Monday, 27 June 2011

Vodafone Mobile IP ranges

I recently added a firewall to my server such that even though the router has one, if there's some security hole in its firewall, the server inside the network is still protected by its own firewall. This server-side firewall is more restrictive than the router one, with a DROP policy set by default, and I have to punch holes in it in order to get access.

One of the things I like being able to do is access my files from my phone. Unsurprisingly, you get a dynamic IP address with mobile broadband. If I could find what the range of IP addresses Vodafone assign to their mobile broadband customers, I could allow some part of that range through the firewall. Obviously this only allows those IPs to try to connect, they still need to have the correct credentials in order to get through.

After a bit of searching, I came across this thread on the Vodafone forums. After some initial reticence on the Vodafone side, they eventually listed the IP ranges they used for their mobile broadband. To save some searching, this is the appropriate set of ranges:
212.183.140.48/28
212.183.140.102/31
212.183.140.16/28
212.183.140.98/31
212.183.140.32/28
212.183.140.100/31
212.183.140.0/28
212.183.140.96/31 
An initial connection from my phone indicates this range is valid (for the time being). This solves the problem of me being able to access my server from unknown networks as I can simply tether my phone to my laptop, and know that I'll be able to get in to the server, from which point I can make temporary changes to the firewall to allow access to that specific new IP address.

I would, eventually, like to add port knocking to the server such that even though there are open ports on the router and firewall, given a simple scan, the ports should appear closed.

No comments:

Post a Comment