nat – How does the website "whatsmyrouterip.com" detect the IP address of the LAN router and the IP address of the LAN device as well as the IP address of the WAN gateway router?

The website http://whatsmyrouterip.com/ can be used to resolve the public Internet WAN IP address of a gateway router. However, it also displays the private IP address of the gateway router and the private network address of the device sending the request (for example, a laptop).

How does the site access IP addresses of private networks, knowing that the NAT source IP address of the page request is that of the gateway router? HTML headers?

FOR EXAMPLE. Public IP address of the gateway router: 257.59.201.1. Private LAN address of the 192.168.1.1 gateway router. Private LAN address of the laptop 192.168.1.25.

The site is HTTP, so all this information is submitted in clear text.

vpn – Does the Load Balancing of Multiple WAN Connections Improve Anonymity?

I would like to understand the pros and cons of balancing outgoing connections for anonymity.

Scenario 1: My Router (ip A)> VPN Router (ip B)> VPN Router (ip C)> Web Host

Scenario 2: My Router (ip A)> 3 Load Balanced VPN Client Connections (ips B C D)> 3 Separate Connections Leaving VPN Routers (ips E F G)> Web Host

Continuing my sorry curiosity,
What happens if senario 2 to corresponds to 3 connections to the same VPN server but the VPN IP addresses or source to the web host are obviously different.

A problem that I identified is that of senario 2: you have a bigger fingerprint / connection pattern, which is a problem. Visit obscure sites compared to popular sites.

This is assuming the user accepts latency and authentication issues or SSL, etc.

debian – Why do I need a static route to enable WAN traffic?

I've recently set up a Debian 9 server (Debian 4.9.130-2) for it to run as a thin server, running a series of Docker containers (nextcloud, sync, etc.) to basic service sides such as ssh. The services are properly configured and working without problems: I can connect to ssh and docker containers from any device on my local network without any apparent problem.

I've configured the packet capture on my router, then several incoming connection attempts with the ports transferred from a VPN. Using this method, as confirmed in another question here, the router was properly configured and the server dropped packets once it had received them from Offnet. A little more troubleshooting confirmed that the traffic works as soon as I have defined a static route for the WAN subnet. Here's my question – it's a relatively simple Docker server and I've never been in this situation before where static routes were required. What is missing in my configuration?

Here is the original routing table:

$ ip route
0.0.0.0/1 via 10.1.10.9 dev tun0
default via 192.168.1.1 dev eno1 onlink
10.1.10.1 via 10.1.10.9 dev tun0
10.1.10.9 dev tun0 proto kernel scope src link 10.1.10.10
128.0.0.0/1 via 10.1.10.9 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-931904c155b2 kernel reach link proto src 172.18.0.1
172.98.67.82 via 192.168.1.1 dev eno1
192.0.0.0/8 dev eno1 proto kernel link link src 192.168.1.208
192.168.1.0/24 via 192.168.1.1 dev eno1

Quick key for relevant addresses for troubleshooting:

  • 196.52.84.14 is an IP address assigned to my PC when connecting to a VPN
  • 192.168.1.208 is the IP address of the local network of the server.
  • 87.75.107.144 is the IP address of the WAN on the router (obfuscated)

The firewall is as follows:

$ sudo iptables-save
# Generated by iptables-save v1.6.0 on Fri Mar 15 20:37:38 2019
* nat
: ACCEPT PREROUTING [3920:488137]
: ACCEPT ACCEPT [2997:321060]
: OUTPUT ACCEPT [2725:243307]
: POSTROUTING ACCEPT [2735:246173]
: DOCKER - [0:0]
-A PREROUTING -m addrtype -dst-type LOCAL -j DOCKER
-An exit! -d 127.0.0.0/8 -m type-type -dst LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16! -o br-931904c155b2 -j MASQUERADE
-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp -dport 8181 -j MASQUERADE
-A POSTROUTING -s 172.18.0.3/32 -d 172.18.0.3/32 -p tcp -m tcp -disc 7878 -j MASQUERADE
-A POSTROUTING -s 172.18.0.4/32 -d 172.18.0.4/32 -p tcp -m tcp -dport 8686 -j MASQUERADE
-A POSTROUTING -s 172.18.0.5/32 -d 172.18.0.5/32 -p tcp -m tcp -dport 9000 -j MASQUERADE
-A POSTROUTING -s 172.18.0.6/32 -d 172.18.0.6/32 -p tcp -m tcp -dport 8989 -j MASQUERADE
-A POSTROUTING -s 172.18.0.7/32 -d 172.18.0.7/32 -p tcp -m tcp -dport 4040 -j MASQUERADE
-A POSTROUTING -s 172.18.0.8/32 -d 172.18.0.8/32 -p tcp -m tcp -dport 8000 -j MASQUERADE
-A POSTROUTING -s 172.18.0.8/32 -d 172.18.0.8/32 -p tcp -m tcp -dport 80 -j MASQUERADE
-A DOCKER -i docker0 -j BACK
-A DOCKER -i br-931904c155b2 -j BACK
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 8181 -d DNAT-to-destination 172.18.0.2:8181
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 7878 -d DNAT-to-destination 172.18.0.3:7878
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 8686 -d DNAT -to-destination 172.18.0.4:8686
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 9001 -d DNAT-to-destination 172.18.0.5:9000
-A Docker! -i br-931904c155b2 -p tcp -m tcp -direct 27021 -d DNAT-to-destination 172.18.0.6.8989
-A Docker! -i br-931904c155b2 -p tcp -m tcp -port 4040 -d DNAT-to-destination 172.18.0.7:4040
-A Docker! -i br-931904c155b2 -p tcp -m tcp -dport 10001 -d DNAT-to-destination 172.18.0.8:8000
-A Docker! -i br-931904c155b2 -p tcp -m tcp -dport 10000 -d DNAT-to-destination 172.18.0.8:80
COMMIT
# Ended on Fri Mar 20:37:38 2019
# Generated by iptables-save v1.6.0 on Fri Mar 15 20:37:38 2019
*filtered
: ACCEPT ACCEPT [6374971:555022347]
: DROP FORWARD [0:0]
: OUTPUT ACCEPT [8882591:15858115582]
: DOCKER - [0:0]
: DOCKER-INSULATION-STAGE-1 - [0:0]
: DOCKER-INSULATION-STAGE-2 - [0:0]
: DOCKER-USER - [0:0]
-A INPUT -p tcp -m state -state NEW -m tcp -dport 22 -m comment -how "Allow SSH" -j ACCEPT
-A INPUT -p tcp -m tcp -dport 443 -m comment - comment "Allow HTTPS" -j ACCEPT
-A FORWARD -j DOCKER-USER
-Before -j DOCKER-INSULATION-STAGE-1
-A FORWARD -o docker0 -m conntrack -ctstate CONNECTED, ESTABLISHED -j ACCEPT
-Before -o docker0 -j DOCKER
-A BEFORE -i docker0! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-931904c155b2 -m conntrack -ctstate RELATED, ESTABLISHED -j ACCEPT
-A FORWARD -o br-931904c155b2 -j DOCKER
-A FORWARD -i br-931904c155b2! -o br-931904c155b2 -j ACCEPT
-A FORWARD -i br-931904c155b2 -o br-931904c155b2 -j ACCEPT
-A DOCKER -d 172.18.0.2/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8181 -j ACCEPT
-A DOCKER -d 172.18.0.3/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -disc 7878 -j ACCEPT
-A DOCKER -d 172.18.0.4/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8686 -j ACCEPT
-A DOCKER -d 172.18.0.5/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 9000 -j ACCEPT
-A DOCKER -d 172.18.0.6/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8989 -j ACCEPT
-A DOCKER -d 172.18.0.7/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 4040 -j ACCEPT
-A DOCKER -d 172.18.0.8/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 8000 -j ACCEPT
-A DOCKER -d 172.18.0.8/32! -i br-931904c155b2 -o br-931904c155b2 -p tcp -m tcp -dport 80 -j ACCEPT
-A DOCKER-INSULATION-STAGE-1 -i docker0! -o docker0 -j DOCKER-INSULATION-STAGE-2
-A DOCKER-INSULATION-STAGE-1-i br-931904c155b2! -o br-931904c155b2 -j DOCKER-INSULATION-STAGE-2
-A DOCKER-INSULATION-STAGE-1 -j BACK
-A DOCKER-INSULATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-INSULATION-STAGE-2 -o br-931904c155b2 -j DROP
-A DOCKER-INSULATION-STAGE-2 -j BACK
-A DOCKER-USER -j RETURN
COMMIT
# Ended on Fri Mar 20:37:38 2019

Taken measures:

$ sudo ip route del 0.0.0.0/1 did not have any effect
$ sudo ip route add 0.0.0.0/1 via 192.168.1.1 likewise had no impact

But when I add:

$ sudo ip route add 196.52.0.0/16 via 192.168.1.1

… I can instantly access ssh and other relevant services port forwarded on this server as long as I am in the VPN with this subnet.

I certainly do not want to add static routes for all possible off-network locations that I will use to access this server. So what is the most elegant change to my current routing table, which can allow traffic to be routed via 192.168.1.1 for these? guests?

For reference, the network interfaces are:

$ ip address list
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link / loopback 00: 00: 00: 00: 00: 00 breakfast: 00: 00: 00: 00: 00: 00
inet 127.0.0.1/8 host range low
valid_lft forever Preferred_lft forever
inet6 :: scope host 1/128
valid_lft forever Preferred_lft forever
2: enp3s0:  size 1500 qdisc state pfifo_fast group DOWN default qlen 1000
link / ether fc: aa: 14: 2a: 1e: 74 brd ff: ff: ff: ff: ff: ff
3: eno1:  mtu 1500 qdisc status pfifo_fast UP default group qlen 1000
link / ether fc: aa: 14: 2a: 1e: 76 brd ff: ff: ff: ff: ff: ff
inet 192.168.1.208/8 brd 192.255.255.255 global scope eno1
valid_lft forever Preferred_lft forever
inet6 fe80 :: feaa: 14ff: fe2a: 1e76 / 64 link of the litter
valid_lft forever Preferred_lft forever
4: wlp1s0:  mtu 1500 status qdisc noop DOWN default group qlen 1000
link / ether ec: 08: 6b: 13: dd: eb brd ff: ff: ff: ff: ff: ff
5: docker0:  mtu 1500 qdisc noqueue state DOWN default group
link / ether 02: 42: 48: 16: 8e: 35 brd ff: ff: ff: ff: ff: ff
inet 172.17.0.1/16 brd 172.17.255.255 global reach docker0
valid_lft forever Preferred_lft forever
6: br-931904c155b2:  mtu 1500 qdisc noqueue state UP default group
link / ether 02: 42: d0: ff: 7c: cb brd ff: ff: ff: ff: ff: ff
inet 172.18.0.1/16 brd 172.18.255.255 overall scope br-931904c155b2
valid_lft forever Preferred_lft forever
inet6 fe80 :: 42: d0ff: feff: 7ccb / 64 reach link
valid_lft forever Preferred_lft forever
8: veth60c7669 @ if7:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 42: 4f: 8d: 7f: 5a: bd brd ff: ff: ff: ff: ff: ff link-netnsid 6
inet6 fe80 :: 404f: 8dff: fe7f: 5abd / 64 reach link
valid_lft forever Preferred_lft forever
10: veth769643d @ if9:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 1e: 28: ea: 5a: fc: 69 brd ff: ff: ff: ff: ff: ff link-netnsid 1
inet6 fe80 :: 1c28: eaff: fe5a: fc69 / 64 reach link
valid_lft forever Preferred_lft forever
12: vethcc60b5f @ if11:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether d6: fa: aa: e4: df: d9 brd ff: ff: ff: ff: ff: ff link-netnsid 0
inet6 fe80 :: d4fa: aaff: fee4: dfd9 / 64 reach link
valid_lft forever Preferred_lft forever
14: veth820688e @ if13:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 82: bc: 6b: 10: bd: ee brd ff: ff: ff: ff: ff: ff link-netnsid 5
inet6 fe80 :: 80bc: 6bff: fe10: link bdee / 64 scope
valid_lft forever Preferred_lft forever
16: veth9d1e101 @ if15:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether f2: 19: 3c: 01: 9a: 6d brd ff: ff: ff: ff: ff: ff link-netnsid 2
inet6 fe80 :: f019: 3cff: fe01: 9a6d / 64 reach link
valid_lft forever Preferred_lft forever
18: veth811a2bb @ if17:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether a6: 35: 11: 6a: e1: 4th brd ff: ff: ff: ff: ff: ff link-netnsid 3
inet6 fe80 :: a435: 11ff: fe6a: e14e / 64 scope link
valid_lft forever Preferred_lft forever
20: veth346ef03 @ if19:  mtu 1500 qdisc noqueue master br-931904c155b2 UP state default group
link / ether 96: ec: 41: 3c: 1b: 42 brd ff: ff: ff: ff: ff: ff link-netnsid 4
inet6 fe80 :: 94ec: 41ff: fe3c: 1b42 / 64 reach link
valid_lft forever Preferred_lft forever
21: tun0:  mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link / none
inet 10.1.10.10 peer 10.1.10.9/32 scope global tun0
valid_lft forever Preferred_lft forever
inet6 fe80 :: 96f5: a985: ad81: 4e78 / 64 range link flags 800
valid_lft forever Preferred_lft forever

ENO1 If the physical interface traffic is to be used, the others are virtual loopback / docker (or unused) interfaces.

I've removed unnecessary routes and now have a simplified chart here, so I guess it's just a question of adding back in the right route:

$ sudo ip route
10.1.10.1 via 10.1.10.9 dev tun0
10.1.10.9 dev tun0 proto kernel scope src link 10.1.10.10
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-931904c155b2 kernel reach link proto src 172.18.0.1
172.98.67.82 via 192.168.1.1 dev eno1
192.0.0.0/8 dev eno1 proto kernel link link src 192.168.1.208
192.168.1.0/24 via 192.168.1.1 dev eno1

apache – i have a problem with the service apache2 only working in the same network as kali linux but not working on wan

Battery Exchange Network

The Stack Exchange network includes 174 question and answer communities, including Stack Overflow, the largest and most reliable online community on which developers can learn, share knowledge and build their careers.

Visit Stack Exchange

malware – How are victims targeted from external networks (WAN)?

I started to take a closer look at security about a year ago and from all that I've learned so far, I never knew how some victims were targeted by attackers of the external networks, knowing that the victims were behind a router in a private network. and can not be easily reached.

Now, I know that some victims are attacked by email, social media, or different types of malicious content, and then the attacker gets a session by configuring port forwarding on his router, so that the traffic goes directly on his machine and so on. is clear enough for me. However, my question remains: how can anyone attack a particular person from a wide area network (with the exception of sending malicious content to him so he can open it)? Does it hide behind a router / firewall, or is such targeting and attacks taking place?

P.S sorry for my inability to pose perfectly, but hope you understand. Thank you in return!

firewall – How do routers such as Mikrotik determine if the port is a WAN?

Mikrotik RouterOS has the ability to configure firewall rules such as:

etc.

I therefore have some questions:

1) How does it decide that, for example, SFP1 or Ether1 is a WAN and not a LAN?

I found the following link:

https://wiki.mikrotik.com/wiki/Manual:Detect_internet

But I'm not sure how tied he is.

2) If the decision is made based on Internet access, the address assigned by DHCP or something like that, then it's strange from the point of view of security.
So, if someone can turn off the Internet on the other side or cut the wire, does that mean that now, Mikrotik will think that it is a network? local? And all rules based on the local network are broken?

3) If my assumptions are correct and this is a security issue, how can I tell the Mikrotik router manually to consider all ports as WAN ports, with the exception of one or more specific ports?

server – Fix the script / etc / networking / interfaces for 4 networks with 1 bridge, two subnets and a wan interface

I can not make the last network card on my server work properly. I have an HP Proliant Server with 4 NICs currently serving as a home router. Eth0 is my WAN interface, eth1 and eth2 are configured to serve DHCP on two different subnets. Everything is working fine except the last server network card, eth3. I want this to be related to the first subnet on eth1. I've tried many bridging setups but I'm doing something wrong. Here is my interface script found in / etc / networking. Note that this is how it works and that bridging setups have been removed a while ago since I've been researching this for a while. Therefore, eth3 has not been configured yet.

#Loopback lo
auto lo
iface lo inet loopback

#WAN on eth0
auto eth0
iface eth0 inet dhcp

#Subnet 1 on eth1
auto eth1
iface eth1 static inet
address 192.168.1.1
network mask 255.255.255.0
broadcast 192.168.1.255
192.168.1.0 network

#subnet 2 on eth2
auto eth2
iface eth2 static inet
address 10.13.0.1
network mask 255.255.255.240
10.13.0.15 broadcast
10.13.0.0 network

#alias on eth1: 0
self eth1: 0
iface eth1: 0 static inet
address 192.168.1.2
network mask 255.255.255.0
broadcast 192.168.1.255
192.168.1.0 network

The alias is for a web server serving my internal network. There is also a face for Dnsmasq that uses port 53.

Ubuntu Server 18.04 LTS, Netplan is disabled using ifupdown. ISC-DHCP-SERVER serving DHCP.

routing – Ponch the packets from the WAN port to a specific MAC address (for example, a decoder behind a router)

I have the following question:

My ISP is feeding me the Internet and IPTV, but the current configuration is that there is a switch before my WiFi router that I want to remove.

Here is a diagram of the current configuration (as you can see, it is rather complicated): Old state diagram

And here's what I want to achieve: Diagram of desired state

I have SSH access to the operating system of the router (Linux). I've also tried some of the settings of the UI for IPTV: IPTV router settings, but that did not help.

The only thing that worked in part is to connect WAN to LAN1 in the router. However, not all devices connected to the switch had Internet access.

The limit I have is that the router and the STB are in different rooms and that I only have an ethernet cable between the rooms.

What I imagined was to link packets or frames from the WAN to the MAC or IP address of the STB.

I also checked with the ISP if they could provide me with VLAN IDs for Internet and IPTV packets, but they could not provide it to me.

I hope that makes sense.