Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


311 posts

Ultimate Geek
+1 received by user: 3


Topic # 96648 1-Feb-2012 11:02
Send private message

Hello,

Does anyone know the IP range that's allocated to XT Mobile connections?
I want to put an exception into the firewall to allow connections from my mobile without port knocking.
So far I've seen that they have (at least) 115.189.0.0/16 but this is likely to be used by xtra or other parts as well.

Thanks. 

Create new topic
19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 575773 1-Feb-2012 11:03
Send private message

Not a good idea as the IP range is not static

John

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 575777 1-Feb-2012 11:06
Send private message

There is this old blog post from NealR.

But I am not sure if it has changed / been updated for a while.  Will go and ask him.



311 posts

Ultimate Geek
+1 received by user: 3


  Reply # 575786 1-Feb-2012 11:15
Send private message

Great stuff, thank you.

It's not a big deal if some subnets change as I also have port knocknig enabled if I get an IP address from a new subnet.
I'm not too concerned about security implications as I'll only allow ssh and it's extremely unlikely to have brute force attacks from XT phones. Also, fail2ban will do its job if need be.

Thanks again, if you have an update on the subnet list posted above it would be appreciated.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 575792 1-Feb-2012 11:38
Send private message

Neal said he tries to keep it up to date however this is done on a best efforts basis so you should assume it could radically change without warning.



311 posts

Ultimate Geek
+1 received by user: 3


  Reply # 575795 1-Feb-2012 11:39
Send private message

Understood, thanks again.

3415 posts

Uber Geek
+1 received by user: 405

Trusted

  Reply # 575797 1-Feb-2012 11:47
Send private message

TBH this is a dumb idea as the ranges could change without warning. If you want to do this then get a static IP.

Fail2ban should be good enough....







311 posts

Ultimate Geek
+1 received by user: 3


  Reply # 575798 1-Feb-2012 11:51
Send private message

As I said earlier, I have a port-knocking solution in place. The allowing of the range saves me a click to launch the 'knock app'. If the range changes, I just launch the knock app and that's that.

Not sure if (how) I can get a static IP on my XT-Mobile.

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 575801 1-Feb-2012 11:55
Send private message

tcpdump: As I said earlier, I have a port-knocking solution in place. The allowing of the range saves me a click to launch the 'knock app'. If the range changes, I just launch the knock app and that's that.

Not sure if (how) I can get a static IP on my XT-Mobile.


You can get a Private APN.  But that comes at a cost.

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 575857 1-Feb-2012 13:20
Send private message

Why not just setup a vpn, most smartphone support various vpn connection options.



311 posts

Ultimate Geek
+1 received by user: 3


  Reply # 575859 1-Feb-2012 13:23
Send private message

The firewall is denying everything, including VPN. After a successful knock (or if the IP address/range is in a whitelist) ssh/vpn is being allowed.

Yes, I can be even more paranoid if required ;)

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 575863 1-Feb-2012 13:27
Send private message

Hah fair enough!

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.