XPost: alt.comp.os.windows-11

Hi All,

Tip: when you can't log into your computer from
somewhere else on the internet.

Sometimes when an ISP (Internet Service Provider)
runs out of IPv4 addresses, he will insert a special
NAT router called a "Carrier Grade NAT (CGN)" router
to serve more IP addresses. You will never know the
difference, unless you are setting up a server (such
and RDP) on your computer. Then you will tear
your hair out trying to figure out why
you can't get past your router from the outside,
even when your have quadruple checked your own
routers port forwards.

A tip off is to set up a remote ping of a local
workstation's lookup of the WAN address, then
reboot the router. If the ping does not stop
during the reboot, then you are pinging the
"Carrier-grade NAT" router, not your local router.

A quick way to look up the WAN address from a
local workstation's is with
curl --connect-timeout 2 --silent ipinfo.io -o

Note: if there is a CGN router in line, this is the WAN
address of the CGN router, not your own local router

To verify that the user's WAN IP address as seen
by the router is not a "Shared" address, A.K.A.
Carrier-grade NAT". Retrieve this from the router's
WAN status page, not a (work station) web lookup:

Carrier Grade NAT (CGN) will typically show a WAN
IP address of
100.64.x.x through 100.127.x.x

-T

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11

T24gOS8xMC8yMyAwMDoyNywgR3JhaGFtIEogd3JvdGU6DQoNCiA+IElmIGFueSBvZiB0aG9z ZSBvdGhlciB1c2VycyBzZW5kICJwb3JrIGx1bmNoZW9uIG1lYXQiDQogPiB0aGVuIHRoYXQg SVAgYWRkcmVzcyB3aWxsIGJlIGxvZ2dlZCBpbiBibG9ja2luZyBzaXRlcw0KDQpPaCBHZWV6 ISAgSSBoYWQgbm90IHRob3VnaHQgb2YgdGhhdC4NCg0KPiBGb3IgdGhlIHJlcXVpcmVtZW50 IGRpc2N1c3NlZCBpbiB0aGUgb3JpZ2luYWwgcG9zdCAocmVtb3RlIGFjY2VzcyB0byBhIA0K PiBjb21wdXRlciBvbiB5b3VyIExBTikgdGhlbiB0aGUgb25seSBzb2x1dGlvbiBpcyB0byBj aGFuZ2UgSVNQIHRvIG9uZSANCj4gdGhhdCBwcm92aWRlcyB5b3Ugd2l0aCBhIHN0YXRpYyBw dWJsaWMgSVAgYWRkcmVzcy7CoCBDbGVhcmx5IG9uZSB0aGF0IA0KPiBhbHNvwqBzdXBwb3J0 c8KgSVBWNsKgd291bGTCoGJlwqBhwqBiZXR0ZXLCoGNob2ljZS4NCg0KDQpJIGhhdmUgd29y a2VkIHdpdGggdGhpcyBwYXJ0aWN1bGFyIElTUCBmb3INCnllYXJzLiBUaGV5IGhhdmUgZXZl biByZWZlcnJlZCBjdXN0b21lcnMNCnRvIG1lLiAgQWxsIEkgaGF2ZSB0byBkbyBpcyBhc2su ICBUaGV5IHNhaWQNCml0IHdvdWxkIGJlIGFjY29tcGxpc2hlZCBieSBNb25kYXkuDQoNCkkg bG92ZSBkZWFsaW5nIHdpdGggdGhlbS4gIFRoZXkgZG9uJ3QgbWFrZQ0KbWUganVtcCB0aG91 Z2h0IGhvb3BzIHRvIHRhbGsgdG8gdGhlbSBhYm91dA0Kb25lIG9mIHRoZWlyIGN1c3RvbWVy cyBpc3N1ZXMuICBUaGV5IHJhdGhlcg0KZW5qb3kgaGF2aW5nIG1lIGhlbHAgb3V0LiAgVGhl eSBhbGwga25vdyBtZS4NCg0KQnV0IGFzIGZvciB0aGUgYmlnIGNvcnBvcmF0ZSBJU1Ancywg dGhlaXINCnRlY2ggc3VwcG9ydCBjYW4gbm90IGV2ZW4gdGFsayB0byB0aGVpciBuZXR3b3Jr DQp0ZWNobmljaWFucywgc28geWEsIHlvdXIgb25seSBvdGhlciBjaG9pY2UgaXMNCnRvIGdl dCBhbm90aGVyIHByb3ZpZGVyLg0K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11

T wrote:

[snip]

Lesson on sucking eggs noted.

In addition, the IP address of your connection via CGNAT will be shared
with other - perhaps many other - users.

If any of those other users send "pork luncheon meat" then that IP
address will be logged in blocking sites such as <https://spamrl.com> or <https://www.talosintelligence.com/reputation_center> or <https://barracudacentral.org/lookups/lookup-reputation>

These sites and others like them are used by email anti-spam and
anti-malware programs as part of their checking processes.

For outgoing email, the solution is always to send via a trusted mail
service, rather than sending from an email server on your LAN.

For the requirement discussed in the original post (remote access to a
computer on your LAN) then the only solution is to change ISP to one
that provides you with a static public IP address. Clearly one that
also supports IPV6 would be a better choice.


--
Graham J

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11

Am 09.09.2023 um 23:46:57 Uhr schrieb T:

Then you will tear your hair out trying to figure out why
you can't get past your router from the outside,
even when your have quadruple checked your own
routers port forwards.

Simply log in and check the IP for the WAN interface.
If it is in RFC1918 range, CG-NAT is there.

Also, some provider have DS-Lite, where all IPv4 traffic is being
tunneled in IPv6 and mostly a CG-NAT at the provider exists.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11

Marco wrote:

check the IP for the WAN interface.
If it is in RFC1918 range, CG-NAT is there.

Also if it's in the RFC6598 range (100.64.0.1 - 100.127.255.254)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11

On 9/10/23 08:10, Andy Burns wrote:

Marco wrote:

check the IP for the WAN interface.
If it is in RFC1918 range, CG-NAT is there.

Also if it's in the RFC6598 range (100.64.0.1 - 100.127.255.254)

On 9/9/23 23:46, T wrote:

Carrier Grade NAT (CGN) will typically show a WAN
IP address of
100.64.x.x through 100.127.x.x

But you have to get that from your own router's
WAN status page unless you are hooked directly
to the Internet

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)