DSL and NAT'ed customer addresses

Gerald Combs gerald at ethereal.com
Sat Feb 22 20:33:46 CST 2003 

On Sat, 22 Feb 2003, Hanasaki JiJi wrote:

> Ah.. ya missed a key thing.  He isn't doing the NAT.  The DSL provider 
> is NAT'ing AND there are multiple internal IPs on a single externalIP.

What address is his provider giving him?  If it's in one of the private
ranges listed in RFC 1918 (10.0.0.0 - 10.255.255.255, 172.16.0.0 -
172.31.255.255, or 192.168.0.0 - 192.168.255.255) then his proider is
likely NATing him.  

If his address is NOT in any of these ranges he might be able to use a
dynamic DNS service (assuming his provider isn't otherwise blocking access
to the port he's trying to serve).

> Joshua Bergland wrote:
> > I am using ddclient as my dyndns client, and it has an option in its 
> > configuration file to have it use 'web based IP detection' ... it 
> > checked the information returned by http://checkip.dyndns.org and then 
> > uses that to set the ip address for your chosen domain :-)
> > 
> > Make sure to set it to only change your dyndns settings at the dyndns 
> > only if your ip address changes, as doing it more frequently is 
> > considered abuse according to dyndns.org
> > 
> > http://clients.dyndns.org/unix.php?service=dyndns
> > 
> > Just my two cents,
> > Josh
> > 
> > Hanasaki JiJi wrote:
> > 
> >> NAT
> >>
> >> MyLinuxBox(ip=ip1) <== NATer ==> outside world (ip=ip2)
> >>
> >> dyndns does a great job for dynamically assigned/changing IPs but how 
> >> does it help when the insideIP!=outsideIP?
> >>
> >> Jason Clinton wrote:
> >>
> >>> Hanasaki JiJi wrote:
> >>>
> >>>> Any thoughts on how he might run a server that can have connections 
> >>>> initiated to it from anywhere on the net?
> >>>>
> >>>
> >>> If he's behind a NAT he needs two things:
> >>>
> >>> 1. The ability to update the IP address of the router to a dyndns 
> >>> service like dyndns.org so that no matter what his IP address is at 
> >>> any given time, you can still find it from outside his NAT.
> >>>
> >>> 2. The NAT needs to be able to 'port forward' the port the particular 
> >>> server would run on. IE: port 80 for HTTP, 21 FTP, 22 SSH, 23 Telnet, 
> >>> 25 SMTP.
> >>>
> >>> If you have the ability to let people know you're running on some odd 
> >>> ports then you'll be better capable of avoiding your ISP's probes for 
> >>> users running service (which is a violation of most end user 
> >>> agreements). In the case of SMTP, you don't have a choice because all 
> >>> SMTP servers look at port 25. In the case of HTTP, however, you could 
> >>> distribute a URL that contains the port number it in like this:
> >>>
> >>> http://archemides.homeunix.org:8888/
> >>> (i don't actually have an http server running here)
> >>>
> >>
> > 
> > 
> > 
> 
> -- 
> = Management is doing things right; leadership is doing the     =
> =       right things.    - Peter Drucker                        =
> =_______________________________________________________________=
> =     http://www.sun.com/service/sunps/jdc/javacenter.pdf       =
> =  www.sun.com | www.javasoft.com | http://wwws.sun.com/sunone  =
> 
> 
> 
>

More information about the Kclug mailing list