Canadian TV, Computing and Home Theatre Forums banner

Surf Internet suddenly blocking incoming connection

3107 Views 16 Replies 7 Participants Last post by  ExDilbert
Hi All,

Longtime fan. First time poster.

I've used Surf Internet in Vancouver for 4 years and besides their reasonably terrible customer service, never had any issues with them. That was until two weeks ago...

Suddenly I was no longer able to access my local computers from the internet. This is something I've been doing years (web server, Plex, VNC, security cameras etc.) I spent a number of hours troubleshooting things on my end and finally concluded that it was an issue with Surf and not on my end.

Contacted Surf and (when they finally called me back) was given a story about a new firewall being setup on their end for my security. That day external connections magically started working again and I brushed the whole thing off.

One day later and external connections were once again blocked. Called again. Waited for a call-back then asked to talk to a manager. When they finally called me, I was given the same story about firewall and security upgrades. Fine with me but I need to be able to connect to my computers externally. I was then told I'd need to pay $5 a month more for a static IP address.

I argued with the manager for 10 minutes telling him paying $5 and month for a service I already had was ridiculous for two reasons:
1) This "improved security" was never communicated to me. Thus causing me to spend several hours of my own time trying to sort out the problem.
2) I should not have to pay more for a feature that I already had. Being able to connect back to my network from the internet is a fundamental feature of how the internet works.

Anyone with their own firewall knows that its super easy to add a single IP to a DMZ and that charging $5 / month for this service is totally ridiculous.

In the end they offered me two months of free static IP (colour me not impressed). I took the offer but told them flat-out that I'd be taking my business elsewhere. What's stopping them charging me for other internet features that I already have in the future?

To me the whole thing reeks of bait-and-switch and honestly seems borderline illegal. Its clear that the reason they haven't communicated this to their customers is that they didn't want publicity around the change.

Anyway, I hope this helps other Surf customers who might be out there and wondering why they can't connect back from outside their network.
See less See more
1 - 17 of 17 Posts
You shouldn't need a static IP to get past their firewall. My address with Rogers is DHCP and I have no problem reaching it. Even though it's DHCP, it's virtually static and the host name never changes, unless I change hardware.
100% agree with you and that is how my connection has worked for the 20 years I've been using cable for internet. My IP changed probably 3 times in that 20 years so I've never worried about a static IP.

Their new firewall rules are preventing incoming connections to anyone using DHCP apparently so now I need a static IP just to get my incoming connections back.
If they are blocking your inbound connections, they are not an ISP. However, inbound connectivity usually requires you to configure some inbound NAT rules on your home router which are not there by default. Are you sure nothing changed on your router without your knowledge?

This is only the beginning. It is foreseeable that soon, most if not all ISPs will start "blocking" incoming connections, because they will run out of IPv4 addresses to issue and will have to start to use carrier-grade NAT.
That blocking is a result of NAT, not deliberate action. Of course the proper solution is to move to IPv6. I get a /56 prefix from Rogers, which gives me 256 /64s, each of which contain 18.4 billion, billion addresses.
Yeah I'm positive that this is their blocking me and not some problem on my end. I've been doing this for a long time plus three different support folks on their end told me it was them.

I'm not so sure its a NAT things on their end as the IP address assigned to me before my static IP wasn't in the NAT range but (as their system is obviously totally opaque to me) I can't be sure. Really it doesn't matter since I can't connect back to myself either way.
I filed a compaint with the CRTC today. This issue doesn't explicitly fall within their Internet Traffic Management Practices mandate (although it could be considered "Blocking the delivery of content to you") but I figured it couldn't hurt. To me it is actually worse in some ways than the examples they have of this mandate.
I'm a Surf Internet customer also, and I discovered this issue today after wrestling with inconsistent inbound connectivity for the last month or so. I'm planning on calling them tomorrow and if they confirm this change (assuming they will) then I'll also be lodging a CRTC complaint and a BBB complaint, and then looking elsewhere for service.

Surf Internet | Complaints | Better Business Bureau® Profile

Wondering who you moved to or are considering as an alternate ISP in Vancouver?

Edit: It sounds like they've installed Carrier Grade NAT (likely because they ran out of IPv4 addresses) which introduces a double NAT scenario for all hosts on our internal/home networks and naturally blocks all port forwarding for the second level of NAT (i.e. the home network). It's likely other carriers will be forced to follow suit at some point in the future.
Know nothing about Surf internet. Do they support native IPV6 ? Most of the big sites I use can be accessed via V6 now.

Sent from my iPad using Tapatalk

It's easy enough to determine if they're using CGNAT. Just hook a computer directly to the modem and see what address you get. There's a range just for CGNAT,
@JamesK : At least for me my IP did not change when this happened.

@bladeanon : My CRTC complaint seemed to find some purchase although its difficult to determine exactly what happened with it (so much bureaucracy) but they did pass it along to Surf. BBB is a great idea and I'll do that for sure.

I have not found a decent alternative. TekSavvy is suppose to be ok but their price is significantly higher than Surf. I want the highest upstream bandwidth I can get, so I'm trying to get Telus Fibre sorted out in my building (even though I hate to sell my soul to Telus).
@timlocke Thanks. It's something I considered myself, but it likely makes accessing IPv4 only sites a little more problematic, unless I'm missing something - I'm not that savvy with IPv6 tbh

@JamesK Good thing to check. I did hook a laptop up to the modem directly at one point during my testing yesterday and I don't recall seeing the 100.64 address allocated. I'll do that again to confirm though.

@sloppyjoe2020 I'm yet to hear back from them about it. But it really amounts to extortion on their part; removing a feature that is standard in the industry and then demanding payment to turn it back on. Sounds like something the mafia would do...

I looked at TekSavvy and I have the same requirement for higher upload speeds as you. Most are 10-15Mbps for their higher speed plans. It would be nice to see more symmetrical plans aimed at residential, but I guess the demand isn't really that big, except for us nerds.

BTW - I found a crappy workaround for at least one of my inbound port forwards. I have a VPN service that supports a single random port forward, which is something Surf can't really block. But it's only one port, I need around 3-5 total, and that one port can change if disconnected from the VPN for too long. So a script is in order to keep it up-to-date. But it seems to work for now.
See less See more
I looked at TekSavvy and I have the same requirement for higher upload speeds as you. Most are 10-15Mbps for their higher speed plans. It would be nice to see more symmetrical plans aimed at residential, but I guess the demand isn't really that big, except for us nerds.
Teksavvy provides IPv6. The reason for asymmetrical bandwidth is the connection delivered over phone lines or TV cable, both of which have limits on the upstream bandwidth. Business users can get symmetrical DSL, but it requires 2 lines. You can also get it on fibre. A friend of mine recently got 500/500.
Ok, so amazingly the CRTC has resolved this issue for me (and me only unfortunately... read on to find out why). Here is the e-mail I just received from the CRTC:

I was able to attempt to facilitate an informal resolution with Surf Media who has agreed to credit any $5/month charge that you have already been charged since October 2020 for the static IP and to remove this charge going forward, while still maintaining the service so that you can remotely connect to your computers as an offer to informally resolve and close the CCTS complaint.
I immediately asked about everyone else that was impacted by this and (again amazingly) got an immediate phone call from the CRTC letting me know that they can not enforce policy on an ISP. The only way they work is on an individual complaint basis. She noted that they will have my resolution on file and can attempt to enforce it for others who have the same complaint. So @bladeanon I'd recommend filing your own complaint with the CRTC it you have not already.

Annoying that many Surf users are going to pay for this unnecessary but super impressed that the CRTC was able to resolve this for me. They were shockingly responsive and helpful.

Hope this helps others!
  • Like
Reactions: 1
@sloppyjoe2020 Wow! That is amazing. I've had some contact with CRTC previously and their complaint system is difficult to navigate and generally results in a lot of wasted time with no positive outcome. But I will definitely try again after hearing about your result. Thanks so much for taking the time to post this.
The issue I have with the CRTC is that they publish your complaint and personal information on their web site. As far as I know, the CCTS does not do that.
1 - 17 of 17 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.