site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Equipment Support > Hardware By Brand > Cisco > [HELP] Can't hide internal IP on SOHO 97

Search Topic:
 Uniqs:
1772		 Share Topic
Posting?
Post a:
Post a:
Links: ·Submit a new forum topic ·Forum FAQ ·Submit a FAQ ·Docs Guidelines and Advisories ·EOS/EOL thread
AuthorAll Replies

wowbanger2k

join:2004-12-07
UK

[HELP] Can't hide internal IP on SOHO 97

Hi guys (newbie)

I've got NAT setup on my SOHO 97 ADSL router. LAN and internet access are fine, but when I run the security check at www.auditmypc.com they can detect my internal IP!!

Selected config pasted below (passwords etc removed ). Everything works fine except this problem with my internal IP being exposed.

Any ideas much appreciated.

Thanks in advance

Chris

*****

!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
logging buffered warnings
logging console emergencies
enable secret xxxxx
!
clock timezone GMT 1
ip subnet-zero
ip dhcp excluded-address xx.yy.zz.aa
{various others for machines with static IPs]
!
!ip dhcp pool CLIENT
! import all
! network xx.yy.zz.0 255.255.255.0
! default-router xx.yy.zz.aa
! lease 2
!
!
no ip domain lookup
ip name-server 158.152.1.43
ip name-server 158.152.1.58
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 60
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
password encryption aes
!
!
!
!
!
!
!
interface Ethernet0
ip address xx.yy.zz.aa 255.255.255.0
ip access-group 122 out
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip access-group 112 out
ip nat outside
no ip mroute-cache
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password xxxx
ppp pap sent-username xxxx password xxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list 11 interface Dialer1 overload
!
access-list 11 permit xx.yy.zz.0 0.0.0.255
!
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 131 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
to forum · permalink · 2004-12-07 16:04:15 ·

michaelr7

join:2004-03-26
Tucson, AZ

quote:
I've got NAT setup on my SOHO 97 ADSL router. LAN and internet access are fine, but when I run the security check at www.auditmypc.com they can detect my internal IP!!
If you are accessing this site from your internal network then the site would be broken if it didn't do this. A bit of java or javascript on the web site asks your PC for its IP address and your PC gladly tells it. Nothing the router can do about it unless you block java and all types of scripting (and SSL in case it wants to do the scripting encrypted by SSL).
to forum · permalink · 2004-12-07 20:30:44 ·

aryoba
Premium,MVM
join:2002-08-22
kudos:3
4 edits

On your CBAC, add "ip inspect name myfw http" and see if the website still can see your internal IP address. The command should be able to block illegitimate internal IP address request from Java or Javascript programs.

But keep in mind that using such command may cause your Internet browser to not be able to show up "friendly" Java or Javascript programs. You can verify this condition to "friendly" websites.

to forum · permalink · 2004-12-08 01:36:01 ·

wowbanger2k

join:2004-12-07
UK

Hey Hey!

The "ip inspect name myfw http" command works fine. Thanks for the input everyone

Chris

to forum · permalink · 2004-12-08 12:22:50 ·

michaelr7

join:2004-03-26
Tucson, AZ

reply to aryoba

quote:
The command should be able to block illegitimate internal IP address request from Java or Javascript programs.
Unfortunately it blocks all Java - not just one which want to get your IP address. You should add an access-list to specify the sites you allow java apps from.
to forum · permalink · 2004-12-09 04:11:56 ·
Forums > Equipment Support > Hardware By Brand > Cisco

Wednesday, 19-Jun 18:45:22 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics