Querying WAN IP of an inner router (pfsense) behind another router on NAT

  • Hi,

    I'm wondering if there's a way for a software running on a PC (Linux) to query an inner router's WAN IP (SG-1100 running pfsense), where the SG-1100 itself is connected behind another router and have an internal NAT IP as it's WAN IP.
    For example, suppose the SG-1100's WAN IP is and the inner PC behind the SG-1100's NAT has the IP of

    Here is the setup:

    PC --> SG-1100 --> outer router --> internet (WAN)

    My initial thought was to use traceroute with small ttl, but it gives the external router's IP ( and not the SG-1100's IP.
    Is there any way the pfsense can be queried for its WAN IP? perhaps through a package?

    Would love to hear your thoughts about it.

  • Found a manual (meaning outside of standard config / package) and hacky workaround, would love to hear of any improvement over that :)

    Create a user in pfsense's User Manager, enable SSH access for that user with a password-less SSH key login (I'm aware it's risky, extra precautions below).

    Create a script in the home user dir, show_wan_ip.sh, containing:

    ifconfig mvneta0.4090 | sed -n '/.inet /{s///;s/ .*//;p;}'

    Edit ~user/.ssh/authorized_keys and add the following before the key:


    This can be executed from the (less trusted) PC that connects to it over LAN:

    ssh user@ "/home/user/show_wan_ip.sh"

Log in to reply