Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)2Talk CG-NAT question
cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

#255622 21-Aug-2019 13:54
Send private message

Hi, 2Talk dont have their own sub forum and as they are owned by Vocus I have put it here, mods move it if you think needed.

 

Anyway, I have a customer that has a business UFB 100/100 connection that is on CG-NAT, I did not set this up, a previous IT supplier did, regardless its doing all they need.

 

The question I have, is that on the firewall I am seeing continual connection requests on the client WAN interface from three or four sources, these come from subnets belonging to Facebook, Google and Amazon, have not seen any from others but they may be there, these are arriving every 1-3secs, this would imply that there are port forwards or other pin hole through the NAT. 

 

I also see a regular icmp from a 2Talk address, this I presume is a maintenance probe, but can someone please shed light on the reqests from outside. I note port 443 as the source port but seemingly random dst port in each connection attempt.

 

Cyril

Create new topic
jay21
6 posts

Wannabe Geek


  #2303435 22-Aug-2019 07:24
Send private message

Can you post a log of the connection requests.



cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #2303452 22-Aug-2019 08:17
Send private message

Hi, as below, I see a new player has arrived, 40.100.144.242 is Microsoft

 

Click to see full size

 

Cyril

 

 

 

 

chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #2303466 22-Aug-2019 08:27
Send private message

Do 2talk still have that port forwarding page you can do from the portal? It allowed you to forward ports from a true public IP through to the private IP assigned to your connection. From memory, there was a handful set by default for the likes of 80,443,3389 etc.

 

Weird to see new connections coming in like that from those companies though..



cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #2303467 22-Aug-2019 08:31
Send private message

Hi Sam, not too sure, I dont have access to the account I believe the original support guy does. As a result to gain remote access I use the console in one of the UniFi APs to open a shell back to my machine and do a remote tunnel from there.

 

Cyril

chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #2303470 22-Aug-2019 08:36
Send private message

The PPP password should be their account password*. So if you know one of the DDI's or just the account number you should be able to log in ;-)

 

Edit: *most of the time

cyril7

9073 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #2303625 22-Aug-2019 10:53
Send private message

Hmmm, so looks like someone has been playing, at around 10:22am it all stopped...................................... jay perhaps?  :)

 

Cyril

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
jay21
6 posts

Wannabe Geek


  #2303631 22-Aug-2019 11:01
Send private message

wasn't me, just had a chance to look at this thread again now....

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright