Querying WAN IP of an inner router (pfsense) behind another router on NAT
-
Hi,
I'm wondering if there's a way for a software running on a PC (Linux) to query an inner router's WAN IP (SG-1100 running pfsense), where the SG-1100 itself is connected behind another router and have an internal NAT IP as it's WAN IP.
For example, suppose the SG-1100's WAN IP is 192.168.1.10 and the inner PC behind the SG-1100's NAT has the IP of 10.100.1.3.Here is the setup:
PC --> SG-1100 --> outer router --> internet (WAN)
My initial thought was to use traceroute with small ttl, but it gives the external router's IP (192.168.1.1) and not the SG-1100's IP.
Is there any way the pfsense can be queried for its WAN IP? perhaps through a package?Would love to hear your thoughts about it.
-
Found a manual (meaning outside of standard config / package) and hacky workaround, would love to hear of any improvement over that :)
Create a user in pfsense's User Manager, enable SSH access for that user with a password-less SSH key login (I'm aware it's risky, extra precautions below).
Create a script in the home user dir,
show_wan_ip.sh
, containing:#!/bin/sh ifconfig mvneta0.4090 | sed -n '/.inet /{s///;s/ .*//;p;}'
Edit
~user/.ssh/authorized_keys
and add the following before the key:command="/home/user/show_wan_ip.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
This can be executed from the (less trusted) PC that connects to it over LAN:
ssh user@10.100.1.1 "/home/user/show_wan_ip.sh" 192.168.1.10