| ▲ | jesprenj 3 hours ago |
| Slovenian ISP T-2.net also violates local network neutrality laws here by requiring customers to pay extra to unblock some special TCP ports, like 25 and 53, meaning they block selfhosting email and dns servers without additional payment. I filed a complaint to the national regulator AKOS. They first responded with agreeing with me, but nothing was fixed for many months, and upon emailing the regulator again, I received a different response from another employee claiming that charging more for unblocking special applications is legal (it's not). |
|
| ▲ | trinix912 2 hours ago | parent | next [-] |
| Another T-2 customer here. I never ran into issues with port blocking (but didn't try 25/53), even more, I had a "free" static IPv4 on DSL before we got the fiber line, but I've lately been noticing random connection slowdowns. Never had significant slowdowns with DSL. I've talked to a few people (Telemach customers) who told me it happens every now and then, they call the support center that tells them to restart the modem (even if they'd done it before) and then the connection magically works at full speed again. Could it just be that it all goes through Telekom Slovenije who does some weird load balancing? Definitely worth an investigation, but ZPS might be a better address for this than AKOS. |
| |
| ▲ | jesprenj 10 minutes ago | parent [-] | | Telemach is also funny in net-neutrality regard: Article 7.2 of their terms of service https://telemach.si/download/terms/splosni-pogoji-poslovanja... > Naročnik se obvezuje, da po priključitvi na omrežje izvajalca:
> ...
> * ne bo postavljal strežnikov na svoji lokaciji, razen v primeru sklenitve ustreznega dogovora z izvajalcem,
> ... It states that customers are bound not to setup servers on their internet connection point without prior aproval by the ISP. It sounds against the law to forbid this, albeit ianal. |
|
|
| ▲ | franga2000 2 hours ago | parent | prev | next [-] |
| Calling this "paying to unlock ports" is disingenuous. I'm also a T-2 customer and have run into this before. They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable. If you're not paying for static IPv4, you're paying for "internet access", whether that's a rarely chaning dynamic IPv4, a constantly changing IPv4 or full CGNAT. Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee? |
| |
| ▲ | direwolf20 2 hours ago | parent [-] | | I've been told there's a law that my mobile phone operator has to turn off all firewalling on my connection if I ask. | | |
| ▲ | vladvasiliu 38 minutes ago | parent [-] | | I don't know about that law, but GP's point was that you don't get a public IP anyway, firewall or not. And with this NAT in place, you can't ask them to forward specific ports to your equipment. In France, CG-NAT is getting widespread even for fixed, FTTH links. I'm typing this connected to SFR, which provides a static IPv6 /56, but IPv4 is behind CG-NAT. I can't host anything on IPv4. I think there's an option to get a fixed, internet routable address, but not on the "discount" plan I'm on. I hear you maybe can ask support to get you out of CG-NAT, but that doesn't seem very reliable. Free (local ISP), by default, doesn't give a static IP for fiber, but you can ask for one for free through your online account page (you just need to tick a box). |
|
|
|
| ▲ | sgjohnson 3 hours ago | parent | prev [-] |
| Blocking port 25 is perfectly reasonable. There are no sane and legitimate reasons for running an SMTP server on a residential connection. Even most server providers will block it unless you give them some very good reasons. Blocking 53 is just weird though. |
| |
| ▲ | myself248 an hour ago | parent | next [-] | | Define "residential connection". There is no such thing. A connection to the internet should be equal to any other connection to the internet, modulo BGP peering. Noone has a right to dictate what services I run or don't run, what protocols I speak or don't speak, what traffic I accept or deny, but *me*. That's the whole point of being on the internet rather than Prodigy or Compuserve or something. The physical location of that connection is irrelevant. Maybe I feel my servers are safer in a datacenter. Maybe I feel they're safer in my basement. In my case, it is very much the latter, and again, you don't get to make that call. I do. | |
| ▲ | daneel_w 2 hours ago | parent | prev | next [-] | | I'm not sure you read the OP's comment in full. They are talking about inbound traffic from the Internet. It's certainly a lot more common a case to self-host an MX than running an open DNS resolver or authorative name server. | | |
| ▲ | B1FIDO an hour ago | parent [-] | | You may be surprised to learn that there are many types of botnets out there, and many use DNS queries for the C&C. Although the GP wrote "53/tcp" that is a weird situation, because most (not all) DNS is over UDP. One day I suddenly found my DNS resolver logs were very active with veritable gibberish. And it seems that my router had been pwned and joined some sort of nefarious botnet. I only found this out because I was using NextDNS at the time, and my router's own resolver was pointed there, and NextDNS was keeping meticulous, detailed logs of every query. So I nipped it in the bud, by determining which device it was, by ruling out other devices, and by replacing the infected demon router with a safe one. But yeah, if your 53/udp or 25/tcp is open, you can pretty much expect to join a botnet of the DNS or SMTP-spam varieties. |
| |
| ▲ | tsss an hour ago | parent | prev [-] | | Whether or not I have a sane reason to use port 25 is none of their business. |
|
