Router's IP [solved]

[mikaowx]

Hi.

1.)

Has anyone ever run into getting the WAN IP address of a router on a linux workstation behind router?

Does anybody have the solution? A script maybe?

 

2.)

I am currently setting up a file server behind a Linksys router.

I have forwarded port 22 on the router to the appropriate address.

However cant connect to ssh.

Some of you might remember, we had an earlier discussion on this topic not long ago and i've found security level had been set higher than normal.

Now I've just set sec level in MCC to normal with nothing else hardened but "only allowlocal x11 connections".

Is this enough reason why ssh disconnects clients?

I have a suspicion that if I'd set security level to low the system would allow connections again cuz that's exactly what happened when I first succeeded with it.

 

any help would be appreciated

 

thanks

[Qchem]

I'm a little confused here, are you wanting to obtain the IP address of a router that your linux machine is connected to? If so the router may be acting as a DNS server and its IP address will be in /etc/resolv.conf

[mikaowx]

Exactly.

The only difference is that the router is a DSL router which only has arp routing table, no resolve.conf.

I've heard about a couple of third party vendors that have software solution and those can even notify you in an email at preconfigured intervals if your WAN IP has changed.

Useful if you dont have a dedicated IP and your provider changes it sometimes.

The only trouble is that those softwares are made only for windows and I am trying to configure this on a linux box.

[coverup]

you normally don't need to know the WAN address to setup a server behind the router. Check if the router has a firewall (most of them do), and open port 22 for WAN->LAN connection.

[mikaowx]

Hi!

 

I agree with you, most people dont need it.

Unfortunately in this case, we do need it since the service prvider of this small LAN is a local cable provider that changes the IP sometimes.

We need to be up to date if our IP changes to be able to tune page links, notify users etc.

We could just go ahead and read the routing table on the router by logging in to the router and see what's changed which wouldnt be too secure and cozy either since leaving a dsl router's remote controll service open to the internet is a serious risk.

What's left for us?

Somehow need to query the router to get it's routing table from the LAN side and have the machine set up with cron to automate this job or even send us notifications.

I know this can be done because a local dude showed me how he has done it on windows with a smal program called "ip monitor" I guess.

 

any clues?

[Qchem]

We could just go ahead and read the routing table on the router by logging in to the router and see what's changed which wouldnt be too secure and cozy either since leaving a dsl router's remote controll service open to the internet is a serious risk.

 

Most routers have the ability to only allow the config to be administered from the internal lan, not a great solution but might be worth checking.

 

You may also be able to do someting with ipchicken and a shell script (possibly called in cron) to make changes when the IP address changes. If you need help with this post back and I'll try to give you a hand.

[mikaowx]

I've not yet been involved into this deep so I am thinking of something like cron would call lynx with the appropriate url (ipchicken) then the data would be analized with sed and awk and be sent over to a local MTA to post it?

The realization would be kinda hard for me tough. :P

So the question arises; -How could an MTA post data without user interaction or without using any MUA?

I am not a programmer you see.

 

I might just stick to ssh from the outside and see ipchicken sometimes with lynx.

 

 

What do you guys reckon?

Edited March 7, 2005 by mikaowx

[coverup]

Wouldn't be easier to approach the ISP and find out why they change IP addrerss? This may happen simply because your router disconnects after an idle time in which case you should set the router to be always connected. Or maybe, purchase a static IP address or switch to another ISP?

[mikaowx]

I Might be better off if I had a static ip thats true. But it costs much more and thats a stonecold fact.

I just wanted to know if there's a relatively easy solution to this thats all there's to it.

 

Thanks again...

[Qchem]

I'm not totally sure how we can change the MTA config yet, but I know how to obtain the address from IP chicken:

 

#!/bin/bash

BROWSER="/usr/bin/lynx -source"
WEBSITE="http://www.ipchicken.com"
COLORTEST="#0000FF"

${BROWSER} ${WEBSITE} | grep -A1 {COLORTEST} | html2text | tr -d ' '

 

which returns your IP address to the terminal when run. We now have to decide what to do with it, what exactly do you need to update the IP address in?

[mikaowx]

Cool!

 

Variables are understood.

What does A1 stand for in the grep tunnel part of the expression and why are we using navy?

Is that the color of the particular pattern in the html code we're looking for?

My other question is; what tr -d ' ' is all about?

 

I would personally need it to update a link in an html code at a public server on the internet (which would automatically guide users to a server on a lan) but the e-mail notification of ip change would also be great if applicable. I also run ssh and sometimes other services too behind this router and those would become unreachable if I hadnt been notified of ip changes.

 

Perhaps a small, easily configurable SMTP sever could fix this for us.

What MTA in your opinion would be best for the purpose?

I am now considering something that works right out of the box since I am not intended to chew myself through hundreds of documents on how to set sendmail or postfix up knowing that postfix even uses databases for access control. Setting up postfix would involve setting up an sql server as well, wouldnt it?

That's why i am about to use the simpliest possible.

 

any suggestions?

[sellis]

Forgive me if I'm being thick, here, but it sounds as if you need to publish your IP address to the outside world, so that they can keep up to date with any changes.

 

If you could have a DNS entry that magically stayed up-to-date, then could you avoid publishing your IP address, just your router's name as registered with the DNS server?

 

If so, you may be able to get round this with dynamic dns (http://www.dyndns.org).

 

If you're really lucky, the router may even do this for you. I have a Linksys WRT54G wireless router, and it deals with dynamic DNS automagically. If it gets a different IP address when it renews its DHCP lease from the ISP, then it informs dyndns.org who in turn update their DNS server.

[mikaowx]

Hi.

 

Why dyndns isnt the way? Because all of your users have to be configured with it I guess.

What would anyone out of the unknown benefit of me being registered at dyndns if they dont even know how to set their own dns server settings? Right?

 

You flicked a switch in my mind while I've been thinking of this and I think I have the solution! I am gratefull!

Qchem!

How about having your script somehow insert the result into a local copy of the html? After that have automated ftp upload it (I already know how to do it since I have done this several times when I was working with login scripts) to the website's ftp at scheduled intervals where it can be loaded and displayed from. I admit I havent seen cron doing hourly jobs tough. Daily jobs maybe. Is this hourly schedule possible to do with cron?

 

Obviously this is the simpliest idea so far. The posting trouble still active tough!

 

Edited March 8, 2005 by mikaowx

[sellis]

Why dyndns isnt the way? Because all of your users have to be configured with it I guess.

No, they don't. They already have to have DNS configured to access the web server, and that's enough for dyndns to work.

 

When you register, your router will get a name something like this:

 

yourhostname.dyndns.org

 

...and you can then access this via any other computer connected to the internet, or use that name in links from the web server. The regular DNS system will take care of address resolution.

 

So, instead of uploading something every hour (which means that you could be offline for nearly an hour if your IP changes at 10:01), which would contain something like this:

 

<a href="http://85.42.161.79/yourfile.html">Link</a>

 

you just have a link in the html like this:

 

<a href="http://yourhostname.dyndns.org/yourfile.html">Link</a>

 

...and let the dyndns update client worry about the fact that "yourhostname.dyndns.org" is IP address 85.42.161.79 today and 85.42.161.111 tomorrow.

 

It's simple to set up - especially if the router does it for you - and it is certainly much easier and more scalable than having cron jobs updating web pages every hour. It also gives you external access to your box for a host of other services too. I use my account for ssh and sftp to help me transfer work to and from home.

 

Some links:

 

How to set up a dyndns account (you get up to 5 free, for non-commercial use)

http://www.dyndns.org/services/dns/dyndns/howto.html

 

Automatic update clients (run in the background)

http://www.dyndns.org/support/clients/dyndns.html

Edited March 8, 2005 by sellis

[sellis]

Qchem,

 

I just tried the ipchicken thing, and there's a problem. If you're running behind a web proxy (my ISP has one), then it's the proxy's address that it returned to you, not your router's IP.

 

This may not be a problem for mikaowx, but it's a flaw in the plan.

 

Anyway, have I mentioned dyndns enough yet? I'm convinced that this is the correct solution, especially when re-reading one of the earlier posts:

 

... e-mail notification of ip change would also be great if applicable. I also run ssh and sometimes other services too behind this router and those would become unreachable if I hadnt been notified of ip changes.

 

This is exactly the kind of problem that dyndns has solved. No need for e-mail notification, your machine is always "yourhostname.dyndns.org", for ftp, ssh, http, cups, whatever service you're running on it.