That's why you use Teredo - it defeats that sort of simple statefulness, and works. ((SSH'ed from one laptop (WinXP, using MS's Teredo over double-NATed v4 connection) to another laptop (Ubuntu, EVDO, + Miredo) ... although it was pretty slow, it fit my needs at the time.))
For a time, maybe still today?, 6to4 would work as well. That is, the carrier may have been filtering unsolicited TCP/UDP ... but not Protocol41. (Off the top of my head, I forget which providers fell into which side of the ItWorked | ItStillWorks camp) /TJ >-----Original Message----- >From: Charles Wyble [mailto:char...@thewybles.com] >Sent: Thursday, April 09, 2009 6:09 PM >To: Skywing >Cc: NANOG list >Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? > >Yep verizon does indeed filter all unsolicated inbound traffic to the EVDO >network. It can be a blessing or a curse. :) > >Skywing wrote: >> Verizon filters unsolicited inbound traffic for their EVDO customers in my >experience. >> >> - S >> >> -----Original Message----- >> From: Roland Dobbins <rdobb...@cisco.com> >> Sent: Thursday, April 09, 2009 09:32 >> To: NANOG list <nanog@nanog.org> >> Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ? >> >> >> On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote: >> >>> Please share your thought and thanks in advance :) >> >> No, IMHO. Most broadband operators don't insert firewalls inline in >> front of their subscribers, and wireless broadband is no different. >> >> The infrastructure itself must be protected via iACLs, the various >> vendor-specific control-plane protection mechanisms, and so forth, but >> inserting additional state in the middle of everything doesn't buy >> anything, and introduces additional constraints and concerns. >> >> ---------------------------------------------------------------------- >> - Roland Dobbins <rdobb...@cisco.com> // +852.9133.2844 mobile >> >> Our dreams are still big; it's just the future that got small. >> >> -- Jason Scott >> >> >>
