Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Private IP viewable from Internet even with nat????

Strange one, a pc in a inside private lan runs http://www.whatismyip.com and the reply indicates both the private ip addr and the natted public address???

Surely the nat on the ASA should have no remnence of the private address passed onto the internet???

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Private IP viewable from Internet even with nat????

Hi,

There is nothing wrong with the NAT in your firewall.

As you have suspected, it is very easy to grab the private ip address of the client running the browser to access a public internet server, by running some active scripts.

These scripts will be executed locally in the client browser and they will be able to get the private ip address and pass it back to the server.

You can disable scripting ( java/vbscript) option in your browser, which will prevent this from happening.

Have a look at this URL for more info.

http://www.auditmypc.com/internal-ip.html

-VJ

4 REPLIES
Cisco Employee

Re: Private IP viewable from Internet even with nat????

this is bizarre....

you face this only with ONE n ONLY ONE client ?

How do you confirm the reply contains both private address and the public one ?

1)Does the real ip of the client a private ip address

2)Does it have two nic ?

3)any dns names database locally inside the network ?

New Member

Re: Private IP viewable from Internet even with nat????

Even stranger when you log onto the internal network with a different profile you get a different result,from the same pc, ie only showing public ip address (as it should)...so its not consistent.

Im wondering if its not that the website in question downloads a client side app to discover pre nat addr and then forwards that onto the web site??? The inconsistency would be related to the local permissions on the pc for the logged on profile.

Cisco Employee

Re: Private IP viewable from Internet even with nat????

is it possible you have some internal cache or database and some profiles uses it prior sending/pulling the traffic to/from outside world..?

Re: Private IP viewable from Internet even with nat????

Hi,

There is nothing wrong with the NAT in your firewall.

As you have suspected, it is very easy to grab the private ip address of the client running the browser to access a public internet server, by running some active scripts.

These scripts will be executed locally in the client browser and they will be able to get the private ip address and pass it back to the server.

You can disable scripting ( java/vbscript) option in your browser, which will prevent this from happening.

Have a look at this URL for more info.

http://www.auditmypc.com/internal-ip.html

-VJ

135
Views
0
Helpful
4
Replies
CreatePlease to create content