XT IP Range

Forums › Telecom New Zealand, XT Network, Yahoo!Xtra › XT IP Range

tcpdump

233 posts

Master Geek

Topic # 96648 1-Feb-2012 11:02
Hello, Does anyone know the IP range that's allocated to XT Mobile connections? I want to put an exception into the firewall to allow connections from my mobile without port knocking. So far I've seen that they have (at least) 115.189.0.0/16 but this is likely to be used by xtra or other parts as well. Thanks.

johnr

13316 posts

Uber Geek

Trusted

Vodafone NZ

Subscriber

Reply # 575773 1-Feb-2012 11:03
Not a good idea as the IP range is not static John Systems Engineer Vodafone NZ http://forum.vodafone.co.nz

plambrechtsen

903 posts

Ultimate Geek

Trusted

Telecom NZ

Reply # 575777 1-Feb-2012 11:06
There is this old blog post from NealR. But I am not sure if it has changed / been updated for a while. Will go and ask him. I work for Telecom, but as always my views are my own.

tcpdump

233 posts

Master Geek

Reply # 575786 1-Feb-2012 11:15
Great stuff, thank you. It's not a big deal if some subnets change as I also have port knocknig enabled if I get an IP address from a new subnet. I'm not too concerned about security implications as I'll only allow ssh and it's extremely unlikely to have brute force attacks from XT phones. Also, fail2ban will do its job if need be. Thanks again, if you have an update on the subnet list posted above it would be appreciated.

plambrechtsen

903 posts

Ultimate Geek

Trusted

Telecom NZ

Reply # 575792 1-Feb-2012 11:38
Neal said he tries to keep it up to date however this is done on a best efforts basis so you should assume it could radically change without warning. I work for Telecom, but as always my views are my own.

tcpdump

233 posts

Master Geek

Reply # 575795 1-Feb-2012 11:39
Understood, thanks again.

Zeon

2379 posts

Uber Geek

Trusted

Subscriber

Reply # 575797 1-Feb-2012 11:47
TBH this is a dumb idea as the ranges could change without warning. If you want to do this then get a static IP. Fail2ban should be good enough....

tcpdump

233 posts

Master Geek

Reply # 575798 1-Feb-2012 11:51
As I said earlier, I have a port-knocking solution in place. The allowing of the range saves me a click to launch the 'knock app'. If the range changes, I just launch the knock app and that's that. Not sure if (how) I can get a static IP on my XT-Mobile.

plambrechtsen

903 posts

Ultimate Geek

Trusted

Telecom NZ

Reply # 575801 1-Feb-2012 11:55
tcpdump: As I said earlier, I have a port-knocking solution in place. The allowing of the range saves me a click to launch the 'knock app'. If the range changes, I just launch the knock app and that's that. Not sure if (how) I can get a static IP on my XT-Mobile. You can get a Private APN. But that comes at a cost. I work for Telecom, but as always my views are my own.

Ragnor

6895 posts

Uber Geek

Trusted

Subscriber

Reply # 575857 1-Feb-2012 13:20
Why not just setup a vpn, most smartphone support various vpn connection options.

tcpdump

233 posts

Master Geek

Reply # 575859 1-Feb-2012 13:23
The firewall is denying everything, including VPN. After a successful knock (or if the IP address/range is in a whitelist) ssh/vpn is being allowed. Yes, I can be even more paranoid if required ;)

Ragnor

6895 posts

Uber Geek

Trusted

Subscriber

Reply # 575863 1-Feb-2012 13:27
Hah fair enough!