port blocking w/ dsl
Results 1 to 4 of 4

Thread: port blocking w/ dsl

  1. #1
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172

    port blocking w/ dsl

    Hey all, its been a while, good to see the sites not changed much.

    Anyhoo, i've got a question that i havent been able to figure out for a while now and my teachers couldn't help much so i'll try to describe as best as I can and hopefully it can figured out.

    A few months ago i had cable internet and I had a web and ftp server going through dyndns and my router didn't need any extra config other than port forwards. Shortly thereafter, I switched to a dsl service thinking it would help uploads. Well to my horrid surprise I found out that having a web server, even if it is a personal one, is against their rules and they'll cancel your account.

    I wrote their tech support asking why and if it was against their rules if i ran a ftp server for school. He/She got snippy and kindly told me to 'shove-off' and my questions never got answered. When I got this dsl they specifically told me to make my router 10.x.x.1 and I had to choose static ip with the specified ip as 192.168.1.2 and default gateway as 192.168.1.1 followed with 3 of their dns server addys.

    Does the specified ip of 192.168.1.2 and the default gateway as 192.168.1.1 have to do with their servers? I assume so because my gateway is 10.x.x.1 but I don't know what those ip's mean and why is my chosen static ip a lan ip address when my public ip is definately not static and changes frequently?

    I can't seem to get any ports to work period. no matter what ports i open up, no one can connect to any of the ports as if they were not even open. Can an ISP block connections to all ports? If so, how? By opening up every packet that passes through their servers?

    I actually kinda feel stupid having to ask, I've almost got my associates degree in networking and can subnet like the best of em' but i can't figure out why I can't get any flippin' ports to respond and what that 192.168.1.2 ip is.

    Hopefully I gave enough detail and made any sense at all. I'm a very confusing person online Thanks for any help!

    .:Mungie:.
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I assume if you know networking you know NAT and therein lies your answer...they don't do the reverse NAT. Your modem has a private address and your internal network has yet a different address, which tells me that at some point in your ISPs network, they do another NAT (for your modem to go from 10. to some public address)...

    So your system that was using DynDNS can still go out to dyndns, still see what the real IP is; however, when someone tries to actually connect (send a SYN), they will make it to whatever device on your ISPs network that is doing the NAT, at which point it will be dropped since there is no port forward (what you are doing on your modem when you setup a trigger port), regardless of what you have on your internal connection (modem).

    Since you are violating your use policy and they are unwilling to allow you to do something different, I would switch ISPs (and generally note that in many cases Cable is much faster than DSL, but it depends on a few things).
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    AO Łbergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    In this case, they are assinging you a private wan ip address. So, you don't get your own public IP. You are sharing it who knows how many people.

    If I were you, swich ISPs for one that will allow you to do what you want.
    Find out their policies BEFORE you order...

    My ISP filters port 80 so I can't run a web server... easy enough... just change the port my webserver is running on. (well... actually a static NAT entry to forward a port they don't block to port 80 on my web server). I have also blocked my ISP from probing my router. So, they can't just scan me to find services. They can still find out what I'm doing... they just have to watch the traffic... but whatever. I've been doing this for years and they haven't said anything yet.

    You may end up paying a bit more for an account that will let you run various services. But, you'll also get a better connection because you'll need a better upload. In the case of DSL... a synchronous or sDSL line is better than an asynchronous or aDSL line. With aDSL, your download is faster than your upload. In sDSL, they should be about equal.

    Cable is going to be the same way.
    The residential services are going to be faster downloads than uploads.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    Yeah, I ended up switching to something more suited for my needs. I did read this ones policy before I signed up.

    Thanks for the help about the NAT, it makes plenty of sense now and after re-reading a few chapters in my networking book its pretty clear.

    Out of curiosity, phish, how do you go about blocking your isp from probing your router? Im sure that it isn't difficult but I have more computer book smarts than computer "street" smarts. Hopefully ne of these days i'll finally get in-the-know o
    I believe in making the world safe for our children, but not our childrenís children, because I donít think children should be having sex. -- Jack Handey

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •