True high speed internet now putting users behind a NAT.

[Humanoid]

I recently ordered high speed internet with True, and to my surprise found out that I am behind a NAT!

I tried calling them to ask them to let me connect to the internet without going through a NAT, and they didn't understand a thing I was saying. They even asked what a NAT is. I had to explain that it stands for network address translation, and told them they can just look it up on wikipedia. I asked if I can speak to somebody who actually knows how the internet works, but it seems there was nobody there with those qualifications.

At one point they offered me a static ip address for triple the price of what I'm paying now. I tried to explain to them that I prefer a dynamic ip rather than a static ip, but that I just don't want to be behind a NAT, but as usual, they didn't understand what a NAT was.

I used to have true internet several years ago, and they never put me behind a NAT before. In fact, no isp has ever put me behind a NAT in my life before. How can they start putting people behind a NAT, and then not even understand what they are doing to their customers when we call to complain about it?

[Crossy]

I'll lay odds that you have been behind a NAT router since you first got broadband you just haven't noticed. It's how the multiple IP addresses on your internal network get translated into the single IP address that the rest of the world sees.

It just works, don't fret about it.

[Humanoid]

They suddenly took me off the NAT which is great! I guess some time after I hung up the phone, they must've found somebody who understood what a NAT was and then just took me off it.

I guess now they are defaulting to putting new customers behind a NAT, and only taking them off after they complain.

[Humanoid]

I'll lay odds that you have been behind a NAT router since you first got broadband you just haven't noticed. It's how the multiple IP addresses on your internal network get translated into the single IP address that the rest of the world sees.

It just works, don't fret about it.

No. I know I was never behind a NAT before.

I was never talking about a home NAT.

The NAT that they had put me on was inside their buildings. But they now took me off it as explained in my previous post.

[KhunBENQ]

Can not remember anything different.

Having a router, internal adresses for multiple devices in the range 192.168.1.1 to 192.168.1.199 (as an example).

Internal adresses can not be routed to the internet.

Having one global IP adress 101.108.xxx.xxx today, which can change constantly (dynamic IP adress).

Dynamic IP adresses can change constantly.

NAT is standard for every home router.

Static IP adresses are indeed more expensive and worth for server use.

Edited June 1, 2015 by KhunBENQ

[RichCor]

If your ISP issues your Router a WAN address in either of the following ranges, then your ISP is running Carrier Grade NAT (Large Scale NAT, NAT64, NAT444)

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

Most Mobile Data users are issued IP Addresses in the non public-routable PRIVATE range, and their connections must flow through a Carrier Provided NAT Router that utilizes a common-shared Public IP Address.

More and more ISPs are utilizing LS-NAT or CG-NAT, issuing IP Addresses in the non public-routable Private IP Ranges, to preserve the dwindling amount of directly routable Public IP addresses they have in reserve.

Edited June 1, 2015 by RichCor

[Crossy]

Interesting Rich (not at all surprising of course).

What effect, if any, would this large scale NAT have on our OP, assuming of course that these systems manage the usual issues of double NAT.

[Pib]

If your ISP issues your Router a WAN address in either of the following ranges, then your ISP is running Carrier Grade NAT (Large Scale NAT, NAT64, NAT444)

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

Most Mobile Data users are issued IP Addresses in the non public-routable PRIVATE range, and their connections must flow through a Carrier Provided NAT Router that utilizes a common-shared Public IP Address.

More and more ISPs are utilizing LS-NAT or CG-NAT, issuing IP Addresses in the non public-routable Private IP Ranges, to preserve the dwindling amount of directly routable Public IP addresses they have in reserve.

Going into my True provided DOCSIS (cable) modem I see I have a WAN address of:

WAN IP Address: 58.X.XX.XX

I replaced some of the actual numbers with X's to not reveal my IP address on this post.

What does an IP address beginning with 58 mean since it's not in the series you mentioned above? Thanks.

[RichCor]

Interesting Rich (not at all surprising of course).

What effect, if any, would this large scale NAT have on our OP, assuming of course that these systems manage the usual issues of double NAT.

The largest drawback of having a CGN/LSN (Carrier Grade or Large Scale Network Address Translation) imposed on your Internet Connection is when using apps that are designed to communicate directly P2P (ie: Multi-player Games, VoIP and Security Cameras) or with other users or network (ie: VPN).

Most people discover issues when trying to connect to directly accessible IP Security Cameras. With a Public IP Address you just need to open a port in your router and you have access. If you have a Private IP Address, then direct access isn't possible. An alternative workaround needs to be implemented where the IP Security Camera constantly connects to an outside server waiting for you to make a similar connection.

Second largest drawback is being forced to SHARE a Public Internet IP address with hundreds of other users. Many Internet sites may block communications it may be programmed to perceive as "too many requests" from the same IP address. Abuse by one communal member may result in all other users being misidentified or classified and subject to restrictions.

...some highlights from an APNIC About Carrier Grade NAT (CGN) article

[CGN and LSN] are technologies to prolong IPv4 address availability by using private IPv4 address space in Service Provider (SP) networks. Some SPs may need to deploy CGN/LSN to manage the IPv4 address shortage in their networks while deploying IPv6 services to customers.

Deploying CGN/LSN without deploying IPv6 services come with some of the negative consequences of using NAT:

Breaks the end-to-end model of IP

Breaks end-to-end security

Serious consequences for lawful intercept

Non-NAT friendly applications mean more upgrades

Mandates the network keeps the state of the connections

Difficult to scale NAT performance for large networks as number of available ports per customer is restricted

Makes fast rerouting and multihoming difficult

Deploying CGN/LSN in IPv4-only SP networks will likely create a "double NATed" environment, as most Customer Premise Equipment (CPE) already have NAT functionality. This further increases the complexity of networks, compounding the negative impacts described above. More disadvantages:

The SP needs a large, costly NAT device in the aggregation or core layers

Technical drawbacks of NAT (above)

Sharing IPv4 addresses among multiple users could increase behavioural, security, and liability implications

Multiple NATs can create difficulties in tracking the association of port/address and subscriber, not to mention lawful intercept issues and increased difficulty for network troubleshooting

[KhunBENQ]

Going into my True provided DOCSIS (cable) modem I see I have a WAN address of:

WAN IP Address: 58.X.XX.XX

I replaced some of the actual numbers with X's to not reveal my IP address on this post.

What does an IP address beginning with 58 mean since it's not in the series you mentioned above? Thanks.

Too many xxx to tell.

You would at least need the first two digits to find out that it belongs to True.

E.g.: (probably not yours, a band reserved for FIX IP addresses).

58.97.0.0 - 58.97.63.255

Fix ip for coporate customer TRUE IP ADMINISTRATION

1 Fortune Town, 14th, 27th Floor,

Ratchadapisek Road, Din Daeng

Din Daeng, Bangkok 10400.

+662 6200400

+662 6421557

[email protected]

Guess you have a 58.8.xxx.xxx or 58.9.xxx.xxx

58.8.0.0 - 58.8.255.255

True internet Co., Ltd. TRUE IP ADMINISTRATION

1 Fortune Town, 14th, 27th Floor,

Ratchadapisek Road, Din Daeng

Din Daeng, Bangkok 10400.

+662 6200400

+662 6421557

[email protected]

Edited June 1, 2015 by KhunBENQ

[Pib]

^^^ Thanks.

[RichCor]

If your ISP issues your Router a WAN address in either of the following ranges, then your ISP is running Carrier Grade NAT (Large Scale NAT, NAT64, NAT444)

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

Most Mobile Data users are issued IP Addresses in the non public-routable PRIVATE range, and their connections must flow through a Carrier Provided NAT Router that utilizes a common-shared Public IP Address.

More and more ISPs are utilizing LS-NAT or CG-NAT, issuing IP Addresses in the non public-routable Private IP Ranges, to preserve the dwindling amount of directly routable Public IP addresses they have in reserve.

