Querying WAN IP of an inner router (pfsense) behind another router on NAT



  • Hi,

    I'm wondering if there's a way for a software running on a PC (Linux) to query an inner router's WAN IP (SG-1100 running pfsense), where the SG-1100 itself is connected behind another router and have an internal NAT IP as it's WAN IP.
    For example, suppose the SG-1100's WAN IP is 192.168.1.10 and the inner PC behind the SG-1100's NAT has the IP of 10.100.1.3.

    Here is the setup:

    PC --> SG-1100 --> outer router --> internet (WAN)
    

    My initial thought was to use traceroute with small ttl, but it gives the external router's IP (192.168.1.1) and not the SG-1100's IP.
    Is there any way the pfsense can be queried for its WAN IP? perhaps through a package?

    Would love to hear your thoughts about it.



  • Found a manual (meaning outside of standard config / package) and hacky workaround, would love to hear of any improvement over that :)

    Create a user in pfsense's User Manager, enable SSH access for that user with a password-less SSH key login (I'm aware it's risky, extra precautions below).

    Create a script in the home user dir, show_wan_ip.sh, containing:

    #!/bin/sh
    ifconfig mvneta0.4090 | sed -n '/.inet /{s///;s/ .*//;p;}'
    

    Edit ~user/.ssh/authorized_keys and add the following before the key:

    command="/home/user/show_wan_ip.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty 
    

    This can be executed from the (less trusted) PC that connects to it over LAN:

    ssh user@10.100.1.1 "/home/user/show_wan_ip.sh"
    192.168.1.10
    

Log in to reply