Wireless broadband, static IP, open ports.

Forums › Spark New Zealand (including Skinny and BigPipe) › Wireless broadband, static IP, open ports.

peteredmunds

5 posts

Wannabe Geek

#243209 1-Dec-2018 00:36

Have spoken with different people at Spark about this, and searched the forums here. As well as the usual searches.

Getting conflicting answers.

Can anyone point me in the direction of a definitive, written statement that says Spark's Wireless Broadband solutions will or will not support having a Windows Server on the LAN side with clients on the WAN side initiating sessions on port 3389 for RDS , 443 for HTTPS, and 80 for HTTP?

1 | 2

13459 posts

Uber Geek

ID Verified

Lifetime subscriber

#2137605 1-Dec-2018 06:38

pretty sure you cant have a static IP address on a wireless service because its provided over CG-NAT.

which means no port forwarding.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2137606 1-Dec-2018 06:40

Your question is a little confusing.

Do you have a static IP or are you using the default CG-NAT IP address? Are you wanting to know whether this is possible with CG-NAT or whether it's only possibly with a static IP?

Like every RSP that offers CG-NAT by default you're clearly not going to be able to have port forwards if you are on a CG-NAT connection. Spark do now offer static IP addresses on fixed wireless as an option.

SATTV

1648 posts

Uber Geek

ID Verified

#2137612 1-Dec-2018 07:57

I presume you are referring to the Spark wireless internet product using a B315 router or the like, in which case yes you can get a static IP.

The cost is an additional $10 per month.

Once you have that you can do the port forwarding.

https://store.spark.co.nz/forms/s/static-ip-requests

If you are using a router and a phone SIM card you are out of luck.

John

I know enough to be dangerous

tdgeek

29746 posts

Uber Geek

Trusted

Lifetime subscriber

#2137615 1-Dec-2018 08:07

SATTV:

I presume you are referring to the Spark wireless internet product using a B315 router or the like, in which case yes you can get a static IP.

The cost is an additional $10 per month.

Once you have that you can do the port forwarding.

https://store.spark.co.nz/forms/s/static-ip-requests

If you are using a router and a phone SIM card you are out of luck.

John

$15 incl. GST per month for a residential connection. Free on a Business connection 120GB or above

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2137628 1-Dec-2018 09:04

It's also probably noting that exposing 3389 for RDP to the Internet is something that should never be contemplated. 3389 should only ever be exposed if you have the ability to restrict this via whitelist to specific IP ranges.

If remote access is required this should be via VPN or by using a 3rd party product such as TeamViewer.

peteredmunds

5 posts

Wannabe Geek

#2137630 1-Dec-2018 09:27

Thanks for the quick replies everyone.

We have a static IP and the device is one of Spark's Huawei modem/routers, not a dongle.

In different discussions have been told variously that with a static IP, port forwarding can be set up on the router but will not function because the ports are blocked at the ISP,

alternatively, that port 25 can be opened but no others,

alternatively that port forwarding on the router is not possible,

alternatively, that port forwarding can be set up on the router and that any port can be opened by the ISP, but has to be specifically requested,

alternatively, well you get the drift, each person involved has had a different opinion on what constitutes an open port, or even what a port is.

The functionality we're needing is that a client device can ask for domain.tld:port and a listening service on the server will hear the request, assuming the router and server firewalls are open for the specific request.

In the same way as the copper network, mostly, functions now.

And what we are asking of the forum here is, has anyone encountered a definitive written statement from Spark along the lines that the functionality we need is, yes available, or no unavailable?

Continual re-explaining of requirements over the phone, only to be handed off to yet another person with yet another take on things is getting to be less than pleasing, hence why we're asking if anyone has encountered a written statement.

tdgeek

29746 posts

Uber Geek

Trusted

Lifetime subscriber

#2137633 1-Dec-2018 09:39

@cbrpilot

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

peteredmunds

5 posts

Wannabe Geek

#2137636 1-Dec-2018 09:56

Appreciate your additional comments, @sbiddle.

We're not flying blind here. There are reasons why we have to use 3389 at present. Everything's locked down as hard as we can and a powershell script is blocking thousands of vagrant IP addresses on the fly.

Unfortunately, wandering IP addresses make whitelisting client IP's unusable. IPv6 instead of CGNAT would be a nice thing. *ducks for cover*

cbrpilot

955 posts

Ultimate Geek

Trusted

Spark NZ

#2137722 1-Dec-2018 11:09

Definitive answer: yes you can have ports open with Static IP on Wireless Broadband. By default when you request Static IP, the following ports will remain blocked:

-tcp port 25

-tcp/udp dest 53

-tcp dest 135->139

-tcp dest 445

If you want any of those unblocked, request port 25 be opened and it will open all of them.

The WBB modem does support port forwarding, though you need to apply the settings before it starts working. I have heard anecdotal evidence that some people have had issues getting it working, but it does work.

Hope that answers your question.

My views are my own, and may not necessarily represent those of my employer.

NZFINEST

202 posts

Master Geek

Trusted

#2137738 1-Dec-2018 13:08

https://store.spark.co.nz/forms/s/static-ip-requests

peteredmunds

5 posts

Wannabe Geek

#2137741 1-Dec-2018 13:13

Thanks @cbrpilot

SMTP expected

DNS ok, we run split horizon, so not an issue, might even be useful for random things we get wrong faffing around on a production small business network that simply can't afford to run a test environment. The sheer joy of needing corporate tools without corporate size infrastructure.

MSRPC sensible

NETBIOS sensible

MSSMB sensible

On the basis of your reply, we'll plug everything in and reconfigure.

As usual this will break all sorts of unexpected things. We'll report back to the thread when things are stable, regardless of stable being 100% ok or 100% broken and reverted to copper.

On the assumption that your answer is based on you being Spark staff, making this information available to Spark's Waikato Business Hub and whoever in the matrix they escalate to, may lessen future customer frustrations.

chevrolux

4962 posts

Uber Geek
Inactive user

#2137754 1-Dec-2018 13:46

Business Hub

LOL! I wouldn't expect a business hub staff member to be able to more than sell a mobile plan. IMO the business hubs are the weakest links in Spark's otherwise pretty good business support.

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2137758 1-Dec-2018 13:55

peteredmunds:

On the assumption that your answer is based on you being Spark staff, making this information available to Spark's Waikato Business Hub and whoever in the matrix they escalate to, may lessen future customer frustrations.

Just to be clear, this information is easily accessible for anyone within spark.

I'll pass the feedback onto the waikato hub folk so they can have a quick refresher.

Highly likely they are still erring on the side of caution around static ips, business continuity etc.

As with anything, making a change like this does hold risk, So i'd do it at a time that it's not mission critical with a fallback plan.

Preferably a backup service inplace.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

peteredmunds

5 posts

Wannabe Geek

#2137782 1-Dec-2018 15:18

Appreciate the advice there @hio77 and will be following it.

Quite frankly the prospect of breaking a small business system is scarier than the corporate trashfires we've been involved with in past incarnations.

Peppery

919 posts

Ultimate Geek

Trusted

#2139670 5-Dec-2018 10:44

chevrolux:

Business Hub

LOL! I wouldn't expect a business hub staff member to be able to more than sell a mobile plan. IMO the business hubs are the weakest links in Spark's otherwise pretty good business support.

Super OT, but I agree fully with this statement. I feel we're about to break contract purely because of how awful the experience with the business hub has been.

1 | 2