Comment by franga2000
13 days ago
Calling this "paying to unlock ports" is disingenuous. I'm also a T-2 customer and have run into this before. They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable. If you're not paying for static IPv4, you're paying for "internet access", whether that's a rarely chaning dynamic IPv4, a constantly changing IPv4 or full CGNAT.
Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
I've been told there's a law that my mobile phone operator has to turn off all firewalling on my connection if I ask.
I don't know about that law, but GP's point was that you don't get a public IP anyway, firewall or not. And with this NAT in place, you can't ask them to forward specific ports to your equipment.
In France, CG-NAT is getting widespread even for fixed, FTTH links. I'm typing this connected to SFR, which provides a static IPv6 /56, but IPv4 is behind CG-NAT. I can't host anything on IPv4. I think there's an option to get a fixed, internet routable address, but not on the "discount" plan I'm on. I hear you maybe can ask support to get you out of CG-NAT, but that doesn't seem very reliable.
Free (local ISP), by default, doesn't give a static IP for fiber, but you can ask for one for free through your online account page (you just need to tick a box).
> They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable.
Why does that seem reasonable to you? Why should dynamic IPs not be able to receive incoming connections? It costs them nothing to let those packets through.
> disingenuous
Bad.
> Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through?
CGNAT is pretty awful, but at least there's a reason for connections to fail.
But sure, if I had control I would mandate that CGNAT lets you forward ports. Maybe you don't always control the external port, but there shouldn't be any other compromises.
> You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
That's a workaround to get a different connection, not an unblock, so no.
Firstly, dynamic IPs are quickly reused, so if one customer get an IP onto a bunch of firewall blocklists because they were operating services that got exploited (like an open relay for spam, email backscatter generator, dns that was used for amplification, smb that hosted on-click executable windows malware...), this means some random unrelatimg customer will now have problems with their internet connection. After a while, you could poison a large chunk of the pool, then they have to not just deal with you, but also a bunch of other angry customers as well as beg all the firewall vendors to unblock those IPs.
If you get static, you keep that IP for a while. You suffer the consequences of your bad setup, you have to deal with FW vendors and after you leave, the IP will be offline for long enough that it will probably "cool off".
And secondly, while I don't like it, we need to keep in mind net neutrality was not written for selfhosters. It was written so an ISP can't zero-rate their own streaming service, or block their competitors. It was about internet access, not internet participation. The ownerwhelmimg majority of people are not and don't care to be "on" the internet, they want to "access" things that are on the internet. That's why NAT is still everywhere.
> Firstly, dynamic IPs are quickly reused
Define quickly? My modem stays attached on the same IP for months at a time.
> so if one customer get an IP onto a bunch of firewall blocklists
That can happen anyway! Most of those are based on outgoing connections!
> a bunch of other angry customers as well as beg all the firewall vendors to unblock those IPs
Does this happen today on the huge number of ISPs that let you open ports on a dynamic IP? I'm not aware of it.
> we need to keep in mind net neutrality was not written for selfhosters
Well I'm not really focused on the idea of net neutrality, just whether it's reasonable to make customers unconnectable, and I say it's not reasonable.