nanog mailing list archives
Re: Typical additional latency for CGN?
From: Owen DeLong <owen () delong com>
Date: Wed, 10 Oct 2012 16:11:55 -0700
On Oct 10, 2012, at 3:30 PM, Mark Andrews <marka () isc org> wrote:
In message <Pine.LNX.4.61.1210100920590.26706 () soloth lewis org>, Jon Lewis writ es:I just spent a few minutes looking into this again, and figured out the problem. AT&T has apparently changed the way their CGN works. I use a form of port knocking to restrict access to SSHd from "foreign" networks. It used to work fine from my phone. Now, the port knocking request from the phone and the ssh connection are being NAT'd to different public IPs, so my system is allowing ssh access to one AT&T IP, and then the ssh connection comes from a nearby but different IP.Which is a badly designed CGN. I turns singly homed clients into multi-homed client where the client has no control over the source address selection. At least with real multi-homed clients they have the ability to force source addresses to match.
AT&T probably likes it for mobile, however, because it's about the easiest way possible to prevent data services from being successfully used for VOIP. Owen
On Wed, 10 Oct 2012, Owen DeLong wrote:The day before I left the US, it was still working on my iPad. Owen On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha () gmail com> wrote:On 10/7/2012 9:22 PM, Jon Lewis wrote:has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections?Not here, have an SSH session open on my phone on port 22 as we speak. I'mon an android on ATT's 3G network in central indiana, if that matters.-- Jon Sands Fohdeesha Media http://fohdeesha.com/---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Typical additional latency for CGN?, (continued)
- Re: Typical additional latency for CGN? Cutler James R (Oct 07)
- Re: Typical additional latency for CGN? George Herbert (Oct 07)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 07)
- Re: Typical additional latency for CGN? Cutler James R (Oct 07)
- Re: Typical additional latency for CGN? Cameron Byrne (Oct 07)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 07)
- Re: Typical additional latency for CGN? Jon Lewis (Oct 07)
- Re: Typical additional latency for CGN? Jon Sands (Oct 10)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 10)
- Re: Typical additional latency for CGN? Jon Lewis (Oct 10)
- Re: Typical additional latency for CGN? Mark Andrews (Oct 10)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 10)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 07)
- Re: Typical additional latency for CGN? joseph . snyder (Oct 08)
- Re: Typical additional latency for CGN? Owen DeLong (Oct 08)
- Re: Typical additional latency for CGN? Tom Limoncelli (Oct 08)
- Re: Typical additional latency for CGN? Andre Tomt (Oct 10)
- Re: Typical additional latency for CGN? Jimmy Hess (Oct 08)
- Re: Typical additional latency for CGN? Jon Lewis (Oct 09)
- Re: Typical additional latency for CGN? Everett, Thomas E. (Oct 12)