Notice: IP Address Change

vodacom3g · Jun 10, 2008

Please take note of the following change:

Vodacom will be changing the subscriber IP address you attain when connecting to the data network via the internet apn, using your data card or mobile data handset.

Take note that this change may impact subscribers that use VPN clients to connect to their corporate servers/services. For this reason please advise the respective technical staff of this change and the related addresses for each region. For further queries please contact Corporate Solutions on 0821940 if you're a corporate customer or otherwise 155.

The implementation dates are as follows:

Western and Eastern Region 19/06/2008
Northern Borders 17/06/2008
Northern Borders 24/06/2008
KZN Region TBA - (first need to remove some banana leaves stuck in the firewall to stop viruses entering.)

I think Gauteng is already on 41.x.x.x. You can check with an IPCONFIG.

What you should see is the IP address assigned to your data card change from a 10.x.x.x to 41.x.x.x.

This will remove NAT from the network and hopefully a lot of pain.

@ic, can you glue this up please?

morkhans · Jun 11, 2008

Does this mean that everyone is now effectively on the unrestricted APN or is there still some firewalling that takes place?

Are you stealing IPs from the unrestricted range (41.192.128.0 - 41.192.159.255) or did AfriNIC give you another block?

ambo · Jun 11, 2008

morkhans said:
Are you stealing IPs from the unrestricted range (41.192.128.0 - 41.192.159.255) or did AfriNIC give you another block?

No - Vodacom have 2 (i think it was) large new allocations from AfriNIC.

Big up to all the boys in the ground - I know that this has been a mission to implement. And thanx also to vodacom3g for the leg work he put in on this.

/me claps

vodacom3g · Jun 11, 2008

morkhans said:
Does this mean that everyone is now effectively on the unrestricted APN or is there still some firewalling that takes place?

Are you stealing IPs from the unrestricted range (41.192.128.0 - 41.192.159.255) or did AfriNIC give you another block?

No, the only thing that changes on the internet apn will be the IP. All other security measures stay for all the same reasons.

However, it makes the internetvpn apn obsolete, so we'll work out a plan to decommission it at some point.

So we should end up with 2 apn's.

1) Internet - routable IP with closed incoming ports.
2) Unrestricted - routable IP with open incoming ports.

Iam3G · Jun 11, 2008

vodacom3g said:
No, the only thing that changes on the internet apn will be the IP. All other security measures stay for all the same reasons.

However, it makes the internetvpn apn obsolete, so we'll work out a plan to decommission it at some point.

So we should end up with 2 apn's.

1) Internet - routable IP with closed incoming ports.
2) Unrestricted - routable IP with open incoming ports.

So basically the internet APN is equivalent to the internetvpn APN ??

morkhans · Jun 11, 2008

Iam3G said:
So basically the internet APN is equivalent to the internetvpn APN ??

Almost but I suspect without all the stateful firewall issues (corrections welcome)

morkhans · Jun 11, 2008

vodacom3g said:
No, the only thing that changes on the internet apn will be the IP. All other security measures stay for all the same reasons.

However, it makes the internetvpn apn obsolete, so we'll work out a plan to decommission it at some point.

So we should end up with 2 apn's.

1) Internet - routable IP with closed incoming ports.
2) Unrestricted - routable IP with open incoming ports.

Perfect, thanks for clearing that up.

vodacom3g · Jun 12, 2008

MidnightWizard said:
Is the 41.x.x.x not managed by AfriNIC

It is, they manage all IP's issued in Africa. Hint: "AfriNIC"

MidnightWizard said:
Telkom are also using this address range

Yup, but a different sub-set.

MidnightWizard said:
I have heard -- from the banana leaves -- that these IP's are on the NSA monitoring list

No, as per your sig. you're just paranoid

MidnightWizard said:
Now that NAT is gone will you be providing a Windows firewall and access control FAQ

No, NAT is a different concept to access control and firewalls.

MidnightWizard said:
Does this have anything to do with the SA SPOOK legislation that says that ALL telecomms providers must give the SA "Intelligence" services full and unhindered and constant access to their networks

No, not at all. Where did you read this? How are they going to process the data?

MidnightWizard said:
the PARANOID one

For sure.

ambo · Jun 12, 2008

MidnightWizard said:
With NAT taken away protection will have to put more emphasis on other things -- such as firewalls and access control.

NAT is NOT a firewall. Please would you take that stupid idea out of your head. It provides very limited protection against modern Internet threats and the fact that people incorrectly think that it is so secure is exactly the reason why some threats continue to flourish.

