[157190] in North American Network Operators' Group
Re: Typical additional latency for CGN?
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Oct 10 09:25:31 2012
Date: Wed, 10 Oct 2012 09:25:12 -0400 (EDT)
From: Jon Lewis <jlewis@lewis.org>
To: Owen DeLong <owen@delong.com>
In-Reply-To: <A3598AC3-567C-4A0E-A420-05745755B44D@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I just spent a few minutes looking into this again, and figured out the
problem. AT&T has apparently changed the way their CGN works. I use a
form of port knocking to restrict access to SSHd from "foreign" networks.
It used to work fine from my phone. Now, the port knocking request from
the phone and the ssh connection are being NAT'd to different public IPs,
so my system is allowing ssh access to one AT&T IP, and then the ssh
connection comes from a nearby but different IP.
On Wed, 10 Oct 2012, Owen DeLong wrote:
> The day before I left the US, it was still working on my iPad.
>
> Owen
>
> On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
>
>> On 10/7/2012 9:22 PM, Jon Lewis wrote:
>>> has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) connections?
>>
>> Not here, have an SSH session open on my phone on port 22 as we speak. I'm on an android on ATT's 3G network in central indiana, if that matters.
>>
>> --
>> Jon Sands
>> Fohdeesha Media
>> http://fohdeesha.com/
>>
>
>
>
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
