Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 41

Thread: Different external IP address for different "show my IP" pages!!!

  1. #21
    GlowingBlueMist
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On 9/22/2010 8:22 PM, Elton wrote:
    > About the initial question for the different external IPs: could we
    > safely assume that my ISP has a double NAT configuration or is it
    > something else that causes this behaviour?


    It sounds like either double NAT or your host ISP is using some sort of
    address scrambler in their router to ensure you can not host your own
    server.

    One way to usually identify double NAT is to open a command window, also
    known as command.com in older versions of Windows.

    With the command window open, try doing a route trace to a large
    commercial organization, as in "tracert www.google.com", minus the quote
    marks, and check the results.

    If you see an address starting with any combination of the following
    other than the very first entry then you are experiencing a double NAT
    problem as these IP values are restricted from being routed directly
    over the internet.

    10.0.xxx.xxx
    172.16.xxx.xxx
    192.168.xxx.xxx

    If not then the ISP must have something in your path that they are using
    to actively randomize the route of your inbound address as a means of
    blocking you from having a web server.

    Usually I have seen that in locations where the host country is paranoid
    about people running their own unmonitored web sites, like China or
    North Korea.

    I've run out of ideas and will bow out of the discussion so others can
    be heard...

  2. #22
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On 9/23/2010 12:15 AM, Char Jackson wrote:
    > On Wed, 22 Sep 2010 18:22:20 -0700 (PDT), Elton<eltoni.91@gmail.com>
    > wrote:
    >
    >> About the initial question for the different external IPs: could we
    >> safely assume that my ISP has a double NAT configuration or is it
    >> something else that causes this behaviour?

    >
    > I thought you verified that the other day. From your router's
    > perspective, its WAN IP is in the 10.x.x.x space, and that address
    > gets NAT'd to a routable IP by your ISP. That's double NAT.
    >


    I guess I'm confused by what is going on here. It would seem that the
    router should be seeing an address that can be accessed directly by any
    other computer on the internet.

    Certainly, if a user goes to a site like http://grc.com and run his
    Shields Up scan, it must have an IP address for your computer that it
    can access. The OP might try that, and see if that scan would work for
    him or not.

    Another site of interest (and maybe he has already tried this one) is
    http://checkip.dyndns.com.

    If, over time, he has sent himself emails, he might look at the headers
    in them and see what the IP addresses are that show up there.

    I get an IP address (well, my router does) via DHCP from my ISP. I can
    go into my router and view the connections status:
    IP Address 70.100.XXX.25
    Subnet Mask 255.255.224.0
    Default Gateway 70.100.128.1
    DHCP Server 70.100.128.1
    DNS Server 8.8.8.8 4.2.2.4
    Lease Obtained Thursday Sep 23 01:11:50 2010
    Lease Expires Thursday Sep 23 13:11:50 2010
    Note in my case, the IP address is obtained for a 12 hour period. Half
    way thru that, the router will request a renewal for another 12 hours.
    That is so my router always has a valid IP address for replies coming
    back in. If that IP were to change part way thru a session, then some
    replies coming back might get directed to an IP that no longer existed.

    The IP address I get is a dynamic IP -- subject to change at any time.
    But, over the years the only time it has changed is when the server at
    the other end of the DSL line was rebooted (which used to happen several
    times a day), or when I changed routers and didn't update the MAC in
    them. As it is, I have had the same IP address now for several years.

    I don't know if the OP has the ability, but it might be interesting if
    he were to sniff the traffic between his modem and his router. I can do
    that, because my DSL modem is a separate unit from my router. Newer DSL
    modems have a router built in, and that cuts down on the versatility of
    things. (For one thing, you can't hang another router on it -- easily
    anyhow.)

    The use of the IP address in the 10.x.x.x. range is interesting tho.
    Here, if I try a TRACERT to 10.0.0.4, it shows a trace to the router,
    then to the ISP gateway, then loops between two other addresses at the
    ISP. I would have assumed that address would never escape my LAN -- but
    the router apparently passes it on out to the DSL modem which runs in
    bridged mode.

    If I try the TRACERT with 172.16.0.4, the same thing happens, except the
    looping at the final destination pair does not happen (it just times out).

    I guess, on the other side of the coin, look at the good side of having
    a constantly changing IP address. That is like having an anonymizer
    service built in -- nobody can really be tracking what you do and where
    you visit on the web!

    ....Bob




  3. #23
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > I forget now, but didn't this whole sub-thread get started because you
    > wanted to assign an IP address that wouldn't change to your web
    > server? One bit of advice was to assign an address outside of your
    > DHCP server range, but you couldn't because your entire subnet was
    > dedicated to DHCP. I think that's how all of this got started, and as
    > you've seen, there are several ways to approach the problem of
    > assigning IP's, each about as good as another as long they meet your
    > needs.


    No because my web server already had a static LAN IP.
    I have configured my router with the reserved IPs list since I first
    got the DSL internet subscription in my ISP which they gave me the
    modem/router for free, included in the subscription price.
    Only 2 days ago, listening to one advice I got here, I threw out of
    the DHCP range the .2 and .3 addresses and I saw no change in how the
    PCs connect and acquire IPs.
    That's why I ask what's the technical difference of the 2 cases?

  4. #24
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Sep 23, 6:55*am, GlowingBlueMist <glowingbluem...@truely.invalid>
    wrote:
    > On 9/22/2010 8:22 PM, Elton wrote:
    >
    > > About the initial question for the different external IPs: could we
    > > safely assume that my ISP has a double NAT configuration or is it
    > > something else that causes this behaviour?

    >
    > It sounds like either double NAT or your host ISP is using some sort of
    > address scrambler in their router to ensure you can not host your own
    > server.
    >
    > One way to usually identify double NAT is to open a command window, also
    > known as command.com in older versions of Windows.
    >
    > With the command window open, try doing a route trace to a large
    > commercial organization, as in "tracertwww.google.com", minus the quote
    > marks, and check the results.
    >
    > If you see an address starting with any combination of the following
    > other than the very first entry then you are experiencing a double NAT
    > problem as these IP values are restricted from being routed directly
    > over the internet.
    >
    > 10.0.xxx.xxx
    > 172.16.xxx.xxx
    > 192.168.xxx.xxx
    >
    > If not then the ISP must have something in your path that they are using
    > to actively randomize the route of your inbound address as a means of
    > blocking you from having a web server.
    >
    > Usually I have seen that in locations where the host country is paranoid
    > about people running their own unmonitored web sites, like China or
    > North Korea.
    >
    > I've run out of ideas and will bow out of the discussion so others can
    > be heard...


    This is my tracert log:

    Tracing route to www.l.google.com [74.125.39.105]
    over a maximum of 30 hops:

    1 1 ms <1 ms <1 ms 192.168.1.1
    2 42 ms 41 ms 42 ms 10.101.0.1
    3 43 ms 42 ms 42 ms 10.1.254.1
    4 42 ms 41 ms 42 ms 10.1.254.6
    5 * * * Request timed out.
    6 56 ms 56 ms 57 ms pos3-0-1-gsr04.ath.OTEGlobe.net
    [62.75.3.53]
    7 112 ms 113 ms 112 ms 62.75.4.129
    8 111 ms 111 ms 111 ms 62.75.4.150
    9 110 ms 110 ms 179 ms 74.125.50.113
    10 109 ms 109 ms 108 ms 209.85.255.176
    11 111 ms 111 ms 143 ms 209.85.254.116
    12 110 ms * 114 ms 209.85.249.166
    13 113 ms 110 ms 111 ms fx-in-f105.1e100.net [74.125.39.105]

  5. #25
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > I guess I'm confused by what is going on here. *It would seem that the
    > router should be seeing an address that can be accessed directly by any
    > other computer on the internet.


    The router itself has an external WAN IP of the 10.x.x.x range.
    So the problem is that I have no information what's going on between
    my router, ISPs router and the internet or what processing gets done
    to the TCP IP packets in every route-step inside the ISP, sent/
    received between my router and the internet.
    I have noticed that my router's WAN IP of range 10.x.x.x, changes
    every time the router is restarted I think.


    > Certainly, if a user goes to a site like http://grc.com and run his
    > Shields Up scan, it must have an IP address for your computer that it
    > can access. *The OP might try that, and see if that scan would work for
    > him or not.


    An all service ports scan in the Shields Up page, results in 1052
    closed ports, 0 opened ports and 4 stealth ports which are 22, 80, 443
    and 646.
    Another scan around 2 hours later in the Shields Up page, results in a
    different IP scanned (the first one was X.Y.Z.84 and now the second
    one is X.Y.Z.11) and only 2 stealth ports which are 22 and 646. All
    the other ports are closed and no port is opened.
    A local scan to my router's WAN IP with the SuperScan 4.0 program in
    the 1-1060 port range, results in 6 opened TCP ports which are 21, 23,
    80, 110, 443 and 995.

    > I don't know if the OP has the ability, but it might be interesting if
    > he were to sniff the traffic between his modem and his router. I can do
    > that, because my DSL modem is a separate unit from my router. *Newer DSL
    > modems have a router built in, and that cuts down on the versatility of
    > things. *(For one thing, you can't hang another router on it -- easily
    > anyhow.)


    I don't think I can do that because my DSL modem is also a router and
    they are the same unit.
    Can I sniff the traffic between my router and the ISP, or at least log
    the sent and received packets in the router?
    I don't think I could understand anything from the sniffing if it is
    possible to be done, but anyway just for experimentation.

    > The use of the IP address in the 10.x.x.x. range is interesting tho.
    > Here, if I try a TRACERT to 10.0.0.4, it shows a trace to the router,
    > then to the ISP gateway, then loops between two other addresses at the
    > ISP. *I would have assumed that address would never escape my LAN -- but
    > the router apparently passes it on out to the DSL modem which runs in
    > bridged mode.


    > If I try the TRACERT with 172.16.0.4, the same thing happens, except the
    > looping at the final destination pair does not happen (it just times out)..
    >


    This is the status overview on my router's page:
    LAN IP Address 192.168.1.1
    Default Gateway 10.101.0.1
    Primary DNS Server 10.1.254.1
    Secondary DNS Server 10.1.2.2

    This is a TRACERT to google.com:
    ----------------------------------------------
    C:\Documents and Settings\User>tracert google.com

    Tracing route to google.com [209.85.135.103]
    over a maximum of 30 hops:

    1 1 ms <1 ms <1 ms 192.168.1.1
    2 41 ms 43 ms 42 ms 10.101.0.1
    3 58 ms 60 ms 59 ms 10.1.249.1
    4 * * * Request timed out.
    5 86 ms * * 62.75.3.29
    6 168 ms * 143 ms 62.75.4.129
    7 147 ms 145 ms 143 ms 62.75.4.214
    8 138 ms 137 ms 145 ms 74.125.50.113
    9 * * 144 ms 209.85.255.176
    10 145 ms 148 ms 142 ms 209.85.248.248
    11 * 151 ms 147 ms 209.85.241.187
    12 149 ms 159 ms 161 ms 72.14.239.54
    13 156 ms 148 ms 151 ms mu-in-f103.1e100.net [209.85.135.103]

    Trace complete.
    ----------------------------------------------


    > I guess, on the other side of the coin, look at the good side of having
    > a constantly changing IP address. *That is like having an anonymizer
    > service built in -- nobody can really be tracking what you do and where
    > you visit on the web!


    That's not true. Even though my IP changes constantly for different
    pages, I always get tracked by bans, blocks, and can't donwload for
    free on rapidshare, hotfile, megaupload, etc. when I hav previously
    downloaded a large quantity/size of files.

  6. #26
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On 9/23/2010 9:12 AM, Elton wrote:
    >> I guess I'm confused by what is going on here. It would seem that the
    >> router should be seeing an address that can be accessed directly by any
    >> other computer on the internet.

    >
    > The router itself has an external WAN IP of the 10.x.x.x range.
    > So the problem is that I have no information what's going on between
    > my router, ISPs router and the internet or what processing gets done
    > to the TCP IP packets in every route-step inside the ISP, sent/
    > received between my router and the internet.
    > I have noticed that my router's WAN IP of range 10.x.x.x, changes
    > every time the router is restarted I think.
    >
    >
    >> Certainly, if a user goes to a site like http://grc.com and run his
    >> Shields Up scan, it must have an IP address for your computer that it
    >> can access. The OP might try that, and see if that scan would work for
    >> him or not.

    >
    > An all service ports scan in the Shields Up page, results in 1052
    > closed ports, 0 opened ports and 4 stealth ports which are 22, 80, 443
    > and 646.
    > Another scan around 2 hours later in the Shields Up page, results in a
    > different IP scanned (the first one was X.Y.Z.84 and now the second
    > one is X.Y.Z.11) and only 2 stealth ports which are 22 and 646. All
    > the other ports are closed and no port is opened.
    > A local scan to my router's WAN IP with the SuperScan 4.0 program in
    > the 1-1060 port range, results in 6 opened TCP ports which are 21, 23,
    > 80, 110, 443 and 995.
    >
    >> I don't know if the OP has the ability, but it might be interesting if
    >> he were to sniff the traffic between his modem and his router. I can do
    >> that, because my DSL modem is a separate unit from my router. Newer DSL
    >> modems have a router built in, and that cuts down on the versatility of
    >> things. (For one thing, you can't hang another router on it -- easily
    >> anyhow.)

    >
    > I don't think I can do that because my DSL modem is also a router and
    > they are the same unit.
    > Can I sniff the traffic between my router and the ISP, or at least log
    > the sent and received packets in the router?
    > I don't think I could understand anything from the sniffing if it is
    > possible to be done, but anyway just for experimentation.
    >
    >> The use of the IP address in the 10.x.x.x. range is interesting tho.
    >> Here, if I try a TRACERT to 10.0.0.4, it shows a trace to the router,
    >> then to the ISP gateway, then loops between two other addresses at the
    >> ISP. I would have assumed that address would never escape my LAN -- but
    >> the router apparently passes it on out to the DSL modem which runs in
    >> bridged mode.

    >
    >> If I try the TRACERT with 172.16.0.4, the same thing happens, except the
    >> looping at the final destination pair does not happen (it just times out).
    >>

    >
    > This is the status overview on my router's page:
    > LAN IP Address 192.168.1.1
    > Default Gateway 10.101.0.1
    > Primary DNS Server 10.1.254.1
    > Secondary DNS Server 10.1.2.2
    >
    > This is a TRACERT to google.com:
    > ----------------------------------------------
    > C:\Documents and Settings\User>tracert google.com
    >
    > Tracing route to google.com [209.85.135.103]
    > over a maximum of 30 hops:
    >
    > 1 1 ms<1 ms<1 ms 192.168.1.1
    > 2 41 ms 43 ms 42 ms 10.101.0.1
    > 3 58 ms 60 ms 59 ms 10.1.249.1
    > 4 * * * Request timed out.
    > 5 86 ms * * 62.75.3.29
    > 6 168 ms * 143 ms 62.75.4.129
    > 7 147 ms 145 ms 143 ms 62.75.4.214
    > 8 138 ms 137 ms 145 ms 74.125.50.113
    > 9 * * 144 ms 209.85.255.176
    > 10 145 ms 148 ms 142 ms 209.85.248.248
    > 11 * 151 ms 147 ms 209.85.241.187
    > 12 149 ms 159 ms 161 ms 72.14.239.54
    > 13 156 ms 148 ms 151 ms mu-in-f103.1e100.net [209.85.135.103]
    >
    > Trace complete.
    > ----------------------------------------------
    >
    >
    >> I guess, on the other side of the coin, look at the good side of having
    >> a constantly changing IP address. That is like having an anonymizer
    >> service built in -- nobody can really be tracking what you do and where
    >> you visit on the web!

    >
    > That's not true. Even though my IP changes constantly for different
    > pages, I always get tracked by bans, blocks, and can't donwload for
    > free on rapidshare, hotfile, megaupload, etc. when I hav previously
    > downloaded a large quantity/size of files.


    I've gone over your previous posts, and I guess I missed a lot :-(

    One thing I noticed, your ISP is running PPPoE -- and that is something
    I hadn't really paid much attention to before. I briefly have looked it
    up, but there is a lot to it that I don't know. Maybe that is where
    some of the other more knowledgeable people here might help you.

    If I understand it correctly, every time you go to a site, it creates a
    'session' -- and each session probably results in what appears to be a
    different IP address for you. The 10.0.x.x addresses your router is
    showing probably are valid addresses in a LAN for your ISP. When you
    send a packet out, it gets 'encapsuled' in an 'envelope packet', sent to
    your ISP, where it is sent on using an IP address for that session.

    In looking at some of the messages you have posted, almost all seem to
    be coming from 79.106.109.XXX, with that last XXX varying all over the
    place. Very seldom the same twice! But you wouldn't be able to use any
    of those for inbound traffic, since they are getting used over and over
    for different customers.

    Unless you can get a static IP from your ISP (and lots of luck for
    that!) I am not sure how to solve your problem. I think you mentioned
    you had already talked to their support people and had struck out. That
    seems to be a world wide problem, the people answering the telephones
    for support have a fixed list of questions to ask, and hoops for you to
    jump thru, and assume if those don't fix the problem it, can't be fixed.

    Do some research on the PPPoE and see if any of it makes sense with what
    you see.

    And, changing your LAN settings I sincerely don't think will have any
    effect on what is going on. I run a mix of static and dynamic IPs on my
    LAN, but with the router always handing out the same IP via DHCP to the
    dynamically assigned devices. I think you mentioned you do the same,
    and that is good.

    The other thought -- depending upon what type of server you want to get
    going, does your ISP offer any web space? My ISP has web space, and
    also FTP space, available for each mailbox account. However, they limit
    very closely what you can run in a web server. That isn't like having
    something on your own computer where you can easily change things, but
    it's better than nothing.

    ....Bob



  7. #27
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Sep 23, 4:49*pm, Bob K <SPAM...@Frontiernet.net> wrote:
    > On 9/23/2010 9:12 AM, Elton wrote:
    >
    >
    >
    >
    >
    > >> I guess I'm confused by what is going on here. *It would seem that the
    > >> router should be seeing an address that can be accessed directly by any
    > >> other computer on the internet.

    >
    > > The router itself has an external WAN IP of the 10.x.x.x range.
    > > So the problem is that I have no information what's going on between
    > > my router, ISPs router and the internet or what processing gets done
    > > to the TCP IP packets in every route-step inside the ISP, sent/
    > > received between my router and the internet.
    > > I have noticed that my router's WAN IP of range 10.x.x.x, changes
    > > every time the router is restarted I think.

    >
    > >> Certainly, if a user goes to a site likehttp://grc.comand run his
    > >> Shields Up scan, it must have an IP address for your computer that it
    > >> can access. *The OP might try that, and see if that scan would work for
    > >> him or not.

    >
    > > An all service ports scan in the Shields Up page, results in 1052
    > > closed ports, 0 opened ports and 4 stealth ports which are 22, 80, 443
    > > and 646.
    > > Another scan around 2 hours later in the Shields Up page, results in a
    > > different IP scanned (the first one was X.Y.Z.84 and now the second
    > > one is X.Y.Z.11) and only 2 stealth ports which are 22 and 646. All
    > > the other ports are closed and no port is opened.
    > > A local scan to my router's WAN IP with the SuperScan 4.0 program in
    > > the 1-1060 port range, results in 6 opened TCP ports which are 21, 23,
    > > 80, 110, 443 and 995.

    >
    > >> I don't know if the OP has the ability, but it might be interesting if
    > >> he were to sniff the traffic between his modem and his router. I can do
    > >> that, because my DSL modem is a separate unit from my router. *NewerDSL
    > >> modems have a router built in, and that cuts down on the versatility of
    > >> things. *(For one thing, you can't hang another router on it -- easily
    > >> anyhow.)

    >
    > > I don't think I can do that because my DSL modem is also a router and
    > > they are the same unit.
    > > Can I sniff the traffic between my router and the ISP, or at least log
    > > the sent and received packets in the router?
    > > I don't think I could understand anything from the sniffing if it is
    > > possible to be done, but anyway just for experimentation.

    >
    > >> The use of the IP address in the 10.x.x.x. range is interesting tho.
    > >> Here, if I try a TRACERT to 10.0.0.4, it shows a trace to the router,
    > >> then to the ISP gateway, then loops between two other addresses at the
    > >> ISP. *I would have assumed that address would never escape my LAN --but
    > >> the router apparently passes it on out to the DSL modem which runs in
    > >> bridged mode.

    >
    > >> If I try the TRACERT with 172.16.0.4, the same thing happens, except the
    > >> looping at the final destination pair does not happen (it just times out).

    >
    > > This is the status overview on my router's page:
    > > LAN IP Address * * 192.168.1.1
    > > Default Gateway * *10.101.0.1
    > > Primary DNS Server 10.1.254.1
    > > Secondary DNS Server * * * 10.1.2.2

    >
    > > This is a TRACERT to google.com:
    > > ----------------------------------------------
    > > C:\Documents and Settings\User>tracert google.com

    >
    > > Tracing route to google.com [209.85.135.103]
    > > over a maximum of 30 hops:

    >
    > > * *1 * * 1 ms<1 ms<1 ms *192.168.1.1
    > > * *2 * *41 ms * *43 ms * *42 ms *10.101.0.1
    > > * *3 * *58 ms * *60 ms * *59 ms *10.1.249.1
    > > * *4 * * * * * * ** * * * ** * * Request timed out.
    > > * *5 * *86 ms * * * * * * ** * * 62.75.3.29
    > > * *6 * 168 ms * * * * * *143 ms *62.75.4.129
    > > * *7 * 147 ms * 145 ms * 143 ms *62.75.4.214
    > > * *8 * 138 ms * 137 ms * 145 ms *74.125.50.113
    > > * *9 * * * * * * ** * * *144 ms *209.85.255.176
    > > * 10 * 145 ms * 148 ms * 142 ms *209.85.248.248
    > > * 11 * * * * * *151 ms * 147 ms *209.85.241.187
    > > * 12 * 149 ms * 159 ms * 161 ms *72.14.239.54
    > > * 13 * 156 ms * 148 ms * 151 ms *mu-in-f103.1e100.net [209.85..135.103]

    >
    > > Trace complete.
    > > ----------------------------------------------

    >
    > >> I guess, on the other side of the coin, look at the good side of having
    > >> a constantly changing IP address. *That is like having an anonymizer
    > >> service built in -- nobody can really be tracking what you do and where
    > >> you visit on the web!

    >
    > > That's not true. Even though my IP changes constantly for different
    > > pages, I always get tracked by bans, blocks, and can't donwload for
    > > free on rapidshare, hotfile, megaupload, etc. when I hav previously
    > > downloaded a large quantity/size of files.

    >
    > I've gone over your previous posts, and I guess I missed a lot :-(
    >
    > One thing I noticed, your ISP is running PPPoE -- and that is something
    > I hadn't really paid much attention to before. *I briefly have looked it
    > up, but there is a lot to it that I don't know. *Maybe that is where
    > some of the other more knowledgeable people here might help you.
    >
    > If I understand it correctly, every time you go to a site, it creates a
    > 'session' -- and each session probably results in what appears to be a
    > different IP address for you. *The 10.0.x.x addresses your router is
    > showing probably are valid addresses in a LAN for your ISP. *When you
    > send a packet out, it gets 'encapsuled' in an 'envelope packet', sent to
    > your ISP, where it is sent on using an IP address for that session.
    >
    > In looking at some of the messages you have posted, almost all seem to
    > be coming from 79.106.109.XXX, with that last XXX varying all over the
    > place. *Very seldom the same twice! *But you wouldn't be able to use any
    > of those for inbound traffic, since they are getting used over and over
    > for different customers.


    Yes, that is the range of my external IP addresses. The XXX part, for
    some pages remains the some, for some others changes, in the same
    time.
    The 79.106.109.XXX are the Albtelecom's line IP addresses hence my
    home internet.
    In some posts you could see an IP starting with 80.X.X.X, but that's
    the static external IP of the network in my work, it has nothing to do
    with the problem because first it's static and second it's not an
    Albtelecom subscription!
    Another thing:
    Where can you see the IP address of the poster of a post/reply, like
    you saw mine?
    Because, for example, I look at the header of your posts and can't
    find anywhere your IP or the NNTP-Posting-Host field.
    Why my IP is shown and yours is not?

    > Unless you can get a static IP from your ISP (and lots of luck for
    > that!) I am not sure how to solve your problem. *I think you mentioned
    > you had already talked to their support people and had struck out. *That
    > seems to be a world wide problem, the people answering the telephones
    > for support have a fixed list of questions to ask, and hoops for you to
    > jump thru, and assume if those don't fix the problem it, can't be fixed.


    > The other thought -- depending upon what type of server you want to get
    > going, does your ISP offer any web space? *My ISP has web space, and
    > also FTP space, available for each mailbox account. *However, they limit
    > very closely what you can run in a web server. *That isn't like having
    > something on your own computer where you can easily change things, but
    > it's better than nothing.


    My purpose isn't to setup an webserver because I need it.
    My purpose is to see if I can make my computer accessible from the
    internet and in the process, to learn more about networks and the way
    how they work.

    It puzzles me why software such as TeamViewer and the TeamViewer
    server, can access my home pc from outside or my ISP accepts traffic
    from facebook.com and sends it to me while I can't access my home PCs
    server ports at all.
    If, for example, youtube.com sees my 79.106.109.XXX IP and then
    streams the video to this IP, and the ISP can send it to the exact
    computer which requested it, then why can't I, instead of a video,
    send a request to my computer to connect in port 80 for example ???

    This rose another debate in one my previous posts, whether my ISP
    accepts only solicited traffic (traffic that has been requested, as
    opposed to unsolicited, traffic that has been sent without any request
    for it) which ended in the conclusion that the ISP must accept
    unsolicited traffic too, because otherwise I would have many problems
    with the connection and the web pages. Since I don't have these kinds
    of problems, I deduced that my ISP accepts unsolicited traffic.

  8. #28
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > Yes, that is the range of my external IP addresses. The XXX part, for
    > some pages remains the some, for some others changes, in the same
    > time.


    Sorry about the typo above. It should be:

    Yes, that is the range of my external IP addresses. The XXX part, for
    some pages remains the *same*, for some others changes, in the same
    time.

  9. #29
    Char Jackson
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Thu, 23 Sep 2010 09:25:18 -0700 (PDT), Elton <eltoni.91@gmail.com>
    wrote:

    >Where can you see the IP address of the poster of a post/reply, like
    >you saw mine?
    >Because, for example, I look at the header of your posts and can't
    >find anywhere your IP or the NNTP-Posting-Host field.
    >Why my IP is shown and yours is not?


    Different Usenet providers do it slightly differently. Here are a few
    of the headers your provider (Google Group?) includes:

    NNTP-Posting-Host: 79.106.109.116
    Mime-Version: 1.0
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    X-Trace: posting.google.com 1285259124 11582 127.0.0.1 (23 Sep 2010
    16:25:24 GMT)
    X-Complaints-To: groups-abuse@google.com
    NNTP-Posting-Date: Thu, 23 Sep 2010 16:25:24 +0000 (UTC)
    Complaints-To: groups-abuse@google.com


    >My purpose isn't to setup an webserver because I need it.
    >My purpose is to see if I can make my computer accessible from the
    >internet and in the process, to learn more about networks and the way
    >how they work.
    >
    >It puzzles me why software such as TeamViewer and the TeamViewer
    >server, can access my home pc from outside


    Are you running any kind of client software related to those
    applications? If so, that's how they do it. The client initiates an
    outbound connection, which your ISP allows, and the return traffic
    simply uses that existing connection.

    >or my ISP accepts traffic from facebook.com and sends it to me


    No idea what you're talking about here. I don't use Facebook. What are
    they sending to you?

    >while I can't access my home PCs server ports at all.


    I thought this had been settled. It appears that your ISP is either
    doing double NAT (most likely) or is using another kind of technology
    that effectively prevents you from doing what you're trying to do.

    >If, for example, youtube.com sees my 79.106.109.XXX IP and then
    >streams the video to this IP, and the ISP can send it to the exact
    >computer which requested it, then why can't I, instead of a video,
    >send a request to my computer to connect in port 80 for example ???


    Youtube doesn't send anything that you haven't requested, as far as I
    know. As above, you make a request which your ISP sees as an outgoing
    connection, which is allowed, and the response from youtube is the
    video you've requested. No mystery there. That scenario works through
    multiple layers of NAT. But that's not the same as some entity trying
    to initiate a connection to your PC. Your ISP's NAT infrastructure has
    no idea what to do with that kind of incoming connection. How would
    they know they should forward it to you rather than to any of their
    other subscribers? There's no user-identifying information in the
    connection setup.


  10. #30
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    I think Char Jackson has covered your questions real well. Let me drop
    a few comments in below.

    On 9/23/2010 2:39 PM, Char Jackson wrote:
    > On Thu, 23 Sep 2010 09:25:18 -0700 (PDT), Elton<eltoni.91@gmail.com>
    > wrote:
    >
    >> Where can you see the IP address of the poster of a post/reply, like
    >> you saw mine?
    >> Because, for example, I look at the header of your posts and can't
    >> find anywhere your IP or the NNTP-Posting-Host field.
    >> Why my IP is shown and yours is not?

    >
    > Different Usenet providers do it slightly differently. Here are a few
    > of the headers your provider (Google Group?) includes:
    >
    > NNTP-Posting-Host: 79.106.109.116
    > Mime-Version: 1.0
    > Content-Type: text/plain; charset=ISO-8859-1
    > Content-Transfer-Encoding: quoted-printable
    > X-Trace: posting.google.com 1285259124 11582 127.0.0.1 (23 Sep 2010
    > 16:25:24 GMT)
    > X-Complaints-To: groups-abuse@google.com
    > NNTP-Posting-Date: Thu, 23 Sep 2010 16:25:24 +0000 (UTC)
    > Complaints-To: groups-abuse@google.com
    >


    I tend to hit the 'view source' to see everything in an email or news
    post. If you depend upon the headers shown by your news reader, you may
    not see everything. The news server my ISP uses (they farm it out in
    recent years) does not pass on the IP address of the originator. Some
    people get upset about that information being passed on. Knowing an IP
    address lets you (maybe) identify where a person is. When I ran one of
    your IP addresses thru a whois server, it showed me on a map that you
    weren't too far from the "heel of the boot" :-) -- that agreed with
    what you had posted a little earlier.

    >
    >> My purpose isn't to setup an webserver because I need it.
    >> My purpose is to see if I can make my computer accessible from the
    >> internet and in the process, to learn more about networks and the way
    >> how they work.
    >>
    >> It puzzles me why software such as TeamViewer and the TeamViewer
    >> server, can access my home pc from outside

    >
    > Are you running any kind of client software related to those
    > applications? If so, that's how they do it. The client initiates an
    > outbound connection, which your ISP allows, and the return traffic
    > simply uses that existing connection.


    Perhaps I can expound on that a little. When you access a web site
    (lets assume a html server) your computer first looks up (at a DNS
    server) the URL to get an IP for that destination, then connects to it
    -- specifying a default port at the destination -- unless you gave a
    specific port. For a web server, that will be port 80. That connect
    request coming from your computer also specifies a port number for
    replies to be sent to. Those ports at the originating computer will be
    random, but usually in the higher numbers. Once that connection has
    been set up, your computer sends traffic to the other on that port 80,
    and replies come back to whatever you specified.

    Enter a router into the mix! A router does a network address
    translation (NAT) so that more than one computer can share the
    connection to the internet. Your router will track the IP of the
    computer and the port it expects replies on, and modify those so it is
    showing them as coming from whatever IP your ISP thinks you are using,
    and probably a different port number. Replies that come back to your
    router are to that outside address and at the modified port. The router
    replaces those with the original IP/port pair and sends it on to your
    computer.

    As long as you keep that connection up to the other end (and I'm not
    sure how that is determined) your router knows where to forward those
    replies.

    In your case, if you do a IPCONFIG on your computer, you will see the
    information on your connection to your router -- in the 192.168 range.
    The router is using an address in the 10.0 range for it's WAN
    connection. It really, since it is using PPPoE, is simply talking to
    another computer at the ISP that is doing a form of NAT, but using an
    available IP address in the 79.106.109 range for the connection. I
    suspect those IP addresses are held down for you only as long as that
    connection is open.

    The advantage of that, to the ISP, is possibly fewer IP addresses it
    needs. I sit here with a DSL connection up 24/7, and that is using one
    IP address. You have your DSL connection up 24/7 -- but when there is
    no traffic going on, you are not using any IP address in the pool the
    ISP has purchased.

    >
    >> or my ISP accepts traffic from facebook.com and sends it to me

    >
    > No idea what you're talking about here. I don't use Facebook. What are
    > they sending to you?
    >
    >> while I can't access my home PCs server ports at all.

    >
    > I thought this had been settled. It appears that your ISP is either
    > doing double NAT (most likely) or is using another kind of technology
    > that effectively prevents you from doing what you're trying to do.
    >
    >> If, for example, youtube.com sees my 79.106.109.XXX IP and then
    >> streams the video to this IP, and the ISP can send it to the exact
    >> computer which requested it, then why can't I, instead of a video,
    >> send a request to my computer to connect in port 80 for example ???

    >
    > Youtube doesn't send anything that you haven't requested, as far as I
    > know. As above, you make a request which your ISP sees as an outgoing
    > connection, which is allowed, and the response from youtube is the
    > video you've requested. No mystery there. That scenario works through
    > multiple layers of NAT. But that's not the same as some entity trying
    > to initiate a connection to your PC. Your ISP's NAT infrastructure has
    > no idea what to do with that kind of incoming connection. How would
    > they know they should forward it to you rather than to any of their
    > other subscribers? There's no user-identifying information in the
    > connection setup.
    >


    If you were to be able to get an IP address that could be seen from the
    internet, then if you were to set up a server, it would be listening on
    a specific port. As I mentioned, for a web server, the default is port 80.

    I set the router here up originally to forward port 80 traffic on to the
    computer I was running a server on. That was a big mistake! All the
    hackers in the world scan IP addresses on port 80, and when they get an
    acknowledgment, they know they have a target to play with. Without
    going into details, it was very obvious very soon that was a bad scene.

    I set the server here to listen for connections to an unused port (got
    64,000 to pick from!), and used a server at DYNDNS to translate connects
    coming to port 80 to the port my server listens on.

    And, a question maybe someone can answer: How do you set up a VPN
    connection if you have a PPPoE connection like Elton does?

    ....Bob

  11. #31
    Char Jackson
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Thu, 23 Sep 2010 21:28:28 -0400, Bob K <SPAMpot@Frontiernet.net>
    wrote:

    >I think Char Jackson has covered your questions real well. Let me drop
    >a few comments in below.


    Thanks, Bob. Your comments dovetailed nicely.

    [big snip]

    >And, a question maybe someone can answer: How do you set up a VPN
    >connection if you have a PPPoE connection like Elton does?


    I believe it's simply a tunnel within a tunnel. The PPPoE connection
    is set up first (as part of the Internet connection itself) and
    probably has endpoints at the CPE modem and somewhere within the ISP's
    network, while the VPN tunnel is optionally set up later and will have
    endpoints that extend past the PPPoE tunnel, perhaps at the CPE router
    (versus the CPE modem) and somewhere on the Internet.

    The VPN tunnel would be inside the PPPoE tunnel, and the customer data
    would be inside the VPN tunnel.


  12. #32
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > Different Usenet providers do it slightly differently. Here are a few
    > of the headers your provider (Google Group?) includes:
    >
    > NNTP-Posting-Host: 79.106.109.116
    > Mime-Version: 1.0
    > Content-Type: text/plain; charset=ISO-8859-1
    > Content-Transfer-Encoding: quoted-printable
    > X-Trace: posting.google.com 1285259124 11582 127.0.0.1 (23 Sep 2010
    > 16:25:24 GMT)
    > X-Complaints-To: groups-abuse@google.com
    > NNTP-Posting-Date: Thu, 23 Sep 2010 16:25:24 +0000 (UTC)
    > Complaints-To: groups-abuse@google.com


    Yes, I use Google Groups always.

    > Are you running any kind of client software related to those
    > applications? If so, that's how they do it. The client initiates an
    > outbound connection, which your ISP allows, and the return traffic
    > simply uses that existing connection.


    Yes. Every computer accesible must have the TeamViewer app that acts
    both as a "caller" and as a "receiver" of the remote control sessions.

    > >or my ISP accepts traffic from facebook.com and sends it to me

    >
    > No idea what you're talking about here. I don't use Facebook. What are
    > they sending to you?


    They send to me the requested data. For example I login and then my
    profile's home page is sent to me and shown into my browser. But never
    mind. Now I understand why requested data passes through.

    > >while I can't access my home PCs server ports at all.

    >
    > I thought this had been settled. It appears that your ISP is either
    > doing double NAT (most likely) or is using another kind of technology
    > that effectively prevents you from doing what you're trying to do.
    >
    > >If, for example, youtube.com sees my 79.106.109.XXX IP and then
    > >streams the video to this IP, and the ISP can send it to the exact
    > >computer which requested it, then why can't I, instead of a video,
    > >send a request to my computer to connect in port 80 for example ???

    >
    > Youtube doesn't send anything that you haven't requested, as far as I
    > know. As above, you make a request which your ISP sees as an outgoing
    > connection, which is allowed, and the response from youtube is the
    > video you've requested. No mystery there. That scenario works through
    > multiple layers of NAT. But that's not the same as some entity trying
    > to initiate a connection to your PC. Your ISP's NAT infrastructure has
    > no idea what to do with that kind of incoming connection. How would
    > they know they should forward it to you rather than to any of their
    > other subscribers? There's no user-identifying information in the
    > connection setup.


    In this case too, I was talking about the case when I request to view
    a video and that video is streamed to my computer.
    Yes now that I gave it a thought you're right. When I make a request
    to Youtube (I'm taking Youtube as an example), the TCP/IP packet of
    that request has in it the MAC address of my PC's network card.
    Youtube sees the IP and the MAC of the sender and sends the response
    (the video for example) in a TCP/IP packet with my external IP and my
    MAC address as destination. The ISP receives the response packet in
    one of those external IPs that the ISP had assigned me when I made the
    request to Youtube in the beginning, and then the ISP sends the
    response to the specified MAC address in the destination field of the
    response TCP/IP packet's header.

    Now when I think of it, even TeamViewer works this way. They assign
    you an unique ID with your MAC that is mapped and saved in a database
    in their servers. So when I make a request to connect to my home PC
    from another PC, the request sent to my home PC already contains the
    MAC address and the ISP knows which computer to send it to.

    Is this scenario correct ?

    Now in this scenario I have an uncertainty:

    The TCP/IP packet that receives Youtube from me (when I make a request
    or want to start a connection to youtube.com), in the final step of
    routing thus when Youtube servers have received my TCP/IP packet, does
    that packet's headers contain my home PC's MAC address or the MAC
    address of the last router?

  13. #33
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > Perhaps I can expound on that a little. *When you access a web site
    > (lets assume a html server) your computer first looks up (at a DNS
    > server) the URL to get an IP for that destination, then connects to it
    > -- specifying a default port at the destination -- unless you gave a
    > specific port. *For a web server, that will be port 80. *That connect
    > request coming from your computer also specifies a port number for
    > replies to be sent to. *Those ports at the originating computer will be
    > random, but usually in the higher numbers. *Once that connection has
    > been set up, your computer sends traffic to the other on that port 80,
    > and replies come back to whatever you specified.
    >
    > Enter a router into the mix! *A router does a network address
    > translation (NAT) so that more than one computer can share the
    > connection to the internet. *Your router will track the IP of the
    > computer and the port it expects replies on, and modify those so it is
    > showing them as coming from whatever IP your ISP thinks you are using,
    > and probably a different port number. *Replies that come back to your
    > router are to that outside address and at the modified port. *The router
    > replaces those with the original IP/port pair and sends it on to your
    > computer.
    >
    > As long as you keep that connection up to the other end (and I'm not
    > sure how that is determined) your router knows where to forward those
    > replies.
    >
    > In your case, if you do a IPCONFIG on your computer, you will see the
    > information on your connection to your router -- in the 192.168 range.
    > The router is using an address in the 10.0 range for it's WAN
    > connection. *It really, since it is using PPPoE, is simply talking to
    > another computer at the ISP that is doing a form of NAT, but using an
    > available IP address in the 79.106.109 range for the *connection. *I
    > suspect those IP addresses are held down for you only as long as that
    > connection is open.
    >
    > The advantage of that, to the ISP, is possibly fewer IP addresses it
    > needs. *I sit here with a DSL connection up 24/7, and that is using one
    > IP address. *You have your DSL connection up 24/7 -- but when there is
    > no traffic going on, you are not using any IP address in the pool the
    > ISP has purchased.


    Thank you! That was very informational.

    > I set the router here up originally to forward port 80 traffic on to the
    > computer I was running a server on. *That was a big mistake! *All the
    > hackers in the world scan IP addresses on port 80, and when they get an
    > acknowledgment, they know they have a target to play with. *Without
    > going into details, it was very obvious very soon that was a bad scene.
    >
    > I set the server here to listen for connections to an unused port (got
    > 64,000 to pick from!), and used a server at DYNDNS to translate connects
    > coming to port 80 to the port my server listens on.


    But you did keep the port forwarding of port 80 to the X port server
    on your router even with DynDNS?
    How did you configure the DynDNS server to do the port translating?
    Where is the option?

  14. #34
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On 9/24/2010 7:58 AM, Elton wrote:
    <snip>
    > But you did keep the port forwarding of port 80 to the X port server
    > on your router even with DynDNS?
    > How did you configure the DynDNS server to do the port translating?
    > Where is the option?


    No -- port 80 requests to the router never get replied to. Just as if
    the IP address wasn't there.

    The DynDNS server has, in their bag of tricks, what is known as their
    WebHop service. You pick up a domain name from them, and you point it
    to where you want, with a destination port specified. (This works only
    with HTML!)

    In my case, I have two different computers, each with a web server. I
    have my own domain name, requests to one sub-domain name get sent on to
    a WebHop domain name where it gets forwarded to another domain name at
    DynDNS with the modified port. That domain name is kept updated with my
    IP address.

    Requests to my domain name, with no sub-domain name (or with the WWW sub
    domain) get forwarded to a different WebHop server, that request gets a
    different port destination assigned, and then sent on.

    My router forwards to the proper computer based on the port specified on
    the packet.

    At the service that I have my domain name at, they allow me to do
    'cloaking' on requests. I'm not sure how that is done, but your address
    bar would never show anything other than what you had given as the
    destination. So, you don't see all various steps something goes thru to
    get to me (and the port numbers!). It also means if you bookmark
    something that you like, that bookmark is just to the original
    destination you put in.

    One downside to this, if I were to specify a favicon icon, that will
    never make it back to you. Not a big deal for me -- it might bother some.

    While the various steps along the way to my servers are reasonably well
    hidden from the user, they are available if you know how to trace thru
    the various steps.

    One of those computers also has some other services I make available.
    One is a telnet server. Again, I have unusual port numbers set up for
    it. (Nothing here responds to any standard port numbers.) Another
    sub-domain name forwards directly to the host name at DynDNS that points
    to my IP. So users, if they need one of the other services here, use
    that, with a port number specified.

    I know all this may sound a little involved, but it really works very
    nicely. There are many services available at DynDNS -- most if you
    subscribe to their Pro service. What I am using is all within their
    free offering (altho some of it is now grandfathered in).

    Again, I hope this sort of explains how things work here. I still am
    not sure how you might take advantage of it in your situation! Somehow
    you need to be able to get some presence visible on the internet. You
    might try running your problem by the support people at DynDNS and see
    if they have any ideas.

    ....Bob


  15. #35
    Char Jackson
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Fri, 24 Sep 2010 03:30:01 -0700 (PDT), Elton <eltoni.91@gmail.com>
    wrote:

    >> Youtube doesn't send anything that you haven't requested, as far as I
    >> know. As above, you make a request which your ISP sees as an outgoing
    >> connection, which is allowed, and the response from youtube is the
    >> video you've requested. No mystery there. That scenario works through
    >> multiple layers of NAT. But that's not the same as some entity trying
    >> to initiate a connection to your PC. Your ISP's NAT infrastructure has
    >> no idea what to do with that kind of incoming connection. How would
    >> they know they should forward it to you rather than to any of their
    >> other subscribers? There's no user-identifying information in the
    >> connection setup.

    >
    >In this case too, I was talking about the case when I request to view
    >a video and that video is streamed to my computer.
    >Yes now that I gave it a thought you're right. When I make a request
    >to Youtube (I'm taking Youtube as an example), the TCP/IP packet of
    >that request has in it the MAC address of my PC's network card.
    >Youtube sees the IP and the MAC of the sender and sends the response
    >(the video for example) in a TCP/IP packet with my external IP and my
    >MAC address as destination. The ISP receives the response packet in
    >one of those external IPs that the ISP had assigned me when I made the
    >request to Youtube in the beginning, and then the ISP sends the
    >response to the specified MAC address in the destination field of the
    >response TCP/IP packet's header.


    A minor clarification. MAC addresses don't typically travel past
    routers. Routers keep a list of MAC addresses and the IP addresses
    that belong to them, (the MAC table). If a router receives traffic for
    a directly connected node that doesn't exist in the MAC table, it will
    broadcast an ARP request ("hey, who owns address 1.2.3.4?") and every
    system will ignore it except the system that owns that IP address.
    That system will reply directly back to the router, the router will
    update its MAC table, and then the router will forward the traffic
    that it was holding to that MAC address. All of that is for traffic
    coming into a local network only. If the destination is not local,
    then the router simply forwards the packet to another router that it
    determines will be able to get the packet closer to its destination.

    I didn't explain that very well and don't have time to pretty it up. I
    just wanted to say that youtube sees your WAN IP address, not your MAC
    address.

    >Now when I think of it, even TeamViewer works this way. They assign
    >you an unique ID with your MAC that is mapped and saved in a database
    >in their servers. So when I make a request to connect to my home PC
    >from another PC, the request sent to my home PC already contains the
    >MAC address and the ISP knows which computer to send it to.
    >
    >Is this scenario correct ?


    As above, the MAC isn't typically sent across the Internet. It stops
    at the first router.

    >Now in this scenario I have an uncertainty:
    >
    >The TCP/IP packet that receives Youtube from me (when I make a request
    >or want to start a connection to youtube.com), in the final step of
    >routing thus when Youtube servers have received my TCP/IP packet, does
    >that packet's headers contain my home PC's MAC address or the MAC
    >address of the last router?


    I don't know everything that's included. Your IP address is there, but
    not your MAC address. Youtube replies to your IP address. The router
    on that segment of youtube's network recognizes that the destination
    IP address is not local so it forwards the packet to another router
    that is (hopefully) closer to you. The packet continues to get
    forwarded by IP address until it hits a router at your ISP. If they're
    doing double NAT, they will have a lookup table to see who made this
    youtube request and they will rewrite the packet and forward it toward
    you. The packet will hit your own NAT router, in turn that router will
    determine that the destination is locally attached, so it will get
    your MAC address from its internal MAC lookup table, rewrite the
    destination to your MAC, and put the packet onto the wire. Each system
    on the LAN will see the packet, but all will ignore it except the
    system that says "hey, that's *my* MAC!". That system will strip the
    first set of headers and send the payload up the network stack, and
    that will happen a few more times, each time headers getting stripped.
    Finally, the actual payload is given to the application that requested
    it.

    I cut a whole lot of corners and took some big liberties, but
    hopefully you get the gist.


  16. #36
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On 9/24/2010 1:19 PM, Char Jackson wrote:
    > On Fri, 24 Sep 2010 03:30:01 -0700 (PDT), Elton<eltoni.91@gmail.com>
    > wrote:
    >
    >>> Youtube doesn't send anything that you haven't requested, as far as I
    >>> know. As above, you make a request which your ISP sees as an outgoing
    >>> connection, which is allowed, and the response from youtube is the
    >>> video you've requested. No mystery there. That scenario works through
    >>> multiple layers of NAT. But that's not the same as some entity trying
    >>> to initiate a connection to your PC. Your ISP's NAT infrastructure has
    >>> no idea what to do with that kind of incoming connection. How would
    >>> they know they should forward it to you rather than to any of their
    >>> other subscribers? There's no user-identifying information in the
    >>> connection setup.

    >>
    >> In this case too, I was talking about the case when I request to view
    >> a video and that video is streamed to my computer.
    >> Yes now that I gave it a thought you're right. When I make a request
    >> to Youtube (I'm taking Youtube as an example), the TCP/IP packet of
    >> that request has in it the MAC address of my PC's network card.
    >> Youtube sees the IP and the MAC of the sender and sends the response
    >> (the video for example) in a TCP/IP packet with my external IP and my
    >> MAC address as destination. The ISP receives the response packet in
    >> one of those external IPs that the ISP had assigned me when I made the
    >> request to Youtube in the beginning, and then the ISP sends the
    >> response to the specified MAC address in the destination field of the
    >> response TCP/IP packet's header.

    >
    > A minor clarification. MAC addresses don't typically travel past
    > routers. Routers keep a list of MAC addresses and the IP addresses
    > that belong to them, (the MAC table). If a router receives traffic for
    > a directly connected node that doesn't exist in the MAC table, it will
    > broadcast an ARP request ("hey, who owns address 1.2.3.4?") and every
    > system will ignore it except the system that owns that IP address.
    > That system will reply directly back to the router, the router will
    > update its MAC table, and then the router will forward the traffic
    > that it was holding to that MAC address. All of that is for traffic
    > coming into a local network only. If the destination is not local,
    > then the router simply forwards the packet to another router that it
    > determines will be able to get the packet closer to its destination.
    >
    > I didn't explain that very well and don't have time to pretty it up. I
    > just wanted to say that youtube sees your WAN IP address, not your MAC
    > address.
    >
    >> Now when I think of it, even TeamViewer works this way. They assign
    >> you an unique ID with your MAC that is mapped and saved in a database
    >> in their servers. So when I make a request to connect to my home PC
    >>from another PC, the request sent to my home PC already contains the
    >> MAC address and the ISP knows which computer to send it to.
    >>
    >> Is this scenario correct ?

    >
    > As above, the MAC isn't typically sent across the Internet. It stops
    > at the first router.
    >
    >> Now in this scenario I have an uncertainty:
    >>
    >> The TCP/IP packet that receives Youtube from me (when I make a request
    >> or want to start a connection to youtube.com), in the final step of
    >> routing thus when Youtube servers have received my TCP/IP packet, does
    >> that packet's headers contain my home PC's MAC address or the MAC
    >> address of the last router?

    >
    > I don't know everything that's included. Your IP address is there, but
    > not your MAC address. Youtube replies to your IP address. The router
    > on that segment of youtube's network recognizes that the destination
    > IP address is not local so it forwards the packet to another router
    > that is (hopefully) closer to you. The packet continues to get
    > forwarded by IP address until it hits a router at your ISP. If they're
    > doing double NAT, they will have a lookup table to see who made this
    > youtube request and they will rewrite the packet and forward it toward
    > you. The packet will hit your own NAT router, in turn that router will
    > determine that the destination is locally attached, so it will get
    > your MAC address from its internal MAC lookup table, rewrite the
    > destination to your MAC, and put the packet onto the wire. Each system
    > on the LAN will see the packet, but all will ignore it except the
    > system that says "hey, that's *my* MAC!". That system will strip the
    > first set of headers and send the payload up the network stack, and
    > that will happen a few more times, each time headers getting stripped.
    > Finally, the actual payload is given to the application that requested
    > it.
    >
    > I cut a whole lot of corners and took some big liberties, but
    > hopefully you get the gist.
    >


    Fantastic explanation!

    Care to explain what goes on in a switch? I know that hubs simply
    bridge the various legs of the network together. But (if I understand
    it correctly) a switch makes a packet known only on the port that would
    be interested in it. But, is that by IP or MAC address?

    Seems like a switch can't have too much processing power built in it,
    but then again I think they have a complicated job to do.

    ....Bob

  17. #37
    Elton
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    > I don't know everything that's included. Your IP address is there, but
    > not your MAC address. Youtube replies to your IP address. The router
    > on that segment of youtube's network recognizes that the destination
    > IP address is not local so it forwards the packet to another router
    > that is (hopefully) closer to you. The packet continues to get
    > forwarded by IP address until it hits a router at your ISP. If they're
    > doing double NAT, they will have a lookup table to see who made this
    > youtube request and they will rewrite the packet and forward it toward
    > you. The packet will hit your own NAT router, in turn that router will
    > determine that the destination is locally attached, so it will get
    > your MAC address from its internal MAC lookup table, rewrite the
    > destination to your MAC, and put the packet onto the wire. Each system
    > on the LAN will see the packet, but all will ignore it except the
    > system that says "hey, that's *my* MAC!". That system will strip the
    > first set of headers and send the payload up the network stack, and
    > that will happen a few more times, each time headers getting stripped.
    > Finally, the actual payload is given to the application that requested
    > it.
    >
    > I cut a whole lot of corners and took some big liberties, but
    > hopefully you get the gist.


    Yes, thank you! That was all very informative.
    The part that I was most interested in and that catched my attention
    was the:

    > The packet continues to get
    > forwarded by IP address until it hits a router at your ISP. If they're
    > doing double NAT, they will have a lookup table to see who made this
    > youtube request and they will rewrite the packet and forward it toward
    > you.


    especially the lookup table of requests because that was the thing I
    was looking for, an explanation for the internal mechanisms of the ISP
    to record requests with IPs between every level of NAT, and (maybe?)
    block unsolicited inbound traffic when they see that it has no match
    in the requests lookup table.
    So what you are saying is that my ISP is keeping track and mapping
    every single connection initiated by their customers to the outside
    servers?
    Does this mean that once this connection is initiated by me to the
    outside server and kept alive, afterwards this server could send me
    data/traffic or TCP packets that are not response to a request, to my
    external IP, and I could receive it because they are tunneled through
    the open connection and the ISP doesn't block it because it is in
    their lookup table ???

    If not, then I'll have to ask some more questions later because
    different scenarios bring up to me different questions about how
    things work, but for now they depend on the answer to the above
    question. :)

  18. #38
    Char Jackson
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Fri, 24 Sep 2010 13:41:57 -0400, Bob K <SPAMpot@Frontiernet.net>
    wrote:

    >Fantastic explanation!


    I grimace when I skim back over it, knowing it could easily be picked
    apart, but thanks.

    >Care to explain what goes on in a switch? I know that hubs simply
    >bridge the various legs of the network together. But (if I understand
    >it correctly) a switch makes a packet known only on the port that would
    >be interested in it. But, is that by IP or MAC address?


    Most switches work at Layer 2, the MAC layer. Here's perhaps more than
    you wanted to know: http://en.wikipedia.org/wiki/Network_switch
    As you can see, other Layers are possible, but I'm most familiar with
    the small unmanaged switches you'd find in SOHO applications. Layer 2
    switches learn the MAC address of each connected device and associate
    it with the corresponding switch port, so that when traffic comes in
    it will know where to forward it.

    >Seems like a switch can't have too much processing power built in it,
    >but then again I think they have a complicated job to do.


    More complicated than a hub, I suppose, since a hub simply sends a
    packet out of every interface except the one it came in on.


  19. #39
    Char Jackson
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    On Fri, 24 Sep 2010 12:15:52 -0700 (PDT), Elton <eltoni.91@gmail.com>
    wrote:

    >The part that I was most interested in and that catched my attention
    >was the:
    >
    >> The packet continues to get
    >> forwarded by IP address until it hits a router at your ISP. If they're
    >> doing double NAT, they will have a lookup table to see who made this
    >> youtube request and they will rewrite the packet and forward it toward
    >> you.

    >
    >especially the lookup table of requests because that was the thing I
    >was looking for, an explanation for the internal mechanisms of the ISP
    >to record requests with IPs between every level of NAT, and (maybe?)
    >block unsolicited inbound traffic when they see that it has no match
    >in the requests lookup table.
    >So what you are saying is that my ISP is keeping track and mapping
    >every single connection initiated by their customers to the outside
    >servers?
    >Does this mean that once this connection is initiated by me to the
    >outside server and kept alive, afterwards this server could send me
    >data/traffic or TCP packets that are not response to a request, to my
    >external IP, and I could receive it because they are tunneled through
    >the open connection and the ISP doesn't block it because it is in
    >their lookup table ???
    >
    >If not, then I'll have to ask some more questions later because
    >different scenarios bring up to me different questions about how
    >things work, but for now they depend on the answer to the above
    >question. :)


    This is quickly getting over my head. Your ISP has to keep a session
    table containing a "4-tuple" (4 pieces of related information) that
    consists of your IP address and port and the destination IP and port.
    Your IP obviously has to be sent so that the destination knows what
    address to send the reply to, but your port is also sent (and is sent
    back to you in the reply) so that your computer knows which
    application should receive this data.

    The session table gets populated with every new request, and to keep
    it from growing out of control, entries are cleaned out when they are
    finished (session closed) or they can be allowed to expire after a
    configured elapsed time. I would assume that as long as a session is
    active, data can be passed in either direction, but that may well be
    too simplistic.

    If you really want to know the details, the various RFC's are the
    authoritative source. Here's one on NAT, for example:
    http://tools.ietf.org/html/rfc3022
    There are RFC's on everything related to networking.
    http://tools.ietf.org/html/
    You can enter your search terms and go from there.


  20. #40
    Bob K
    Guest

    Re: Different external IP address for different "show my IP" pages!!!

    Many thanks to all who offered information on this.

    I, for one, have learned a lot. That is one good feature of these
    newsgroups -- the exchange of ideas.

    I am going to go crawl back into my 'lurk' mode :-)

    ....Bob

Similar Threads

  1. Unidentified Network
    By in forum ms.public.windows.networking.wireless
    Replies: 6
    Last Post: 01-11-10, 01:43 AM
  2. Hijjackthis log help Please
    By miami305 in forum Network Security
    Replies: 7
    Last Post: 09-02-09, 08:58 PM
  3. PC Acting Weird
    By Lurch in forum Software Forum
    Replies: 23
    Last Post: 05-14-09, 06:13 PM
  4. Weird Problem
    By BaLa in forum Software Forum
    Replies: 11
    Last Post: 05-01-09, 07:56 PM
  5. Please new to dsl and already having problem
    By weedancer in forum General Broadband Forum
    Replies: 46
    Last Post: 03-09-07, 06:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •