Swisscom Community - Customers help customers
EN
SOLVED
  • The questioner has marked this post as solved.
  • Closed

Port forwarding depreciated

Reg
Level 1
Level 1
1 of 7
‎12.11.2017 10:16

Sometime in October port forwarding was disabled in my internet box with no warning. And I seem to no longer have a public ipv4 IP which is the basic cause. Can anybody explain and how to resolve the issue without being charged by Myservice for fixing something Swisscom changed? Something to do with ipv6/ipv4 implementation by Swisscom?

Who Liked this Message

0 Likes
ACCEPTED SOLUTION 1

Accepted Solutions
Reg
Level 1
Level 1
5 of 7
Reply to post 4,
‎24.11.2017 18:26

Ok. So a bit further along. I need to have port 1194 open to access my openvpn server on the ipv6 address. How does one do this for ipv6? I have tried the 3 settings in the internet box setup, (and set 1194 good for both ways in the custom one rules) and always with nmap I see:

Not shown: 996 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
8888/tcp  open  sun-answerbook
49152/tcp open  unknown


Port 1194 never appears as open no matter what I tell the box.

Why?

I can run the openvpn internally ok over pcs and tablet with the fulll ipv6 address, but suspect that is not going thru the internet.

I am also suspicious that even port 80 is open when accessed from the web.

 

Who Liked this Message

0 Likes
6 Comments 6
suisse
Level 8
Level 8
2 of 7
‎13.11.2017 21:57
How did you notice ?
Are you sure that you don’t have a public ip anymore?
Could be CGNAT

Who Liked this Message

0 Likes
Reg
Level 1
Level 1
3 of 7
Reply to post 2,
‎13.11.2017 22:27
I run a vpn (openvpn) at home which was accessed via a ipv4 IP. Swisscom
no longer makes that IP public, only the ipv6 IP is now public. So, it
means changing settings on the server and clients to permit access via
ipv6. I noticed because it stopped working. In my case the change took
place sometime in October because I was using it without problem while
traveling the last half of Sep. Can now ssh into the server but openvpn
from an android device is proving a bit more difficult.

Who Liked this Message

0 Likes
suisse
Level 8
Level 8
4 of 7
Reply to post 3,
‎13.11.2017 22:35
Is your ip from this range here?
100.64.0.0/10.

Who Liked this Message

0 Likes
Reg
Level 1
Level 1
5 of 7
Reply to post 4,
‎24.11.2017 18:26

Ok. So a bit further along. I need to have port 1194 open to access my openvpn server on the ipv6 address. How does one do this for ipv6? I have tried the 3 settings in the internet box setup, (and set 1194 good for both ways in the custom one rules) and always with nmap I see:

Not shown: 996 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
8888/tcp  open  sun-answerbook
49152/tcp open  unknown


Port 1194 never appears as open no matter what I tell the box.

Why?

I can run the openvpn internally ok over pcs and tablet with the fulll ipv6 address, but suspect that is not going thru the internet.

I am also suspicious that even port 80 is open when accessed from the web.

 

Who Liked this Message

0 Likes
Reg
Level 1
Level 1
6 of 7
Reply to post 2,
‎25.11.2017 12:55

thanks for that CGNAT clue. I would be about 99% sure that is the problem. My ip4 is 100.87... which is in the range allocated to CGNAT. So, do you have expeience as to how to opt-out of CGNAT? Some other forums indicate that it is not all that obvious to do it. I need to access computers in my LAN for VPN file transfers and home security access when remote.

Who Liked this Message

0 Likes
suisse
Level 8
Level 8
7 of 7
Reply to post 6,
‎28.11.2017 9:53

Ask the hotline if you can move away from CGNAT.

 

Who Liked this Message

0 Likes
Back to top