is offline  
03-03-2005, 11:46   #9
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Hi tomk,

What you say agrees 100% with what my friends have been saying to me (re the dynamically assigned public IP addresses).

To answer your questions:

1. Yes they block all the ports. When I asked my ISP they replied with:
"Home users are NAT'ed, meaning that incoming connections are blocked at our NAT decice. To run a webserver you will require a static Public IP address, we can arrange this for you for an additional €10 per month"

2. My ISP is using NAT as you've stated. For example my router (Linksys WRT54G) web interface is showing a private IP in the 192.168.xx.xx range. This is the dynamic private IP assigned to me by my ISP's NAT router.

3. Yep I think there's one or two around boards. I'll PM some and see.

ShieldsUp! scans on my public IP address show all ports closed except for SSH (which the ISP uses to remotely manage the router). This is what alerted me to this setup. If the port scanner was scanning _my_ router the ports would be "stealthed" - i.e. not respond to pings. When I asked the ISP they replied:

"Your connection is alredy passing through a firewall from the internet on our side - the checking program you are using is detecting our firewall - we use SSH to remotely manage it."

I'm just being cautious re naming the ISP. I do think I should have been informed of this setup before I signed up - seeing as I got the SOHO package and told them it was for teleworking. So no incoming p2p,ssh,ftp etc.....
Gandorf is offline  
Advertisement
03-03-2005, 11:47   #10
Chalk
Registered User
 
Join Date: Jun 2004
Posts: 3,222
www.whatismyip.com

what does that show?
Chalk is offline  
03-03-2005, 12:19   #11
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
It shows the same IP as does ShieldsUp!, or any other port scanner. Why?
Gandorf is offline  
03-03-2005, 12:58   #12
seamus
Dental Plan!
 
seamus's Avatar
 
Join Date: Jul 2001
Posts: 60,930
Send a message via MSN to seamus
Quote:
Originally Posted by Gandorf
I'm just being cautious re naming the ISP. I do think I should have been informed of this setup before I signed up - seeing as I got the SOHO package and told them it was for teleworking. So no incoming p2p,ssh,ftp etc.....
Name them. It won't affect you. And we can check out their T's & C's. You see, they wouldn't get away with "HTTP traffic is an internet service", they'd be killed. But "Outgoing IP network services is an internet service" could very easily fly. Technically, any program, or part of a program that listens on a network port for a network connection, is a server, and if they state that your internet package is not for running servers, then you have no comeback really.
seamus is offline  
03-03-2005, 13:09   #13
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Hmmm. OK then

The ISP is Net1, Net1

The Ts&Cs are here

I must say the service seems good so far, but the wholesale blocking of incoming ports is very annoying.

Gandorf.
Gandorf is offline  
03-03-2005, 15:24   #14
Gandorf
Registered User
 
Join Date: Feb 2003
Posts: 167
Well just after I posted that, my new broadband connection died! (I'm posting from my dialup now)

So is it a coincidence or have I been spiked for naming names?

Last edited by Gandorf; 04-03-2005 at 06:22.
Gandorf is offline  
03-03-2005, 15:50   #15
Chalk
Registered User
 
Join Date: Jun 2004
Posts: 3,222
i wasnt asking you to post it.

just its unusual for an isp to give you a private ip like you stated earlier.
it will be impossible for anyone to do anything web based with you if your isp provide a private ip like that.
when you go to shields up they would be scanning your isp, not you.

petty much useless.
stick with the dial up or get a new provider, that doesnt seem like its worth the money.
Chalk is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet