MJCM Posted April 17, 2020 Share Posted April 17, 2020 (edited) I just found out that TOT has put me on CGN (Carrier Grade NAT) and thus can't open any ports anymore for for example, watching Security Camera's, Torrents etc Anyone else noticed this? Edit: Does anyone know if you can get a dedicated ip-address from TOT? Edited April 17, 2020 by MJCM Link to comment Share on other sites More sharing options...
Crossy Posted April 17, 2020 Share Posted April 17, 2020 Just tell them you can't be behind their NAT and they'll move you. You can get a fixed IP, at a price. 1 Link to comment Share on other sites More sharing options...
MJCM Posted April 17, 2020 Author Share Posted April 17, 2020 Thx @Crossy I have been on the phone with 2 of them already, first 1 via the 1100 and then press 9 and that took approx 9 minutes. And they finally said they have no idea what I am talking about and will transfer the report. About 10 min later my wife got a call and they said we have to change promotion because our internet is too slow <deleted>!! When my wife explained what was wrong, they just hung up. I will try again tomorrow. My guess that they are really running out of ip address and with ipv6 adaption going so slow, they are getting desperate. Link to comment Share on other sites More sharing options...
jackdd Posted April 17, 2020 Share Posted April 17, 2020 (edited) AIS and True offer DDNS service and port forwarding through their CGN, try asking TOT if they offer this as well. Edited April 17, 2020 by jackdd 2 Link to comment Share on other sites More sharing options...
MJCM Posted April 17, 2020 Author Share Posted April 17, 2020 1 minute ago, jackdd said: AIS and True offer DDNS service and port forwarding through their CGN, try asking TOT if they offer this as well. Thx for the tip, will do, unfortunately don't have any other providers (except for 4G) here, else I would have changed. Link to comment Share on other sites More sharing options...
Crossy Posted April 17, 2020 Share Posted April 17, 2020 Have you verified that you are really behind a NAT? To those who don't know how:- Turn off any VPN. Go to http://www.ipaddresslocation.org/ and record what they say your IP address is. Log on to your router and check what it says your WAN IP address is. Not the same? You could be behind a NAT. 1 1 Link to comment Share on other sites More sharing options...
MJCM Posted April 17, 2020 Author Share Posted April 17, 2020 (edited) Yep. Router says 100.x.x.x GRC.com/ShieldsUp says 118.x.x.x ^ where I do my port tests Edit: Also an easy way finding out your public IP address is just typing "What's my ip" in the google search bar Edited April 17, 2020 by MJCM 1 Link to comment Share on other sites More sharing options...
RichCor Posted April 17, 2020 Share Posted April 17, 2020 I have both True and TOT Fiber here. True is service provisioned to provide CGNAT private IP and TOT is provisioned to provide a public IP upon normal DHCP boot request. Though sometimes following a power outage TOT DHCP will give me a CGNAT address (maybe the normal provisioning server is still down, and the backup is set to serve CGNAT). Anyway, when it does happen I just wait a good while to give the local provisioning server time to recover and reboot by local router. This usually gives be a public IP address again. When talking to the service provider it's usually better not to get too technical with them. Just say you have an IP camera and need a direct public IP address to make it work. 2 Link to comment Share on other sites More sharing options...
MJCM Posted April 18, 2020 Author Share Posted April 18, 2020 13 hours ago, RichCor said: I have both True and TOT Fiber here. True is service provisioned to provide CGNAT private IP and TOT is provisioned to provide a public IP upon normal DHCP boot request. Though sometimes following a power outage TOT DHCP will give me a CGNAT address (maybe the normal provisioning server is still down, and the backup is set to serve CGNAT). Anyway, when it does happen I just wait a good while to give the local provisioning server time to recover and reboot by local router. This usually gives be a public IP address again. When talking to the service provider it's usually better not to get too technical with them. Just say you have an IP camera and need a direct public IP address to make it work. Thx @RichCor We had a long lasting power outage here last night due to 4 or 5 rain drops ???? As we don't have a gen-set we turned off everything. This morning we turning everything on, and checked I saw the Camera was working when accessing it from the outside via 4G. When I went to GRC.com to do a port test, I saw this Quote Your Internet connection has no Reverse DNS Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location. When present, reverse DNS is supported by Internet service providers. But no such lookups are possible with your current Internet connection address (). That's generally a good thing. The port test still failed. When I checked the Public address it was 113.x.x.x but the Router address was still 100.x.x.x So I am still behind their NAT, but is the above maybe the reason why my Camera's are now working? Or just a fluke? Link to comment Share on other sites More sharing options...
