In message <pine.lnx.4.61.1210100920590.26...@soloth.lewis.org>, Jon Lewis writ es: > I just spent a few minutes looking into this again, and figured out the > problem. AT&T has apparently changed the way their CGN works. I use a > form of port knocking to restrict access to SSHd from "foreign" networks. > It used to work fine from my phone. Now, the port knocking request from > the phone and the ssh connection are being NAT'd to different public IPs, > so my system is allowing ssh access to one AT&T IP, and then the ssh > connection comes from a nearby but different IP.
Which is a badly designed CGN. I turns singly homed clients into multi-homed client where the client has no control over the source address selection. At least with real multi-homed clients they have the ability to force source addresses to match. > On Wed, 10 Oct 2012, Owen DeLong wrote: > > > The day before I left the US, it was still working on my iPad. > > > > Owen > > > > On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdee...@gmail.com> wrote: > > > >> On 10/7/2012 9:22 PM, Jon Lewis wrote: > >>> has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) con > nections? > >> > >> Not here, have an SSH session open on my phone on port 22 as we speak. I'm > on an android on ATT's 3G network in central indiana, if that matters. > >> > >> -- > >> Jon Sands > >> Fohdeesha Media > >> http://fohdeesha.com/ > >> > > > > > > > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
