LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


View Poll Results: Is your computer's (inside) IP address 'private' (10.../192.168..), or public?
I use 'private' RFC1918 10.../192.168.. on my box. 8 100.00%
I use public IP addressing (so others can reach me) 0 0%
Voters: 8. You may not vote on this poll

Reply
  Search this Thread
Old 09-20-2017, 09:00 PM   #1
GentleThotSeaMonkey
Member
 
Registered: Dec 2016
Posts: 58
Blog Entries: 2

Rep: Reputation: 27
Question Is your computer's IP address 'private'? (10.../192.168..) Everything's a NAT'ed pkt. PAT?


Anon, so no posted reply needed (if both, choose 'public')

Inspired by a recent file tutorial, I'd like to explore this.
In addition to my curiosity, it might be of learning value!

By "your IP address", I mean only the 'network card' address,
not your WhatIsMyIP.com ?external? NAT'ed ISP address.
(like DOS ipconfig/a or from cli cmd: ip a | grep -w inet)
(&yes, if private, your ISP's router's DHCP gives you this address)

By 'private', I mean RFC1918: 10... or 192.168.. (&172.16../12)

In generalities, this seems to be the difference between:
home/personal vs. where the public *accesses you*.

This can get 'technical', and there's a lot I don't know about
NAT boxes, VPN, port_forwarding, firewall (needed? /r:No), ...
(like 5.3 in this advanced book I found at library)

An advantage seems to be (in simplistic terms):
evil outsiders can't (*simply/trivially*) reach you.
This doesn't cover the instance where you "drag in" evil stuff, generally by accessing a malicious site that instructs your (unsecured) web browser to store stuff (like JavaScript &beyond; again, sorry for my simplistic description: lots Idk).

In addition to my curiosity as to how many LQ'ers are 'public vs. private', feel free to post tutorial info/links Thanks!

Last edited by GentleThotSeaMonkey; 09-23-2017 at 12:35 PM.
 
Old 09-21-2017, 10:49 AM   #2
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
Ask NAT!!
 
Old 09-21-2017, 11:14 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,697
Blog Entries: 4

Rep: Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028
Actually, it doesn't quite work that way . . .

Your computer has one public IP-address, on the outside-facing side of your router. But, no one can make an unsolicited inbound connection request unless you have enabled "port forwarding." (This creates an open port on your router and delivers the requests and the data to a specified internal IP.)

Connections that you make to the outside world – such as to LQ – occur through randomly-generated port numbers, and replies are accepted only from the intended remote IP-address. This is how NAT = Network Address Translation works.

No one from the outside can see into your internal network. All IP-addresses there are "non-routable." No internal traffic ever enters the outside world bearing internal IP's, and any such traffic is immediately dropped by the next-hop anyway.

If you do want to route from your inside addresses to another "inside" network, you have to use secure routing technologies such as OpenVPN to create a secure "tunnel" between the two subnets. Then, specified traffic from one internal subnet can be routed to another, but the transfer takes place through encrypted packets that are exchanged between the two secure (OpenVPN ...) virtual routers. No one Hello we are listening from to every word you say the P.S. your right shoe is untied outside ... uhh, except maybe those guys ... can interfere.

Last edited by sundialsvcs; 09-21-2017 at 11:18 AM.
 
Old 09-21-2017, 12:24 PM   #4
IsaacKuo
Senior Member
 
Registered: Apr 2004
Location: Baton Rouge, Louisiana, USA
Distribution: Debian 9 Stretch
Posts: 2,299
Blog Entries: 8

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
For a typical home setup, there is a cable modem or something which has an accessible public IP address. Usually, there is some sort of router connected to that.

If that's some sort of commercially available router appliance then...unfortunately there's a significant chance it is vulnerable to exploits.

My preference is to set up an x86 compatible computer as that router, instead of an off-the-shelf router appliance. This computer receives security updates just like all of my other Debian machines.
 
Old 09-21-2017, 12:49 PM   #5
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
No more than a computer if you keep the firmware and software up to date or use decent firmware in it.
 
Old 09-21-2017, 01:23 PM   #6
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
I don't understand the question. Most home users and small to medium businesses will use NAT and have one internet facing IP address. As things stand with IP version 4 that's not a choice but the wy it is.
Was there a question beyond that?
 
Old 09-21-2017, 01:33 PM   #7
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,108
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
There is nothing stating that you have to have a router connected to your ISP modem connection. Thus if you are directly connect your device you are using a Public IP Address.

Now if you could get more than 1 Public IP is another story.
 
Old 09-21-2017, 01:38 PM   #8
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by lazydog View Post
There is nothing stating that you have to have a router connected to your ISP modem connection. Thus if you are directly connect your device you are using a Public IP Address.

Now if you could get more than 1 Public IP is another story.
That depends. In my case, and others, the ISP box needs to be present as it is a brouter. In the case of people still using MODEMs it is often the case now that the ISP will, again, provide a brouter instead.
My point being that in all cases the ISP chooses and in the vast majority of modern internet cobections that choice is a brouter with a switch installed, usually allowing ethernet and wireless.
 
Old 09-21-2017, 08:39 PM   #9
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,108
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Quote:
Originally Posted by 273 View Post
That depends. In my case, and others, the ISP box needs to be present as it is a brouter. In the case of people still using MODEMs it is often the case now that the ISP will, again, provide a brouter instead.
My point being that in all cases the ISP chooses and in the vast majority of modern internet cobections that choice is a brouter with a switch installed, usually allowing ethernet and wireless.
This all really depends on your ISP handoff. If you have copper or fiber handoff you should be able to connect directly to it. If it is a cox then you might need their device or depending on where you live you could by your own modem and connect it. I know a lot of ISP in the states that allow you to connect your own device.
 
Old 09-22-2017, 01:42 AM   #10
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by lazydog View Post
This all really depends on your ISP handoff. If you have copper or fiber handoff you should be able to connect directly to it. If it is a cox then you might need their device or depending on where you live you could by your own modem and connect it. I know a lot of ISP in the states that allow you to connect your own device.
Things may well be very different in the US but in the UK at least even those using their own equipment aren't generally connecting a MODEM to their computer in a PCI slot or by USB but, instead, are connecting to a switch and brouter. I actually didn't know internal ADSL MODEMs existed.
 
Old 09-22-2017, 02:50 AM   #11
GentleThotSeaMonkey
Member
 
Registered: Dec 2016
Posts: 58
Blog Entries: 2

Original Poster
Rep: Reputation: 27
Talking As #2 suggests,

@NAT: ?
Quote:
Originally Posted by NAT
You forgot about Corp infrastructure, like 8.8.8.8 @somehow? connects to a zillion 10..., like at http:3627729902

Last edited by GentleThotSeaMonkey; 09-22-2017 at 02:57 AM.
 
Old 09-22-2017, 09:04 AM   #12
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,697
Blog Entries: 4

Rep: Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028Reputation: 3028
The "modem," whatever it is, is the device which converts TCP/IP (and UDP) packets into whatever electrical format the carrier requires. It is, literally, a transmitter and a receiver for some kind of cable (or, for a satellite link).

The "router," which is often built-in to the modem these days, is the digital interface which allows one IP-address to serve many computers ("subnets") on the inside. It also facilitates communication between those "inside" devices.

If your public IP-address is 101.102.103.104, then the packets you're sending to LQ right now might appear to be coming from "port #12345" at this IP. Your router picked this port-number out of its hat, for this particular conversation. When packets come back from LQ's IP, destined for this port-number, your router will strip-off that port number (substituting the one you used), and use that number to forward the packet to "you," on the inside network. When you terminate this conversation, "port #12345" will lose its present meaning. Packets bearing a port-number that are not in-use by the modem (e.g. "stragglers") are dropped.

The router does not reveal the internal IP-address that it is sending it to, nor does it honor an inbound-connection request ...

... unless you've set up "port forwarding." If you, say, wanted to host your own web site, then you'd "port forward" the HTTP and HTTPS port-numbers so that your router would broker connection-request packets, and would forward those packets to your designated web-server machine.

Routers are reasonably well-made, but every manufacturer updates the software from time to time. For instance (just as with a brand-new cell phone ...), you should connect to the manufacturer's web-site and install software updates, unless it does so by itself. (Allow it to do so by itself.)

I also recommend turning off "automatic configuration" options, and that you immediately change the manufacturer-provided network name and password. Don't allow the configuration panels to be accessed wirelessly.

Some routers support OpenVPN, or provide this as an add-on software option, and they happen to do it well.

Last edited by sundialsvcs; 09-22-2017 at 09:05 AM.
 
Old 09-22-2017, 01:57 PM   #13
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
You should update to the open source firmware IF your router suppoorts it as this WILL almost certainly be more up-to-date than the manufacturer's and likely VERY much more secure.
 
Old 09-22-2017, 02:02 PM   #14
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,910

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
I have to admit I am confused as to the purpose of this thread?
An above comment reminded me that most corporate machines are NAT'd also, in the IP4 world at least, so I don't understand why this is being asked.
 
Old 09-22-2017, 04:41 PM   #15
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,108
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Quote:
Originally Posted by 273 View Post
An above comment reminded me that most corporate machines are NAT'd also, in the IP4 world at least
I know of one company that is using public IP Addresses on site and it's a class B. (Shhhtttt! No names. )
 
  


Reply

Tags
nat


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect two private network in redhat?for example 10.0.0.0 and 192.168.0.0? alwaysonline007 Linux - Newbie 10 05-16-2012 10:28 PM
my server can't ping other boxes on private network (192.168.0.0) bweaver Linux - Networking 5 07-28-2011 04:20 PM
[root@wlxxb ~]# telnet 192.168.192.12 25 Trying 192.168.192.12... telnet problem cnhawk386 Linux - Networking 1 10-10-2007 03:50 PM
What route to access daisy chained 2d router 192.168.1.1 after 192.168.0.1 (subnets?) Emmanuel_uk Linux - Networking 6 05-05-2006 02:47 AM
NAT for lan 192.168.2.x urukhay Linux - Networking 1 11-09-2004 05:49 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration