@ Washington. It seems this networks are really harassing you this month. I think they are isolating client IPs to prevent unnecessary load on their network which makes sense. Have you considered connecting via a VPN? 

On Tue, Aug 28, 2012 at 9:49 AM, Odhiambo Washington <odhiambo@gmail.com> wrote:
Hi John,

In one setup that exists, I asked them to allow ANY IP to access the IP and they refused. I didn't understand why they thought protecting my network was their prerogative!



On Mon, Aug 27, 2012 at 11:01 PM, John Gitau <jgitau@gmail.com> wrote:
well its a firewall, instead of telling them I want IP 1,2,3,4,5 just tell them you want any IP to access your ÍP' . like I said be clear with your requirement. Its a firewall rule/acl you have to be very clear especially if talking to a sales guy.

gitau


On Mon, Aug 27, 2012 at 10:42 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
Let me talk to SCOM and see what their current position is regarding APNs and static IPs.



On Mon, Aug 27, 2012 at 8:48 PM, Bernard Mwagiru <bmwagiru@gmail.com> wrote:
With private APNs, static public IPs can be assigned to SIMs. If the destination is static as well, then there's no challenge as the same can statically be allowed via the firewall. Otherwise, if the destination is dynamic, then I'm afraid there will be security challenges.
./bernard 


On Mon, Aug 27, 2012 at 7:47 PM, John Gitau <jgitau@gmail.com> wrote:
You can get an apn with static public ip's.  and yes what you want is possible, technically. There really is no difference apart from the ip's you get and how they are assigned and maybe the routing. You have to be clear with the requirements. 

Another option ( depending on how much safaricom bills you) is to get public ip's even v6 from another ISP and run tunnels, or run PAT. My point is there are several solutions. The most elegant one being drawing a nice diagram and asking safcom to help out with the details.

Disclaimer : I used to work there. Did quite some work with what you're trying to do. So I know it's possible. I don't anymore but I know the guys there would be willing to make this work for you. Let me know offline if you need some contacts.

Gitau
Sent from my iPad

On 27 Aug 2012, at 17:28, Odhiambo Washington <odhiambo@gmail.com> wrote:

Hi John,

Yes yes, I know this.

Safaricom's APNs are "private" IP namespaces right? They do NOT have Internet access! I have been through this with them so I know that too.They are not open, unless I was misled, or my requirements then were not clear. Another thing - a safaricom APN would limit me to using safaricom connections only.



On Mon, Aug 27, 2012 at 5:06 PM, John Gitau <jgitau@gmail.com> wrote:
This is not a rule. It just makes sense.

You don't want users runnings ad hoc smtp servers as an example. You know this:-). Especially for addresses that are not permanent for the users. Some networks allow this, and yes yes by all means I should be able to run a web server on my phone. But since ip's change, you then need to teach them ddns, generally more trouble than any benefits I can think of.

Safaricom offers apn's (private apn) that are open and you can make whatever request you want.

Jgitau

Sent from my iPad

On 27 Aug 2012, at 16:33, Odhiambo Washington <odhiambo@gmail.com> wrote:

> I understand that it is a Worldwide Standard that all IPs assigned to 3G connections are FIREWALLED.
>
> FIREWALLED to an extent that inasmuch as UserA and UserB both are on 3G with MNO1 they cannot access any services hosted by the other.
>
> This is the case with Safaricom.
>
> It also must be the case with Orange.
>
> It must also be the case with Airtel.
>
> It must also be the case with YU.
>
> No?
>
> I have a setup like this:
>
> 3G dongle < --- ROUTER ----< LAN <--- DVR
>
> The router is a TP-Link and the dongle is from Orange (MF192).
>
> Router IP (LAN) = 192.168.1.1
> Router IP (WAN) = Dynamic (I have DDNS configured to help with name resolution)
> DVR IP (LAN) = 192.168.1.10
>
> I have punched holes in the Router firewall to redirect/forward ports 8000 and 9000 to the DVR for purposes of accessing it using web and an android app.
>
> However, port scans to the WAN IP shows all ports are blocked!
>
> It would appear that the only way to get this to work would be to get Cable Broadband! Suppose there is no CB in one's area then technically you are damned.
>
> So it looks like as a rule, no one is allowed to run public services on 3G or does anyone know a provider who can give special considerations?
>
> Safaricom is NOT one such provider. I wonder if the others can.
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> I can't hear you -- I'm using the scrambler.
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> ------------
> List info, subscribe/unsubscribe
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
>
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
**Gitau

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,
Job Njogu Muriuki,

Phone: (+254) - 722906324 | 736333075
Skype: heviejob | Yahoo: heviejob

Address: 42665 00100 Nrb