Jump to content

Anyone on TOT and uses Port Forwarding?


MJCM

Recommended Posts

I just found out that TOT has put me on CGN (Carrier Grade NAT) and thus can't open any ports anymore for for example, watching Security Camera's, Torrents etc 

 

Anyone else noticed this?

 

Edit: Does anyone know if you can get a dedicated ip-address from TOT?

Edited by MJCM
Link to comment
Share on other sites

Thx @Crossy

 

I have been on the phone with 2 of them already, first 1 via the 1100 and then press 9 and that took approx 9 minutes. And they finally said they have no idea what I am talking about and will transfer the report.

 

About 10 min later my wife got a call and they said we have to change promotion because our internet is too slow <deleted>!! When my wife explained what was wrong, they just hung up.

 

I will try again tomorrow.

 

My guess that they are really running out of ip address and with ipv6 adaption going so slow, they are getting desperate.

Link to comment
Share on other sites

1 minute ago, jackdd said:

AIS and True offer DDNS service and port forwarding through their CGN, try asking TOT if they offer this as well.

 

Thx for the tip, will do, unfortunately don't have any other providers (except for 4G) here, else I would have changed.

Link to comment
Share on other sites

Yep. 

 

Router says 100.x.x.x 

 

GRC.com/ShieldsUp says 118.x.x.x

 

^ where I do my port tests

 

Edit: Also an easy way finding out your public IP address is just typing "What's my ip" in the google search bar

 

 

Edited by MJCM
  • Like 1
Link to comment
Share on other sites

I have both True and TOT Fiber here. 

 

True is service provisioned to provide CGNAT private IP and TOT is provisioned to provide a public IP upon normal DHCP boot request. Though sometimes following a power outage TOT DHCP will give me a CGNAT address (maybe the normal provisioning server is still down, and the backup is set to serve CGNAT). Anyway, when it does happen I just wait a good while to give the local provisioning server time to recover and reboot by local router. This usually gives be a public IP address again. 

 

When talking to the service provider it's usually better not to get too technical with them. Just say you have an IP camera and need a direct public IP address to make it work.

  • Like 2
Link to comment
Share on other sites

13 hours ago, RichCor said:

I have both True and TOT Fiber here. 

 

True is service provisioned to provide CGNAT private IP and TOT is provisioned to provide a public IP upon normal DHCP boot request. Though sometimes following a power outage TOT DHCP will give me a CGNAT address (maybe the normal provisioning server is still down, and the backup is set to serve CGNAT). Anyway, when it does happen I just wait a good while to give the local provisioning server time to recover and reboot by local router. This usually gives be a public IP address again. 

 

When talking to the service provider it's usually better not to get too technical with them. Just say you have an IP camera and need a direct public IP address to make it work.

Thx @RichCor

 

We had a long lasting power outage here last night due to 4 or 5 rain drops ???? As we don't have a gen-set we turned off everything.

 

This morning we turning everything on, and checked I saw the Camera was working when accessing it from the outside via 4G.

 

When I went to GRC.com to do a port test, I saw this

 

 
Quote

 

Your Internet connection has no Reverse DNS

Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location.

When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address (). That's generally a good thing.

 

The port test still failed.

 

When I checked the Public address it was 113.x.x.x but the Router address was still 100.x.x.x

 

So I am still behind their NAT, but is the above maybe the reason why my Camera's are now working? Or just a fluke?

 

Link to comment
Share on other sites

Yea, that's still the Private (non-routable) / Reserved IP ranges (that requires a CGNAT router proxy a public IP address)

10.0.0.0–10.255.255.255

100.64.0.0–100.127.255.255

 

Have you tried purposefully rebooting (or even power-cycling off/on) your TOT router since being issued this CGNAT IP Address? As I mentioned in my previous post, sometimes the dedicated provisioning server responsible for issuing DHCP data to your router is late to respond and a backup server issues an unwanted CGNAT. A later reboot (or power cycle) of your local router might then be able to connect to your dedicated provisioning server and get your normal a public IP address.

 

Then again, you may have had your account reprovisioned over to CGNAT. Other ThaiVisa members have noticed their service providers moving them over from Public IP to CGNAT and they've had to call to request being move back, only to discover 6 months later the same thing happening again (possible an automatic procedure or policy to free up Public IP addresses on their network). Most people are tolerant or blissfully ignorant of being on CGNAT (ie: 3G/4G/LTE mobile users) as they don't have a requirement of needing open ports and never notice any consequence of being under CGNAT.

 

If a reboot doesn't put you back on a Public IP address, then you'll need to call. Again, don't get too technical. Just say you have IP Cameras that require a Public IP Address to work. 

  • Like 1
Link to comment
Share on other sites

1 hour ago, RichCor said:

 

Have you tried purposefully rebooting (or even power-cycling off/on) your TOT router since being issued this CGNAT IP Address? 

<snip>

 

 

Thx, Yep 2 since this morning, still on CGNAT after every reboot.

 

Oke will call them again on Monday, and will be as non-technical as can be. Only will mention IP Camera, Port Forwarding & DDNS. ???? 

Link to comment
Share on other sites

  • 4 months later...
On 4/18/2020 at 2:57 PM, MJCM said:

Thx, Yep 2 since this morning, still on CGNAT after every reboot.

 

Oke will call them again on Monday, and will be as non-technical as can be. Only will mention IP Camera, Port Forwarding & DDNS. ???? 

 

@MJCM did you have any success getting off carrier grade NAT? I've just ordered service from TOT and while inquiring how to buy a static IP address so I can access my stuff remotely, they told me the price for that "package" is nearly 5x more expensive than the same service with no static IP. A 500 megabit line behind the NAT is 900 thb while a static IP 500 megabit connection is 5990 thb. Crazy.

 

Worst case I can open a reverse ssh tunnel to one of my VPS machines (this lets you get back to your equipment behind any NAT using the IP address of your VPS server hosted in the cloud somewhere). But the extra latency for this is pretty severe.

 

Thanks!

 

 

 

 

Link to comment
Share on other sites

8 hours ago, SbuxPlease said:

 

@MJCM did you have any success getting off carrier grade NAT? I've just ordered service from TOT and while inquiring how to buy a static IP address so I can access my stuff remotely, they told me the price for that "package" is nearly 5x more expensive than the same service with no static IP. A 500 megabit line behind the NAT is 900 thb while a static IP 500 megabit connection is 5990 thb. Crazy.

 

Worst case I can open a reverse ssh tunnel to one of my VPS machines (this lets you get back to your equipment behind any NAT using the IP address of your VPS server hosted in the cloud somewhere). But the extra latency for this is pretty severe.

 

Thanks!

 

 

 

 

Get a singapore vps at digitalocean for 5 usd and the ping would be 40 ms. You can also use a vps in thailand but it costs more money and speed is limited for international purposes.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...