nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gi Firewall for mobile subscribers

From: Tore Anderson <tore () fud no>
Date: Sat, 13 Apr 2019 11:13:48 +0200
* Mark Milhollan

On Thu, 11 Apr 2019, Tore Anderson wrote:


We've been wanting to replace our all of our ad-hoc OOB links with a
standardised setup based on LTE connectivity to an embedded
login/console server at each PoP. IPv6 would be perfect due to no
CGNAT and infinitesimal levels of background scanning.

Unfortunately Telenor has decided to deploy a central firewall that
drops all inbound connections, making their service totally unusable
for our use case. I guess they don't want our money.


Sounds like the console server will need to "phone home".  That a workaround might be possible doesn't make a 
firewall which the user cannot control to some degree less annoying.  Though it might be that Telenor just needs to 
be notified/reminded that power users and business customers exist.


Phoning home is not an option here, as the whole point is to have an OOB backdoor that works even if «home» is totally 
FUBAR.

For that reason it needs to be completely independent of the production network. Standard Internet connections are 
perfect, IFF they are bi-directional.

Tore
Previous By Date Next
Previous By Thread Next

Current thread: