Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Henning Follmann]

On Tue, Oct 31, 2023 at 04:15:30PM +0300, Mihamina RKTMB wrote:
> 
> On 10/31/23 15:35, Henning Follmann wrote:
> > On Mon, Oct 30, 2023 at 06:17:18PM +0300, Mihamina RKTMB wrote:
> > > Hi all,
> > > 
> > > I rent a dedicated server where I installed an hypervisor and purchased
> > > failover public IPv4 IPs routed to that server.
> > > 
> > Of course not! Some host _on_your_subnet_ must be responsible for
> > forwarding the packages. And a route has to be set so your machine knows
> > where to send the packages beyond your local subnet to. That is the
> > gateway. It is just a shortcut to define the default route.
> > 
> What you describe is what happens on home or office network. On datacenter
> networks, it can be much different.
> 
> Look at this documentation: 
> https://help.ovhcloud.com/csm/en-dedicated-servers-network-bridging?id=kb_article_view_article=KB0043731#step-4-configure-the-virtual-machines
> 
> |ADDITIONAL_IP can be any single IP you purshased, and you see the netmask
> set to|
> 
> |255.255.255.255 There is no mention to the host (VMWare) IP address in the
> VM |
> 
> ||
> 
> ||
> 



[]  You  understand ip networking


-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Mihamina RKTMB]

On 10/31/23 16:46, Dan Ritter wrote:

Mihamina RKTMB wrote:

On 10/31/23 01:18, Dan Ritter wrote:

Mihamina RKTMB wrote:

But isn't there a way to make the Debian installer accept that the gateway
is not in the subnet of the set IP address?


No.


[OVH docs reference omitted]

You asked a question, you got the answer. What you want is not a
reasonable thing for the general-purpose installer to cover, and
it does not.


Understood. Thank you.

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Reco]

Hi.

On Tue, Oct 31, 2023 at 11:13:04AM +0100, Marco M. wrote:
> > Maybe you need to help the installer along, and set the default route
> > for the machine? Perhaps using an alternate virtual terminal, like
> > FN+F5. I believe the command is `route add default gw {IP-ADDRESS}
> > {INTERFACE-NAME}`.
> 
> sudo ip route add  dev 
> sudo ip route add 0.0.0.0/0 via 

Actually, you can do it in a single command:

ip ro a default via  dev  onlink

Reco

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Dan Ritter]

Mihamina RKTMB wrote: 
> 
> On 10/31/23 01:18, Dan Ritter wrote:
> > Mihamina RKTMB wrote:
> > > But isn't there a way to make the Debian installer accept that the gateway
> > > is not in the subnet of the set IP address?

> > No.


[OVH docs reference omitted]

You asked a question, you got the answer. What you want is not a
reasonable thing for the general-purpose installer to cover, and
it does not.

Your configuration is a special case. You know how to get what 
you want. If you want to petition the installer maintainers to
cover your special case, you can certainly ask them. I would not
expect it to happen before the next stable release, if at all.

-dsr-

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Mihamina RKTMB]

On 10/31/23 15:35, Henning Follmann wrote:

On Mon, Oct 30, 2023 at 06:17:18PM +0300, Mihamina RKTMB wrote:

Hi all,

I rent a dedicated server where I installed an hypervisor and purchased
failover public IPv4 IPs routed to that server.


Of course not! Some host _on_your_subnet_ must be responsible for
forwarding the packages. And a route has to be set so your machine knows
where to send the packages beyond your local subnet to. That is the
gateway. It is just a shortcut to define the default route.

What you describe is what happens on home or office network. On 
datacenter networks, it can be much different.


Look at this documentation: 
https://help.ovhcloud.com/csm/en-dedicated-servers-network-bridging?id=kb_article_view_article=KB0043731#step-4-configure-the-virtual-machines


|ADDITIONAL_IP can be any single IP you purshased, and you see the 
netmask set to|


|255.255.255.255 There is no mention to the host (VMWare) IP address in 
the VM |


||

||

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Mihamina RKTMB]

On 10/31/23 01:18, Dan Ritter wrote:

Mihamina RKTMB wrote:

Hi all,

I rent a dedicated server where I installed an hypervisor and purchased
failover public IPv4 IPs routed to that server.

When configuring the Debian VMs to use those failover IPs, I have to

- set the address to /32: "ip addr add $IP/32 dev eth0"

- set the traffic to the gateway to go through the NIC: "ip route add $GW
dev eth0"

- set the default route to go via the gateway: "ip route add default via
$GW"

As I set the IP address to a /32, the gateway is not (never) in the subnet
of the VM.

When using the Debian installer, at the networking setup, the installer
refuses that setting: the gateway is not in the subnet of the set IP
address.

The workaround I use is either to

- finish the installation without network and then at reboot, setup the
network

- manually setup the network during installation in another console

But isn't there a way to make the Debian installer accept that the gateway
is not in the subnet of the set IP address?

No.

I presume that your server rental includes an address on an IPv4 or IPv6
network via DHCP or as a static assignment. That is how the
server reaches everything else, the default.

You can add more IPs to that interface. If your upstream network
sends traffic there, your machine can recognize it as
appropriate. How should responses go out?

If the IPs are v4 /32 each, the response cannot go out that way.
There is no "way" there. If your upstream network allows it,
your server can use the v4 /32 as the return address, while
sending out to the default router. But you must have an
interface which sits on the same network as the default router.



Here you find an example of ISP documentation describing the fact the IP 
address is not in the same subnet as the gateway: 
https://help.ovhcloud.com/csm/en-dedicated-servers-network-bridging?id=kb_article_view_article=KB0043731#step-4-configure-the-virtual-machines


|ADDITIONAL_IP can be any single IP you purshased, and you see the 
netmask set to|


|255.255.255.255 There is no mention to the host (VMWare) IP address in 
the VM|

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Marco M.]

Am 31.10.2023 um 08:35:48 Uhr schrieb Henning Follmann:

> Of course not! Some host _on_your_subnet_ must be responsible for
> forwarding the packages.

It is possible to define another specific direct connected route to
your router and use that with source addresses that are not on the
same subnet.
Although, the router also needs that route.

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Henning Follmann]

On Mon, Oct 30, 2023 at 06:17:18PM +0300, Mihamina RKTMB wrote:
> Hi all,
> 
> I rent a dedicated server where I installed an hypervisor and purchased
> failover public IPv4 IPs routed to that server.
> 

Of course not! Some host _on_your_subnet_ must be responsible for
forwarding the packages. And a route has to be set so your machine knows
where to send the packages beyond your local subnet to. That is the
gateway. It is just a shortcut to define the default route.

So the installer is right.

-H 



-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Marco M.]

Am 30.10.2023 um 18:07:20 Uhr schrieb Jeffrey Walton:

> It should not matter, if I recall correctly. Anything the machine does
> not know how to route goes out on the default interface. That should
> be the 0.0.0.0 entry in the routing table.

Although, that entry must be there and the via IP must be on the same
ethernet link.
When adding the address 10.0.0.45/24, 10.0.0.0/24 will show up in the
routing table as directly connected. A route 0.0.0.0/0 via 10.0.0.1 can
be used. If you configure 0.0.0.0/0 via 172.16.0.1, then it will not
know on which NIC that is.
That might be the reason for that failure, as that case is uncommon in
most networks.

> Maybe you need to help the installer along, and set the default route
> for the machine? Perhaps using an alternate virtual terminal, like
> FN+F5. I believe the command is `route add default gw {IP-ADDRESS}
> {INTERFACE-NAME}`.

sudo ip route add  dev 
sudo ip route add 0.0.0.0/0 via 

should work fine.
net-tolls is not installed by default, so command "route" is not
available.

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Dan Ritter]

Mihamina RKTMB wrote: 
> Hi all,
> 
> I rent a dedicated server where I installed an hypervisor and purchased
> failover public IPv4 IPs routed to that server.
> 
> When configuring the Debian VMs to use those failover IPs, I have to
> 
> - set the address to /32: "ip addr add $IP/32 dev eth0"
> 
> - set the traffic to the gateway to go through the NIC: "ip route add $GW
> dev eth0"
> 
> - set the default route to go via the gateway: "ip route add default via
> $GW"
> 
> As I set the IP address to a /32, the gateway is not (never) in the subnet
> of the VM.
> 
> When using the Debian installer, at the networking setup, the installer
> refuses that setting: the gateway is not in the subnet of the set IP
> address.
> 
> The workaround I use is either to
> 
> - finish the installation without network and then at reboot, setup the
> network
> 
> - manually setup the network during installation in another console
> 
> But isn't there a way to make the Debian installer accept that the gateway
> is not in the subnet of the set IP address?

No.

I presume that your server rental includes an address on an IPv4 or IPv6
network via DHCP or as a static assignment. That is how the
server reaches everything else, the default.

You can add more IPs to that interface. If your upstream network
sends traffic there, your machine can recognize it as
appropriate. How should responses go out?

If the IPs are v4 /32 each, the response cannot go out that way.
There is no "way" there. If your upstream network allows it,
your server can use the v4 /32 as the return address, while
sending out to the default router. But you must have an
interface which sits on the same network as the default router.

Note that you are never deleting the IP that your upstream
assigned you. 

Here's what to do after install:

ip addr add $IP/32 dev eth0

that should be all you need, unless there are other things you
aren't telling us.

-dsr-

Re: Debian installer refuses to setup IP address if gateway is no in the same subnet

[Jeffrey Walton]

On Mon, Oct 30, 2023 at 5:53 PM Mihamina RKTMB  wrote:
>
> I rent a dedicated server where I installed an hypervisor and purchased
> failover public IPv4 IPs routed to that server.
>
> When configuring the Debian VMs to use those failover IPs, I have to
>
> - set the address to /32: "ip addr add $IP/32 dev eth0"
>
> - set the traffic to the gateway to go through the NIC: "ip route add
> $GW dev eth0"
>
> - set the default route to go via the gateway: "ip route add default via
> $GW"
>
> As I set the IP address to a /32, the gateway is not (never) in the
> subnet of the VM.
>
> When using the Debian installer, at the networking setup, the installer
> refuses that setting: the gateway is not in the subnet of the set IP
> address.
>
> The workaround I use is either to
>
> - finish the installation without network and then at reboot, setup the
> network
>
> - manually setup the network during installation in another console
>
> But isn't there a way to make the Debian installer accept that the
> gateway is not in the subnet of the set IP address?

It should not matter, if I recall correctly. Anything the machine does
not know how to route goes out on the default interface. That should
be the 0.0.0.0 entry in the routing table.

Maybe you need to help the installer along, and set the default route
for the machine? Perhaps using an alternate virtual terminal, like
FN+F5. I believe the command is `route add default gw {IP-ADDRESS}
{INTERFACE-NAME}`.

Jeff

Debian installer refuses to setup IP address if gateway is no in the same subnet

[Mihamina RKTMB]

Hi all,

I rent a dedicated server where I installed an hypervisor and purchased 
failover public IPv4 IPs routed to that server.


When configuring the Debian VMs to use those failover IPs, I have to

- set the address to /32: "ip addr add $IP/32 dev eth0"

- set the traffic to the gateway to go through the NIC: "ip route add 
$GW dev eth0"


- set the default route to go via the gateway: "ip route add default via 
$GW"


As I set the IP address to a /32, the gateway is not (never) in the 
subnet of the VM.


When using the Debian installer, at the networking setup, the installer 
refuses that setting: the gateway is not in the subnet of the set IP 
address.


The workaround I use is either to

- finish the installation without network and then at reboot, setup the 
network


- manually setup the network during installation in another console

But isn't there a way to make the Debian installer accept that the 
gateway is not in the subnet of the set IP address?


Regards

Re: Debian Wiki IP Address Unban Request

[Greg Wooledge]

On Tue, Aug 22, 2023 at 05:02:22PM -0400, Oliver Wenston wrote:
> I purchased a vps to use as my vpn server, and found out that it was black
> listed from the https://wiki.debian.org/ website. I am currently using
> Bookworm, and would love to be able to visit the wiki with my vpn.
> 
> Who should I contact next on a private channel to get my IP unbanned? Thank
> you very much.

>From <https://wiki.debian.org/DebianWiki/Contact>:

Access to wiki.debian.org is blocked with 403 Forbidden

Please mail w...@debian.org with your IP address 

Debian Wiki IP Address Unban Request

[Oliver Wenston]

Dear Debian mailing list,

I purchased a vps to use as my vpn server, and found out that it was black
listed from the https://wiki.debian.org/ website. I am currently using
Bookworm, and would love to be able to visit the wiki with my vpn.

Who should I contact next on a private channel to get my IP unbanned? Thank
you very much.

Best regards,
Oliver

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The script needs more work it is not exim4-exploiters, it is for
repeated failed logins.

As it is now, it will treat any single failure as one to ban and that
is only going to cause trouble.  Although users should be logged in
normally and will likely have passwords saved in their clients so when
they try to send emails, they can only do so as authenticated and they
will be properly authenticated every time unless they are manually
logging in to simple do an smtp auth send so it might not be so
bad, I may just need to rename the ipsets, but I'll think about it
some more.

Anyway, it's a good start.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ6lgwAKCRCoFmvLt+/i
+0d1AP9tNbfrC62Ts/dWoDFaGH18qa05IvvUyiZnIb82zZtN4gEAoKNToikHpnaW
DQuxWFxLjruS3NWgMIKv/H3xiXZsqRE=
=JJ18
-END PGP SIGNATURE-

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Slightly improved shell script, uses iprange once and conflates both
lists together.


#!/bin/bash

declare -a tcp25_set tcp465_set tcp_25_465_set

banned_ports_list=25,465,993,995

logwatch_file=/var/log/exim4/logwatch-email-20190622a.eml


# NB iprange will cleanup and uniquely sort the ip addresses list
#  - this /may/ also conflate plain ip entries to CIDR entries

tcp25_set=(
$(
grep 'login_saslauthd authenticator failed for.*:25:' \
 "${logwatch_file}" | sed \
-e 's/^.*login_saslauthd authenticator failed for //' \
-e 's/^(.*) //' -e 's/:.*$//'|tr -d '\[\]'|sort -u
)
)

tcp465_set=(
$(
grep 'login_saslauthd authenticator failed for.*:465:' \
 "${logwatch_file}" | sed \
-e 's/^.*login_saslauthd authenticator failed for //' \
-e 's/^(.*) //' -e 's/:.*$//'|tr -d '\[\]'|sort -u
)
)

# create sorted & unique ip set tcp_25_465_set
tcp_25_465_set=(
$(
(
printf "%s\n" "${tcp25_set[@]}"
printf "%s\n" "${tcp465_set[@]}"
) |iprange
)
)

# delete iptables rules if they exist
iptables -D INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-net src -j DROP

iptables -D INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-ip  src -j DROP

# destroy ipset bad-exim4-exploiters lists (if they exist)
ipset destroy bad-exim4-exploiters-net
ipset destroy bad-exim4-exploiters-ip

# create new ipset lists
ipset create  bad-exim4-exploiters-net  hash:net
ipset create  bad-exim4-exploiters-ip   hash:ip

# add entries for ipset bad-exim4-exploiters lists
for badip in "${tcp_25_465_set[@]}"
do
# only add entries if they are not already existing
if [[ -z "${badip##*\/*}" ]]
then
ipset add bad-exim4-exploiters-net "${badip}" -exist
else
ipset add bad-exim4-exploiters-ip  "${badip}" -exist
fi
done

# add iptables rules to use ipsets
iptables -I INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-net src -j DROP

iptables -I INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-ip  src -j DROP


-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ49YAAKCRCoFmvLt+/i
+2PwAP0eneL250uCwwz2Mb1yZlgNJjwWIrzgWXirvSCthM8JJAD+Kzioc/WgCtnA
YG89Zzv/AxgiLPlJJZ3INQ3eGLlFKiQ=
=vGhQ
-END PGP SIGNATURE-

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 22/6/19 6:24 pm, john doe wrote:
>> I've blacklisted quite a number of IP addresses and CIDR blocks
>> from delivering email to my server with entries in the 
>> /etc/exim4/local_host_blacklist file.
>> 
>> Is there any config file that I can easily use to block 465
>> login attempts from bad IP addresses and CIDR blocks?
>> 
>> If there is no simple config file, what can I do without
>> resorting to use of fail2ban so that I can use a curated list of
>> blocked IP addresses.  I'm not sure I want to use iptables for
>> this either.
>> 
>> I /may/ end up blocking the IPs at the firewall (OPN Sense) level
>> yet.
> 
> Instead of files, I probably would use 'ipset', that way, you can
> use the ipset in exim iptables ...


Thanks!

Okay this might help someone else, here are the details of my
solution, it requires the iprange package and a logwatch email to do
the job.

Cheers
A.


References:

http://ipset.netfilter.org/
https://wiki.archlinux.org/index.php/Ipset

https://unix.stackexchange.com/questions/67738/ip-set-to-block-access-to
- -exim-and-dovecot



other possible useful references:
https://firewalld.org/documentation/



#!/bin/bash

declare -a tcp25_set tcp465_set

banned_ports_list=25,465,993,995

logwatch_file=/var/log/exim4/logwatch-email-20190622a.eml


# NB iprange will cleanup and uniquely sort the ip addresses list
#  - this /may/ also conflate plain ip entries to CIDR entries

tcp25_set=(
$(
grep 'login_saslauthd authenticator failed for.*:25:' \
"${logwatch_file}" | sed \
-e 's/^.*login_saslauthd authenticator failed for //' \
-e 's/^(.*) //' -e 's/:.*$//'|tr -d '\[\]'|iprange
)
)

tcp465_set=(
$(
grep 'login_saslauthd authenticator failed for.*:465:' \
"${logwatch_file}" | sed \
-e 's/^.*login_saslauthd authenticator failed for //' \
-e 's/^(.*) //' -e 's/:.*$//'|tr -d '\[\]'|iprange
)
)

# delete iptables rules if they exist
iptables -D INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-net src -j DROP

iptables -D INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-ip  src -j DROP

# destroy ipset bad-exim4-exploiters lists (if they exist)
ipset destroy bad-exim4-exploiters-net
ipset destroy bad-exim4-exploiters-ip

# create new ipset lists
ipset create  bad-exim4-exploiters-net  hash:net
ipset create  bad-exim4-exploiters-ip   hash:ip

# add entries for ipset bad-exim4-exploiters lists
for badip in "${tcp25_set[@]}" "${tcp465_set[@]}"
do
# only add entries if they are not already existing
if [[ -z "${badip##*\/*}" ]]
then
ipset add bad-exim4-exploiters-net "${badip}" -exist
else
ipset add bad-exim4-exploiters-ip  "${badip}" -exist
fi
done

# add iptables rules to use ipsets
iptables -I INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-net src -j DROP

iptables -I INPUT -p tcp -m multiport --dports "${banned_ports_list}" \
-m set --match-set bad-exim4-exploiters-ip  src -j DROP

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ44bQAKCRCoFmvLt+/i
+091AP0RiZcP/+O2R8tzXZ0OwpSiRjmUDYGbJXo47nkJDD2WUQD/W8AZR/DRQuon
OY7rgvU6fPEz3M7mdWUppSxSqaiLHUc=
=8AnG
-END PGP SIGNATURE-

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

[john doe]

> Hi,
>
> I've blacklisted quite a number of IP addresses and CIDR blocks from
> delivering email to my server with entries in the
> /etc/exim4/local_host_blacklist file.
>
> Is there any config file that I can easily use to block 465 login
> attempts from bad IP addresses and CIDR blocks?
>
> If there is no simple config file, what can I do without resorting to
> use of fail2ban so that I can use a curated list of blocked IP
> addresses.  I'm not sure I want to use iptables for this either.
>
> I /may/ end up blocking the IPs at the firewall (OPN Sense) level yet.
>
>

Instead of files, I probably would use 'ipset', that way, you can use
the ipset in exim iptables ...

--
John Doe

blocking 465 connections to mail server for specific IP address without using fail2ban

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I've blacklisted quite a number of IP addresses and CIDR blocks from
delivering email to my server with entries in the
/etc/exim4/local_host_blacklist file.

Is there any config file that I can easily use to block 465 login
attempts from bad IP addresses and CIDR blocks?

If there is no simple config file, what can I do without resorting to
use of fail2ban so that I can use a curated list of blocked IP
addresses.  I'm not sure I want to use iptables for this either.

I /may/ end up blocking the IPs at the firewall (OPN Sense) level yet.

- -- 
Kind Regards
AndrewM

Andrew McGlashan
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ3XpwAKCRCoFmvLt+/i
+1m2AQC3UI8NrRBM/Z1zoRWA4i6zQbyLbt0dGRsILlPHTTQp+wEAjN4S3rSewR3G
BdfMh0Uzir8r4IRtMuLKPAQ42mAEAHc=
=T3vu
-END PGP SIGNATURE-

Re: Get the timezone from an IP address

[Michael Stone]

On Wed, May 08, 2019 at 08:34:36PM +0100, André Rodier wrote:

On Wed, 2019-05-08 at 21:57 +0300, Mindaugas Celiesius wrote:

Did you check this?
https://packages.debian.org/stretch/geoip-bin

> Hi,
>
> Is there any way - or Debian package - to know the timezone from an IP
> address, or at least from a country? I have successfully used the geoip
> databases to get the country, so I could use the main city as an
> approximation.
>
> I would prefer to do this offline, though.
>
> Thanks for your insights.
>
> --
> André

Meow!


Yes, this is the one I use, bit it does not give the timezone.


Note that by default it isn't granular enough to locate the IP with 
enough accuracy to determine TZ within a country.

Re: Get the timezone from an IP address

[André Rodier]

On Wed, 2019-05-08 at 15:03 -0400, Michael Stone wrote:
> On Wed, May 08, 2019 at 07:43:58PM +0100, André Rodier wrote:
> > Is there any way - or Debian package - to know the timezone from an IP
> > address, or at least from a country? I have successfully used the geoip
> > databases to get the country, so I could use the main city as an
> > approximation.
> > 
> > I would prefer to do this offline, though.
> 
> You can get a guess on lat/lon for an IP and then get the TZ for the 
> coordinates. Lots of options there, e.g.:
> https://stackoverflow.com/questions/16086962/how-to-get-a-time-zone-from-a-location-using-latitude-and-longitude-coordinates
> 

Thanks, I will check this as well, a lot of links!

-- 
André

Re: Get the timezone from an IP address

[Darac Marjal]

On 08/05/2019 19:43, André Rodier wrote:
> Hi,
>
> Is there any way - or Debian package - to know the timezone from an IP
> address, or at least from a country? I have successfully used the geoip
> databases to get the country, so I could use the main city as an
> approximation.
>
> I would prefer to do this offline, though.
>
> Thanks for your insights.
>

Some part of my brain said that the timezone database holds this
information, but it may not do so directly. Here's some suggestions from
IANA, though.

https://data.iana.org/time-zones/tz-link.html#boundaries

Re: Get the timezone from an IP address

[Michael Stone]

On Wed, May 08, 2019 at 07:43:58PM +0100, André Rodier wrote:

Is there any way - or Debian package - to know the timezone from an IP
address, or at least from a country? I have successfully used the geoip
databases to get the country, so I could use the main city as an
approximation.

I would prefer to do this offline, though.


You can get a guess on lat/lon for an IP and then get the TZ for the 
coordinates. Lots of options there, e.g.:

https://stackoverflow.com/questions/16086962/how-to-get-a-time-zone-from-a-location-using-latitude-and-longitude-coordinates

Re: Get the timezone from an IP address

[Mindaugas Celiesius]

Did you check this?
https://packages.debian.org/stretch/geoip-bin

> Hi,
> 
> Is there any way - or Debian package - to know the timezone from an IP
> address, or at least from a country? I have successfully used the geoip
> databases to get the country, so I could use the main city as an
> approximation.
> 
> I would prefer to do this offline, though.
> 
> Thanks for your insights.
> 
> --
> André
Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ A dumb species has no way to open a tuna can.
⢿⡄⠘⠷⠚⠋⠀ A smart species invents a can opener.
⠈⠳⣄ A master species delegates.

Re: [OT] IP address collisions

[Joe Pfeiffer]

Dan Purgert  writes:

> Nicholas Geovanis wrote:
>> On Thu, Apr 18, 2019 at 7:57 AM Michael Stone  wrote:
>>
>>>
>>> No, the ULA is the IPv6 equivalent of RFC1918 space--you can use it
>>> internally without central registration by choosing a subnet from
>>> fd00::/8. The space is so much larger that it's much less likely that
>>> two sites would pick the same prefix, but there are no guarantees.
>>>
>> But isn't it irrelevant whether they pick the same prefix or not? Routers
>> that respect ULA and RFC1918 shouldn't route any traffic destined to them
>> off the logical subnet. Right?
>
> No.  RFC1918 / ULA are merely "unroutable on The Internet" (as in, they
> cannot be directly accessed from the public internet).  You can freely
> route between them on "private" networks to your heart's content.
>
> For example, I have the RFC1918 subnets
>
>  - 192.168.1.0/24, .2.0/24, .10.0/24, and .20.0/24  (LAN networks)
>  - 10.90.0.0/16 (VPN[1])
>
> [1] way overkill, but lets me move around a bit in case a hotel is using
> part of that range. (I only have the server hand out a /24 out of that
> range, but the LAN's routing table uses the full /16).

I use 192.168.13/24 for my home machines, externally available on my
VPN as 10.13.13/24, on the theory that hotels will be sensitive to
offending superstitious guests.  Haven't had a problem yet!

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Nicholas Geovanis]

On Thu, Apr 18, 2019, 8:29 AM Michael Stone  wrote:

> On Thu, Apr 18, 2019 at 08:12:04AM -0500, Nicholas Geovanis wrote:
> >But isn't it irrelevant whether they pick the same prefix or not? Routers
> that
> >respect ULA and RFC1918 shouldn't route any traffic destined to them off
> the
> >logical subnet. Right?
>
> If it didn't matter, people wouldn't keep looking for solutions, right?
> In theory, you're right. In the real world, companies merge, etc., and
> stuff that started independently gets VPN'd together and things break.
>

This is correct as far as it goes. If corps merge and their internal IP
addresses overlap, they sort it out. There is no addressing based solution
other than creative routing.

>

Re: [OT] IP address collisions

[Pascal Hambourg]

Le 18/04/2019 à 14:52, Michael Stone a écrit :

On Wed, Apr 17, 2019 at 09:37:36PM +0200, Pascal Hambourg wrote:


A properly generated IPv6 ULA (Unique Local Address) prefix is 
unlikely to have collisions.


A randomly selected subnet from 10/8 is also *unlikely* to have 
collisions.


The probability of collision between two subnets in 10.0.0./8 is orders 
of magnitude higher than between two IPv6 ULA networks (which is 2*10^-12).


But there's a defined difference between "unlikely" and 
"guaranteed".


Indeed. "Guaranteed" means it cannot happen. "Unlikely" means it may 
theoretically happen but it won't practically happen in your lifetime.

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Dan Purgert]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Nicholas Geovanis wrote:
> On Thu, Apr 18, 2019 at 7:57 AM Michael Stone  wrote:
>
>>
>> No, the ULA is the IPv6 equivalent of RFC1918 space--you can use it
>> internally without central registration by choosing a subnet from
>> fd00::/8. The space is so much larger that it's much less likely that
>> two sites would pick the same prefix, but there are no guarantees.
>>
> But isn't it irrelevant whether they pick the same prefix or not? Routers
> that respect ULA and RFC1918 shouldn't route any traffic destined to them
> off the logical subnet. Right?

No.  RFC1918 / ULA are merely "unroutable on The Internet" (as in, they
cannot be directly accessed from the public internet).  You can freely
route between them on "private" networks to your heart's content.

For example, I have the RFC1918 subnets

 - 192.168.1.0/24, .2.0/24, .10.0/24, and .20.0/24  (LAN networks)
 - 10.90.0.0/16 (VPN[1])

[1] way overkill, but lets me move around a bit in case a hotel is using
part of that range. (I only have the server hand out a /24 out of that
range, but the LAN's routing table uses the full /16).

-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAly4kEMACgkQjhHd8xJ5
ooEtPwgAkNULTlTgrX/BBf05jekTkQdINI8Q9CxO+ghG+a9cxOZJWszq9nZmz5QX
aTmy7bHGFA9hYyTb9Ty5+uDDhVLLOvsFY7GaDDLQv+NM+mHWmBlerd+tbMj8k64I
mT3jCxXHdDm23eoCHfNdZpOP1Yv9UBbRcbhjCOt/e4paMx1vde3ZQ71cISjnBsQQ
+GaE2vqtL5hfvss9BOpfoWqpR5PVexVuRg8TtFt/1cgYe5TjawBsgl2ZVYHR+CqS
m1C4uX09RiJnro15JH5NwI1sHwu/ssrTvYAN+Lpx93ybOeSk7gRaaFqCPrTl7Y2T
/Mjie8A6RfSd+Gi7QeaV+br5ttkbhw==
=K64f
-END PGP SIGNATURE-

-- 
|_|O|_| 
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Michael Stone]

On Thu, Apr 18, 2019 at 08:12:04AM -0500, Nicholas Geovanis wrote:

But isn't it irrelevant whether they pick the same prefix or not? Routers that
respect ULA and RFC1918 shouldn't route any traffic destined to them off the
logical subnet. Right?


If it didn't matter, people wouldn't keep looking for solutions, right? 
In theory, you're right. In the real world, companies merge, etc., and 
stuff that started independently gets VPN'd together and things break.

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Nicholas Geovanis]

On Thu, Apr 18, 2019 at 7:57 AM Michael Stone  wrote:

>
> No, the ULA is the IPv6 equivalent of RFC1918 space--you can use it
> internally without central registration by choosing a subnet from
> fd00::/8. The space is so much larger that it's much less likely that
> two sites would pick the same prefix, but there are no guarantees.
>
> But isn't it irrelevant whether they pick the same prefix or not? Routers
that respect ULA and RFC1918 shouldn't route any traffic destined to them
off the logical subnet. Right?

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Michael Stone]

On Wed, Apr 17, 2019 at 08:06:05PM -, Curt wrote:

On 2019-04-17, Pascal Hambourg  wrote:

Le 17/04/2019 à 18:42, Michael Stone a écrit :

On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:

On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone 
wrote:


On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
>I was rather shocked to see that there was no definitive solution to
>avoid address collisions

Sure there is--globally unique IPs.


I assume you're referring to IPv6? I was referring to IPv4.


It applies to both, though we've run out of IPv4. There's no other way
to guarantee the absence of network collisions.


A properly generated IPv6 ULA (Unique Local Address) prefix is unlikely
to have collisions.



I thought that was exactly what he was saying.


No, the ULA is the IPv6 equivalent of RFC1918 space--you can use it 
internally without central registration by choosing a subnet from 
fd00::/8. The space is so much larger that it's much less likely that 
two sites would pick the same prefix, but there are no guarantees. 

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Michael Stone]

On Wed, Apr 17, 2019 at 09:37:36PM +0200, Pascal Hambourg wrote:

Le 17/04/2019 à 18:42, Michael Stone a écrit :

On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone 
 wrote:



On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:

I was rather shocked to see that there was no definitive solution to
avoid address collisions


Sure there is--globally unique IPs.


I assume you're referring to IPv6? I was referring to IPv4.


It applies to both, though we've run out of IPv4. There's no other 
way to guarantee the absence of network collisions.


A properly generated IPv6 ULA (Unique Local Address) prefix is 
unlikely to have collisions.


A randomly selected subnet from 10/8 is also *unlikely* to have 
collisions. But there's a defined difference between "unlikely" and 
"guaranteed".

Re: [OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Curt]

On 2019-04-17, Pascal Hambourg  wrote:
> Le 17/04/2019 à 18:42, Michael Stone a écrit :
>> On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
>>> On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  
>>> wrote:
>>>
 On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
 >I was rather shocked to see that there was no definitive solution to
 >avoid address collisions

 Sure there is--globally unique IPs.
>>>
>>> I assume you're referring to IPv6? I was referring to IPv4.
>> 
>> It applies to both, though we've run out of IPv4. There's no other way 
>> to guarantee the absence of network collisions.
>
> A properly generated IPv6 ULA (Unique Local Address) prefix is unlikely 
> to have collisions.
>

I thought that was exactly what he was saying.

[OT] IP address collisions (was: Accessing a host with variable IP addresses / connection types)

[Pascal Hambourg]

Le 17/04/2019 à 18:42, Michael Stone a écrit :

On Wed, Apr 17, 2019 at 12:38:11PM -0400, Celejar wrote:
On Wed, 17 Apr 2019 12:10:56 -0400 Michael Stone  
wrote:



On Wed, Apr 17, 2019 at 11:57:43AM -0400, Celejar wrote:
>I was rather shocked to see that there was no definitive solution to
>avoid address collisions

Sure there is--globally unique IPs.


I assume you're referring to IPv6? I was referring to IPv4.


It applies to both, though we've run out of IPv4. There's no other way 
to guarantee the absence of network collisions.


A properly generated IPv6 ULA (Unique Local Address) prefix is unlikely 
to have collisions.

Re: get my ip address

[Jonathan de Boyne Pollard]

tony;

I am aware that I can call ip a and parse the result. [...]

Is there any other way to obtain this data, maybe from /sys?


just call libc.getifaddrs() directly.

* 
http://programmaticallyspeaking.com./getting-network-interfaces-in-python.html

Re: get my ip address

[tony]

On 20/02/2019 13:24, Dan Ritter wrote:
> tony wrote: 
>> This thread has now drifted from my asking whether there was any way of
>> interrogating the hardware to obtain the current IP6 address of host -
>> apparently not 
> 
> The hardware doesn't know IP addresses. The kernel knows those.
> 
> $ ip -6 a show eth0
> 2: eth0:  mtu 1500 state UP
> qlen 1000
> inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::d63d:7eff:fe93:e318/64 scope link
>valid_lft forever preferred_lft forever
> 
> $ ip -6 r show | grep eth0
> 2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
> medium
> fe80::/64 dev eth0 proto kernel metric 256  pref medium
> 
> Tra-la.
> 
> Didn't you get this answer before?
> 
> -dsr-
> 

Many times.

Re: get my ip address

[Dan Ritter]

tony wrote: 
> This thread has now drifted from my asking whether there was any way of
> interrogating the hardware to obtain the current IP6 address of host -
> apparently not 

The hardware doesn't know IP addresses. The kernel knows those.

$ ip -6 a show eth0
2: eth0:  mtu 1500 state UP
qlen 1000
inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
   valid_lft forever preferred_lft forever
inet6 fe80::d63d:7eff:fe93:e318/64 scope link
   valid_lft forever preferred_lft forever

$ ip -6 r show | grep eth0
2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium

Tra-la.

Didn't you get this answer before?

-dsr-

Re: get my ip address

[tony]

On 19/02/2019 17:36, Dan Ritter wrote:
> tony wrote: 
>> On 19/02/2019 16:10, Greg Wooledge wrote:
>>> On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
 Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> Why?
>>>
>>>  may offer some insight.

> That sounds like a job for a dynamic dns client.
> 
> existing Debian packages:
> 
> ddclient (multiple backend services supported)
> ddupdate (also supports multiple services, more plugin-oriented)
> dyfi  (Finnish users only)
> dyndns   (multiple services)
> ez-ipupdate (multiple services)
> ipcheck (dyndns protocol specific, but many services use it)
> isc-dhcp-client-ddns  (adds dynamic dns to DHCP)
> 
> Don't reinvent the wheel, when it looks like it already has
> seven versions already.
> 

Right, I've had a (brief) look at some of those, and it seems to me that
none offer a better solution than what I've already got.

This thread has now drifted from my asking whether there was any way of
interrogating the hardware to obtain the current IP6 address of host -
apparently not - via an outburst of pedantry, to recommendations on some
off the shelf libraries to update a DNS. I have no problem; I was simply
investigating alternatives to obtaining the current IP6 address, and
thanks to an early reply came up with netifaces, which does a fine job.

As I previously mentioned, I have a well-tried program for keeping my
DNS updated - albeit for IP4 only, and all I want is to extend that for
IP6. Re-inventing the wheel? No, just a natural evolution. I'd be
re-inventing the wheel if I scrapped what I've got, simply to use a
general-purpose library.

If I were starting from scratch, I may well consider a ready-made
client. One drawback that is immediately apparent, and may well be a
misunderstanding on my part, is that any of the clients mentioned
require to be configured with a particular (proprietary) protocol, to
communicate with a (proprietary) dynamic DNS server (DynDNS seems to be
the favourite). Nowhere have I seen NSUpdate mentioned. Maybe there's a
reason for that, but I'm quite happy with NSUpdate.

So, whilst I appreciate all your attempts to help, I think I'll stick
with what I've got.

Thanks all.

Cheers, Tony

Re: get my ip address

[David Wright]

On Sat 16 Feb 2019 at 11:16:23 (+0100), tony wrote:
> On 15/02/2019 16:52, David Wright wrote:
> > On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
> >> Tony, 15.2.2019, 11:11:29 +0100:
> >>
> >>> Debian 9. I need to read my IPv6 address into a python script.
> >>>
> >>> I am aware that I can call ip a and parse the result. The parsing,
> >>> whilst quite achievable, is slightly tricky, but I can manage the RE, so
> >>>  that's not my question.
> >>>
> >>> Is there any other way to obtain this data, maybe from /sys?
> >>
> >> Take a look at this:
> >> https://pypi.org/project/netifaces/
> >>
> >> This is packaged on stretch as python[3]-netifaces
> > 
> > That's probably best if your destination is a Python program.
> > 
> > Otherwise, for scripting, it's easy to overlook   ip -o a
> > which makes parsing much easier. But note that you may then
> > need to be more specific, eg compare
> > 
> > $ ip a
> > 
> > with
> > 
> > $ ip -o l
> > $ ip -o a
> 
> 
> Thanks to all who replied, I hadn't expected pointers to the various
> python libraries, for which I am very grateful. All I asked for was a
> simple way of directly accessing the hardware, but that does not seem to
> be available.
> 
> Failing that, I had indeed overlooked the -o flag oo ip a, which indeed
> makes parsing easier. However, it does appear that netifaces offers  the
> most usable solution, so a cigar to David Wright for this suggestion.

I only quoted netifaces, so Markus Schönhaber deserves the cigar.

Cheers,
David.

Re: get my ip address

[David Wright]

On Sun 17 Feb 2019 at 12:51:34 (+0900), John Crawley wrote:
> On 16/02/2019 14.28, David Wright wrote:
> > On Sat 16 Feb 2019 at 11:10:32 (+0900), John Crawley wrote:
> > > On 16/02/2019 08.54, David Wright wrote:
> > > > On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:
> > > > > If you're going to recommend parsing `ip`, the -j option may be more
> > > > > amenable to scripting. (JSON output)
> ---
> > > > (Sorry if I was expected to explicitly write "shell scripting".)
> > > > … I don't think that JSON would be any help: rather, the opposite.
> > > 
> > > Though a call to jq makes parsing json very easy for shell scripts.
> > 
> > I'm not sure I understand why you'd ask ip to write JSON, and then
> > post-process it with jq to filter it to different JSON, and then
> > parse it in a shell, rather than just parsing something as simple as
> > the oneline format using the tools that every system has installed
> 
> jq can pull out the exact element of the json that you want, making
> further shell parsing unnecessary.
> Totally unrelated example, (Adobe flash player downloads)
> this query:
> curl -s 
> "https://get.adobe.com/flashplayer/webservices/json/?platform_type=Linux_arch=x86-32_dist=Chrome;
> | jq -r '.[0].download_url'
> returns:
> http://fpdownload.adobe.com/pub/flashplayer/pdc/32.0.0.142/flash_player_ppapi_linux.i386.tar.gz

It's a very different example from what the OP was talking about. But
I am interested to know where the [0] came from in your jq options.

It's also a very different example from what I use   ip -o   for,
which is to pick up the name of my own wired interface and the
ipv6 address of whatever machine is connected to the other end of
a cat5 cable. The results are used for the purpose, much disapproved
of by certain people here, of directly connecting two hosts and using
the ipv6 link to transfer files, thereby leaving both machines' ipv4
configuration completely undisturbed.

My script fragments are:

 Mywiredifname=$(ip -o link show | sed -e '/^[0-9]\+: [^e]/d;s/[0-9]\+: 
\([^:]\+\): .*/\1/;')

where sed throws away any interface names not starting with "e" and
then prints the rest. (All my machines nowadays have one wired port,
so multiple lines never occur.)

 ping6 -c 1 -W 1 ff02::1%"$Mywiredifname"
 Neighbour=$(ip -6 -o neighbour | sed -e 's/^\([^ ]\+\) .*/\1/;')

where sed throws away everything after the first space.
So now I have the ipv6 address of the interface at the other end,
and I can login or transfer files with a single bash function that
isn't aware of the hostnames at either end.

This ping, for example, checks whether the machine is still connected¹
at the other end (neighbour entries can be stale) before proceeding:

 ping6 -c 1 -W 1 "$Neighbour%$Mywiredifname" # and test $?

You're welcome to rewrite these fragments using json, and I shall
try them out.

¹ I have the odd cat5 connector where the locking tab has snapped off.

Cheers,
David.

Re: get my ip address

[Greg Wooledge]

On Tue, Feb 19, 2019 at 11:36:49AM -0500, Dan Ritter wrote:
> tony wrote: 
> > I have a network of IoTs consisting of 5 (I think) Paspberry Pis,
> > monitoring various things, and periodically sending the data to my VPS.
> > I need access to these hosts to manage them.
> > 
> > The network supplier is Orange France (spit!) who supply a dynamic DNS
> > on both IPv4 and IPv6. I need to access any of them.

> That sounds like a job for a dynamic dns client.

Agreed.

> existing Debian packages:
> 
> ddclient (multiple backend services supported)
> ddupdate (also supports multiple services, more plugin-oriented)
> dyfi  (Finnish users only)
> dyndns   (multiple services)
> ez-ipupdate (multiple services)
> ipcheck (dyndns protocol specific, but many services use it)
> isc-dhcp-client-ddns  (adds dynamic dns to DHCP)

And the specific case of dynamic DNS updates is definitely covered
on the wiki page that I linked (https://mywiki.wooledge.org/IpAddress).
It even has sample code for Debian 8.

If you need to use a special python dynamic DNS client for some reason,
that's fine.  Just hook it from the dhclient-exit-hooks.d directory and
let it use the new_ip_address environment variable.  The example is
right there on the wiki page.  Just replace /usr/local/sbin/dync with
your python program (assuming it takes the IP address on the argument list).

Oh... wait, you said IPv6 in the original message, right?  Ugh.  I don't
know IPv6 myself, but fortunately we can look that up... um, somewhere!

wooledg:~$ man dhclient-script | grep 6
   $new_dhcp6_server_id.  The options that the client explicitly requested

... OK, apparently not *there*.

But looking through /sbin/dhclient-script itself, there appear to be
the following variables:

new_ip6_address
new_dhcp6_name_servers
new_dhcp5_domain_search

Maybe those will help?  Give it a shot.  Or wait for someone who knows IPv6
to chime in.

Re: get my ip address

[tony]

On 19/02/2019 17:36, Dan Ritter wrote:
> tony wrote: 
>> On 19/02/2019 16:10, Greg Wooledge wrote:
>>> On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
 Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> Why?
>>>
>>>  may offer some insight.
>>>
>>
>> Well, I'm sure you don't really want to know, and I don't think your
>> blog covers my use case. Correct me if I'm wrong on either count.
>>
>> I have a network of IoTs consisting of 5 (I think) Paspberry Pis,
>> monitoring various things, and periodically sending the data to my VPS.
>> I need access to these hosts to manage them.
>>
>> The network supplier is Orange France (spit!) who supply a dynamic DNS
>> on both IPv4 and IPv6. I need to access any of them. For some years, I
>> have been using NAT over IPv4 with some success. I simply collect the
>> router's address from the server using curl, compare it with the current
>> DNS setting, and run nsupdate if different.
>>
>> Now, Orange (spit!) have recently discovered. IPv6, which makes
>> management much easier, so I'm in the process of changing over to that
>> protocol. Sadly the prefix is dynamic; ${deity} knows why. Each host
>> address is set up from router advertisement, so I figure I only need to
>> catch the host's current address, and set up the DNS accordingly. I'm
>> successfully doing that manually, but, of course, that's not very
>> satisfactory.
> 
> That sounds like a job for a dynamic dns client.
> 
> existing Debian packages:
> 
> ddclient (multiple backend services supported)
> ddupdate (also supports multiple services, more plugin-oriented)
> dyfi  (Finnish users only)
> dyndns   (multiple services)
> ez-ipupdate (multiple services)
> ipcheck (dyndns protocol specific, but many services use it)
> isc-dhcp-client-ddns  (adds dynamic dns to DHCP)
> 
> Don't reinvent the wheel, when it looks like it already has
> seven versions already.
> 
> -dsr-
> 

Thanks, I'll take a look.

Cheers, Tony

Re: get my ip address

[Dan Ritter]

tony wrote: 
> On 19/02/2019 16:10, Greg Wooledge wrote:
> > On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
> >> Debian 9. I need to read my IPv6 address into a python script.
> > 
> > Why?
> > 
> >  may offer some insight.
> > 
> 
> Well, I'm sure you don't really want to know, and I don't think your
> blog covers my use case. Correct me if I'm wrong on either count.
> 
> I have a network of IoTs consisting of 5 (I think) Paspberry Pis,
> monitoring various things, and periodically sending the data to my VPS.
> I need access to these hosts to manage them.
> 
> The network supplier is Orange France (spit!) who supply a dynamic DNS
> on both IPv4 and IPv6. I need to access any of them. For some years, I
> have been using NAT over IPv4 with some success. I simply collect the
> router's address from the server using curl, compare it with the current
> DNS setting, and run nsupdate if different.
> 
> Now, Orange (spit!) have recently discovered. IPv6, which makes
> management much easier, so I'm in the process of changing over to that
> protocol. Sadly the prefix is dynamic; ${deity} knows why. Each host
> address is set up from router advertisement, so I figure I only need to
> catch the host's current address, and set up the DNS accordingly. I'm
> successfully doing that manually, but, of course, that's not very
> satisfactory.

That sounds like a job for a dynamic dns client.

existing Debian packages:

ddclient (multiple backend services supported)
ddupdate (also supports multiple services, more plugin-oriented)
dyfi  (Finnish users only)
dyndns   (multiple services)
ez-ipupdate (multiple services)
ipcheck (dyndns protocol specific, but many services use it)
isc-dhcp-client-ddns  (adds dynamic dns to DHCP)

Don't reinvent the wheel, when it looks like it already has
seven versions already.

-dsr-

Re: get my ip address

[tony]

On 19/02/2019 16:10, Greg Wooledge wrote:
> On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
>> Debian 9. I need to read my IPv6 address into a python script.
> 
> Why?
> 
>  may offer some insight.
> 

Well, I'm sure you don't really want to know, and I don't think your
blog covers my use case. Correct me if I'm wrong on either count.

I have a network of IoTs consisting of 5 (I think) Paspberry Pis,
monitoring various things, and periodically sending the data to my VPS.
I need access to these hosts to manage them.

The network supplier is Orange France (spit!) who supply a dynamic DNS
on both IPv4 and IPv6. I need to access any of them. For some years, I
have been using NAT over IPv4 with some success. I simply collect the
router's address from the server using curl, compare it with the current
DNS setting, and run nsupdate if different.

Now, Orange (spit!) have recently discovered. IPv6, which makes
management much easier, so I'm in the process of changing over to that
protocol. Sadly the prefix is dynamic; ${deity} knows why. Each host
address is set up from router advertisement, so I figure I only need to
catch the host's current address, and set up the DNS accordingly. I'm
successfully doing that manually, but, of course, that's not very
satisfactory.

See - I told you it wasn't worth knowing!


Cheers, Tony

Re: get my ip address

[Greg Wooledge]

On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
> Debian 9. I need to read my IPv6 address into a python script.

Why?

 may offer some insight.

Re: get my ip address

[John Crawley]

On 16/02/2019 14.28, David Wright wrote:

On Sat 16 Feb 2019 at 11:10:32 (+0900), John Crawley wrote:

On 16/02/2019 08.54, David Wright wrote:

On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:

If you're going to recommend parsing `ip`, the -j option may be more
amenable to scripting. (JSON output)

---

(Sorry if I was expected to explicitly write "shell scripting".)
… I don't think that JSON would be any help: rather, the opposite.


Though a call to jq makes parsing json very easy for shell scripts.


I'm not sure I understand why you'd ask ip to write JSON, and then
post-process it with jq to filter it to different JSON, and then
parse it in a shell, rather than just parsing something as simple as
the oneline format using the tools that every system has installed


jq can pull out the exact element of the json that you want, making 
further shell parsing unnecessary.

Totally unrelated example, (Adobe flash player downloads)
this query:
curl -s 
"https://get.adobe.com/flashplayer/webservices/json/?platform_type=Linux_arch=x86-32_dist=Chrome; 
| jq -r '.[0].download_url'

returns:
http://fpdownload.adobe.com/pub/flashplayer/pdc/32.0.0.142/flash_player_ppapi_linux.i386.tar.gz

--
John

Re: get my ip address

[Darac Marjal]

On 16/02/2019 05:28, David Wright wrote:
> On Sat 16 Feb 2019 at 11:10:32 (+0900), John Crawley wrote:
>> On 16/02/2019 08.54, David Wright wrote:
>>> On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:
>>>> If you're going to recommend parsing `ip`, the -j option may be more
>>>> amenable to scripting. (JSON output)
>>>>
>>>> On 15/02/2019 15:52, David Wright wrote:
>>>>> On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
>>>>>> Tony, 15.2.2019, 11:11:29 +0100:
>>>>>>
>>>>>>> Debian 9. I need to read my IPv6 address into a python script.
>>>↑
>>> Some of us here are still running stable (stretch) and older. So
>>> perhaps only for buster onwards and, I assume, stretch-backports.
>>> But …
>>>
>>>>> [That's probably best if your destination is a Python program. ←snipped]
>>>>> Otherwise, for scripting, it's easy to overlook   ip -o a
>>>>> which makes parsing much easier.
>>> (Sorry if I was expected to explicitly write "shell scripting".)
>>> … I don't think that JSON would be any help: rather, the opposite.
>> Though a call to jq makes parsing json very easy for shell scripts.
> I'm not sure I understand why you'd ask ip to write JSON, and then
> post-process it with jq to filter it to different JSON, and then
> parse it in a shell, rather than just parsing something as simple as
> the oneline format using the tools that every system has installed
> (like grep, sed).

Because JSON gives a standard way to markup data. Grep and sed are
great, no quibbles there, but they work with text streams. Structured
data is more reliable. With JSON, you don't need to know that the  ip
address is the fourth (or is it fifth?) space-separated token in the
twelfth line of the stream. You can actually ask jq "If the interface
name matches /eth\d/, what are the IP addresses for this interface?"
because it's all key:value based.

I don't want to say "don't use grep et al.", because they definitely
have their place. I'm just saying that the world moving toward
structured data brings a lot of robustness.


>
> That is, unless you're already involving jq for something else,
> like the OP is with their Python program. And as we've seen, Python
> has a module or function for just about everything, and may avoid
> having to call ip in the first place.
>
> Cheers,
> David.
>

Re: get my ip address

[tony]

On 15/02/2019 16:52, David Wright wrote:
> On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
>> Tony, 15.2.2019, 11:11:29 +0100:
>>
>>> Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> I am aware that I can call ip a and parse the result. The parsing,
>>> whilst quite achievable, is slightly tricky, but I can manage the RE, so
>>>  that's not my question.
>>>
>>> Is there any other way to obtain this data, maybe from /sys?
>>
>> Take a look at this:
>> https://pypi.org/project/netifaces/
>>
>> This is packaged on stretch as python[3]-netifaces
> 
> That's probably best if your destination is a Python program.
> 
> Otherwise, for scripting, it's easy to overlook   ip -o a
> which makes parsing much easier. But note that you may then
> need to be more specific, eg compare
> 
> $ ip a
> 
> with
> 
> $ ip -o l
> $ ip -o a


Thanks to all who replied, I hadn't expected pointers to the various
python libraries, for which I am very grateful. All I asked for was a
simple way of directly accessing the hardware, but that does not seem to
be available.

Failing that, I had indeed overlooked the -o flag oo ip a, which indeed
makes parsing easier. However, it does appear that netifaces offers  the
most usable solution, so a cigar to David Wright for this suggestion.

Cheers, Tony

Re: get my ip address

[David Wright]

On Sat 16 Feb 2019 at 11:10:32 (+0900), John Crawley wrote:
> On 16/02/2019 08.54, David Wright wrote:
> > On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:
> > > If you're going to recommend parsing `ip`, the -j option may be more
> > > amenable to scripting. (JSON output)
> > > 
> > > On 15/02/2019 15:52, David Wright wrote:
> > > > On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
> > > > > Tony, 15.2.2019, 11:11:29 +0100:
> > > > > 
> > > > > > Debian 9. I need to read my IPv6 address into a python script.
> >↑
> > Some of us here are still running stable (stretch) and older. So
> > perhaps only for buster onwards and, I assume, stretch-backports.
> > But …
> > 
> > > > [That's probably best if your destination is a Python program. ←snipped]
> > 
> > > > Otherwise, for scripting, it's easy to overlook   ip -o a
> > > > which makes parsing much easier.
> > 
> > (Sorry if I was expected to explicitly write "shell scripting".)
> > … I don't think that JSON would be any help: rather, the opposite.
> 
> Though a call to jq makes parsing json very easy for shell scripts.

I'm not sure I understand why you'd ask ip to write JSON, and then
post-process it with jq to filter it to different JSON, and then
parse it in a shell, rather than just parsing something as simple as
the oneline format using the tools that every system has installed
(like grep, sed).

That is, unless you're already involving jq for something else,
like the OP is with their Python program. And as we've seen, Python
has a module or function for just about everything, and may avoid
having to call ip in the first place.

Cheers,
David.

Re: get my ip address

[John Crawley]

On 16/02/2019 08.54, David Wright wrote:

On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:

If you're going to recommend parsing `ip`, the -j option may be more
amenable to scripting. (JSON output)

On 15/02/2019 15:52, David Wright wrote:

On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:

Tony, 15.2.2019, 11:11:29 +0100:


Debian 9. I need to read my IPv6 address into a python script.

  ↑
Some of us here are still running stable (stretch) and older. So
perhaps only for buster onwards and, I assume, stretch-backports.
But …


[That's probably best if your destination is a Python program. ←snipped]



Otherwise, for scripting, it's easy to overlook   ip -o a
which makes parsing much easier.


(Sorry if I was expected to explicitly write "shell scripting".)
… I don't think that JSON would be any help: rather, the opposite.


Though a call to jq makes parsing json very easy for shell scripts.

--
John

Re: get my ip address

[David Wright]

On Fri 15 Feb 2019 at 22:04:42 (+), Darac Marjal wrote:
> If you're going to recommend parsing `ip`, the -j option may be more
> amenable to scripting. (JSON output)
> 
> On 15/02/2019 15:52, David Wright wrote:
> > On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
> >> Tony, 15.2.2019, 11:11:29 +0100:
> >>
> >>> Debian 9. I need to read my IPv6 address into a python script.
 ↑
Some of us here are still running stable (stretch) and older. So
perhaps only for buster onwards and, I assume, stretch-backports.
But …

> > [That's probably best if your destination is a Python program. ←snipped]

> > Otherwise, for scripting, it's easy to overlook   ip -o a
> > which makes parsing much easier.

(Sorry if I was expected to explicitly write "shell scripting".)
… I don't think that JSON would be any help: rather, the opposite.

Cheers,
David.

Re: get my ip address

[Darac Marjal]

If you're going to recommend parsing `ip`, the -j option may be more
amenable to scripting. (JSON output)

On 15/02/2019 15:52, David Wright wrote:
> On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
>> Tony, 15.2.2019, 11:11:29 +0100:
>>
>>> Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> I am aware that I can call ip a and parse the result. The parsing,
>>> whilst quite achievable, is slightly tricky, but I can manage the RE, so
>>>  that's not my question.
>>>
>>> Is there any other way to obtain this data, maybe from /sys?
>> Take a look at this:
>> https://pypi.org/project/netifaces/
>>
>> This is packaged on stretch as python[3]-netifaces
> That's probably best if your destination is a Python program.
>
> Otherwise, for scripting, it's easy to overlook   ip -o a
> which makes parsing much easier. But note that you may then
> need to be more specific, eg compare
>
> $ ip a
>
> with
>
> $ ip -o l
> $ ip -o a
>
> Cheers,
> David.
>

Re: get my ip address

[David Wright]

On Fri 15 Feb 2019 at 12:02:20 (+0100), Markus Schönhaber wrote:
> Tony, 15.2.2019, 11:11:29 +0100:
> 
> > Debian 9. I need to read my IPv6 address into a python script.
> > 
> > I am aware that I can call ip a and parse the result. The parsing,
> > whilst quite achievable, is slightly tricky, but I can manage the RE, so
> >  that's not my question.
> > 
> > Is there any other way to obtain this data, maybe from /sys?
> 
> Take a look at this:
> https://pypi.org/project/netifaces/
> 
> This is packaged on stretch as python[3]-netifaces

That's probably best if your destination is a Python program.

Otherwise, for scripting, it's easy to overlook   ip -o a
which makes parsing much easier. But note that you may then
need to be more specific, eg compare

$ ip a

with

$ ip -o l
$ ip -o a

Cheers,
David.

Re: get my ip address

[Markus Schönhaber]

Tony, 15.2.2019, 11:11:29 +0100:

> Debian 9. I need to read my IPv6 address into a python script.
> 
> I am aware that I can call ip a and parse the result. The parsing,
> whilst quite achievable, is slightly tricky, but I can manage the RE, so
>  that's not my question.
> 
> Is there any other way to obtain this data, maybe from /sys?

Take a look at this:
https://pypi.org/project/netifaces/

This is packaged on stretch as python[3]-netifaces

-- 
Regards
  mks

Re: get my ip address

[tomas]

On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
> Hi all,
> 
> Debian 9. I need to read my IPv6 address into a python script.

You don't have "an IP address". Your host has, and it has zero or
more (potentially many) IP addresses. With IPV6, you'll almost
certainly end up with more than one per interface.

> I am aware that I can call ip a and parse the result. The parsing,
> whilst quite achievable, is slightly tricky, but I can manage the RE, so
>  that's not my question.
> 
> Is there any other way to obtain this data, maybe from /sys?

Try a DuckDuckGo search for ["IP address" site:docs.python.org/3]

Here [1] is a link for your convenience.

Cheers
[1] https://duckduckgo.com/html?q=%22IP%20address%22+site:docs.python.org/3
-- tomás


signature.asc
Description: Digital signature

get my ip address

[tony]

Hi all,

Debian 9. I need to read my IPv6 address into a python script.

I am aware that I can call ip a and parse the result. The parsing,
whilst quite achievable, is slightly tricky, but I can manage the RE, so
 that's not my question.

Is there any other way to obtain this data, maybe from /sys?

Cheers, Tony.

Re: Outgoing email with exim, was Re: Strange LAN IP Address.

[mick crane]

On 2018-07-04 04:40, Mike McClain wrote:

On Tue, Jul 03, 2018 at 05:42:15PM -0500, David Wright wrote:

On Tue 03 Jul 2018 at 08:52:22 (-0700), Mike McClain wrote:
> On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote:
> 
> Should anyone reading this know hjow to get exim4 to connect to
> outbound.att.net I'd love to hear about it.

Curt got the wiki, and my googling landed on
https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1010523
and
https://www.att.com/esupport/article.html#!/email-support/KM1240308
It looks as though these are more up to date than the wiki.

In the first, I assume that the table rows are labelled wrongly,
but it seems to show SMTP on smtp.mail.att.net ports 465 or 587
as well as the hostname you gave. I would also try port 587 on
both hostnames: it won't be the first to give the wrong one.

The second shows how to get a suitable password for your userID.
(I would use this approach merely because I don't know anything
about oath.)

Anyway, what doesn't work for you and what response do you get
from exim?


What doesn't work? Can't send mail.
Long before Verizon and Oath were involved with Yahoo.

When I switched from dialup AT had me using port 465 and at that
time I was getting some kind of authorization error but couldn't find
out what.

# /etc/exim4/update-exim4.conf.conf
dc_eximconfig_configtype='smarthost'
dc_local_interfaces='127.0.0.1'
dc_smarthost='outbound.att.net::465'

Here's an excerpt from current exim's log:
2018-07-03 19:51:29 1faXd0-0008Gb-JB Remote host
smtp.att.mail.fy4.b.yahoo.com [67.195.228.97] closed
connection in response to initial connection
2018-07-03 19:51:59 1faXd0-0008Gb-JB == nialccm.e...@gmail.com
R=smarthost T=remote_smtp_smarthost defer (-18): Remote host
smtp.att.mail.fy4.b.yahoo.com [98.136.96.82] closed connection in
response to initial connection

Switching update-exim4.conf.conf to read:
dc_smarthost='outbound.att.net::587'

exim's log now shows:
2018-07-03 20:15:24 1faYFl-6U-4d ** mikemcclain...@att.net
R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail
server after MAIL FROM:<> SIZE=2464: host
smtp.att.mail.fy4.b.yahoo.com [67.195.228.97]: 550 Request failed;
Mailbox unavailable

This last message shows a further complication. I have a primary email
account with ATT as well as several aliases,. I also have a Yahoo
account, likewise gmail and am likely to use any of them as the source
(From:, ReplyTo: headers) in outgoing mail depending on where it's 
going.

I only have one, the primary, in /etc/exim4/passwd.client for ATT.

My dialup doesn't care what I call myself when I send email but
perhaps ATT/Yahoo does.

No I haven't tried to get that special password.

What I've got works, I guess I'll leave it rather than jump through
hoops for Verizon.

Thanks for the references.
Mike


think with yahoo you have to login on their web site and register the 
sending email address to use their SMTP


mick




--
Key ID4BFEBB31

Re: Outgoing email with exim, was Re: Strange LAN IP Address.

[Mike McClain]

On Tue, Jul 03, 2018 at 05:42:15PM -0500, David Wright wrote:
> On Tue 03 Jul 2018 at 08:52:22 (-0700), Mike McClain wrote:
> > On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote:
> > 
> > Should anyone reading this know hjow to get exim4 to connect to
> > outbound.att.net I'd love to hear about it.
>
> Curt got the wiki, and my googling landed on
> https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1010523
> and
> https://www.att.com/esupport/article.html#!/email-support/KM1240308
> It looks as though these are more up to date than the wiki.
>
> In the first, I assume that the table rows are labelled wrongly,
> but it seems to show SMTP on smtp.mail.att.net ports 465 or 587
> as well as the hostname you gave. I would also try port 587 on
> both hostnames: it won't be the first to give the wrong one.
>
> The second shows how to get a suitable password for your userID.
> (I would use this approach merely because I don't know anything
> about oath.)
>
> Anyway, what doesn't work for you and what response do you get
> from exim?

What doesn't work? Can't send mail.
Long before Verizon and Oath were involved with Yahoo.

When I switched from dialup AT had me using port 465 and at that
time I was getting some kind of authorization error but couldn't find
out what.

# /etc/exim4/update-exim4.conf.conf
dc_eximconfig_configtype='smarthost'
dc_local_interfaces='127.0.0.1'
dc_smarthost='outbound.att.net::465'

Here's an excerpt from current exim's log:
2018-07-03 19:51:29 1faXd0-0008Gb-JB Remote host
smtp.att.mail.fy4.b.yahoo.com [67.195.228.97] closed
connection in response to initial connection
2018-07-03 19:51:59 1faXd0-0008Gb-JB == nialccm.e...@gmail.com
R=smarthost T=remote_smtp_smarthost defer (-18): Remote host
smtp.att.mail.fy4.b.yahoo.com [98.136.96.82] closed connection in
response to initial connection

Switching update-exim4.conf.conf to read:
dc_smarthost='outbound.att.net::587'

exim's log now shows:
2018-07-03 20:15:24 1faYFl-6U-4d ** mikemcclain...@att.net
R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail
server after MAIL FROM:<> SIZE=2464: host
smtp.att.mail.fy4.b.yahoo.com [67.195.228.97]: 550 Request failed;
Mailbox unavailable

This last message shows a further complication. I have a primary email
account with ATT as well as several aliases,. I also have a Yahoo
account, likewise gmail and am likely to use any of them as the source
(From:, ReplyTo: headers) in outgoing mail depending on where it's going.
I only have one, the primary, in /etc/exim4/passwd.client for ATT.

My dialup doesn't care what I call myself when I send email but
perhaps ATT/Yahoo does.

No I haven't tried to get that special password.

What I've got works, I guess I'll leave it rather than jump through
hoops for Verizon.

Thanks for the references.
Mike
--
Where man is there will be trouble to the end of time,
if not of one sort, then of another."
- Louis L'Amour

Re: Strange LAN IP Address.

[David Wright]

On Tue 03 Jul 2018 at 19:59:18 (+0200), Pascal Hambourg wrote:
> Le 03/07/2018 à 02:42, David Wright a écrit :
> >On Mon 02 Jul 2018 at 21:58:15 (+0200), john doe wrote:
> >
> >>It could be that the ISP router went into "bridge mode" (router
> >>function was disabled).
> >
> >Which is rather worrying as you are exposed to the Internet
> >without any security.
> 
> Why "without any security" ?
> Bridge mode does not cancel the intrinsic security of the host.

We're not talking about the host(s), but the LAN side of the
modem-router, as you do here:

> Besides, the security provided by the router mode is questionable. I
> would not rely on any ISP-provided device for my LAN security.

… which was the opinion expressed in my next paragraph:

"My advice would be to ditch it and get separate units. […] have full
control over the router."

Cheers,
David.

Outgoing email with exim, was Re: Strange LAN IP Address.

[David Wright]

On Tue 03 Jul 2018 at 08:52:22 (-0700), Mike McClain wrote:
> On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote:
> 
> > When I ran ifconfig on the Linux platform it showed the unet
> > connection to be 162.237.98.238!!?  The LAN modem employs DCHP
> > set with allowed IP range as 192.168.1.64 through 192.168.1.253,
> > which was set by the T installer when we switched to a fiber optic
> > network.
> >
> > Further examination of the modem settings showed IP Passthrough
> > status as on (Public IP Address), which was, in fact the IP.
> 
> ATT tech support demonstrated to me that they can change the
> settings remotely.
> If they can so can some one else.
> 
> > I spent 40 minutes, on hold for 28 of those minutes, with an AT
> > UVVerse technical () person without hearing any reasons why the
> > IP was what it was.
> 
> When I signed up with ATT Uverse I accumulated hours on the phone
> trying to get email out through their server. I gave up and used my
> dialup account.
> Their tech support -- isn't. Many of those people didn't grow up
> with computers and have no idea what goes on under the hood. Even when
> you get someone in Dallas rather than Manila answers and understanding
> can be lacking.
> 
> Should anyone reading this know hjow to get exim4 to connect to
> outbound.att.net I'd love to hear about it.

Curt got the wiki, and my googling landed on
https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1010523
and
https://www.att.com/esupport/article.html#!/email-support/KM1240308
It looks as though these are more up to date than the wiki.

In the first, I assume that the table rows are labelled wrongly,
but it seems to show SMTP on smtp.mail.att.net ports 465 or 587
as well as the hostname you gave. I would also try port 587 on
both hostnames: it won't be the first to give the wrong one.

The second shows how to get a suitable password for your userID.
(I would use this approach merely because I don't know anything
about oath.)

Anyway, what doesn't work for you and what response do you get
from exim?

Cheers,
David.

Re: Strange LAN IP Address.

[Pascal Hambourg]

Le 03/07/2018 à 02:42, David Wright a écrit :

On Mon 02 Jul 2018 at 21:58:15 (+0200), john doe wrote:


It could be that the ISP router went into "bridge mode" (router
function was disabled).


Which is rather worrying as you are exposed to the Internet
without any security.


Why "without any security" ?
Bridge mode does not cancel the intrinsic security of the host.
Besides, the security provided by the router mode is questionable. I 
would not rely on any ISP-provided device for my LAN security.

Re: Strange LAN IP Address.

[Curt]

On 2018-07-03, Mike McClain  wrote:
>
> Should anyone reading this know hjow to get exim4 to connect to
> outbound.att.net I'd love to hear about it.
>

There's the (perhaps outdated) wiki:

https://wiki.debian.org/ATTUverseExim4

Maybe you are already aware of the wiki.

Re: Strange LAN IP Address.

[Mike McClain]

On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote:

> When I ran ifconfig on the Linux platform it showed the unet
> connection to be 162.237.98.238!!?  The LAN modem employs DCHP
> set with allowed IP range as 192.168.1.64 through 192.168.1.253,
> which was set by the T installer when we switched to a fiber optic
> network.
>
> Further examination of the modem settings showed IP Passthrough
> status as on (Public IP Address), which was, in fact the IP.

ATT tech support demonstrated to me that they can change the
settings remotely.
If they can so can some one else.

> I spent 40 minutes, on hold for 28 of those minutes, with an AT
> UVVerse technical () person without hearing any reasons why the
> IP was what it was.

When I signed up with ATT Uverse I accumulated hours on the phone
trying to get email out through their server. I gave up and used my
dialup account.
Their tech support -- isn't. Many of those people didn't grow up
with computers and have no idea what goes on under the hood. Even when
you get someone in Dallas rather than Manila answers and understanding
can be lacking.

Should anyone reading this know hjow to get exim4 to connect to
outbound.att.net I'd love to hear about it.

Mike
--
Where man is there will be trouble to the end of time,
if not of one sort, then of another."
- Louis L'Amour

Re: Strange LAN IP Address.

[Joe]

On Tue, 03 Jul 2018 10:53:27 +0100
Jeremy Nicoll  wrote:

> On Tue, 3 Jul 2018, at 07:19, john doe wrote:
> 
> > You are correct in the case of an ADSL "router".
> > 
> > Sadly, in the case of my European ISP I'm stuck with what they give
> > me! I must say that I've never investigated how I could use my own
> > cable modem and understand the kind of restriction they're using to
> > prevent me from doing that!!! :)  
> 
> I've a Virgin Media cable connection in the UK.  They supply a
> combined modem/router.But the unit can be put into modem-only
> mode, and used with a different router.  
> 
> So far as I remember the first of these combined things that I
> received came with only very basic instructions that did not mention
> the way to do this - it was Virgin's own technical support people who
> told me how to do it.Subsequent improved models have come with
> instructions that mentioned the possibility.
> 

In general, there is no need to switch to modem only, unless you
definitely want to handle the public address directly on your firewall.
Almost always, you can put your own NAT firewall behind an existing NAT
router without problems.

I say almost, because about ten years ago, a client of mine moved
premises and was given a new router which detected any such second NAT
stage and refused to function. Not a bug, a deliberate policy. Really
quite annoying, I needed to reconfigure several network machines to
work with this router, and lost my detailed firewall control.

-- 
Joe

Re: Strange LAN IP Address.

[Jeremy Nicoll]

On Tue, 3 Jul 2018, at 07:19, john doe wrote:

> You are correct in the case of an ADSL "router".
> 
> Sadly, in the case of my European ISP I'm stuck with what they give me!
> I must say that I've never investigated how I could use my own cable 
> modem and understand the kind of restriction they're using to prevent me 
> from doing that!!! :)

I've a Virgin Media cable connection in the UK.  They supply a combined
modem/router.But the unit can be put into modem-only mode, and
used with a different router.  

So far as I remember the first of these combined things that I received
came with only very basic instructions that did not mention the way to
do this - it was Virgin's own technical support people who told me how
to do it.Subsequent improved models have come with instructions 
that mentioned the possibility.

-- 
Jeremy Nicoll - my opinions are my own.

Re: Strange LAN IP Address.

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, Jul 03, 2018 at 08:19:44AM +0200, john doe wrote:

[...]

> You are correct in the case of an ADSL "router".
> 
> Sadly, in the case of my European ISP I'm stuck with what they give me!

There are people working on exactly that. One example:

  https://wiki.fsfe.org/Activities/CompulsoryRouters

[disclaimer: I support these folks]

So you could do worse than to direct your energy towards helping one of
those initiatives, instead of just being furious at "ISP" or "Europe".

If the politicians never hear from you, they'll ignore you :)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAls7JJ0ACgkQBcgs9XrR2kbMUQCfdzTwFLvQEIyxAIefwcv+K+bw
sKkAn2pQ2hQC85kk6V+9H4mogoDuYjBN
=OkFZ
-END PGP SIGNATURE-

Re: Strange LAN IP Address.

[john doe]

On 7/3/2018 2:42 AM, David Wright wrote:

On Mon 02 Jul 2018 at 21:58:15 (+0200), john doe wrote:

On 7/2/2018 9:17 PM, Stephen P. Molnar wrote:

I have my principle Debian Stretch platform on the LAN in our
home. Two towers (both Linux platforms) and a HP Printer have
wired connections, my Win 10 Laptop and two Android smartphones
use WiFi connections.

This morning when I

When I tried using WinSCP on the Laptop to transfer a file from
the principle Linux platform the connection attempt failed!

When I ran ifconfig on the Linux platform it showed the unet
connection to be 162.237.98.238!!?  The LAN modem employs DCHP
set with allowed IP range as 192.168.1.64 through 192.168.1.253,
which was set by the T installer when we switched to a fiber
optic network.

Further examination of the modem settings showed IP Passthrough
status as on (Public IP Address), which was, in fact the IP.

I spent 40 minutes, on hold for 28 of those minutes, with an AT
UVVerse technical () person without hearing any reasons why
the IP was what it was.

Note the tense at the end of the above sentence, because
subsequent rebooting the modem restored the IP address to the
correct DHCP range. I suppose the moral of this - first reboot the
modem.

The question that I have, however, is how did this happen in the
first place? Or is the reason lost in the black hole of the
Internet?

Is this indicative of a hardware problem?



Could be hardware failure or could also be an software bug!

While searching for that IP I get:

https://www.ipligence.com/ip-address?ip=162.237.98.238

is this your public IP (IP assigned by your ISP)?


Looks like it. Here's the first hop of the OP's posting:

  Received: from 162-237-98-238.lightspeed.clmboh.sbcglobal.net (EHLO
  [192.168.1.123]) ([162.237.98.238]) by smtp431.mail.bf1.yahoo.com
  (Oath Hermes SMTP Server) with ESMTPA ID
  665b52fd3833c7e5d4ced5690502aed7 for ;
  Mon, 02 Jul 2018 19:17:29 + (UTC)


It could be that the ISP router went into "bridge mode" (router
function was disabled).


Which is rather worrying as you are exposed to the Internet
without any security.


Most of the time ISP router are not the best and I would suggest to
anyone to not reley on that router for firewalling capability
especially when ISPs can remotely control that thing!

In the case of my ISP I need to reboot my ISP router every week or
so to get stable services.


Sounds like you have a combined modem/router. My advice would be to
ditch it and get separate units. This means you can, if you like, use
the modem your line provider supplies (which means they can't blame
you for any incompatibilities with the wire), but you have full
control over the router. (It also gives you more flexibility with
their siting.)

It even means you can independently test the modem safely, by booting
a live system from a stick and connecting directly to the modem port.
(You will then see your address as 162.237.98.238 for the right reason.)

My own experience is that an ADSL modem should be left running 24/7 as
that prevents it having to retrain. OTOH there's no harm in rebooting
a router whenever you think it might be misbehaving.



You are correct in the case of an ADSL "router".

Sadly, in the case of my European ISP I'm stuck with what they give me!
I must say that I've never investigated how I could use my own cable 
modem and understand the kind of restriction they're using to prevent me 
from doing that!!! :)



An alternative to DDWRT is OpenWrt.

If your willing to  fealed that security gap it clearly make sence to 
check the list of compatible device (OpenWrt DDWrt ...) so if you don't 
like the stock firmware you can change it!



A fanless server solution could be:
https://www.pcengines.ch/

On that box yu could install pfsense, Debian, IPFire...

If your stuck with your ISP "router" you could try:
- Add your own router in the DMZ (you only use the ISP router for the 
modem part)
- Set your ISP modem in "bridge mode" or what ever it's called to turn 
everything off but the modem



The idea here is to have one way or an other your own "firewall" behind 
a modem.


--
John Doe

Re: Strange LAN IP Address.

[David Christensen]

On 07/02/18 12:17, Stephen P. Molnar wrote:

I have my principle Debian Stretch platform on the LAN in our home.
Two towers (both Linux platforms) and a HP Printer have wired
connections, my Win 10 Laptop and two Android smartphones use WiFi
connections.

This morning when I

When I tried using WinSCP on the Laptop to transfer a file from the 
principle Linux platform the connection attempt failed!


When I ran ifconfig on the Linux platform it showed the unet
connection to be 162.237.98.238!!?  The LAN modem employs DCHP
set with allowed IP range as 192.168.1.64 through 192.168.1.253,
which was set by the T installer when we switched to a fiber optic
network.

Further examination of the modem settings showed IP Passthrough
status as on (Public IP Address), which was, in fact the IP.

I spent 40 minutes, on hold for 28 of those minutes, with an AT 
UVVerse technical () person without hearing any reasons why the

IP was what it was.

Note the tense at the end of the above sentence, because subsequent 
rebooting the modem restored the IP address to the correct DHCP

range. I suppose the moral of this - first reboot the modem.

The question that I have, however, is how did this happen in the
first place? Or is the reason lost in the black hole of the
Internet?

Is this indicative of a hardware problem?

Thanks in advance.



On 07/02/18 14:03, Gene Heskett wrote:

Only if the problem continues after that router has been reflashed
with dd-wrt.


Beware that finding the correct build of dd-wrt and getting it into your 
device correctly is non-trivial.  I bricked a Netgear unit trying to 
upgrade dd-wrt.



On 07/02/18 17:42, David Wright wrote:
Sounds like you have a combined modem/router. My advice would be to 
ditch it and get separate units. This means you can, if you like,

use the modem your line provider supplies (which means they can't
blame you for any incompatibilities with the wire), but you have
full control over the router. (It also gives you more flexibility
with their siting.)

+1


There are many FOSS firewall/ router distributions -- grab an old PC, 
install a second NIC and/or WiFi card, install the distribution, 
configure it, and you're protected.  I've had good luck with:


http://www.ipcop.org/ -- Linux based, enough functionality for my SOHO 
network, not too complex.


https://www.pfsense.org/ -- FreeBSD based, huge functionality, can get 
very complex.



I alternatively ran one of the above 24x7 for years on older P3 and P4 
machines, which drew too much power and generated too much heat and 
noise.  I contemplated building a compact, energy-efficient, silent PC 
(mini-ITX, etc.), but the cost was not appealing.  I had a WiFi access 
point for WiFi devices.



After the WiFi AP died, I retired the P3/P4 FOSS router and switched to 
a Netgear WiFi firewall/ router.  I did get dd-wrt working for a while, 
but then bricked it when I tried to upgrade dd-wrt.



After asking opinions on various mailing lists, I settled on Ubiquiti 
Networks "UniFi" products:


https://unifi-sdn.ubnt.com/


I have a UniFi security gateway and a UniFi AC Lite Wifi access point. 
I disabled WiFi on my AT VDSL residential gateway and configured it to 
pass-through everything to the UniFi security gateway.  As David Wright 
mentioned, I can still connect a laptop directly to the AT gateway for 
trouble-shooting.  The AP AC Lite has plenty of coverage and bandwidth 
for my small home with 8+ WiFi devices.



For me, the killer feature of UniFi is that you adopt devices into 
networks and manage everything via a single integrated controller 
interface.  This is far simpler than trying to manage devices 
individually; especially so if/when I add a hardware controller, 
additional AP's, cameras, etc., and/or remote sites with VPN's between 
them.  I am not aware of any FOSS project offering this level of 
integration.



David

Re: Strange LAN IP Address.

[David Wright]

On Mon 02 Jul 2018 at 21:58:15 (+0200), john doe wrote:
> On 7/2/2018 9:17 PM, Stephen P. Molnar wrote:
> >I have my principle Debian Stretch platform on the LAN in our
> >home. Two towers (both Linux platforms) and a HP Printer have
> >wired connections, my Win 10 Laptop and two Android smartphones
> >use WiFi connections.
> >
> >This morning when I
> >
> >When I tried using WinSCP on the Laptop to transfer a file from
> >the principle Linux platform the connection attempt failed!
> >
> >When I ran ifconfig on the Linux platform it showed the unet
> >connection to be 162.237.98.238!!?  The LAN modem employs DCHP
> >set with allowed IP range as 192.168.1.64 through 192.168.1.253,
> >which was set by the T installer when we switched to a fiber
> >optic network.
> >
> >Further examination of the modem settings showed IP Passthrough
> >status as on (Public IP Address), which was, in fact the IP.
> >
> >I spent 40 minutes, on hold for 28 of those minutes, with an AT
> >UVVerse technical () person without hearing any reasons why
> >the IP was what it was.
> >
> >Note the tense at the end of the above sentence, because
> >subsequent rebooting the modem restored the IP address to the
> >correct DHCP range. I suppose the moral of this - first reboot the
> >modem.
> >
> >The question that I have, however, is how did this happen in the
> >first place? Or is the reason lost in the black hole of the
> >Internet?
> >
> >Is this indicative of a hardware problem?
> >
> 
> Could be hardware failure or could also be an software bug!
> 
> While searching for that IP I get:
> 
> https://www.ipligence.com/ip-address?ip=162.237.98.238
> 
> is this your public IP (IP assigned by your ISP)?

Looks like it. Here's the first hop of the OP's posting:

 Received: from 162-237-98-238.lightspeed.clmboh.sbcglobal.net (EHLO
 [192.168.1.123]) ([162.237.98.238]) by smtp431.mail.bf1.yahoo.com
 (Oath Hermes SMTP Server) with ESMTPA ID
 665b52fd3833c7e5d4ced5690502aed7 for ;
 Mon, 02 Jul 2018 19:17:29 + (UTC)

> It could be that the ISP router went into "bridge mode" (router
> function was disabled).

Which is rather worrying as you are exposed to the Internet
without any security.

> Most of the time ISP router are not the best and I would suggest to
> anyone to not reley on that router for firewalling capability
> especially when ISPs can remotely control that thing!
> 
> In the case of my ISP I need to reboot my ISP router every week or
> so to get stable services.

Sounds like you have a combined modem/router. My advice would be to
ditch it and get separate units. This means you can, if you like, use
the modem your line provider supplies (which means they can't blame
you for any incompatibilities with the wire), but you have full
control over the router. (It also gives you more flexibility with
their siting.)

It even means you can independently test the modem safely, by booting
a live system from a stick and connecting directly to the modem port.
(You will then see your address as 162.237.98.238 for the right reason.)

My own experience is that an ADSL modem should be left running 24/7 as
that prevents it having to retrain. OTOH there's no harm in rebooting
a router whenever you think it might be misbehaving.

Cheers,
David.

Re: Strange LAN IP Address.

[Gene Heskett]

On Monday 02 July 2018 15:17:27 Stephen P. Molnar wrote:

> I have my principle Debian Stretch platform on the LAN in our home.
> Two towers (both Linux platforms) and a HP Printer have wired
> connections, my Win 10 Laptop and two Android smartphones use WiFi
> connections.
>
> This morning when I
>
> When I tried using WinSCP on the Laptop to transfer a file from the
> principle Linux platform the connection attempt failed!
>
> When I ran ifconfig on the Linux platform it showed the unet
> connection to be 162.237.98.238!!?  The LAN modem employs DCHP set
> with allowed IP range as 192.168.1.64 through 192.168.1.253, which was
> set by the T installer when we switched to a fiber optic network.
>
> Further examination of the modem settings showed IP Passthrough status
> as on (Public IP Address), which was, in fact the IP.
>
> I spent 40 minutes, on hold for 28 of those minutes, with an AT
> UVVerse technical () person without hearing any reasons why the IP
> was what it was.
>
> Note the tense at the end of the above sentence, because subsequent
> rebooting the modem restored the IP address to the correct DHCP range.
> I suppose the moral of this - first reboot the modem.
>
> The question that I have, however, is how did this happen in the first
> place? Or is the reason lost in the black hole of the Internet?
>
> Is this indicative of a hardware problem?
> 
Only if the problem continues after that router has been reflashed with 
dd-wrt.   Most routers have an NSA backdoor that something or somebody 
found.  dd-wrt is not such a critter.

In 15 years of running it, no one has come thru it that I didn't give 
credentials to do so. That I think, speaks rather highly of dd-wrt.

> Thanks in advance.



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Re: Strange LAN IP Address.

[john doe]

On 7/2/2018 9:17 PM, Stephen P. Molnar wrote:
I have my principle Debian Stretch platform on the LAN in our home. Two 
towers (both Linux platforms) and a HP Printer have wired connections, 
my Win 10 Laptop and two Android smartphones use WiFi connections.


This morning when I

When I tried using WinSCP on the Laptop to transfer a file from the 
principle Linux platform the connection attempt failed!


When I ran ifconfig on the Linux platform it showed the unet connection 
to be 162.237.98.238!!?  The LAN modem employs DCHP set with allowed 
IP range as 192.168.1.64 through 192.168.1.253, which was set by the T 
installer when we switched to a fiber optic network.


Further examination of the modem settings showed IP Passthrough status 
as on (Public IP Address), which was, in fact the IP.


I spent 40 minutes, on hold for 28 of those minutes, with an AT 
UVVerse technical () person without hearing any reasons why the IP 
was what it was.


Note the tense at the end of the above sentence, because subsequent 
rebooting the modem restored the IP address to the correct DHCP range. I 
suppose the moral of this - first reboot the modem.


The question that I have, however, is how did this happen in the first 
place? Or is the reason lost in the black hole of the Internet?


Is this indicative of a hardware problem?



Could be hardware failure or could also be an software bug!

While searching for that IP I get:

https://www.ipligence.com/ip-address?ip=162.237.98.238

is this your public IP (IP assigned by your ISP)?

It could be that the ISP router went into "bridge mode" (router function 
was disabled).


Most of the time ISP router are not the best and I would suggest to 
anyone to not reley on that router for firewalling capability especially 
when ISPs can remotely control that thing!


In the case of my ISP I need to reboot my ISP router every week or so to 
get stable services.


--
John Doe

Strange LAN IP Address.

[Stephen P. Molnar]

I have my principle Debian Stretch platform on the LAN in our home. Two 
towers (both Linux platforms) and a HP Printer have wired connections, 
my Win 10 Laptop and two Android smartphones use WiFi connections.


This morning when I

When I tried using WinSCP on the Laptop to transfer a file from the 
principle Linux platform the connection attempt failed!


When I ran ifconfig on the Linux platform it showed the unet connection 
to be 162.237.98.238!!?  The LAN modem employs DCHP set with allowed 
IP range as 192.168.1.64 through 192.168.1.253, which was set by the T 
installer when we switched to a fiber optic network.


Further examination of the modem settings showed IP Passthrough status 
as on (Public IP Address), which was, in fact the IP.


I spent 40 minutes, on hold for 28 of those minutes, with an AT 
UVVerse technical () person without hearing any reasons why the IP 
was what it was.


Note the tense at the end of the above sentence, because subsequent 
rebooting the modem restored the IP address to the correct DHCP range.  
I suppose the moral of this - first reboot the modem.


The question that I have, however, is how did this happen in the first 
place? Or is the reason lost in the black hole of the Internet?


Is this indicative of a hardware problem?

Thanks in advance.

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

Re: Get the external IP address from a Linux box

[David Wright]

On Tue 29 May 2018 at 14:57:22 (+0200), Pascal Hambourg wrote:
> Le 28/05/2018 à 23:14, Pascal Hambourg a écrit :
> >Le 28/05/2018 à 13:54, Alan Greenberger a écrit :
> >>
> >>You are mostly correct.  However, I have one machine on which the
> >>response to
> >>/usr/sbin/arp -n
> >>shows two lines with the HWaddress of the router, one with the internal
> >>address as you said and the other with the external address.  I have no
> >>idea what made arp see the external address.
> >
> >Thinking of it, a router following the "weak host" model (like
> >Linux does) can advertise any local address on any interface. It
> >can be tested with arping. However I am failing to imagine any
> >plausible scenario which could lead a host on the internal LAN to
> >have the router's external IP address in its ARP cache. It means
> >that either :
> >- the host sends an ARP query for the router's external IP address
> 
> I guess this could happen if the host has a direct default route (no
> gateway) and the router acts as an ARP proxy. Quite an unusual
> setup.
> 
> >- the router sends an ARP query to the host from its external IP address
> 
> I checked that the latter can happen when the router must send a
> packet to the host with its external address as source and must
> resolve the host's address. Then the ARP query source IP address is
> the external address, and the destination host stores it in its ARP
> cache.
> 
> Any idea why the router would send packets to this host from its
> external address ?

I think your analysis starts from an assumption that everything is,
and always was, set up correctly from the start, and is working with
a sane and correct configuration, which might not be completely true.

Cheers,
David.

Re: Get the external IP address from a Linux box

[David Wright]

On Tue 29 May 2018 at 08:04:06 (-0400), Alan Greenberger wrote:
> On 2018-05-28, David Wright  wrote:
> > On Mon 28 May 2018 at 07:54:49 (-0400), Alan Greenberger wrote:
> >> On 2018-05-26, Pascal Hambourg  wrote:
> >> > Le 25/05/2018 à 02:17, Alan Greenberger a écrit :
> >> >> On 2018-05-24, André Rodier  wrote:
> >> >>>
> >> >>> I am looking for a native package on Debian, that can give me the
> >> >>> external IP address of the machine.
> >> >> 
> >> >> Assuming you are looking for the public internet address of your router,
> >> >> you could try:
> >> >> /usr/sbin/arp -n
> >> >> and it may show up on a line with the HWadress of your router.
> >> >
> >> > Nope. That would just show the internal address of the router.
> >> >
> >> >
> >> You are mostly correct.  However, I have one machine on which the
> >> response to
> >> /usr/sbin/arp -n
> >> shows two lines with the HWaddress of the router, one with the internal
> >> address as you said and the other with the external address.  I have no
> >> idea what made arp see the external address.
> >
> > Can we see what you're seeing (suitably mangled)?
> >
> > Cheers,
> > David.
> >
> >
> 192.168.1.1  ether   6x:3x:ex:7x:4x:bx   C 
> eth0
> 2x.1xx.1xx.1xx   ether   6x:3x:ex:7x:4x:bx   C 
> eth0

The easiest way to achieve this might be to plug that host's cable
into the modem rather than the router (for just a short period).
I don't know how long it takes for arp entries to expire.

A more worrying alternative is that something is misconfigured in the
router, but I don't know what.

Cheers,
David.

Re: Get the external IP address from a Linux box

[Joel Rees]

(Erk. Sorry, Joe.)

On Thu, May 24, 2018 at 6:29 PM, Joe  wrote:
> On Thu, 24 May 2018 08:13:54 +0100
> André Rodier  wrote:
>
>> On Thu, 2018-05-24 at 09:07 +0200, Alberto Luaces wrote:
>> > Joe writes:
>> >
>> > > On the assumption that you are using a router of some kind, your
>> > > public
>> > > IP address will be that of the router WAN port (cable, ADSL, etc.)
>> > > and
>> > > there will be a method of determining that by connecting to the
>> > > router
>> > > as an administrator. That method will depend entirely on the
>> > > router.
>> >
>> > If the router supports upnp and it is activated, you can check the
>> > external IP in an device-independent way with
>> >
>> > upnpc -l | grep ExternalIPAddress
>> >
>>
>> Thank you, finally an answer that make sense and is not pedantic.

Two people have already tried to point out that UPNP is vulnerable by design.

If you have any interest in your local security, your router to the
outside should simply not respond to UPNP at all.

Block/ignore UPNP at every interface, internal and external, on your
external router, at bare minimum.

This is not pedantry, this is trying to save you from being attacked
from your inside.

> How is it possible to avoid being pedantic? You told us nothing about
> your Internet connection, or Debian version, so we had to guess at what
> information you actually wanted and which device to ask.
>
>> I tried this, but it is not 100% reliable. For instance, with the
>> firewall / router I use, upnp id not activated. I suppose I will have
>> to write a custom python script.
>
> So presumably it isn't your computer's external address that you want,
> but that of your router. I was a bit surprised to see upnp mentioned, I
> thought it was only game-players who were willing to run that, and
> Debian would not be their OS of choice.
>
> From (not recent) experience of talking to routers, you may have telnet
> or ssh available, otherwise it's an http admin login, followed by one or
> two router-specific commands. You might be lucky, and the default
> router status page without login may contain the WAN address.
>
> A couple of lines of bash should do it: use curl, and you'll probably
> have to provide the admin password, so the script should probably be
> stored in /root. My routers in years gone by used to need an occasional
> reboot, so I had a script running every ten minutes to check multiple
> websites for connectivity, and if none were found, to issue a reboot
> command.

What Joe says here.

I had ten or twenty lines of moderately careful code in a two
hundred-line perl script I used to update my dyndns.com domain name
back before dyn.com decided they had to kick all the freeloaders like
me off.

Resolution to *some* domain name really ought to be part of an ISP's
basic package, but the Internet got taken over by the poachers.


--
Joel Rees

http://reiisi.blogspot.jp/p/novels-i-am-writing.html

Re: Get the external IP address from a Linux box

[Greg Wooledge]

On Fri, May 25, 2018 at 09:13:34PM -0400, Kenneth Parker wrote:
> Thank you most kindly, Mike!  Is there anything from this, that can help
> the original Poster?  Sign onto yourself, from a VPN or some such?

It's conceptually the same as getting a web service to tell you what
IP address it "saw" you coming from, and using a web service is much
simpler than doing a whole ssh login.

There are a LOT of web services that do this; a few were already mentioned
earlier in this thread.

Re: Get the external IP address from a Linux box

[Pascal Hambourg]

Le 28/05/2018 à 23:14, Pascal Hambourg a écrit :

Le 28/05/2018 à 13:54, Alan Greenberger a écrit :


You are mostly correct.  However, I have one machine on which the
response to
/usr/sbin/arp -n
shows two lines with the HWaddress of the router, one with the internal
address as you said and the other with the external address.  I have no
idea what made arp see the external address.


Thinking of it, a router following the "weak host" model (like Linux 
does) can advertise any local address on any interface. It can be tested 
with arping. However I am failing to imagine any plausible scenario 
which could lead a host on the internal LAN to have the router's 
external IP address in its ARP cache. It means that either :

- the host sends an ARP query for the router's external IP address


I guess this could happen if the host has a direct default route (no 
gateway) and the router acts as an ARP proxy. Quite an unusual setup.



- the router sends an ARP query to the host from its external IP address


I checked that the latter can happen when the router must send a packet 
to the host with its external address as source and must resolve the 
host's address. Then the ARP query source IP address is the external 
address, and the destination host stores it in its ARP cache.


Any idea why the router would send packets to this host from its 
external address ?

Re: Get the external IP address from a Linux box

[Alan Greenberger]

On 2018-05-28, David Wright  wrote:
> On Mon 28 May 2018 at 07:54:49 (-0400), Alan Greenberger wrote:
>> On 2018-05-26, Pascal Hambourg  wrote:
>> > Le 25/05/2018 à 02:17, Alan Greenberger a écrit :
>> >> On 2018-05-24, André Rodier  wrote:
>> >>>
>> >>> I am looking for a native package on Debian, that can give me the
>> >>> external IP address of the machine.
>> >> 
>> >> Assuming you are looking for the public internet address of your router,
>> >> you could try:
>> >> /usr/sbin/arp -n
>> >> and it may show up on a line with the HWadress of your router.
>> >
>> > Nope. That would just show the internal address of the router.
>> >
>> >
>> You are mostly correct.  However, I have one machine on which the
>> response to
>> /usr/sbin/arp -n
>> shows two lines with the HWaddress of the router, one with the internal
>> address as you said and the other with the external address.  I have no
>> idea what made arp see the external address.
>
> Can we see what you're seeing (suitably mangled)?
>
> Cheers,
> David.
>
>
192.168.1.1  ether   6x:3x:ex:7x:4x:bx   C eth0
2x.1xx.1xx.1xx   ether   6x:3x:ex:7x:4x:bx   C eth0

Re: Get the external IP address from a Linux box

[Pascal Hambourg]

Le 28/05/2018 à 13:54, Alan Greenberger a écrit :

On 2018-05-26, Pascal Hambourg  wrote:

Le 25/05/2018 à 02:17, Alan Greenberger a écrit :


Assuming you are looking for the public internet address of your router,
you could try:
/usr/sbin/arp -n
and it may show up on a line with the HWadress of your router.


Nope. That would just show the internal address of the router.


You are mostly correct.  However, I have one machine on which the
response to
/usr/sbin/arp -n
shows two lines with the HWaddress of the router, one with the internal
address as you said and the other with the external address.  I have no
idea what made arp see the external address.


Thinking of it, a router following the "weak host" model (like Linux 
does) can advertise any local address on any interface. It can be tested 
with arping. However I am failing to imagine any plausible scenario 
which could lead a host on the internal LAN to have the router's 
external IP address in its ARP cache. It means that either :

- the host sends an ARP query for the router's external IP address
- the router sends an ARP query to the host from its external IP address

Re: Get the external IP address from a Linux box

[David Wright]

On Mon 28 May 2018 at 07:54:49 (-0400), Alan Greenberger wrote:
> On 2018-05-26, Pascal Hambourg  wrote:
> > Le 25/05/2018 à 02:17, Alan Greenberger a écrit :
> >> On 2018-05-24, André Rodier  wrote:
> >>>
> >>> I am looking for a native package on Debian, that can give me the
> >>> external IP address of the machine.
> >> 
> >> Assuming you are looking for the public internet address of your router,
> >> you could try:
> >> /usr/sbin/arp -n
> >> and it may show up on a line with the HWadress of your router.
> >
> > Nope. That would just show the internal address of the router.
> >
> >
> You are mostly correct.  However, I have one machine on which the
> response to
> /usr/sbin/arp -n
> shows two lines with the HWaddress of the router, one with the internal
> address as you said and the other with the external address.  I have no
> idea what made arp see the external address.

Can we see what you're seeing (suitably mangled)?

Cheers,
David.

Re: Get the external IP address from a Linux box

[Alan Greenberger]

On 2018-05-26, Pascal Hambourg <pas...@plouf.fr.eu.org> wrote:
> Le 25/05/2018 à 02:17, Alan Greenberger a écrit :
>> On 2018-05-24, André Rodier <an...@rodier.me> wrote:
>>>
>>> I am looking for a native package on Debian, that can give me the
>>> external IP address of the machine.
>> 
>> Assuming you are looking for the public internet address of your router,
>> you could try:
>> /usr/sbin/arp -n
>> and it may show up on a line with the HWadress of your router.
>
> Nope. That would just show the internal address of the router.
>
>
You are mostly correct.  However, I have one machine on which the
response to
/usr/sbin/arp -n
shows two lines with the HWaddress of the router, one with the internal
address as you said and the other with the external address.  I have no
idea what made arp see the external address.

Re: Get the external IP address from a Linux box

[Andrew McGlashan]

Hi,

On 27/05/18 22:14, André Rodier wrote:
>> My script also does the Google DNS lookup.
> I have four IP addresses, and Goodle DNS returns the first one,
> although I query from the second one.

Are you sure that isn't a problem at your end?  How your firewall is
identifying and routing the traffic, perhaps?


I've got access to an IPV4 /29 block and did the Google DNS query from
two hosts and got their own IP addresses.

# dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
"115.nnn.nnn.17"


# dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
"115.nnn.nnn.18"

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature

Get the external IP address from a Linux box

[Andrew McGlashan]

Hi,

On 26/05/18 20:53, André Rodier wrote:
> The code is on github, as part of my small homebox project. I am not
> sure it deserves a dedicated repository ;-).
> 
> https://github.com/progmaticltd/homebox/blob/dev-arodier/install/playbo
> oks/roles/system-prepare/files/external-ip

My take from your script is at:

http://ix.io/1bwE/  [lose the trailing / for the raw file]

NB: I am deliberately using bash instead of dash for a number of reasons

> It is very simple, but it does what I wanted:
> 
> - Query multiple servers.

My script also does the Google DNS lookup.

> - Count the IP addresses returned, and order them by the most probable
> result.
> - Return the external IP address only if above a certain level of
> confidence (actually 100%).
> - The list of IP addresses is in a separate configuration file.

I've kept the option to use external config file; otherwise it
uses what is known already n the script.


I've used the following for quite some time, but it usually takes too
long (for my liking) to get an answer and it doesn't use https either:

curl -s ifconfig.me


-- 
Kind Regards
AndrewM





signature.asc
Description: OpenPGP digital signature

Re: Get the external IP address from a Linux box

[Pascal Hambourg]

Le 25/05/2018 à 02:17, Alan Greenberger a écrit :

On 2018-05-24, André Rodier <an...@rodier.me> wrote:


I am looking for a native package on Debian, that can give me the
external IP address of the machine.


Assuming you are looking for the public internet address of your router,
you could try:
/usr/sbin/arp -n
and it may show up on a line with the HWadress of your router.


Nope. That would just show the internal address of the router.

Re: Get the external IP address from a Linux box

[Richard Hector]

On 24/05/18 18:59, Joe wrote:

> To begin with, try:
> 
> ip addr show
> 
> and look for the block of information with a label beginning 'eth' or
> 'en'. That will contain the Ethernet adaptor IP address. From your
> question, I assume your computer contains only one.
> 
> The address returned by Internet sites will be your public IP address,
> and unless you have a very unusual setup, that will not be the same as
> the IP address of your computer. But you have told us nothing at all
> about how your computer connects to the Internet, so I am just guessing.
> 
> On the assumption that you are using a router of some kind, your public
> IP address will be that of the router WAN port (cable, ADSL, etc.) and
> there will be a method of determining that by connecting to the router
> as an administrator. That method will depend entirely on the router.
> 

Until recently, I would have agreed with you - and when I tried the
nifty google dns lookup mentioned in another post, that's what I was
expecting.

Now, however, I get an IPv6 address, and it is the one on my desktop PC.
I can get the router's external IPv4 address by using dig -4.

I suspect my experience is becoming less unusual these days.

Richard



signature.asc
Description: OpenPGP digital signature

Re: Get the external IP address from a Linux box

[Kenneth Parker]

Thank you most kindly, Mike!  Is there anything from this, that can help
the original Poster?  Sign onto yourself, from a VPN or some such?

(Back in the "good old days" where being a "hacker" was Respectable, people
would see if they could reconnect to their own Unix/Linux System, through
as many Countries as possible.  With UUCP [Anyone else remember THAT?], you
could get, quite a "Telephone Circle" going.  Oh well!!!)

Kenneth Parker

On Fri, May 25, 2018 at 9:05 PM, Michael Stone <mst...@debian.org> wrote:

> On Fri, May 25, 2018 at 09:03:15PM -0400, Kenneth Parker wrote:
>
>> I haven't reviewed the Source Code for the "who" command, to see how it
>> gets
>> that IP Address.  Anybody?
>>
>
> It gets it from your login program or pam writing to /var/run/utmp
>
> Mike Stone
>

Re: Get the external IP address from a Linux box

[Michael Stone]

On Fri, May 25, 2018 at 09:03:15PM -0400, Kenneth Parker wrote:

I haven't reviewed the Source Code for the "who" command, to see how it gets
that IP Address.  Anybody?


It gets it from your login program or pam writing to /var/run/utmp

Mike Stone

Re: Get the external IP address from a Linux box

[Kenneth Parker]

I have Shell Access (as Admin) to a "Cloud" System (Ubuntu 16.04 Server,
but due to be Reinstalled as Debian 9.4.  Go Debian!)

When I ssh in, to my "Regular Account", I type "who", and get the External
IP Address for my Spectrum Broadband access.

What I got, just a few minutes ago, was the following response:

>> chronos@localhost:~$ who
>> chronos  pts/02018-05-26 00:47 (173.95.180.12)
>> chronos@localhost:~$


(This is a Dynamic IP, from Spectrum, formerly Time Warner Cable, formerly
Roadrunner.  You know the drill:  Small fish, eaten by a medium-sized fish,
who is, then gobbled up by a Big Fish).

I haven't reviewed the Source Code for the "who" command, to see how it
gets that IP Address.  Anybody?

Thank you and best regards,

Kenneth Parker, Troubleshooter

Re: Get the external IP address from a Linux box

[Dan Purgert]

Abdullah Ramazanoğlu wrote:
> On Thu, 24 May 2018 11:04:51 - (UTC) Dan Purgert said:
>
>> Ew, CGNAT. :(
>> 
>> If you have a particularly poor ISP, they may even NAT you somewhere
>> insane outside of RFC1918 (10.0.0.0 - 10.255.255.255 / 172.16.0.0 -
>> 172.31.255.255 / 192.168.0.0 - 192.168.255.255) or RFC6598 (100.64.0.0 -
>> 100.127.255.255) space.
>
> Since RFC1918 and RFC6598 reserved addresses you mentioned are free (as in
> lunch) to use, an ISP violating them in their internal cloud must be
> really poor of clues, rather than of finances.

Yep, "poor as in bad", rather than "poor as in a pauper".


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: Get the external IP address from a Linux box

[Alan Greenberger]

On 2018-05-24, André Rodier <an...@rodier.me> wrote:
> Hello,
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>

Assuming you are looking for the public internet address of your router,
you could try:
/usr/sbin/arp -n
and it may show up on a line with the HWadress of your router.

Re: Get the external IP address from a Linux box

[Miles Fidelman]

On 5/24/18 4:22 PM, Erwan David wrote:


Le 05/24/18 à 22:17, Stefan Monnier a écrit :

Alberto Luaces <alua...@udc.es> writes:


Joe writes:


On the assumption that you are using a router of some kind, your public
IP address will be that of the router WAN port (cable, ADSL, etc.) and
there will be a method of determining that by connecting to the router
as an administrator. That method will depend entirely on the router.

If the router supports upnp and it is activated, you can check the
external IP in an device-independent way with

upnpc -l | grep ExternalIPAddress

The miniupnpc Debian package even comes with the `external-ip` script
which basically does the above.

I just tried it and it worked (tho only after I installed & enabled
miniupnpd on my OpenWRT router).  Of course, the IP address that my
router gets could itself be an "internal IP" behind a NAT firewall of my
ISP, so even if `external-ip` does give an answer I'm not sure it's
guaranteed to be "the" external IP address.


 Stefan



You could also be natted to one pool, so get different addresses for
different connections, or even have different services natted to
different pools (eg because there is a transparent proxy for outgoing
HTTP connections)


On the assumption that you're connected to a NAT router - the easiest 
way is to log into the admin port on the router - usually there's a 
management interface that will tell you your external IP address.


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Get the external IP address from a Linux box

[Erwan David]

Le 05/24/18 à 22:17, Stefan Monnier a écrit :
> Alberto Luaces <alua...@udc.es> writes:
>
>> Joe writes:
>>
>>> On the assumption that you are using a router of some kind, your public
>>> IP address will be that of the router WAN port (cable, ADSL, etc.) and
>>> there will be a method of determining that by connecting to the router
>>> as an administrator. That method will depend entirely on the router.
>> If the router supports upnp and it is activated, you can check the
>> external IP in an device-independent way with
>>
>> upnpc -l | grep ExternalIPAddress
> The miniupnpc Debian package even comes with the `external-ip` script
> which basically does the above.
>
> I just tried it and it worked (tho only after I installed & enabled
> miniupnpd on my OpenWRT router).  Of course, the IP address that my
> router gets could itself be an "internal IP" behind a NAT firewall of my
> ISP, so even if `external-ip` does give an answer I'm not sure it's
> guaranteed to be "the" external IP address.
>
>
> Stefan
>
>
You could also be natted to one pool, so get different addresses for
different connections, or even have different services natted to
different pools (eg because there is a transparent proxy for outgoing
HTTP connections)

Re: Get the external IP address from a Linux box

[Stefan Monnier]

Alberto Luaces <alua...@udc.es> writes:

> Joe writes:
>
>> On the assumption that you are using a router of some kind, your public
>> IP address will be that of the router WAN port (cable, ADSL, etc.) and
>> there will be a method of determining that by connecting to the router
>> as an administrator. That method will depend entirely on the router.
>
> If the router supports upnp and it is activated, you can check the
> external IP in an device-independent way with
>
> upnpc -l | grep ExternalIPAddress

The miniupnpc Debian package even comes with the `external-ip` script
which basically does the above.

I just tried it and it worked (tho only after I installed & enabled
miniupnpd on my OpenWRT router).  Of course, the IP address that my
router gets could itself be an "internal IP" behind a NAT firewall of my
ISP, so even if `external-ip` does give an answer I'm not sure it's
guaranteed to be "the" external IP address.


Stefan

Re: Get the external IP address from a Linux box

[Dan Purgert]

Greg Wooledge wrote:
> On Thu, May 24, 2018 at 07:22:56AM +0100, André Rodier wrote:
>> I am looking for a native package on Debian, that can give me the
>> external IP address of the machine.
>
> wget --quiet -O- http://wooledge.org/myip.cgi
>
> Or your favorite alternative "tell me what my IP address is" web service,
> if you don't like mine.

Another one to add to the toolkit.  
Wonder what other tidbits that wooledge.org site is hiding, hmmm... 


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: Get the external IP address from a Linux box

[Greg Wooledge]

On Thu, May 24, 2018 at 07:22:56AM +0100, André Rodier wrote:
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.

wget --quiet -O- http://wooledge.org/myip.cgi

Or your favorite alternative "tell me what my IP address is" web service,
if you don't like mine.

Re: Get the external IP address from a Linux box

[Peter Ludikovsky]

curl https://icanhazip.com

Regards,
/peter

On 2018-05-24 08:22, André Rodier wrote:

Hello,

I am looking for a native package on Debian, that can give me the
external IP address of the machine.

So far, I used internet sites, but I am sure there is a package that do
that properly, especially if one site is unreachable.

Something I can run from the command line, and that would return the
external IP address.

Thanks.

Re: Get the external IP address from a Linux box

[Dan Purgert]

Abdullah Ramazanoğlu wrote:
> On Thu, 24 May 2018 07:22:56 +0100 André Rodier said:
>
>> I am looking for a native package on Debian, that can give me the
>> external IP address of the machine.
>> 
>> So far, I used internet sites, but I am sure there is a package that do
>> that properly, especially if one site is unreachable.
>> 
>> Something I can run from the command line, and that would return the
>> external IP address.
>
> Unless you have a dedicated IP address, then even if you directly
> connect to your ISP (no routers, no NAT) you will likely get a local
> pool address and from there routed to the internet by your ISP. In
> that case your link will have 2 *local* addresses (e.g. 192.168.. or
> 10...) : one for your side, one for ISP side. You first enter ISP's
> local IP pool, and from there exit to the internet over a real address
> from ISP's address block.
>

Ew, CGNAT. :(

If you have a particularly poor ISP, they may even NAT you somewhere
insane outside of RFC1918 (10.0.0.0 - 10.255.255.255 / 172.16.0.0 -
172.31.255.255 / 192.168.0.0 - 192.168.255.255) or RFC6598 (100.64.0.0 -
100.127.255.255) space.

I've seen some of these jokers use space in some of the "old /8" space -
stuff owned by the likes of the US DOD, AT, HP, etc. who got in back
in the early days.  So even if it looks like you have a "public" IP
address on your router, it's always a good idea to verify from the
outside.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: Get the external IP address from a Linux box

[Joe]

On Thu, 24 May 2018 08:13:54 +0100
André Rodier <an...@rodier.me> wrote:

> On Thu, 2018-05-24 at 09:07 +0200, Alberto Luaces wrote:
> > Joe writes:
> >   
> > > On the assumption that you are using a router of some kind, your
> > > public
> > > IP address will be that of the router WAN port (cable, ADSL, etc.)
> > > and
> > > there will be a method of determining that by connecting to the
> > > router
> > > as an administrator. That method will depend entirely on the
> > > router.  
> > 
> > If the router supports upnp and it is activated, you can check the
> > external IP in an device-independent way with
> > 
> > upnpc -l | grep ExternalIPAddress
> >   
> 
> Thank you, finally an answer that make sense and is not pedantic.
> 
How is it possible to avoid being pedantic? You told us nothing about
your Internet connection, or Debian version, so we had to guess at what
information you actually wanted and which device to ask.

> I tried this, but it is not 100% reliable. For instance, with the
> firewall / router I use, upnp id not activated. I suppose I will have
> to write a custom python script.

So presumably it isn't your computer's external address that you want,
but that of your router. I was a bit surprised to see upnp mentioned, I
thought it was only game-players who were willing to run that, and
Debian would not be their OS of choice.

From (not recent) experience of talking to routers, you may have telnet
or ssh available, otherwise it's an http admin login, followed by one or
two router-specific commands. You might be lucky, and the default
router status page without login may contain the WAN address.

A couple of lines of bash should do it: use curl, and you'll probably
have to provide the admin password, so the script should probably be
stored in /root. My routers in years gone by used to need an occasional
reboot, so I had a script running every ten minutes to check multiple
websites for connectivity, and if none were found, to issue a reboot
command.

-- 
Joe

Re: Get the external IP address from a Linux box

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, May 24, 2018 at 10:37:44AM +0300, Abdullah Ramazanoğlu wrote:

[...]

> Unless you have a dedicated IP address, then even if you directly connect to
> your ISP (no routers, no NAT) you will likely get a local pool address and 
> from
> there routed to the internet by your ISP. In that case your link will have 2
> *local* addresses (e.g. 192.168.. or 10...) : one for your side, one for ISP
> side. You first enter ISP's local IP pool, and from there exit to the internet
> over a real address from ISP's address block.

In that case, the NAT will be at your provider's side. At the end, it'll
be NAT too (NAT == "your external IP isn't what it seems to be").

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlsGbbQACgkQBcgs9XrR2ka9cACeNyvIhBUgdYL4DJ374mxFHY9v
yycAnRvwpiCuJyrSsXApAF4DsewYUk7W
=pNsg
-END PGP SIGNATURE-

Re: Get the external IP address from a Linux box

[Abdullah Ramazanoğlu]

On Thu, 24 May 2018 07:22:56 +0100 André Rodier said:

> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
> 
> So far, I used internet sites, but I am sure there is a package that do
> that properly, especially if one site is unreachable.
> 
> Something I can run from the command line, and that would return the
> external IP address.

Unless you have a dedicated IP address, then even if you directly connect to
your ISP (no routers, no NAT) you will likely get a local pool address and from
there routed to the internet by your ISP. In that case your link will have 2
*local* addresses (e.g. 192.168.. or 10...) : one for your side, one for ISP
side. You first enter ISP's local IP pool, and from there exit to the internet
over a real address from ISP's address block.

It can be visualized as a local cloud of ISP. One side of the cloud faces
customers (local reserved IP range), the other side faces the internet (real IP
address pool). E.g. I am connected through 3G modem and my IP and my address
starts with 10.x.x.x - an A class reserved block address.

The only reliable way (AFAIK) is going through some sort of "loop-back"
mechanism to see your external address. External sites are one way of achieving
this.

John Conover's (dig) and likcoras' (script) solutions look promising in that
regard.

Regards
-- 
Abdullah Ramazanoğlu