[HELP] Can't hide internal IP on SOHO 97

Author	All Replies
wowbanger2k join:2004-12-07 UK	[HELP] Can't hide internal IP on SOHO 97 Hi guys (newbie) I've got NAT setup on my SOHO 97 ADSL router. LAN and internet access are fine, but when I run the security check at www.auditmypc.com they can detect my internal IP!! Selected config pasted below (passwords etc removed ). Everything works fine except this problem with my internal IP being exposed. Any ideas much appreciated. Thanks in advance Chris ***** ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname xxxx ! boot-start-marker boot-end-marker ! logging buffered warnings logging console emergencies enable secret xxxxx ! clock timezone GMT 1 ip subnet-zero ip dhcp excluded-address xx.yy.zz.aa {various others for machines with static IPs] ! !ip dhcp pool CLIENT ! import all ! network xx.yy.zz.0 255.255.255.0 ! default-router xx.yy.zz.aa ! lease 2 ! ! no ip domain lookup ip name-server 158.152.1.43 ip name-server 158.152.1.58 ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 60 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 no aaa new-model password encryption aes ! ! ! ! ! ! ! interface Ethernet0 ip address xx.yy.zz.aa 255.255.255.0 ip access-group 122 out ip nat inside no ip mroute-cache hold-queue 100 out ! interface ATM0 no ip address no ip mroute-cache atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer1 ip address negotiated ip access-group 111 in ip access-group 112 out ip nat outside no ip mroute-cache ip inspect myfw out encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname xxxx ppp chap password xxxx ppp pap sent-username xxxx password xxxx ppp ipcp dns request ppp ipcp wins request hold-queue 224 in ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server no ip http secure-server ! ip nat inside source list 11 interface Dialer1 overload ! access-list 11 permit xx.yy.zz.0 0.0.0.255 ! dialer-list 1 protocol ip permit ! control-plane ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 access-class 131 in exec-timeout 120 0 login local length 0 transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end
wowbanger2k join:2004-12-07 UK	to forum · permalink · · 2004-12-07 16:04:15 ·
michaelr join:2004-03-26 Tucson, AZ	quote: I've got NAT setup on my SOHO 97 ADSL router. LAN and internet access are fine, but when I run the security check at www.auditmypc.com they can detect my internal IP!! If you are accessing this site from your internal network then the site would be broken if it didn't do this. A bit of java or javascript on the web site asks your PC for its IP address and your PC gladly tells it. Nothing the router can do about it unless you block java and all types of scripting (and SSL in case it wants to do the scripting encrypted by SSL).
michaelr join:2004-03-26 Tucson, AZ	to forum · permalink · · 2004-12-07 20:30:44 ·
aryoba Premium,MVM join:2002-08-22 edit: December 8th, @12:51PM	On your CBAC, add "ip inspect name myfw http" and see if the website still can see your internal IP address. The command should be able to block illegitimate internal IP address request from Java or Javascript programs. But keep in mind that using such command may cause your Internet browser to not be able to show up "friendly" Java or Javascript programs. You can verify this condition to "friendly" websites.
	to forum · permalink · · 2004-12-08 01:36:01 ·
wowbanger2k join:2004-12-07 UK	Hey Hey! The "ip inspect name myfw http" command works fine. Thanks for the input everyone Chris
wowbanger2k join:2004-12-07 UK	to forum · permalink · · 2004-12-08 12:22:50 ·
michaelr join:2004-03-26 Tucson, AZ	reply to aryoba quote: The command should be able to block illegitimate internal IP address request from Java or Javascript programs. Unfortunately it blocks all Java - not just one which want to get your IP address. You should add an access-list to specify the sites you allow java apps from.
michaelr join:2004-03-26 Tucson, AZ	to forum · permalink · · 2004-12-09 04:11:56 ·


Wednesday, 03-Dec 19:45:04	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF