Re: Checking originating IP address

From: Rudi Ahlers (Rudi_at_Bonzai.org.za)
Date: 03/14/04 

Date: Sun, 14 Mar 2004 15:43:07 +0200

What I meant by globally, is worldwide.

I have a UNIX machine setup, with a modem, and when I connect to my website,
it shows my PC's IP address. Many people who have windows XP / 2000 setup
with internet shareing report the same.

The website can't connect to my PC on the LAN, but it displays the IP of the
machine that is browsing the site.
This is a problem, cause I also want to filter user's permissions by IP
addresses, and came across this problem. 

--
Kind Regards
Rudi Ahlers
+27 (82) 926 1689
For as he thinks in his heart, so he is. ... (Proverbs 23:7)
"Anthony L. Plunkett" <anthony@thefort.org> wrote in message
news:40545921$0$3704$afc38c87@news.easynet.co.uk...
> Rudi Ahlers wrote:
>
> > I have a question on this, $_SERVER['REMOTE_ADDR'], is what you were
> > referring to.
> >
> > If a user uses modem or DSL, his IP on the modem changes everytime. But,
> > like me, if he's got a UNIX bawx between his modem and his own PC, his
own
> > PC might be 192.168.0.2 (for instance). Now, there are many people with
a
> > similar setup, having 2 /3 PC's at home, one for mom, one for dad, and
one
> > for the kids. How would you block those user's out, if that IP range,
which
> > is private, is being used globally? cause PHP gets the IP of the machine
the
> > website was opened on. Not the actual IP address of the dialled in user.
> >
> > The scenario you describe would work perfectly on a corporate / large
> > company LAN, who has a block of say class B IP addresses.
> >
>
> I could be misunderstanding you, but the remote server would only see
> the NAT machines IP address, it could *never* see the IP addresses of
> the internal machines that connect to the NAT.   So the private IP range
> is kept private, it can not be and never is used globally.
>
> A TCP packet header is made up of:
>
> [SOURCE ADDRESS | SOURCE PORT | DESTINATION ADDRESS | DESTINATION PORT]
>
> The source address will *always* be the NAT address.  The source port
> changes, but that is purely so the NAT can keep track of what TCP
> packets should go where (if say 2 internal machines were browsing the
> same external site).
>
> There is no way you can filter NAT users from a site since you could
> never tell.
>
> --
> Anthony Plunkett
> "If we can't play God, who will?"

Relevant Pages

  • Re: Wireless Network Design
    ... But since this modem does NAT, ... If for example the DSL modem is setup to only NAT 192.168.0..0/24 then ... Wireless Rtr 1 ... Both routers would provide DHCP addresses for their respective ...
    (comp.dcom.sys.cisco)
  • RE: Nortel Contivity 2600
    ... For the 'why NAT and IPSec don't play nice together' question, ... Before deciding where to connect the VPN device (firewall, inline IPS, ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping ...
    (Pen-Test)
  • Re: DSL + FreeBSD
    ... you can just get a 'modem' (they're not technically modems ... one to the 8-port switch that all the old machines that use ... to use NAT if you have any machines on the private network and they ... private network machines to use IP addresses in the 192.168.1 network ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Linksys WRT54G v5 not forwarding ports to wireless?
    ... Then then modem is doing NAT. ... modem i forward port 7778 to ... Then on the WRT54G I forward port 7778 to ...
    (alt.internet.wireless)
  • Re: NAT on SBS2003 not working
    ... -I was never given information on configuring the modem by earthlink. ... At that point I deleted NAT ... I hit the internet for help. ... Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.sbs)