MJCM Posted April 18, 2020 Author Share Posted April 18, 2020 Too answer my own question, IMHO it was just a fluke. GRC.Com still says the same, but I can't access my camera's ???? Link to comment Share on other sites More sharing options...
RichCor Posted April 18, 2020 Share Posted April 18, 2020 Yea, that's still the Private (non-routable) / Reserved IP ranges (that requires a CGNAT router proxy a public IP address) 10.0.0.0–10.255.255.255 100.64.0.0–100.127.255.255 Have you tried purposefully rebooting (or even power-cycling off/on) your TOT router since being issued this CGNAT IP Address? As I mentioned in my previous post, sometimes the dedicated provisioning server responsible for issuing DHCP data to your router is late to respond and a backup server issues an unwanted CGNAT. A later reboot (or power cycle) of your local router might then be able to connect to your dedicated provisioning server and get your normal a public IP address. Then again, you may have had your account reprovisioned over to CGNAT. Other ThaiVisa members have noticed their service providers moving them over from Public IP to CGNAT and they've had to call to request being move back, only to discover 6 months later the same thing happening again (possible an automatic procedure or policy to free up Public IP addresses on their network). Most people are tolerant or blissfully ignorant of being on CGNAT (ie: 3G/4G/LTE mobile users) as they don't have a requirement of needing open ports and never notice any consequence of being under CGNAT. If a reboot doesn't put you back on a Public IP address, then you'll need to call. Again, don't get too technical. Just say you have IP Cameras that require a Public IP Address to work. 1 Link to comment Share on other sites More sharing options...
MJCM Posted April 18, 2020 Author Share Posted April 18, 2020 1 hour ago, RichCor said: Have you tried purposefully rebooting (or even power-cycling off/on) your TOT router since being issued this CGNAT IP Address? <snip> Thx, Yep 2 since this morning, still on CGNAT after every reboot. Oke will call them again on Monday, and will be as non-technical as can be. Only will mention IP Camera, Port Forwarding & DDNS. ???? Link to comment Share on other sites More sharing options...
Popular Post RichCor Posted April 18, 2020 Popular Post Share Posted April 18, 2020 You could contact them by filing in a Service Ticket via their 24/7 web form: http://tel1177.tot.co.th/new_sr.php?lang=en I like doing it this way as the message gets forwarded directly to the Network Operations Center. They'll usually call back (rather than email) so I provide a mobile phone number of someone who speaks fluent Thai here at the house to make things go faster. Usually get a fast response. 3 Link to comment Share on other sites More sharing options...
MJCM Posted April 18, 2020 Author Share Posted April 18, 2020 Thx @RichCor very helpful as always! 1 Link to comment Share on other sites More sharing options...
SbuxPlease Posted September 17, 2020 Share Posted September 17, 2020 On 4/18/2020 at 2:57 PM, MJCM said: Thx, Yep 2 since this morning, still on CGNAT after every reboot. Oke will call them again on Monday, and will be as non-technical as can be. Only will mention IP Camera, Port Forwarding & DDNS. ???? @MJCM did you have any success getting off carrier grade NAT? I've just ordered service from TOT and while inquiring how to buy a static IP address so I can access my stuff remotely, they told me the price for that "package" is nearly 5x more expensive than the same service with no static IP. A 500 megabit line behind the NAT is 900 thb while a static IP 500 megabit connection is 5990 thb. Crazy. Worst case I can open a reverse ssh tunnel to one of my VPS machines (this lets you get back to your equipment behind any NAT using the IP address of your VPS server hosted in the cloud somewhere). But the extra latency for this is pretty severe. Thanks! Link to comment Share on other sites More sharing options...
muratremix Posted September 17, 2020 Share Posted September 17, 2020 8 hours ago, SbuxPlease said: @MJCM did you have any success getting off carrier grade NAT? I've just ordered service from TOT and while inquiring how to buy a static IP address so I can access my stuff remotely, they told me the price for that "package" is nearly 5x more expensive than the same service with no static IP. A 500 megabit line behind the NAT is 900 thb while a static IP 500 megabit connection is 5990 thb. Crazy. Worst case I can open a reverse ssh tunnel to one of my VPS machines (this lets you get back to your equipment behind any NAT using the IP address of your VPS server hosted in the cloud somewhere). But the extra latency for this is pretty severe. Thanks! Get a singapore vps at digitalocean for 5 usd and the ping would be 40 ms. You can also use a vps in thailand but it costs more money and speed is limited for international purposes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now