Web lists-archives.com

Re: Get the external IP address from a Linux box

(Erk. Sorry, Joe.)

On Thu, May 24, 2018 at 6:29 PM, Joe <joe@xxxxxxxxxxxxxx> wrote:
> On Thu, 24 May 2018 08:13:54 +0100
> André Rodier <andre@xxxxxxxxx> wrote:
>> On Thu, 2018-05-24 at 09:07 +0200, Alberto Luaces wrote:
>> > Joe writes:
>> >
>> > > On the assumption that you are using a router of some kind, your
>> > > public
>> > > IP address will be that of the router WAN port (cable, ADSL, etc.)
>> > > and
>> > > there will be a method of determining that by connecting to the
>> > > router
>> > > as an administrator. That method will depend entirely on the
>> > > router.
>> >
>> > If the router supports upnp and it is activated, you can check the
>> > external IP in an device-independent way with
>> >
>> > upnpc -l | grep ExternalIPAddress
>> >
>> Thank you, finally an answer that make sense and is not pedantic.

Two people have already tried to point out that UPNP is vulnerable by design.

If you have any interest in your local security, your router to the
outside should simply not respond to UPNP at all.

Block/ignore UPNP at every interface, internal and external, on your
external router, at bare minimum.

This is not pedantry, this is trying to save you from being attacked
from your inside.

> How is it possible to avoid being pedantic? You told us nothing about
> your Internet connection, or Debian version, so we had to guess at what
> information you actually wanted and which device to ask.
>> I tried this, but it is not 100% reliable. For instance, with the
>> firewall / router I use, upnp id not activated. I suppose I will have
>> to write a custom python script.
> So presumably it isn't your computer's external address that you want,
> but that of your router. I was a bit surprised to see upnp mentioned, I
> thought it was only game-players who were willing to run that, and
> Debian would not be their OS of choice.
> From (not recent) experience of talking to routers, you may have telnet
> or ssh available, otherwise it's an http admin login, followed by one or
> two router-specific commands. You might be lucky, and the default
> router status page without login may contain the WAN address.
> A couple of lines of bash should do it: use curl, and you'll probably
> have to provide the admin password, so the script should probably be
> stored in /root. My routers in years gone by used to need an occasional
> reboot, so I had a script running every ten minutes to check multiple
> websites for connectivity, and if none were found, to issue a reboot
> command.

What Joe says here.

I had ten or twenty lines of moderately careful code in a two
hundred-line perl script I used to update my dyndns.com domain name
back before dyn.com decided they had to kick all the freeloaders like
me off.

Resolution to *some* domain name really ought to be part of an ISP's
basic package, but the Internet got taken over by the poachers.

Joel Rees