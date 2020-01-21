Geekzone: technology news, blogs, forums
Remote Access / Port Forwarding on Spark Wireless Broadband (4G) Huawei B315s-607


16 posts

Geek


# 265432 21-Jan-2020 15:14
Few points regarding the above...

 

     

  1. This forum is a great resource for information when ISP's let you down.  Wish I'd looked here first instead of going through 'proper' channels.
  2. If you are trying to setup port forwarding/remote access on Spark Wireless Broadband... STOP!  It won't work unless you order a fixed IP for $15 p/m as the connection uses CG-NAT.
  3. Should a Spark representative see this post, it would be great if your help desk staff could be a little more knowledgeable about the subject.  I'm not talking about help with actual configuration, I'm talking about knowing that their network uses CG-NAT so they can advise that remote access won't work without ordering a fixed IP.

 

 

 

Context...

 

Installed a security system for my in-laws.  Configured router port forwarding/DDNS however remote access failed.  Factory reset router, checked firmware up to date, hardwired NVR to router instead of using wireless AP in client mode.  No go.  Port checker shows configured ports as closed.  Can't contact DDNS name or external IP directly.

 

Contacted Spark chat support and explained what I was trying to do, all actions taken along with screenshots of port forwarding configuration.  Even mentioned it was as if they were using CG-NAT like I'd experienced on BigPipe.  I was told that is beyond the level of support provided.  It was suggested I seek the services of a local tech company.  I explained that I was familiar with the process/configuration however I suspected either the router or connection was blocking incoming traffic.  I was asked "You can browse the internet right?".  Sure, I browsed to the chat page.  "Then there is nothing wrong with your connection".  "You should contact Huawei for support."

 

So I phoned the Huawei 0800 number while still connected to Spark chat.  "As the routers have customised firmware for each provider, please contact your ISP for support."

 

Back to Spark... "You can pay for premium support for a monthly fee or a $150 one-off payment."

 

 

 

Spent the next hour on other ISP websites figuring out how hard/costly it would be to switch them to another ISP and port phone number and keep Xtra email address and if wired connections were still available at their address.

 

Drove home, jumped onto Geekzone and found out the issue within 5 minutes of searching.

 

 

 

Summary...

 

  • Geekzone community is awesome!
  • Spark don't support Spark supplied routers.
  • Port forwarding won't work on Spark Wireless Broadband (without ordering a fixed IP) despite the Spark firmware having port forwarding/virtual server settings.

 

'That VDSL Cat'
11507 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2402993 21-Jan-2020 15:19
Hi,

 

 

 

the agent should have been able to advise you of this, apologies for the experience.
It is made very clear to our reps that for port forwarding to work, you require a static ip (which yes does cost).

 

 

 

Port forwarding does work, it just requires a static ip.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.



16 posts

Geek


  # 2402999 21-Jan-2020 15:39
Wish I'd spoken to you, would have saved my last remaining non grey hairs.  😁

 

While I have your attention... they were kind of pushed onto 4G as "copper lines were on the way out." 

 

If they get a few of their visiting grandkids on the internet at the same time it grinds to a halt.  I read that Twizel, Wanaka and some other areas are getting 5G soon.  Any plans for Fairlie?

 

Alternatively, although 4G was promoted to them as the way forward, can a connection be changed back to VDSL or is copper not being supported anymore?  They had paid for VDSL installation previously so wiring is pre-existing.

 

Thanks in advance.

 

 

 
 
 
 


'That VDSL Cat'
11507 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2403000 21-Jan-2020 15:46
copper lines aren't on the way out, but in many cases wireless Is a better option.

 

 

 

Might be worth having a chat with the Resolve helpdesk folk, a rollback to VDSL might be the best option for you or possibly just an antenna installation :)

 

I can't comment on 5G future plans, communicable sensitivity etc. 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

28573 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2403013 21-Jan-2020 16:15
I hope you're aware of the security implications of port forwards, particularly if this is to a CCTV system. You should never have a port forward in place to any CCTV system unless it's securely whitelisted to allowed public IP range(s).

 

While Spark FWA has always been CG-NAT by default, the move by 2degrees in particular to move to CG-NAT has done wonders with a few insecure camera dropping off insecam and Shodan.

 

 



16 posts

Geek


  # 2403020 21-Jan-2020 16:41
Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.

28573 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 2403021 21-Jan-2020 16:57
inspectaclueso:

 

Thanks for the info.

 

I know opening ports up comes with some risk but I thought forwarding traffic to a device with non default username/password should be relatively normal practice?  The alternative is using the manufacturers P2P service but that comes with its own risks from what I've read.

 

 

Password offers zero security is there an exploit that bypasses the password. It also doesn't stop bots from trying to brute force logins.

 

The only truly secure remove access is via VPN.

 

 

 

 

