LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


View Poll Results: Is your computer's (inside) IP address 'private' (10.../192.168..), or public?
I use 'private' RFC1918 10.../192.168.. on my box. 8 100.00%
I use public IP addressing (so others can reach me) 0 0%
Voters: 8. You may not vote on this poll

Reply
  Search this Thread
Old 09-22-2017, 04:46 PM   #16
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,914

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999

Quote:
Originally Posted by lazydog View Post
I know of one company that is using public IP Addresses on site and it's a class B. (Shhhtttt! No names. )
That is more than a little alarming. I thought my employer was a bit lax with certain security measures but I'd thought that world-accessible internal machines stopped being a thing in the 1990's.
 
Old 09-22-2017, 10:54 PM   #17
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Quote:
Originally Posted by 273 View Post
That is more than a little alarming. I thought my employer was a bit lax with certain security measures but I'd thought that world-accessible internal machines stopped being a thing in the 1990's.
I don't work there anymore (+/-5 yrs) but I do not believe they took the steps to move to RFC1918.
 
Old 09-23-2017, 07:50 AM   #18
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
A public IP-address can't be used internally.
 
Old 09-23-2017, 08:29 AM   #19
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Quote:
Originally Posted by sundialsvcs View Post
A public IP-address can't be used internally.
Private IP Addresses cannot be used in public. Public IP's can be used anywhere.
 
Old 09-23-2017, 01:20 PM   #20
GentleThotSeaMonkey
Member
 
Registered: Dec 2016
Posts: 59
Blog Entries: 2

Original Poster
Rep: Reputation: 27
Nat: is your name really PAT? The plot thickens...

@#12345: Thanks! Did I mistake my old friend PAT for NAT?
Quote:
Home users who talk about NAT are actually talking about PAT, or Port Address Translation.
Oh dear: DDG says Cisco dislikes the absence of PAT in my LibraryBook.

Last edited by GentleThotSeaMonkey; 09-24-2017 at 09:15 PM.
 
Old 09-23-2017, 02:32 PM   #21
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
NAT eneeds a PAT on the back!!
 
Old 09-24-2017, 10:37 PM   #22
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
It's important to remember this: even though your router uses a public IP-address, your computer does not.

In fact, it can't.

Internet service providers dole out one public IP-address per subscriber. They're not going to hand out a separate public IP-address for your laser printer! If you took your phone home with you, they're not going to give a third public IP-address to your phone! (All of which they would have to do.)

Therefore, to the Internet, your home is associated with one public IP-address. From this IP-address originates a sometimes-flood of outbound traffic, coming from a variety of pseudo-random port numbers. Most likely, this IP-address has no "open ports" to which inbound connection-requests can be made.

... and furthermore, there is no access from the Internet to any administrative interfaces on your router. (You have much more to fear from someone driving very slowly past your house with a laptop in the passenger seat.)

Last edited by sundialsvcs; 09-24-2017 at 10:38 PM.
 
Old 09-25-2017, 01:49 AM   #23
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,914

Rep: Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999Reputation: 1999
Quote:
Originally Posted by sundialsvcs View Post
It's important to remember this: even though your router uses a public IP-address, your computer does not.

In fact, it can't.

Internet service providers dole out one public IP-address per subscriber. They're not going to hand out a separate public IP-address for your laser printer! If you took your phone home with you, they're not going to give a third public IP-address to your phone! (All of which they would have to do.)

Therefore, to the Internet, your home is associated with one public IP-address. From this IP-address originates a sometimes-flood of outbound traffic, coming from a variety of pseudo-random port numbers. Most likely, this IP-address has no "open ports" to which inbound connection-requests can be made.

... and furthermore, there is no access from the Internet to any administrative interfaces on your router. (You have much more to fear from someone driving very slowly past your house with a laptop in the passenger seat.)
As was pointed out to me above that is assuming some things which may not be true.

A USB ADSL MODEM could mean that only one device is network connected and it has one, public IP address.

Some home routers do allow connections to the management interface from the internet -- it's not usually allowed by default but it is one of the things I check first when setting one up for the first time.
 
Old 09-25-2017, 09:37 AM   #24
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,624

Rep: Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578
Quote:
Originally Posted by sundialsvcs View Post
... and furthermore, there is no access from the Internet to any administrative interfaces on your router.
It's my understanding that a malicious web site can instruct your browser to connect to your router and do evil things if your router is using one of the common default login/password combinations.
 
Old 09-25-2017, 10:25 AM   #25
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
It can if the the option to access the management interface from the web is enabled as well as an easy login name/password. There are those three oportunities to make it difficult.
 
Old 09-25-2017, 01:32 PM   #26
michaelk
Moderator
 
Registered: Aug 2002
Posts: 16,430

Rep: Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938Reputation: 1938
In addition, it depends on the type of broadband service but I would guess most have router or MODEM/router combination. Therefore in general any device connected will have a private IP address. While many might only have internet provided by LTE that is still a private IP address provided by the ISP AFAIK.

However, before wireless devices existed and home LANs were ubiquitous it was common that the desktop which probably was the only computer in the house was connected directly to the MODEM. Therefore the computer will have a public IP address.

A router can be any computer that has typically has two or more ethernet adapters and maybe a wireless adapter. There are many distributions designed to be a router and/or firewall. The ethernet adapter connected to the MODEM will have a public IP address. You can add router/firewall functionality to any distribution...

Typically combination MODEM/routers have a bridge mode that basically bypasses the router function so any other device connected to its LAN port will have a public IP address. As stated most ISPs only provide one public IP address for home service unless you want to pay extra.

As stated there are USB and PCI ADSL MODEMSs.
 
Old 09-25-2017, 02:15 PM   #27
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,624

Rep: Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578
Quote:
Originally Posted by dave@burn-it.co.uk View Post
It can if the the option to access the management interface from the web is enabled as well as an easy login name/password. There are those three oportunities to make it difficult.
That's the primary way to access the management interface on most home routers. On Linksys routers, you direct your browser to 192.168.1.1:80, enter a password of "admin" (there's no login name), and you're in. Most people here should be aware of the need to change that, but in the world at large ... ???
 
Old 09-25-2017, 02:25 PM   #28
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
(Previous points acknowledged – thank you for the clarifications.)

Quote:
Originally Posted by michaelk
[...]While many might only have internet provided by LTE that is still a private IP address provided by the ISP [...]
If you attach a computer directly to a modem, your computer will initiate a DHCP conversation with the ISP and will receive a (public) IP-address from them. (This is what one of the two network adapters will do, in a computer that is built to act as a firewall or a router.) But this device therefore faces only "outside." This device cannot communicate with anything else in your home. This scenario would expose the computer's services to the public, if those services "listen to" that IP-address.

ISPs never assign private addresses: that function is performed by the router in your local subnet. (Your home.)

The computers in your home belong to a "private network" and use IP-addresses from one of the pools of so-called "non-routable addresses," such as 192.168.x.x or 10.x.x.x. Any packet bearing such an address, if presented to the Internet, will be immediately dropped, because it is understood that "nothing outside" has or will ever have such an address.
 
Old 09-25-2017, 03:00 PM   #29
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 365

Rep: Reputation: 135Reputation: 135
Quote:
That's the primary way to access the management interface on most home routers
That is patially true. The interface is usually accessed via your browser, but there is always an option to block access from the external interface and limit it to local access only.
 
Old 09-25-2017, 04:18 PM   #30
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,624

Rep: Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578Reputation: 1578
Quote:
Originally Posted by dave@burn-it.co.uk View Post
That is patially true. The interface is usually accessed via your browser, but there is always an option to block access from the external interface and limit it to local access only.
The point is that even though access is blocked from the external (WAN) interface (as is usually the case by default), a web site that you visit can cause your browser to access the router's management page via the local (LAN) interface. You can't block that without losing the ability to manage the router. Your only protection is by changing the password.
 
  


Reply

Tags
nat


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to connect two private network in redhat?for example 10.0.0.0 and 192.168.0.0? alwaysonline007 Linux - Newbie 10 05-16-2012 10:28 PM
my server can't ping other boxes on private network (192.168.0.0) bweaver Linux - Networking 5 07-28-2011 04:20 PM
[root@wlxxb ~]# telnet 192.168.192.12 25 Trying 192.168.192.12... telnet problem cnhawk386 Linux - Networking 1 10-10-2007 03:50 PM
What route to access daisy chained 2d router 192.168.1.1 after 192.168.0.1 (subnets?) Emmanuel_uk Linux - Networking 6 05-05-2006 02:47 AM
NAT for lan 192.168.2.x urukhay Linux - Networking 1 11-09-2004 05:49 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 12:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration