New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
When NAT VPS providers Change IPs
randvegeta
Member, Host Rep
in General
Does it happen at all that NAT VPS providers change the IPv4 address with little or no notice?
If so, do providers have some DNS for that shared IP setup so you can always reach your server via a certain domain?
I'm not a provider or user of NAT based VPS so I'm curious.
Comments
You don't understand NAT hosting.
If the IP changes, there's usually a support forum where users can look up what's changed. The majority of NAT offers come with NATIVE IPv6, so you can get in that way. IPv4 is generally provided only for necessity/convenience, but overall it is not the primary focus.
DNS usually isn't set, and there's no guarantee of rDNS since hosts don't tend to like people to do naughty things from the shared IP.
It's not common i'd say but does happen. Can't remember seeing any openly announced DNS. But i remember at least Virtvire having setup reverse DNS on the NAT IPs. Never tried if they resolved the other way though.
Which provider?
Depends, I don't think I have ever done it without notice however it really depends on what your agreements are with said provider, some people are offering NAT as a commercial service with support and SLA now, while I only offer them with no SLA and community support.
I am sure it is annoying to get your IP changed, but I am also sure it would not really impact anything either, why would anyone host anything that could have impact on a basic NAT service?
Have you read your own forum?
LOL
I don't mean RDNS. I mean for example, if the IP of the shared IPv4 address is 123.45.67.8, the domain shared.hosting-company-name.com could resolve to this IP. The clients could then always use the domain to find the IP and access the server quickly, rather than remembering the IP address. If so a change in IPv4 address would not be so problematic no?
And yes I am aware of the native IPv6 addresses normally being part of the VPS, but being able to reach your server via IPv4 is still helpful, especially if where you happen to be only has IPv4 connectivity.
Most NAT providers don't like seeing the IPs posted in public. I guess thats the reason the don't use/post DNS.
NAT hosts also turn into DDoS magnets. There's a reason why this isn't usually done- at least on the LES network. The entire LES network, @Cam, and @i83 are the only NAT hosts I have used to date, but you are given an IP every time.
NAT is usually offered because it's much cheaper not to pay for an IP for a 64MB/128MB/etc VPS, whereas IPv6 is plentiful. If your issue is that you only have IPv4 and are cheap, you just have to learn to use your assigned ports (except when haproxy is involved to proxy HTTP/HTTPS).
What's the difference between providing the client with a static IP or a domain/subdomain that resolves to the IP?
For whatever reason, people might become complacent and post http://natbox.clownpenis.fart:MYPORT/ somewhere and attract a DDoS that affects everyone else on the node. By giving them the IP only and hammering it into their head that everyone else shares it, too, it works a little differently.
I actually set A records for my NAT boxes to the host IP; it's that only I use that record, and I don't publicise it anywhere. So, really, it's just a bit of trivial security via obscurity.
Well tbh as long as the DNS does not follow any recognizable scheme there probably is'nt any. Still as @WSS said NAT attracts DDoS and providers want to make it as hard as possible to find the IPs so having DNS that allows people to find any IPs besides the one they are assigned is likely a no-no for them. I guess it would'nt be the end of the world but it seems providers (at least LES) prefer it that way.
Indeed. Any super low cost VPS with a public address is not sustainable long term. Having succumbed to @Nekki's relentless hounding for a cheap BF/CM deal, I put up a special offer of $12/year VPS in HK and LT. That got a surprisingly large number of orders in a remarkably short period of time. But such offers are not sustainable given for each VPS sold, a dedicated public IP was allocated, and obtaining lots of IPs on the cheap is just not realistic or reasonable.
NAT IPv4 + IPv6 now seems like a great idea for these cheapo type servers. After all, who's using a $1 VPS for anything of significant consequence. But assigning a single IP for a couple dozen servers seems like it could be problematic. Being able to change this IP at will provides a great deal more flexibility for the host.
You also don't want to make a habit of doing this, because people will still bitch about their NO-SLA $0.00001/day service needing its' IP changed in PuTTy. Especially if they're actually running something on it. If you're thinking about offering more NAT services, I strongly suggest checking out the LES forums. It looks like a completely thankless job, and I don't know why anyone would want to.
Few reasons.
I can start offering free VPS again :-). We're mainly limited by IPs. We still have like 1,000 IPs not in used, but that's too few to allow us to grow in the medium term if we put any of that towards free VPS.
We can then look at moving the existing free VPS clients over to the NAT addresses (they probably won't like that....) which would free up more IPs for PAYING customers.
Also, selling dirt cheap VPS apparently generates a bit of buzz. Good or bad, it can draw traffic.
Given we've been running free VPS for almost 3 years now, I'm confident we can handle any abuse issues. To be honest, putting it all on a single NAT IPv4 address may actually make things easier.
I'd sure like some HK NAT.
With China route?
How many ports do NAT VPS normally get on the IPv4 address?
20 from every provider I've been with (inception, mikho, davidgestiondbi)
Are these 20 consecutive ports?
Is there an optimal port distribution method?
For simplicity, I'm looking at it like this.
The ephemeral ports range from 49152 - 65535. Assume you have 250 or so VPS on a single shared IP, that's upto 65 ports per VPS.
For simplicity however, I would divide up the ports like so.
Private IP: 10.0.0.2 - Ports = 50020 - 50029
Private IP: 10.0.0.3 - Ports = 50030 - 50039
Private IP: 10.0.0.10 - Ports = 50100 - 50109
Private IP: 10.0.0.18 - Ports = 50180 - 50189
Private IP: 10.0.0.100 - Ports = 51000 - 51009
etc. etc.
In this way it's easy to remember which ports are allocated to your VM. But this would only be good for 10 ports per private IP.
But making it 20 is easily done. For IP 10.0.0.2, the ports 50020-50029 and 60020-60029 could be used for a total of 20.
What do other NAT providers do?
How many ports do NAT VPS normally get on the IPv4 address?
This is how most hosts do it:
...and so on.
Yes.
Yes.
It's usually 00(1)-19(20), with either -20 or -22 or a being forwarded to port 22 on the private IP. Depends on the host.
Other than SSH, you've nailed it. Only giving 10 ports is a little weak, but I don't think I've ever actually needed more than 7 at a time.
Probably would help immensely if you signed up for a NAT'd VPS for one of the providers and took a look at how everything works. Additionally, if you decided/could join the LES brigade, then Anthony or David would possibly help you get everything configured.
172.16.0.13 has the following port range forwarded: 1301 - 1320
In this case, there may be a number of ports that are IANA assigned ports.
Isn't that a problem?
My port allocation uses only the ephemeral ports.. Is THAT a problem?
Again, you don't really seem to get NAT hosting. It doesn't matter if something else normally sits there, it's not in use on the host node; usually a non-host-node IP is allocated for the NAT instances, so yeah, you're gonna blow a /29 on a couple NAT boxes which are outside of your host IP.
Don't care much tbh. I just want it for the nice location and at NAT prices i can justify it idling it's billing period away :P
Yeah, NAT + service that insists on port X = you are out of luck. That's just how it is. Hosts usualy run reverse proxies though so NAT clients can at least host websites without having to specify ports in the browser or resorting to cloudflare on the v6 IP. Beyond that there is little to be done and imo there aren't that many services that profit from default ports anyways or they just support SRV records. Noone ever noticed i run teamspeak on a non standart port since they can just use an address and teamspeak finds the port from the SRV record.
Shhhh... https://www.wishosting.com/order/main/packages/VPS/?group_id=2 , last item.
"BLOCKED BY CHINA GFW"
That's one way to make sure it stays idle.
...and to avoid chargebacks, I guess.
O.O
NAT + vpn/proxy + china must be a shortlived combination. Still wonder how many chargebacks he gets from people that for some reason can't connect to their shiny new VPS.