Going into my True provided DOCSIS (cable) modem I see I have a WAN address of:

WAN IP Address: 58.X.XX.XX

I replaced some of the actual numbers with X's to not reveal my IP address on this post.

What does an IP address beginning with 58 mean since it's not in the series you mentioned above? Thanks.

Unless your ISP assigned WAN (External) IP Address falls within a range of IPv4 numbers designated as either Reserved or Private, your Internet Connected IP Address has the ability to directly reach and be reached by all other Internet Connected active Public IP Addresses.

Wikipedia: Reserved IP Addresses, their designation and proposed purpose.

See also, Wikipedia: IP Address, Private Addresses subsection

Roughly, ~18 million IP addresses have been reserved in the IPv4 numbering system for special purposes. The most well known of these Private IP Address ranges being 192.168.0.0 – 192.168.255.255 allows local communications withing a private network (LAN) without the necessity of officially requesting, being assigned and registering a unique IP address for every computer connected in a private network.

Looking at the Reserved IP Address Range, the 58.x.x.x block is not a member of the reserved range, so can be assumed to be a directly routable Public IP Address.

[Humanoid]

Unless your ISP assigned WAN (External) IP Address falls within a range of IPv4 numbers designated as either Reserved or Private, your Internet Connected IP Address has the ability to directly reach and be reached by all other Internet Connected active Public IP Addresses.

Actually this is not always the case. It is only recommended that a nat uses a ip's from one of the private ranges for the internal network, but not required. A nat will function just fine even when the local network uses other addresses, even public addresses that are already used by others. When I was behind that nat with true yesterday, the ip address assigned to my adsl modem was in the 100.x.x.x range, and NOT the 10.x.x.x range. 100.x is not in the classical private ip address range. My public ip address as seen by websites I visit was 70.x.x.x. The newly allocated block for nat's is 100.64.0.0/10, however, I can't recall if the second byte in my ip address was in that block. I only remember that the first one was 100, and not 10.

Going into my True provided DOCSIS (cable) modem I see I have a WAN address of:

WAN IP Address: 58.X.XX.XX

The best way to check if you're behind a nat would be a 2 step process. First compare this "wan ip" address that your isp assigns you with the ip address seen by external websites when you visit them, such as ipchicken.com. If they match, you are probably not behind a nat. But to be sure, load up a server of some kind in your home, like an http server with a unique message posted on it, and try to load it from outside the country to see if you can see this unique message. If this 2nd test passes as well, you are very likely not behind a nat. If you don't have access to a server outside the country to test, there are websites that can load a url of your choice and give you a screen shot.

[RichCor]

Humanoid, there are 15 blocks of Reserved IP Addresses. I placed a link to a Wikipedia article rather than list them in my post.

My paragraph was written specifically to address IP Addresses that are clear to be directly routable over the internet and have the ability to directly reach and be reached.

While what you wrote about normal and reserved IP addresses may be true, it wasn't a case scenario I was discussing.

[sup3r1or]

Im thinking about asking them to put me in exception list for DNS hijack. But I highly doubt they will do it. Might have something to do with current gov.

[casualbiker]

I just read all the posts and still don't know what the hell you'll are talking about.. I guess that in this instance ignorance is bliss... Goddamit I'm starting to worry if I'm behind a Nat now... !!!

[zib]

3 of my True lines have been behind NAT for 4 days now. Doing some ping sweeps from outside it would appear that it is at minimal most of phuket.

Customer service is of course clueless of what i am talking about.

Example. Router gets via True's DHCP 100.97.137.X (marked as iana shared address space). Which is then NATed to 119.76.65.X.

Time to change from True or is this just a stupid misconfiguration?

[innerspace]

Shortage of ip addresses since the world has been too slow to upgrade to ipv6....

Nat is just a workaround to run more customers on fewer ips.

Can see a huge issue in the next few years when addresses run out completely and everyone os forced to adopt ipv6 whether the world is ready or not!

[Chicog]

Can I ask the IP why this is an issue?

[NeverSure]

I'm lost. Of course you are "behind a NAT". How else is your ISP going to route your traffic to you?

Say you click a link in a web page, thereby requesting the data to display or download the info from the link. That request goes out through your ISP and the data must be returned to only you. Without NAT at your ISP the returned data could be sent to anyone/everyone or perhaps the packets just destroyed as having no destination on record.

Are you sure you mean NAT? What makes you think so and what's the issue?

Cheers.

[thedemon]

Can I ask the IP why this is an issue?

It would only be an issue if you want to run external services that require a unique public IP address. If really behind a NAT your exposed public IP is shared with others so you will be unable to map ports to access CCTV cameras, FTP or VPN servers etc. from the internet.

[zib]

Other things might stop or work worse than before also. My VoIP for example isn't working anymore. And for some torrents might get alot slower.

[Chicog]

Can I ask the IP why this is an issue?

It would only be an issue if you want to run external services that require a unique public IP address. If really behind a NAT your exposed public IP is shared with others so you will be unable to map ports to access CCTV cameras, FTP or VPN servers etc. from the internet.

Yeah I get that but I wanted to know why it was an issue for him.

[muratremix]

You can always make a $5 usd private vpn on a vps from digital ocean (singapore) and get a dedicated ip.

Voip will work. Port mapping could work, but it is not easy for average home user (while using openvpn vpn)

So, IPv4 in Thailand is depleted or what?

[zib]

Can I ask the IP why this is an issue?

It would only be an issue if you want to run external services that require a unique public IP address. If really behind a NAT your exposed public IP is shared with others so you will be unable to map ports to access CCTV cameras, FTP or VPN servers etc. from the internet.

Yeah I get that but I wanted to know why it was an issue for him.

It seems to be mostly for CCTV. For me it's CCTV in the house. For my friend it's CCTV in the restaurant and for my wifes mother CCTV in the bar

I, and a few friends, also have a fileservers at home that we access remotely when out of thailand or just out somewhere with the laptop.

CCTV seems to be the biggest issue and I would assume that there is alot of businesses out there on True-lines that are scratching their heads now.

I really hope customer support gets some information so they atleast know about this if people call. And I also then hope that people can tell customer support to flip them back to the normal way.

[zib]

You can always make a $5 usd private vpn on a vps from digital ocean (singapore) and get a dedicated ip.

Voip will work. Port mapping could work, but it is not easy for average home user (while using openvpn vpn)

So, IPv4 in Thailand is depleted or what?

Yeah. Atleast for True. But if they are implementing this for everyone then they will soon have a shitload of IPs again. So I wonder what the plan is

[Chicog]

Can I ask the IP why this is an issue?

It would only be an issue if you want to run external services that require a unique public IP address. If really behind a NAT your exposed public IP is shared with others so you will be unable to map ports to access CCTV cameras, FTP or VPN servers etc. from the internet.

Yeah I get that but I wanted to know why it was an issue for him.

It seems to be mostly for CCTV. For me it's CCTV in the house. For my friend it's CCTV in the restaurant and for my wifes mother CCTV in the bar

I, and a few friends, also have a fileservers at home that we access remotely when out of thailand or just out somewhere with the laptop.

CCTV seems to be the biggest issue and I would assume that there is alot of businesses out there on True-lines that are scratching their heads now.

I really hope customer support gets some information so they atleast know about this if people call. And I also then hope that people can tell customer support to flip them back to the normal way.

1. Did you have to configure port mapping to get your cameras to work?

2. Does this stop TeamViewer working remotely?

[zib]

After trying messaging true on facebook and calling i emailed [email protected] and they fixed it immedietly. Yay

[RedCardinal]

The chat support reps understand this issue, and can fix it in under a minute. Obviously True know about the issue now. They remotely reset my router, and when back up had a public IP address.

[mr3cho]

If I am measuring site traffic to my site in Google analytics or Similarweb, would users behind a NAT be measured as the same session or user? This could have big implications if so.

Could someone explain or google-<deleted> for me as I am also ignorant.