Re: Do I Have A Firewalled LAN Run By ISP In Between?
- From: Patient Guy <sevisen.adam@gmailDOTHEREcom>
- Date: Mon, 03 Mar 2008 18:03:56 GMT
Chris Davies <chris-usenet@xxxxxxxxxxxx> wrote in
comp.security.firewalls:
Patient Guy <sevisen.adam@gmaildotherecom> wrote:
1. I have a (wireless) router set up in "gateway mode." Hosts on the
LAN are dynamically assigned 192.168.1.x addreses [...]
2. When I interface with the router (via web interface) to check for
its WAN IP assignment, I get to my astonishment the following:
IP Address: 10.202.46.2
Of course, I am astonished because 10.x.x.x. are also designated for
private LAN and not Internet IP addresses, right?
Yes. Your ISP appears to be using 10.* addresses for its own network.
This is perfectly acceptable, provided they are hidden from the rest
of the Internet. The potential downside is that you can't have inbound
connectivity to your network.
4. I have access to a host "on the Internet" (169.237.x.x) [...]
University of California, Davis UCDAVIS2 (NET-169-237-0-0-1)
169.237.0.0 - 169.237.255.255
This remote host is running FileZilla ftp server and I can monitor
attempts to connect and IP addresses. When I attempt to use FireFTP
(an "extension" creating an ftp client within the FireFox http
client), the FileZilla server monitor on the remote host reports that
my IP address is 64.30.y.y, and not 10.202.46.2, which is consistent
with my understanding that 10.x.x.x addresses are private.
It's quite possible that your 64.30.* address is part of the public IP
address range for UCD.
don't think so. This is what the FileZilla server on the UCD host is
showing during attempts to make an FTP connection from the host with IP
10.202.46.2 above using the ftp client. That is,
router NAT ISP NAT
192.168.1.3 ---------> 10.202.46.2 ------> 64.30.y.y ---> Internet
Internet ---> host 169.237.x.x running FileZilla ftp server
That means that the ISP must be "onion"ing its network: that is,
providing service as a layer or shell of its own private network, and
running a layer within a layer, with a complex network address
translation system. Is that possible??
Clearly it's possible because it's happening. Your router is using NAT
to hide your network behind a single IP address. Your ISP is doing
exactly the same - hiding its network (and your single "public" IP
address) behind one or more IP addresses.
At any rate, I am not concerned about how they configure their
networks. I am ONLY concerned that they are or might be firewalling
inbound port 80 service, or for that matter, any service.
Almost certainly yes.
4. When I attempt to connect to the FileZilla server on the remote
host through the FireFTP client, I can login, but I cannot start a
file transfer. I always get a
425 Can't get data connection
I don't see that inbound connections to your network are relevant to
this problem.
Why would the ISP stop my ftp client on 192.168.1.3 making requests to the
server fully outside of it at host 169.237.x.x? I figure if I can solve
at least that problem, I might be able to solve the problem of providing
http service on 192.168.1.3....possibly. Sort of the one problem solved
leads possibly to another problem solved.
I think you may be mixing things up a little. But, to
resolve this error try switching your FTP client to "passive" mode.
Oh, and that 425 error does happen in PASV mode.
Chris
.
- Follow-Ups:
- Re: Do I Have A Firewalled LAN Run By ISP In Between?
- From: Chris Davies
- Re: Do I Have A Firewalled LAN Run By ISP In Between?
- References:
- Do I Have A Firewalled LAN Run By ISP In Between?
- From: Patient Guy
- Re: Do I Have A Firewalled LAN Run By ISP In Between?
- From: Chris Davies
- Do I Have A Firewalled LAN Run By ISP In Between?
- Prev by Date: Re: How to setup a security
- Next by Date: Re: Do I Have A Firewalled LAN Run By ISP In Between?
- Previous by thread: Re: Do I Have A Firewalled LAN Run By ISP In Between?
- Next by thread: Re: Do I Have A Firewalled LAN Run By ISP In Between?
- Index(es):
Relevant Pages
|
Loading
