A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Seeing outside IP address when inside



 
 
Thread Tools Display Modes
  #1  
Old June 28th 06, 01:42 PM posted to uk.telecom.broadband
Richard M Willis
external usenet poster
 
Posts: 7
Default Seeing outside IP address when inside

At the risk of plagiarising William Shatner, I want to
be able to use my ISP-assigned static IP address from inside
my network.

I can't do this at the moment, because my modem/router only
performs NA Translation on stuff that originates the other
end of the broadband line.

I've got a partial solution at the moment involving the windows
registry, static routes, and multihoming but this is not really on.

My router is a Zoom X4. They (Zoom) confirm that all their products
work that way: i.e. can't see the outside IP address from the inside.

It appears that all other "domestic" broadband routers work this way
as well. Short of setting up a linux box to do the job, can anyone
recommend any make/model of BB router that does NAT properly.

Richard [in SG19]



--
Posted via a free Usenet account from http://www.teranews.com

  #2  
Old June 28th 06, 02:21 PM posted to uk.telecom.broadband
R.Daneel Olivaw
external usenet poster
 
Posts: 2
Default Seeing outside IP address when inside


"Richard M Willis" wrote in message
...
At the risk of plagiarising William Shatner, I want to
be able to use my ISP-assigned static IP address from inside
my network.

I can't do this at the moment, because my modem/router only
performs NA Translation on stuff that originates the other
end of the broadband line.

I've got a partial solution at the moment involving the windows
registry, static routes, and multihoming but this is not really on.

My router is a Zoom X4. They (Zoom) confirm that all their products
work that way: i.e. can't see the outside IP address from the inside.

It appears that all other "domestic" broadband routers work this way
as well. Short of setting up a linux box to do the job, can anyone
recommend any make/model of BB router that does NAT properly.

Richard [in SG19]


What do you want to use if for - can't you just use port forwarding or the
router's DMZ?


  #3  
Old June 28th 06, 04:35 PM posted to uk.telecom.broadband
Spack
external usenet poster
 
Posts: 68
Default Seeing outside IP address when inside

Richard wrote on Wed, 28 Jun 2006 13:42:12 +0100:

At the risk of plagiarising William Shatner, I want to
be able to use my ISP-assigned static IP address from inside
my network.

I can't do this at the moment, because my modem/router only
performs NA Translation on stuff that originates the other
end of the broadband line.

I've got a partial solution at the moment involving the windows
registry, static routes, and multihoming but this is not really on.

My router is a Zoom X4. They (Zoom) confirm that all their products
work that way: i.e. can't see the outside IP address from the inside.

It appears that all other "domestic" broadband routers work this way
as well. Short of setting up a linux box to do the job, can anyone
recommend any make/model of BB router that does NAT properly.

Richard [in SG19]



This is common across many devices - for instance, the PIX we use at work
won't do this either out of the box. It's one of the anti-spoofing
features - all packets at the WAN interface with a LAN IP address are
dropped. When you make a request to the external IP address, the packet is
passed out of the WAN interface (as it's outside of your LAN), and then the
interface on the router/firewall drops it. Luckily the PIX has a way to
handle this using the "alias" command.

Have you looked for a router that can run in bridging mode? This would
necessitate all PCs on your LAN having their own static public IP address,
or you could move any PCs that don't need to be able to connect to one of
your public IPs to their own NAT router.

If you just want to connect to public hostnames that are mapped to public
IPs on your router, why not run your own forwarding DNS server and set up
those hostnames on it to return the internal IP addresses, or even just edit
your hosts file (the former being the better solution for dealing with this
on multiple PCs on your LAN as you only have to maintain the mappings in one
place).

The only other thing I can think of is asking your ISP if they have a proxy
you can use.

Dan


  #4  
Old June 28th 06, 06:17 PM posted to uk.telecom.broadband
Dave {Reply Address in.Sig}
external usenet poster
 
Posts: 20
Default Seeing outside IP address when inside

Richard M Willis wrote:
At the risk of plagiarising William Shatner, I want to
be able to use my ISP-assigned static IP address from inside
my network.

I can't do this at the moment, because my modem/router only
performs NA Translation on stuff that originates the other
end of the broadband line.

Why do you need this? If it's to let internal hosts access the same
services that are available from outside without changing hostnames then
the quickest kludge is to either provide them all with hosts entries for
those server names mapped to the internal NAT addresses for the servers
and/or to run an internal DNS that maps the hostnames to the correct
internal server IPs. That works quite happily here, if I take my laptop
elsewhere and connect back to home, it works just fine without havnig to
tweak anything.

--
Dave
mail da (without the space)
http://www.llondel.org
So many gadgets, so little time
  #5  
Old June 28th 06, 10:07 PM posted to uk.telecom.broadband
Moonshine
external usenet poster
 
Posts: 13
Default Seeing outside IP address when inside

On Wed, 28 Jun 2006 13:42:12 +0100, "Richard M Willis"
wrote:

At the risk of plagiarising William Shatner, I want to
be able to use my ISP-assigned static IP address from inside
my network.

I can't do this at the moment, because my modem/router only
performs NA Translation on stuff that originates the other
end of the broadband line.

I've got a partial solution at the moment involving the windows
registry, static routes, and multihoming but this is not really on.

My router is a Zoom X4. They (Zoom) confirm that all their products
work that way: i.e. can't see the outside IP address from the inside.

It appears that all other "domestic" broadband routers work this way
as well. Short of setting up a linux box to do the job, can anyone
recommend any make/model of BB router that does NAT properly.

Richard [in SG19]


I think what you are after is refered to as NAT hairpin or loopback.

If that is the case you can find that supported on all the new
SpeedTouch routers. Just make sure "config natloopback=enabled" is set
in the IP configuration section.
  #6  
Old June 29th 06, 09:07 AM posted to uk.telecom.broadband
Richard M Willis
external usenet poster
 
Posts: 7
Default Seeing outside IP address when inside


"Dave {Reply Address In.sig}" wrote in message
news:u5qan3-

Why do you need this? If it's to let internal hosts access the same
services that are available from outside without changing hostnames then


The main motivation for doing this is access to my (passive) FTP server:
it opens the data connexion from the server end by saying "call me back
on www.xxx.yyy.zzzppp." This message is passed in plain text across the
control connexion and won't get translated by any Natterbox. (Well, it
could,
but I'd rather it left that sort of thing alone).

I know there are all sorts of ways of surmounting this problem but it's just
so damn stupid. The whole point of the internet is that you're supposed to
be able to connect from anywhere to any given destination transparently
(assuming
the server wants you to connect).

Having this restriction is crazy and I can see no reason for it.

If there is a good reason for a modem/router (which knows its external IP
address) preventing intra-LAN IP packets being subject to the same
port-forwarding
and address translation as traffic from the outside, then I really would
like to
know what it is.

There may be a damn good reason for it, but I can't for the life of me see
what it
is.

I want to be able to do all this in one box (modem/router/fw). Hence the
request for a model which does the job properly.

Richard [in SG19]



--
Posted via a free Usenet account from http://www.teranews.com

  #7  
Old June 29th 06, 09:11 AM posted to uk.telecom.broadband
Richard M Willis
external usenet poster
 
Posts: 7
Default Seeing outside IP address when inside

"Moonshine" wrote in message

I think what you are after is refered to as NAT hairpin or loopback.

If that is the case you can find that supported on all the new
SpeedTouch routers. Just make sure "config natloopback=enabled" is set
in the IP configuration section.


OK. Thanks for the information. I'll look-up speedtouch soon.

I'm still interested though as to why this is not provided by on
all routers (even if disabled by default). I understand the
argument of extra through-router traffic and sort of understand the spoofing
arguments, but it seems such an easy thing to do, I wonder why it's
not a standard item (!?)

Richard [in SG19]



--
Posted via a free Usenet account from http://www.teranews.com

  #8  
Old June 29th 06, 11:11 AM posted to uk.telecom.broadband
Spack
external usenet poster
 
Posts: 68
Default Seeing outside IP address when inside

Richard wrote on Thu, 29 Jun 2006 09:07:52 +0100:


"Dave {Reply Address In.sig}" wrote in message
news:u5qan3-

Why do you need this? If it's to let internal hosts access the same
services that are available from outside without changing hostnames then


The main motivation for doing this is access to my (passive) FTP server:
it opens the data connexion from the server end by saying "call me back
on www.xxx.yyy.zzzppp." This message is passed in plain text across the
control connexion and won't get translated by any Natterbox. (Well, it
could,
but I'd rather it left that sort of thing alone).


Ah, right. I never get that problem as I do allow my router to edit the FTP
packets, so my FTP server uses a LAN IP address.

I know there are all sorts of ways of surmounting this problem but it's
just so damn stupid. The whole point of the internet is that you're
supposed to be able to connect from anywhere to any given destination
transparently (assuming
the server wants you to connect).

Having this restriction is crazy and I can see no reason for it.


Most simple NAT routers are designed for getting connected to the internet
to access data on it, not use it to run services.

If there is a good reason for a modem/router (which knows its external IP
address) preventing intra-LAN IP packets being subject to the same
port-forwarding
and address translation as traffic from the outside, then I really would
like to
know what it is.

There may be a damn good reason for it, but I can't for the life of me see
what it
is.


As I mentioned in my post, it's a simple way to prevent one type of spoofing
attack. If a packet enters the router on the WAN interface with a source
from the LAN IP range, it drops it. Doing more than this (checking against
internal state tables, passing it back out on the LAN interface to the NAT'd
IP, and doing the same with the return packets) requires more complexity in
the OS, and more processing. This often equates to a more expensive unit as
it'll have SPI and a bunch of other features (no point just adding an SPI
table and doing very little with it), and so takes it out of the realms of a
consumer grade appliance.

I want to be able to do all this in one box (modem/router/fw). Hence the
request for a model which does the job properly.


I'd look for a box that has zone segmentation (eg. LAN, DMZ, WAN, where the
DMZ is actually on it's own interface) and so won't see packets on the WAN
interface that are sourced from the LAN interface, or set up a Linux box
that will do it all for you. A PIX might also work with the alias command,
but I've only ever used it to map public IPs to private IPs on an alternate
interface (my PIX has 3 interfaces, with publicly accessible servers on
their own "DMZ"), I'm not sure if it'll even work mapping IPs back to the
same interface.

Dan


  #9  
Old June 29th 06, 11:15 AM posted to uk.telecom.broadband
Spack
external usenet poster
 
Posts: 68
Default Seeing outside IP address when inside

Richard wrote on Thu, 29 Jun 2006 09:11:15 +0100:

"Moonshine" wrote in message

I think what you are after is refered to as NAT hairpin or loopback.

If that is the case you can find that supported on all the new
SpeedTouch routers. Just make sure "config natloopback=enabled" is set
in the IP configuration section.


OK. Thanks for the information. I'll look-up speedtouch soon.

I'm still interested though as to why this is not provided by on
all routers (even if disabled by default). I understand the
argument of extra through-router traffic and sort of understand the
spoofing arguments, but it seems such an easy thing to do, I wonder why
it's not a standard item (!?)


It might sound easy, but lets say you have an 8 port router with 8 machines
connected to it, and they're all using the WAN IPs of the other machines to
talk to each. Maintaing a large state table like this takes resources - so
the unit needs more memory, a faster CPU, and a more complex OS. All that
equates to a higher priced unit. If you spend the money you'll find routers
that will do this - if you go for cheap units, they most likely won't.

Dan


  #10  
Old June 29th 06, 12:09 PM posted to uk.telecom.broadband
Richard M Willis
external usenet poster
 
Posts: 7
Default Seeing outside IP address when inside

"Spack" wrote in message

It might sound easy, but lets say you have an 8 port router with 8

machines
connected to it, and they're all using the WAN IPs of the other machines

to
talk to each. Maintaing a large state table like this takes resources - so
the unit needs more memory, a faster CPU, and a more complex OS. All that
equates to a higher priced unit. If you spend the money you'll find

routers
that will do this - if you go for cheap units, they most likely won't.


OK. I hadn't thought about the extra resources for maintaining extra
state tables. I sort of understand now.

I will go for a machine that is less consumer grade.

Richard [in SG19]



--
Posted via a free Usenet account from http://www.teranews.com

 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Stupid qiestion and feel free to have a laugh - read inside Big Craigie uk.telecom.broadband (UK broadband) 10 October 8th 05 04:26 PM
ANYONE have a `TUT SYSTEMS` MXL 2300` Router...I Need the drivers.. Seriel number, been peeled/scratched off_& needed it to get drivers of web site__see message inside..TIA .####[][][][]####[][][][]####[][][][]####[][][][]####[][][][]####[][][]][ [ P.B.S] uk.telecom.broadband (UK broadband) 1 February 6th 05 08:19 AM
ANYONE have a `TUT SYSTEMS` MXL 2300` Router...I Need the drivers.. Seriel number, been peeled/scratched off_& needed it to get drivers of web site__see message inside..TIA .####[][][][]####[][][][]####[][][][]####[][][][]####[][][][]####[][][]][ [ P.B.S] uk.telecom.broadband (UK broadband) 0 February 6th 05 05:44 AM
ANYONE have a `TUT SYSTEMS` MXL 2300` Router...I Need the drivers.. Seriel number, been peeled/scratched off_& needed it to get drivers of web site__see message inside..TIA .####[][][][]####[][][][]####[][][][]####[][][][]####[][][][]####[][][]][ [ P.B.S] uk.telecom.broadband (UK broadband) 0 February 6th 05 05:44 AM


All times are GMT +1. The time now is 03:48 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.