Re: [AusNOG] Telstra Business - known issues??
On Sat, 27 Apr 2019, Paul Wilkins wrote: One minor possibility, Telstra migrating services to use carrier NAT, so services that once had fixed IPs might no longer do. They experienced this some early this year, or late last, so that was one of the early things I checked. A query from inside their network to a known endpoint is indeed appearing with the correct IPv4 address as the source, and the modem (now that I can get to it) is showing that IP on its WAN, so it doesn't seem that's it. R. ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Telstra Business - known issues??
Ross, I don't see where you say which Telstra product you're using, and even then, the network implementation inside Telstra can vary across a single product offering. . But even then, IP is well you know, if nothing's changed, and you can get out, then you can get in - ergot, something's changed. One minor possibility, Telstra migrating services to use carrier NAT, so services that once had fixed IPs might no longer do. Kind regards Paul Wilkins On Sat, 27 Apr 2019 at 12:18, Ross Wheeler wrote: > > > On Sat, 27 Apr 2019, Jacob Taylor wrote: > > > It's a pretty common thing these days to see ISPs blocking TCP 25 > > inbound, even on connections that purport to be 'business' grade. I > > assume this is because every man and his dog uses GSuite or O365 today. > > Yes, but I'd have thought (perhaps foolishly) there would be notice before > they did that. > > > > How did you verify no SYNs hitting the server? tcpdump? > > Yes, managed to gain internal access to their network today through a > raspberry pi that created a reverse tunnel back out to one of my boxes. > From there I could access the router and redirected the port 25 port > forward to the pi and used tcpdump. > > Hoping it was just port 25 blocked, I tried various other ports, both well > known and "random" services both priviliged and non-priv ports (ie, below > 1024 and above), and confirmed that none of them were being received. > > Yes, it's entirely possible it's the (telstra supplied) router. > But it's equally possible it's within telstras network. > > Whatever is its, it's causing significant operational problems for the > client. Mail is only the tip of the iceberg, various other services > (including VPN) also stopped working at the same time. > > R. > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Telstra Business - known issues??
On Sat, 27 Apr 2019, Jacob Taylor wrote: It's a pretty common thing these days to see ISPs blocking TCP 25 inbound, even on connections that purport to be 'business' grade. I assume this is because every man and his dog uses GSuite or O365 today. Yes, but I'd have thought (perhaps foolishly) there would be notice before they did that. How did you verify no SYNs hitting the server? tcpdump? Yes, managed to gain internal access to their network today through a raspberry pi that created a reverse tunnel back out to one of my boxes. From there I could access the router and redirected the port 25 port forward to the pi and used tcpdump. Hoping it was just port 25 blocked, I tried various other ports, both well known and "random" services both priviliged and non-priv ports (ie, below 1024 and above), and confirmed that none of them were being received. Yes, it's entirely possible it's the (telstra supplied) router. But it's equally possible it's within telstras network. Whatever is its, it's causing significant operational problems for the client. Mail is only the tip of the iceberg, various other services (including VPN) also stopped working at the same time. R. ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Telstra Business - known issues??
On Sat, 27 Apr 2019, Jake Anderson wrote: The Telstra T-gateway modem/router seems to forget port forwards with regularity. So I've heard! Probably teaching grand mother to suck eggs but have you rebooted the modem then deleted and recreated the port forwards? They were indeed the first things we tried, but alas no difference. I resorted to tunnelling connections out then bouncing stuff back over the tunnel as the port forwards were so spotty. Yeah. In an ideal world, this sh!t wouldn't be necessary. An advertised product would work as advertised :) My (panic call, broken and garbled message, followed with an SMS) didn't give me much latitude, so the temporary workaround has been to set up a secondary MX, accept all the mail for their domain and forward to a gmail address one of the staff had. Heard from the boss this morning, he's due back in the country late today and we'll work on it later - I thought I'd check in the off-chance there was a known outage or change in product specifications! Thanks though. R. ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Telstra Business - known issues??
The Telstra T-gateway modem/router seems to forget port forwards with regularity. I haven't tried their version 2 hardware though so if it's new it may be different. Probably teaching grand mother to suck eggs but have you rebooted the modem then deleted and recreated the port forwards? I seem to recall it fixing it for a week or two. I resorted to tunnelling connections out then bouncing stuff back over the tunnel as the port forwards were so spotty. On 27/4/19 9:32 am, Ross Wheeler wrote: Sorry for the noise on a saturday - I'm attempting to help a friend sort out a problem. He's overseas and only has sporadic comms. Tuesday morning (Apr 23) his office stopped receiving email. They have a telstra nbn broadband service, and telstra provided modem. They run a small unix box with postfix for their mail. For years, this has worked fine. Modem forwards port 25 to internal mail server. While we have a very temporary work-around in place, he's trying to get the problem fixed. Attempting to connect to the external IP results in nothing - not even a SYN packet - arriving at the mail server, yet mail goes out fine. I've checked the IP address, and there hasn't been any change there, it's still their correct (static) IP. I've changed the internal address the port forwards to, and still no evidence of any incoming traffic. I've tried other ports, including high numbered (non-priviliged) ports, same thing. It appears that either the modem has stopped forwarding anything from the outside, OR telstra are not permitting any incoming connections. It's not my service, I don't have the details (or authority) to talk to tesltra on his behalf, and his time difference and minimal connectivity make it difficult for him to either. My question is: is anyone aware of any current outages with telstra that might cause this, or any "changes in policy" that we might be unaware of where they've said (for example) "unless you pay the incoming service feature tax, we're blocking all incoming packets"?? Thanks in advance, RossW ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
[AusNOG] Telstra Business - known issues??
Sorry for the noise on a saturday - I'm attempting to help a friend sort out a problem. He's overseas and only has sporadic comms. Tuesday morning (Apr 23) his office stopped receiving email. They have a telstra nbn broadband service, and telstra provided modem. They run a small unix box with postfix for their mail. For years, this has worked fine. Modem forwards port 25 to internal mail server. While we have a very temporary work-around in place, he's trying to get the problem fixed. Attempting to connect to the external IP results in nothing - not even a SYN packet - arriving at the mail server, yet mail goes out fine. I've checked the IP address, and there hasn't been any change there, it's still their correct (static) IP. I've changed the internal address the port forwards to, and still no evidence of any incoming traffic. I've tried other ports, including high numbered (non-priviliged) ports, same thing. It appears that either the modem has stopped forwarding anything from the outside, OR telstra are not permitting any incoming connections. It's not my service, I don't have the details (or authority) to talk to tesltra on his behalf, and his time difference and minimal connectivity make it difficult for him to either. My question is: is anyone aware of any current outages with telstra that might cause this, or any "changes in policy" that we might be unaware of where they've said (for example) "unless you pay the incoming service feature tax, we're blocking all incoming packets"?? Thanks in advance, RossW ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
