• Call us at 07 5735070 or 0272216585

  • Customers Having Trouble with Internet Connections Using Port Forwarding

  • As more customers change to IP communications for alarms we have run into several suppliers who have CGN turned on.



    This prevents some outgoing and incoming messages from alarm monitoring and also gaming and web sites, normally you would port forward to get around this issue but CGN is controlled at the suppliers end.


    More information from  https://en.wikipedia.org/wiki/Carrier-grade_NAT

    Shared address space

    If an ISP deploys a CGN, and uses RFC 1918 address space to number their customers, there is a risk that customer equipment already using RFC 1918 space will stop working. The reason is that routing and NAT will not work if the same addresses occur on both inside and outside network interfaces.

    This prompted some ISPs to develop policy within ARIN to allocate new private address space for CGNs, but ARIN deferred to the IETF before implementing the policy indicating that the matter was not typical allocation but a reservation for technical purposes (per RFC 2860).

    IETF created RFC 6598, detailing Shared Address Space for use in ISP CGN deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. ARIN returned space to the IANA as needed for this allocation.[4] The allocated address block is[5]


    • Devices or software that tries to figure out if an IPv4 address is public will have to be updated to recognize the new space.
    • Allocating more private IPv4 address space for NAT devices might prolong the transition to IPv6.


    Carrier-grade NAT usually prevents the ISP customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the “master router” of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.[6] In order to overcome the former disadvantage, the Port Control Protocol (PCP) has been standarized in the RFC 6887.

    In addition, in rare cases there might be an issue of bans based on IP addresses; in Wikipedia, for example, the system might block a spamming user by banning the IP address which represents them. If that user happens to be behind carrier-grade NAT, other users sharing the same public IP with the spammer will be mistakenly blocked.[6]

    Trustpower does use this feature but when asked will disable it, the term to use when dealing with the ISP provider is CGN. It can not be configured in the router it is done at their end.