MidnightWizard said:
I will hunt down the bill ( it is now signed into law) and post a link to it here or post it in it's entireity

Interception and Monitoring Bill [B50-2001]

Silenced - South Africa

South Africa plans hardline Internet snooping legislation

Whether or not there is a NAT on the network has very little effect on how the Interception Bill is enforced.

The bill requires that there is infrastructure INSIDE the network to do the monitoring. ie right inside the providers core and completely bypassing any of their firewalls.

The bill also says nothing about monitoring all traffic. It is about providing infrastructure so that traffic may be monitored on a network provided the correct warrants have been obtained from a judge just like any other legal investigation process.

vodacom3g · Jun 12, 2008

MidnightWizard said:
1.)

NAT -- Network Address Translation

Far as I understand what this does is translate a private IP address on the LAN to a public IP address out on the Internet.
As such it is in a sense part of the first line defence against threats as private IP addresses are not routable ( or should not be ) on the Internet.

With NAT taken away protection will have to put more emphasis on other things -- such as firewalls and access control.

As Ambo explained, don't confuse NAT'ing (which was designed to overcome lack of routable IP's) with other IP-management systems. Read up a bit in outgoing and incoming sockets.

MidnightWizard said:
2.)

I will hunt down the bill ( it is now signed into law) and post a link to it here or post it in it's entireity

Interception and Monitoring Bill [B50-2001]

Silenced - South Africa

South Africa plans hardline Internet snooping legislation

FOR SURE -- all these other people must be PARANOID as well

I CANNOT believe you would not know about this

the PARANOID ( for sure) one

I know all about this. After all we had to comply with certain regulations. But your statement above:

Does this have anything to do with the SA SPOOK legislation that says that ALL telecomms providers must give the SA "Intelligence" services full and unhindered and constant access to their networks.

is wrong.

Again as Ambo explained there is a very strict process to follow. For sure there is no CONSTANT, UNHINDERED access. It's against the law.

My point was, even if there was constant, unhindered access, do you have any idea how much data flows across the network in a day. It's impossible to monitor and especially store it all.

morkhans · Jun 21, 2008

So has this gone through? I am still getting a 10.x.x.x IP.

vodacom3g · Jun 21, 2008

morkhans said:
So has this gone through? I am still getting a 10.x.x.x IP.

I'll ask what happened.

vodacom3g · Jun 23, 2008

morkhans said:
So has this gone through? I am still getting a 10.x.x.x IP.

OK,

The Cape was scheduled for the 19th, but it was that evening that Bloem disappeared with the knock-on to Natal and Gauteng. So (quite wisely) the guys stopped all changes for that night to first fix the problem at hand.

Probably means a week out, i.e. around the 26th.

morkhans · Jun 23, 2008

vodacom3g said:
OK,

The Cape was scheduled for the 19th, but it was that evening that Bloem disappeared with the knock-on to Natal and Gauteng. So (quite wisely) the guys stopped all changes for that night to first fix the problem at hand.

Probably means a week out, i.e. around the 26th.

Cool. Will keep an eye out

ginggs · Jun 23, 2008

vodacom3g said:
it was that evening that Bloem disappeared

Has anyone missed it yet?

morkhans · Jun 28, 2008

Looks like this has finally gone live. The new netblock is: 41.0.0.0 - 41.31.255.255

vodacom3g · Jun 28, 2008

morkhans said:
Looks like this has finally gone live. The new netblock is: 41.0.0.0 - 41.31.255.255

Yup, completed country-wide AFAIK.

Now I guess the next request will be for static IP's.

morkhans · Jun 28, 2008

vodacom3g said:
Yup, completed country-wide AFAIK.

Now I guess the next request will be for static IP's.

Bring it on

ic · Jul 14, 2008

Iam3G said:
Somerset West, internet APN, PPDB:

Somerset West, internetvpn APN, PPDB:

Aren't the internet and internetvpn APNs just different aliases for the same APN nowadays?

Iam3G · Jul 14, 2008

ic said:
Aren't the internet and internetvpn APNs just different aliases for the same APN nowadays?

hm... i forgot about that

Join the MyBroadband community

Get started

Notice: IP Address Change

Vodacom Representative

A MyBroadband

Expert Member

Vodacom Representative

Expert Member

A MyBroadband

A MyBroadband

Vodacom Representative

Expert Member

Vodacom Representative

A MyBroadband

Vodacom Representative

Vodacom Representative

A MyBroadband

༼ つ ◕_◕ ༽つ

A MyBroadband

Vodacom Representative

A MyBroadband

MyBroadband

Expert Member