Is there a Vodafone cellular APN which blocks inbound traffic?

Forums › One NZ (including Farmside) › Is there a Vodafone cellular APN which blocks inbound traffic?

LurkingKiwi

34 posts

Geek
+1 received by user: 19

#265431 21-Jan-2020 13:34

The company I work for implemented a remote monitoring system over cellular some years ago, and as we have a low-powered CPU we wanted an APN which blocked incoming connection attempts.

We started experimenting with "www.vodafone.net.nz" which did have incoming unsolicited traffic, but at some point during development the incoming traffic abruptly stopped and we figured that VF had turned the switch off and kept using that APN.

Recently while debugging a different fault I looked at the PPP traffic and found that the device was fielding incoming TCP connection attempts from random IP addresses in France etc. and a UDP packet from "scan-10k.shadowserver.org" supposedly in the USA.

Has this been an official behaviour change by VF? The ancient sticky for Vodafone APNs doesn't mention "www.vodafone.net.nz", although it is supposedly the default according to other posts, and other posts seem to imply this APN blocks incoming traffic.

NAT isn't a problem because we only make outgoing TCP connections.

Should we be using a different APN? If so, what ? Searching GZ hasn't really shed any light, although I have tried a few search terms.

Thanks, Len.

Linux

12182 posts

Uber Geek
+1 received by user: 8476

Trusted

Lifetime subscriber

#2402971 21-Jan-2020 13:47

You should just use ' vodafone '

Jiriteach

1139 posts

Uber Geek
+1 received by user: 373

ID Verified

Trusted

Lifetime subscriber

#2402980 21-Jan-2020 15:12

Vodafone uses CG-NAT so incoming traffic shouldn't be possible now? Or am I mistaken? Last time I tried - was definately CG-NAT on their 4G network.

-- opinions expressed by me are solely my own. ie - personal

Linux

12182 posts

Uber Geek
+1 received by user: 8476

Trusted

Lifetime subscriber

#2402981 21-Jan-2020 15:14

I'm sure the 4G network is not CG NAT but inbound traffic is blocked on the VodafoneNZ firewall to the mobile network

Spyware

3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#2403008 21-Jan-2020 15:58

I just checked a 3G connection using 'vodafone' and has 100.120.x.y address.

And the work I've done with on account SIMs in 4G cards in my little servers have all shown CG-NAT addresses on the interface. I've found that I had to set the APN = null using QMI interface.

Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

LurkingKiwi

34 posts

Geek
+1 received by user: 19

#2408293 28-Jan-2020 16:16

Thanks very much for your help.

Perhaps the post "Vodafone Mobile APN list" at https://www.geekzone.co.nz/forums.asp?forumid=40&topicid=9780 which is dated 2006 could be tagged with "Still correct at Jan 2020" or similar as I sort-of discounted it due to the age of the post, and the only mention of the "www.vodafone.net.nz" APN being "Since the 'www.vodafone.net.nz' addressing has now been changed to public IP's" which is no longer true.