• You are not registered on MyBroadband, which means you miss out on great benefits. To join our community is very easy, and completely free. Register now.
  • New Two-Day Giveaway - Enter Here

Telkom Incoming Ports blocked - use 'unrestricted' APN

rico123

New Member
Joined
Feb 17, 2015
Messages
9
#1
Hi!

I used to connect to certain servers via IPSec (UDP 500 and 4500 outgoing) for a couple of years. This doesn't work anymore for about 1 week.
Usually, my router (B315s-936) got a public IP address which is no longer the case. It gets now a CGN address (100.64.0.0/10).
I couldn't test many ports but it ssems, UDP is blocked (at least 5060 and 53 are working) as well as most of the TCP ports. Web browsing, email and SSH. FTP initiates the connection but gets a time out. Also, port 8291 does not work.

Furthermore, Google asks me every now and then if I am a robot as it is now a shared public address...

I tried to reconnect and restart the router. I always get a CGN address.
I am on prepaid 40G/40G package with about 37GB left.

What happened? Anyone else experiencing this?
 
Last edited:

The_Librarian

Another MyBB
Super Moderator
Joined
Nov 20, 2015
Messages
17,808
#2
What happened? Anyone else experiencing this?
IPv4 exhaustion.

https://en.wikipedia.org/wiki/Carrier-grade_NAT

For those who are like :wtf:

From that same page :

Disadvantages

Critics of carrier-grade NAT argue the following aspects:

Like any form of NAT, it breaks the end-to-end principle.[5]
It has significant security, scalability, and reliability problems, by virtue of being stateful.
It makes record-keeping for law-enforcement operations impossible, unless the content of communication is logged.
It makes it impossible to host services.
It does not solve the IPv4 address exhaustion problem when a public IP address is needed, such as in web hosting.

Carrier-grade NAT usually prevents the ISP customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the "master router" of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.[6] In order to overcome the former disadvantage, the Port Control Protocol (PCP) has been standardized in the RFC 6887.

In rare cases of banning traffic based on IP addresses, the system might block the traffic of a spamming user by banning the user's IP address. If that user happens to be behind carrier-grade NAT, other users sharing the same public address with the spammer will be mistakenly blocked.[6]

Seems like OP's only solution is to move away to a carrier that does not use CGN schemes.
 
Last edited:

Alacrity

Senior Member
Joined
Jul 3, 2005
Messages
646
#3
You didn't say which ISP but you most likely just need to apply for an unrestricted APN.

I got unrestricted APNs from MTN and Vodacom but not Telkom since their APN was open when I needed it...
 

rico123

New Member
Joined
Feb 17, 2015
Messages
9
#4
You didn't say which ISP but you most likely just need to apply for an unrestricted APN.
Sorry, my fault... Telkom mobile 40G LTE.

Are you sure I need an unrestricted APN? I thought it's only for hosting services. I don't talk about using VPN to my LTE. I would like to use VPN and any other ports from home to servers with public IP adresses as I did for years already...
 

Nardeth

Senior Member
Joined
Nov 16, 2017
Messages
534
#5
Sorry, my fault... Telkom mobile 40G LTE.

Are you sure I need an unrestricted APN? I thought it's only for hosting services. I don't talk about using VPN to my LTE. I would like to use VPN and any other ports from home to servers with public IP adresses as I did for years already...
you need to change your APN for Telkom to TelkomSA "default APN" on the Huawei B315s-936 the "telkominternet" does not work anymore for port forwarding. :) change your APN
 

rico123

New Member
Joined
Feb 17, 2015
Messages
9
#6
you need to change your APN for Telkom to TelkomSA "default APN"
Done. But no change. Still can't connect to server via IPSec nor Mikrotik CHR (port 8291 TCP)

I don't need port forwarding, I just want to be able accessing the internet on any port as a week ago for the last years...

Edit: TCP ports seem to work now but still no IPSec via UDP 500 and 4500.

And this is annoying...
mybroadband blocked.jpg
 
Last edited:

Nardeth

Senior Member
Joined
Nov 16, 2017
Messages
534
#7
Done. But no change. Still can't connect to server via IPSec nor Mikrotik CHR (port 8291 TCP)

I don't need port forwarding, I just want to be able accessing the internet on any port as a week ago for the last years...

Edit: TCP ports seem to work now but still no IPSec via UDP 500 and 4500.

And this is annoying...
View attachment 519411
have you made your pc open to DMZ zone or Manually opened ports in "Virtual Servers" under security Settings ??
 

Nardeth

Senior Member
Joined
Nov 16, 2017
Messages
534
#8
i just changed back to My Telkom SIM with the TelkomSA APN and my ports for steam are closed :/
i change to TelkomInternet APN Ports closed :crying:
 

Nardeth

Senior Member
Joined
Nov 16, 2017
Messages
534
#9
i phoned 081 180 Telkom Mobile, i was advised to reset my Router "Huawei B315" so i go about holding in the Reset button for FULL 20 Seconds, then i re-configure my Router "the Way i like it" after everything i check Device information and my WAN IP Address is 100.67 IP Range WAN IP Address: 100.67.252.112 IP Address on Myipaddress.com 197.229.1.21 so my ports are blocked on TelkomSA Default Profile APN internet. :/
 

Alacrity

Senior Member
Joined
Jul 3, 2005
Messages
646
#15
I would connect the PC directly with a cable to the Telkom router and DMZ the PC just to verify/check where the problem is...
 

sajunky

Honorary Master
Joined
Nov 1, 2010
Messages
11,691
#17
On the Smart Internet package I always get Telkom public IP address. Auto assigned APN is 'internet'. Didn't check for open ports, it would require to disable my firewall during testing.

Are you guys who complain on a Smart Broadband?
 

ctrain

Active Member
Joined
May 27, 2013
Messages
32
#18
On the Smart Internet package I always get Telkom public IP address. Auto assigned APN is 'internet'. Didn't check for open ports, it would require to disable my firewall during testing.

Are you guys who complain on a Smart Broadband?
I'm on Uncapped LTE.
 
Top