Strange IP resolution issue

Hi, I’m unable to connect to several databases I use at work and am unable to determine the issue.

MySQL: port 3306
Flask Webserver: port 5000
MongoDB: port 27017

All of these work fine when I’m tethered to my phone or on a local wifi. I attached a screenshot of the firewall settings from WebAdmin, everything is wide open (unless there’s another place to check).

I saw this thread about port 22 being blocked on ATT for someone, I can ssh on 22 just fine into all of my servers.

I have a strange issue where my public IP is different whether I retrieve it from a browser or on the command line.

If I go to I get a different IP than if I run the following terminal command
> curl

I tried the same with and get different IPs from a browser or the curl request.

For the AWS instances, I have been using whitelisted IPs for the time being. I temporarily opened a few machines up to the whole internet ( and that still did not work.

Any advice would be much appreciated, I’m pretty stuck on what to look for next.



Model: Pepwave MAX Transit
Firmware: 8.0.2 build 4407
Carrier: ATT
MacOS Catalina 10.15.6


I looked at this some more and found out that it’s not an issue with ports at all, it’s that my public IP is either coming back incorrect or is changing.

I’m able to access the port on another server just fine.

nc -v 27017
Connection to port 27017 [tcp/*] succeeded!

It turns out that when I thought I had opened up my EC2 instance to the world I didn’t (I had too many security groups active). When I do open the machine up to, I’m able to connect. If I open it up to only the public IP I get from any sites that tell you your public IP, I get a network socket timeout. Somehow these sites that are telling me my public IP are incorrect.

Is this an issue with the Peplink Transit Max or an ATT (carrier) issue or maybe combination thereof? Any ideas would be very helpful.


Hi Jeff, ATT is not providing you with a publically routable IP address as much as you are thinking so (unless you are subscribed to and paying for a static IP address).

Rather they deploy CGNAT or carrier-grade-NAT.

Oh wow, I didn’t realize this was happening, what a bummer. The internet is a giant ball of duct tape. Thanks for pointing this out Tim.