cancel
Showing results for 
Search instead for 
Did you mean: 
SOLVED
  • The questioner has marked this post as solved.

Port forwarding depreciated

Highlighted
Contributor Reg
Contributor
1 of 7

Sometime in October port forwarding was disabled in my internet box with no warning. And I seem to no longer have a public ipv4 IP which is the basic cause. Can anybody explain and how to resolve the issue without being charged by Myservice for fixing something Swisscom changed? Something to do with ipv6/ipv4 implementation by Swisscom?

MOST HELPFUL ANSWER

Accepted Solutions
Contributor Reg
Contributor
5 of 7

Ok. So a bit further along. I need to have port 1194 open to access my openvpn server on the ipv6 address. How does one do this for ipv6? I have tried the 3 settings in the internet box setup, (and set 1194 good for both ways in the custom one rules) and always with nmap I see:

Not shown: 996 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
8888/tcp  open  sun-answerbook
49152/tcp open  unknown


Port 1194 never appears as open no matter what I tell the box.

Why?

I can run the openvpn internally ok over pcs and tablet with the fulll ipv6 address, but suspect that is not going thru the internet.

I am also suspicious that even port 80 is open when accessed from the web.

 

6 Comments
Super User
2 of 7
How did you notice ?
Are you sure that you don’t have a public ip anymore?
Could be CGNAT
Contributor Reg
Contributor
3 of 7
I run a vpn (openvpn) at home which was accessed via a ipv4 IP. Swisscom
no longer makes that IP public, only the ipv6 IP is now public. So, it
means changing settings on the server and clients to permit access via
ipv6. I noticed because it stopped working. In my case the change took
place sometime in October because I was using it without problem while
traveling the last half of Sep. Can now ssh into the server but openvpn
from an android device is proving a bit more difficult.
Super User
4 of 7
Is your ip from this range here?
100.64.0.0/10.
Contributor Reg
Contributor
5 of 7

Ok. So a bit further along. I need to have port 1194 open to access my openvpn server on the ipv6 address. How does one do this for ipv6? I have tried the 3 settings in the internet box setup, (and set 1194 good for both ways in the custom one rules) and always with nmap I see:

Not shown: 996 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
8888/tcp  open  sun-answerbook
49152/tcp open  unknown


Port 1194 never appears as open no matter what I tell the box.

Why?

I can run the openvpn internally ok over pcs and tablet with the fulll ipv6 address, but suspect that is not going thru the internet.

I am also suspicious that even port 80 is open when accessed from the web.

 

Contributor Reg
Contributor
6 of 7

thanks for that CGNAT clue. I would be about 99% sure that is the problem. My ip4 is 100.87... which is in the range allocated to CGNAT. So, do you have expeience as to how to opt-out of CGNAT? Some other forums indicate that it is not all that obvious to do it. I need to access computers in my LAN for VPN file transfers and home security access when remote.

Super User
7 of 7

Ask the hotline if you can move away from CGNAT.