Can't ping my Fritzbox 7490 from the internet

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Can't ping my Fritzbox 7490 from the internet

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#268504 22-Mar-2020 21:41

Hi,

I can't ping my Fritzbox 7490 from the internet. Should I be able to? Just results in no response if ipv4 address pinged from phone (on cell connection) or one of those online ping utilities.

I've checked, Stealth mode if disable on the Fritzbox.

The bigger problem is that my RDP connection to a PC fro the internet stopped working. I tried heaps of things to diagnose it, and in the process discovered I couldn't ping the router. Tried calling 2Deg tech support, but on hold for an hour so gave up.

Things I've tried to fix RDP:

-Can RDP to PC from within LAN

-Can http to web server on same PC from within LAN

-Setup up port forwarding a few times. Actually reset Fritzbox factory settings, to start from scratch, but no luck.

-Tried RDPing to internet ip address, instead of DynDNS address, but same result

Any ideas what to check for next?

Thanks!

RunningMan

9185 posts

Uber Geek
+1 received by user: 4838

#2444170 22-Mar-2020 21:42

You probably have a CG-NAT connection.

EDIT: 30 pages of info here

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#2444173 22-Mar-2020 21:48

Jeepers, what the heck is CG-NAT (in laymans terms)?

What it prevent me pinging my router, or getting RDP working? Or both?

RunningMan

9185 posts

Uber Geek
+1 received by user: 4838

#2444174 22-Mar-2020 21:51

Basically, you do not have a public IP address on the WAN interface of your router - it is shared with other 2D customers. Outgoing connections you'll never notice the difference, but incoming connections won't work.

https://en.wikipedia.org/wiki/Carrier-grade_NAT

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#2444175 22-Mar-2020 21:54

Well that's a bit lame! So no way to initiate incoming connections like RDP or webserver?

Fritzbox says I have a public IP in the Internet -> Online Monitor page:

IPv4 address: 100.68.78.22

How do I confirm if I do have CGNAT?

tanivula

998 posts

Ultimate Geek
+1 received by user: 158

Lifetime subscriber

#2444177 22-Mar-2020 22:01

ccoutts:

Well that's a bit lame! So no way to initiate incoming connections like RDP or webserver?

Fritzbox says I have a public IP in the Internet -> Online Monitor page:

IPv4 address: 100.68.78.22

How do I confirm if I do have CGNAT?

the 100.x.x.x range is CG-NAT.

When you get through to the support team, tell them your needs - they might give you a static ip for free (only guaranteed way to get a public IPV4 with 2deg now). I think there are lots of instances if you look at that 30page thread.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2444178 22-Mar-2020 22:01

yes, your on CGNat, that IP address is within the 100.64.0.0/10 block.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

K8Toledo

1018 posts

Uber Geek
+1 received by user: 311

#2444180 22-Mar-2020 22:01

Check the settings. Respond to WAN ping could be disabled. Not sure what the defaults are.

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#2444184 22-Mar-2020 22:08

OK, thanks guys.

Pretty sh!t that they just changed me sometime recently with no communication, and years of being a customer of 2Deg and years of using RDP and webhosting.

Yes, I'll definitely kick up a fuss and request a static IP... if I can ever get through to their helpdesk.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2444209 22-Mar-2020 22:47

Unsolicited advice: make sure your machine is completely up-to-date with security patches as RDP is nasty.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

surfisup1000

5288 posts

Uber Geek
+1 received by user: 2159

#2444286 23-Mar-2020 08:30

My RDP was hacked once, a few years back.

Instead, I use VPN to establish a secure connection, then, use RDP across that secure connection.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41037

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2444287 23-Mar-2020 08:34

The FritzBox even offer a VPN service. Just use that instead of exposing RDP ports to the Internet. Still need a static IP though.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2444291 23-Mar-2020 08:46

You should *never* have RDP exposed to the Internet and be accessible. Period.

The great thing about the CG-NAT change is that it's going to remove a lot of poorly configured and exposed systems and hardware from the Internet. There are already fully exposed CCTV cameras that are no longer visible which is a great thing.

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#2444312 23-Mar-2020 09:30

Thanks for the advice guys. I'll probably have a go at the VPN technique.

Although, I have been using RDP for 10+ years with no (apparent) problems. I've change the RDP port on the win machine to something obscure, and limited numbers of login retries. But yeah, it's a Win7 machine, so needs to be end-of-life soon :-)

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2444314 23-Mar-2020 09:33

@ccoutts I am actually glad in this case it isn't working. Even if you limit logins etc you're still forwarding to a service on a unpatched, end of life operating system. You're just asking for trouble.

Why not just upgrade it to Windows 10?

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

ccoutts

27 posts

Geek
+1 received by user: 1

ID Verified

#2444316 23-Mar-2020 09:35

Cos I have 2 small kids, selling my house, and work is nuts. But yeah, it's on the list! :-)