
Let me throw a spanner/tangent and make the bold suggestion that OUR NETADMINS ARE A LAZY BUNCH ..... :) Why doe I say this? Because in this day and age we should NOT be using NAT on any of our public networks... this applies to mobile operators and ISPs alike. It is lazy, bad practice, and goes against the tenets of true cybersecurity. Tafakari hayo! Mblayo [image: logo] *Brian Munyao Longwe* | Mobile: 254715964281 http://mashilingi.blogspot.com <http://www.facebook.com/brianmunyao> Facebook<http://www.facebook.com/brianmunyao> <http://www.twitter.com/blongwe> Twitter <http://www.twitter.com/blongwe> <http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> LinkedIn<http://ke.linkedin.com/pub/brian-munyao-longwe/0/32/254> Contact me: [image: Skype] blongwe Want a signature like mine? <http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> Click here.<http://r1.wisestamp.com/r/landing?promo=16&dest=http%3A%2F%2Fwww.wisestamp.com%2Femail-install%3Futm_source%3Dextension%26utm_medium%3Demail%26utm_campaign%3Dpromo_16> On Tue, Aug 28, 2012 at 12:11 PM, Job Muriuki <muriukin@gmail.com> wrote:
@ Washington. It seems this networks are really harassing you this month. I think they are isolating client IPs to prevent unnecessary load on their network which makes sense. Have you considered connecting via a VPN?
On Tue, Aug 28, 2012 at 9:49 AM, Odhiambo Washington <odhiambo@gmail.com>wrote:
Hi John,
In one setup that exists, I asked them to allow ANY IP to access the IP and they refused. I didn't understand why they thought protecting my network was their prerogative!
On Mon, Aug 27, 2012 at 11:01 PM, John Gitau <jgitau@gmail.com> wrote:
well its a firewall, instead of telling them I want IP 1,2,3,4,5 just tell them you want any IP to access your ÍP' . like I said be clear with your requirement. Its a firewall rule/acl you have to be very clear especially if talking to a sales guy.
gitau
On Mon, Aug 27, 2012 at 10:42 PM, Odhiambo Washington < odhiambo@gmail.com> wrote:
Let me talk to SCOM and see what their current position is regarding APNs and static IPs.
On Mon, Aug 27, 2012 at 8:48 PM, Bernard Mwagiru <bmwagiru@gmail.com>wrote:
With private APNs, static public IPs can be assigned to SIMs. If the destination is static as well, then there's no challenge as the same can statically be allowed via the firewall. Otherwise, if the destination is dynamic, then I'm afraid there will be security challenges. ./bernard
On Mon, Aug 27, 2012 at 7:47 PM, John Gitau <jgitau@gmail.com> wrote:
You can get an apn with static public ip's. and yes what you want is possible, technically. There really is no difference apart from the ip's you get and how they are assigned and maybe the routing. You have to be clear with the requirements.
Another option ( depending on how much safaricom bills you) is to get public ip's even v6 from another ISP and run tunnels, or run PAT. My point is there are several solutions. The most elegant one being drawing a nice diagram and asking safcom to help out with the details.
Disclaimer : I used to work there. Did quite some work with what you're trying to do. So I know it's possible. I don't anymore but I know the guys there would be willing to make this work for you. Let me know offline if you need some contacts.
Gitau Sent from my iPad
On 27 Aug 2012, at 17:28, Odhiambo Washington <odhiambo@gmail.com> wrote:
Hi John,
Yes yes, I know this.
Safaricom's APNs are "private" IP namespaces right? They do NOT have Internet access! I have been through this with them so I know that too.They are not open, unless I was misled, or my requirements then were not clear. Another thing - a safaricom APN would limit me to using safaricom connections only.
On Mon, Aug 27, 2012 at 5:06 PM, John Gitau <jgitau@gmail.com> wrote:
> This is not a rule. It just makes sense. > > You don't want users runnings ad hoc smtp servers as an example. You > know this:-). Especially for addresses that are not permanent for the > users. Some networks allow this, and yes yes by all means I should be able > to run a web server on my phone. But since ip's change, you then need to > teach them ddns, generally more trouble than any benefits I can think of. > > Safaricom offers apn's (private apn) that are open and you can make > whatever request you want. > > Jgitau > > Sent from my iPad > > On 27 Aug 2012, at 16:33, Odhiambo Washington <odhiambo@gmail.com> > wrote: > > > I understand that it is a Worldwide Standard that all IPs assigned > to 3G connections are FIREWALLED. > > > > FIREWALLED to an extent that inasmuch as UserA and UserB both are > on 3G with MNO1 they cannot access any services hosted by the other. > > > > This is the case with Safaricom. > > > > It also must be the case with Orange. > > > > It must also be the case with Airtel. > > > > It must also be the case with YU. > > > > No? > > > > I have a setup like this: > > > > 3G dongle < --- ROUTER ----< LAN <--- DVR > > > > The router is a TP-Link and the dongle is from Orange (MF192). > > > > Router IP (LAN) = 192.168.1.1 > > Router IP (WAN) = Dynamic (I have DDNS configured to help with > name resolution) > > DVR IP (LAN) = 192.168.1.10 > > > > I have punched holes in the Router firewall to redirect/forward > ports 8000 and 9000 to the DVR for purposes of accessing it using web and > an android app. > > > > However, port scans to the WAN IP shows all ports are blocked! > > > > It would appear that the only way to get this to work would be to > get Cable Broadband! Suppose there is no CB in one's area then technically > you are damned. > > > > So it looks like as a rule, no one is allowed to run public > services on 3G or does anyone know a provider who can give special > considerations? > > > > Safaricom is NOT one such provider. I wonder if the others can. > > > > > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254733744121/+254722743223 > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > I can't hear you -- I'm using the scrambler. > > > > _______________________________________________ > > Skunkworks mailing list > > Skunkworks@lists.my.co.ke > > ------------ > > List info, subscribe/unsubscribe > > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > > ------------ > > > > Skunkworks Rules > > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > > ------------ > > Other services @ http://my.co.ke > _______________________________________________ > Skunkworks mailing list > Skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- **Gitau
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, Job Njogu Muriuki,
Phone: (+254) - 722906324 | 736333075 Skype: heviejob | Yahoo: heviejob
Address: 42665 00100 Nrb
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke