Satellite Internet (TooWay)

[+John Teacake MVC]

I am interested in talking to people who have Satellite internet. I live in a remote area, This became the only way. I went with TooWay Direct. The company have been brilliant so far.

Although I cant seem to Port Forward anything at the minute. I am going to contact the support tomorrow because I have tried it with RDP and FTP. Not sure if they block those ports or whatever. Its a bit of a bummer if they do, Any suggestions if they do? I am thinking Team Viewer to connect back to home when I am at work.

I know the latency is high on Satellite connections thats just what it is and shouldn't cause me too many issues. But so far I am impressed with the speeds. I am getting 18 - 19 Mbits rather than crappy ADSL barely 1Mbps.

[+BudMan MVC]

You sure your just not natted - what is your routers wan/internet IP? I thought many sat companies don't allow any forwards because they are natted?

Are you on the tooway business or home setup - I thought with business you got public, but home private?

http://www.bentley-w...ay_business.php

Notice the pubic IP listing in the package. But in home - nothing mentioned

http://www.bentley-w...tooway_home.php

[+John Teacake MVC]

Yeah it looks like there is some Natting going on, I have an external IP of 130.xx.xx.xx and the modem has a management IP of 192.168.100.1 I have it connected to the Untrust Port on a Juniper which Nat's to a local subnet of 192.168.1.xx Maybe If I changed the subnet to 192.168.100.xx then I could get away with it.

I think your right, On the pro you get some public IP's I am on the home. I might get them to change it.

[+BudMan MVC]

many modems use that 192.168.100.1 address as management, my cable modem does for example. But 130.x.x.x is not private - if that your external you should be good to go.

Send yourself some traffic using say canyouseeme.org and do you see it on the external interfrace of your juniper?

Where are you seeing that 130 address? On the juni itself or using some website like whatsmyip ? If you have 130 on the juni itself doesn't seem like your behind a ISP nat, atleast not one using non routable private IPs

[+John Teacake MVC]

Yeah the 130 address is registered to the ISP, I get that. I think there is some kind of ISP trickery going on here because I have a rule for RDP and I have checked it with Canyouseeme and it comes back with Connection timed out.

I will see what their support have to say. It might be a case of I have to switch to Pro to get an external IP and then map it directly to my server.

[+BudMan MVC]

"Yeah the 130 address is registered to the ISP"

What?? No is the 130.x.x.x on your JUNI? your juni is set to get dhcp address on this interface? Where are you seeing that your address starts with 130?

[+John Teacake MVC]

"Yeah the 130 address is registered to the ISP"

What?? No is the 130.x.x.x on your JUNI? your juni is set to get dhcp address on this interface? Where are you seeing that your address starts with 130?

The Untrust Interface is set to DHCP Client, Thats where it gets the 130.xx address i.e the Public Internet Address. Thats why I cant understand why my port forwarding wont work. Everything else works fine apart from my port forwarding.

[Japlabot]

It is possible that they are port blocking even on a Public IP.

Try on a non-standard port.

With the Untrusted port coming out the ISP supplied Juniper modem, is that going directly into your PC on on your own router?

Maybe it is an issue with your own router if you are using it? Try DMZ for testing purposes (with your Windows Firewall enabled) to see if it's your router doing it?

Maybe look at other solutions that don't need port forwards depending on what you are trying to do... VPS, VPN, LogMeIn, etc.

[+BudMan MVC]

How are you checking that the port forward is not working? I would actually sniff at the pubic interface of the juni that has the 130 address - and generate traffic there via canyouseeme.org to some odd ports -- do you see the traffic? If not then yeah the isp is blocking unsolicited traffic to your public IP

If your wanting to see the traffic past the juni, maybe either your forward is not correct or ip your sending it to is blocking, etc. Sniff the traffic at your public interface to be sure they are not allowing the traffic to you.

[+John Teacake MVC]

Yeah I got some people on the outside to test it and then I checked the logs on the rule I created and I just see nothing, No connection attempts been made at all. I have E-Mailed the support asking them about it. I have a funny suspicion this is not allowed on Home but is on Pro or at least on Pro you get some Public (Static) IP's that I could use however I saw fit. I do know that HTTP traffic is passed through a kind of upstream proxy that strips out headers and other useless information and does some fancy compression or something so Webpages are delivered quicker. I suspect that other traffic is filtered too.

[+BudMan MVC]

checking logs on a rule does not always tell you the whole picture.

I would do a ff (flow filter) and look for the dst IP (yours) to the port they are creating traffic to.

But from the website I don't think home connections can do inbound unsolicited traffic -- update to pro package if you need inbound.

[+John Teacake MVC]

You mean with something like Wireshark? Yeah that's what I think I am heading towards...Going with Pro

[+BudMan MVC]

no what juni do you have? You should be able to do a flow filter on it and see the actual traffic on the interface. Possible traffic is not reaching your rule that your logging which is why you don't see anything in that rules logs.

Do you have a specific deny rule added for logging - you could look there, but by default on junipers default deny is not logged.

[+John Teacake MVC]

no what juni do you have? You should be able to do a flow filter on it and see the actual traffic on the interface. Possible traffic is not reaching your rule that your logging which is why you don't see anything in that rules logs.

Do you have a specific deny rule added for logging - you could look there, but by default on junipers default deny is not logged.

Yeah I know you have to turn Logging on hehe :-p Not familiar with Flow Filer. Will look at this.

[+BudMan MVC]

not flow filer, flow filter "ff"

http://kb.juniper.net/InfoCenter/index?page=content&id=KB5536

How do I capture debugging (debug flow) information?

[+John Teacake MVC]

Typo :-p Oh I have done the Debug stuff before I didn't know it was Flow Filter...