I'm implementing various layers of access controls for a secure file transfer service (implementing sftp with ECDSA authentication and IP range verification) and one of my new data transfer partners is a "native ipv6" customer on Comcast. When they connect to an IP4 endpoint (when DNS lookups provide an A record rather than an AAAA record), I understand they're routed through carrier-grade NAT to provide an IP4 source address for these connections. Are these Comcast customer NAT egress addresses known or published? I'd like to whitelist them in the access rules for this customer.
No comments:
Post a Comment