Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Private IP is not hiden

    Scheduled Pinned Locked Moved NAT
    10 Posts 3 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tripson
      last edited by

      hello.

      i have pfsense. and NAT is running ok. but, few minutes back, i tested my configuration with some internet page, who offers a firewall test. and everything is ok except that private/ internal IP (192*) obviously is not hidden. :O

      i cant believe it. afaik, the NAT hides private/ internal IPs from public… :S

      what i can do? i something i must specialy set in pfsense or what?

      im really concerned,
      thank you,
      trip

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        How about showing us the page that is showing you the ip.

        1 Reply Last reply Reply Quote 0
        • T
          tripson
          last edited by

          sullrich: you just overtaked me :P

          its: http://www.auditmypc.com

          i really dont get it :S

          trip

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            I ran all the tests and it only saw my public IP.

            Can you take a screenshot?

            1 Reply Last reply Reply Quote 0
            • T
              tripson
              last edited by

              screen:

              screen2_.GIF
              screen2_.GIF_thumb
              screen2_.GIF_thumb

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by

                Javascript…

                1 Reply Last reply Reply Quote 0
                • T
                  tripson
                  last edited by

                  hm… javascript... that mean that anything is allright? and my firewall (pfsense) if working safe and properly?

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    Yeah, it's called Javascript.  That's not from their server, it's inserted by your PC.  The only way a remote site could get that info back is if they could trick you into submitting it back through a form or something similar.

                    But sites like that love to make you believe you're somehow insecure and then are more than willing to sell you something to fix that "problem".

                    Regardless, run that test on a browser that has all javascript disabled.  You won't get that.  This isn't the firewall showing anything, it's your insecure web browser (if you consider this insecure).  You told your firewall to pass HTTP, it's doing its job.

                    Personally, I could care less if somebody knows what my private IP's are, what does it matter?  I use 10.0.64.0/21, subnetted into several /24's.

                    If you don't believe me, try again with javascript disabled.  Easy way to try if you have IE and don't want to screw with your Firefox like me, add *.auditmypc.com to your restricted sites list.  It doesn't work anymore.

                    1 Reply Last reply Reply Quote 0
                    • S
                      sullrich
                      last edited by

                      "Internal IP

                      This does not necessarily mean your firewall is malfunctioning or improperly configured. The method we used will sneak past most firewalls. Why? Because we use Java to grab the information and then pass it on to the server (Notice how everything ran without prompting you?) "

                      http://www.auditmypc.com/internal-ip.html

                      1 Reply Last reply Reply Quote 0
                      • T
                        tripson
                        last edited by

                        blah, silly me… :)

                        thank you both, sullrich and cmb, for answers!

                        have fun
                        trip

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.