CGNAT Woes

X

Xantor

Member
Joined
Jul 11, 2012
Messages
29
Reaction score
4
So long story short, I need to open my ports to some software I want to run.
The software checks if it can reach those ports.

Afrihost is behind what is called CGNAT - I've requested if they can provide me with a static IP (they can't on Frogfoot)
I've asked Axxess and they say that they ARE behind a CGNAT however they do provide me with a static ip which works for port forwarding.
I've also reached out to Vox, they say that they can't of Frogfoot.

Any ideas guys? Short of setting up a VPS with reverse proxy - is there any ISPs that can give me what I need?
 
We are able to provide static IP's on all the FNO's, including Frogfoot
A static IP is included as standard with all our FTTx products
 
Great news! I knew I should post here! And you're sure that my port forwarding will work?
 
Xantor said:
So long story short, I need to open my ports to some software I want to run.
The software checks if it can reach those ports.

Afrihost is behind what is called CGNAT - I've requested if they can provide me with a static IP (they can't on Frogfoot)
I've asked Axxess and they say that they ARE behind a CGNAT however they do provide me with a static ip which works for port forwarding.
I've also reached out to Vox, they say that they can't of Frogfoot.

Any ideas guys? Short of setting up a VPS with reverse proxy - is there any ISPs that can give me what I need?
Click to expand...
Hi.

That is correct, we dont offer static IPs for services on DHCP, however, we can assign a public IP upon request.
 
Afrigirl said:
Hi.

That is correct, we dont offer static IPs for services on DHCP, however, we can assign a public IP upon request.
Click to expand...
I was on the support for back and forth for 2 days - why'd they never mention this?
By assigning a public IP will this allow my port forwarding to work?

Tbh, I'm not that clued up with what's been happening in the networking world.
My router receives an ip address for example:
100.50.200.26 but my current public ip reflects 102.56.200.37
This is purely an example.
When I open ports let's say 15000 on my router and run nc -l 15000 on my Ubuntu I should be able to connect to the ip using another system from another network with nc <public ip> 15000. Locally everything works fine so ufw on my Ubuntu is inactive.

If assigning a public ip can resolve my issue I'm willing to give it a go - I've been a client of Afrihost for years and never had any issues until now...
 
Xantor said:
I was on the support for back and forth for 2 days - why'd they never mention this?
By assigning a public IP will this allow my port forwarding to work?

Tbh, I'm not that clued up with what's been happening in the networking world.
My router receives an ip address for example:
100.50.200.26 but my current public ip reflects 102.56.200.37
This is purely an example.
When I open ports let's say 15000 on my router and run nc -l 15000 on my Ubuntu I should be able to connect to the ip using another system from another network with nc <public ip> 15000. Locally everything works fine so ufw on my Ubuntu is inactive.

If assigning a public ip can resolve my issue I'm willing to give it a go - I've been a client of Afrihost for years and never had any issues until now...
Click to expand...
The standard Afrihost support is useless; for all my Afrihost issues, @Afrigirl sorts me out.

Yup, a public IP should do the trick.
 
Xantor said:
I was on the support for back and forth for 2 days - why'd they never mention this?
By assigning a public IP will this allow my port forwarding to work?

Tbh, I'm not that clued up with what's been happening in the networking world.
My router receives an ip address for example:
100.50.200.26 but my current public ip reflects 102.56.200.37
This is purely an example.
When I open ports let's say 15000 on my router and run nc -l 15000 on my Ubuntu I should be able to connect to the ip using another system from another network with nc <public ip> 15000. Locally everything works fine so ufw on my Ubuntu is inactive.

If assigning a public ip can resolve my issue I'm willing to give it a go - I've been a client of Afrihost for years and never had any issues until now...
Click to expand...
I am sorry you for the bad experience. Yes, on a public IP you should be able to proceed with forwarding.

I have sent you a private message, please confirm your email address there so I can allocate a public IP.
 
Afrihost also has DDNS built in if your public IP changes.

"You may need to set up DDNS.
With the dynamic IP, we have built-in DDNS that you can use fiberusername.ip.afrihost.co.za, which will point and update to your current IP. You can find your username in ClientZone and it's the name before @afrihost.co.za"
 
Chris_Auc said:
Afrihost also has DDNS built in if your public IP changes.

"You may need to set up DDNS.
With the dynamic IP, we have built-in DDNS that you can use fiberusername.ip.afrihost.co.za, which will point and update to your current IP. You can find your username in ClientZone and it's the name before @afrihost.co.za"
Click to expand...
Thanks for this, at the moment the software picks it up automatically - but I'll keep that in mind!
 
Afrigirl said:
I am sorry you for the bad experience. Yes, on a public IP you should be able to proceed with forwarding.

I have sent you a private message, please confirm your email address there so I can allocate a public IP.
Click to expand...
No worries, I will send it to you as soon as I get your message - I haven't yet :)

AND, Thank you so much! I was really not looking forward to doing a reverse proxy vps...
 
Chris_Auc said:
Afrihost also has DDNS built in if your public IP changes.

"You may need to set up DDNS.
With the dynamic IP, we have built-in DDNS that you can use fiberusername.ip.afrihost.co.za, which will point and update to your current IP. You can find your username in ClientZone and it's the name before @afrihost.co.za"
Click to expand...
I use this service and it works well
 
Xantor said:
So long story short, I need to open my ports to some software I want to run.
The software checks if it can reach those ports.

Afrihost is behind what is called CGNAT - I've requested if they can provide me with a static IP (they can't on Frogfoot)
I've asked Axxess and they say that they ARE behind a CGNAT however they do provide me with a static ip which works for port forwarding.
I've also reached out to Vox, they say that they can't of Frogfoot.

Any ideas guys? Short of setting up a VPS with reverse proxy - is there any ISPs that can give me what I need?
Click to expand...

You need to look at one of the smaller ISPs if you want a proper public IP.

CGNAT - Carrier Grade NAT is being used my more and more ISPs as IPv4 addresses run out..
en.wikipedia.org

Carrier-grade NAT - Wikipedia

en.wikipedia.org en.wikipedia.org

Your ISP needs to allocate an IP directly from their access server / NAS.

This trace is to one of our clients from a router outside of our network, based in the UK:

Start: 2025-08-27T13:55:51+0000
Loss Snt Last Avg Best Wrst StDev
1.|-- 5.101.110.7 0.0% 4 0.3 0.6 0.3 1.2 0.4
2.|-- 143.244.192.54 0.0% 4 0.5 0.6 0.4 0.8 0.2
3.|-- 143.244.224.76 0.0% 4 0.7 1.5 0.5 4.1 1.7
4.|-- 143.244.224.71 0.0% 4 0.3 0.5 0.3 0.9 0.3
5.|-- 80.249.209.150 25.0% 4 1.0 3.4 1.0 7.7 3.8
6.|-- 184.105.65.35 75.0% 4 9.6 9.6 9.6 9.6 0.0
7.|-- 184.104.199.109 75.0% 4 27.9 27.9 27.9 27.9 0.0
8.|-- 184.104.195.98 25.0% 4 32.6 32.7 32.6 33.0 0.2
9.|-- 184.104.224.113 0.0% 4 32.8 32.9 32.8 33.0 0.1
10.|-- 102.220.216.97 0.0% 4 148.2 148.3 148.1 148.6 0.2
11.|-- 154.66.88.34 0.0% 4 148.3 148.4 148.3 148.9 0.3
12.|-- 45.222.75.10 0.0% 4 154.1 153.4 152.9 154.1 0.6
Click to expand...

I see the IPT provider that provides the international link for this range of clients is up to their old tricks again. See hops 5 to 8. Unfortunately, we can only vote with our feet once the contract has run it's course.

You aren't seeing any IP addresses that that start with "100." anywhere. Nor are you seeing "10." or "192.168." or any other private IP addresses That means there's no NAT of any sort to the client and all the routers are publicly addressable. Some people hide their routers with private IP addresses. I've been doing this for 29 years and am not a fan.

A lot of companies who offer static public IP's have "allot boxes" on their networks. Your 100.x traffic goes into the box, while it's in the box it is NATted to a public IP on a 1:1 NAT. The traffic to and from the alot box is still routed via private IP addresses and you end up with a private IP address on the WAN side of your router.

If your see any private IP address on the WAN side of your router, you are being NATted somewhere on your ISP's network. At a minimum, you are going to sit with double NAT issues.

I can't over emphasize. The public IP address needs to be on the WAN port of your router.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X