Sign in to follow this  
Prozak

How to detect connection comes from inside LAN?

Recommended Posts

As the title states, I'm developing some network code, and I need to think up a way of detecting if a client connecting to the server machine comes from inside or outside our corporate intranet. [Web Client]<---->[Router]<---->[Server]<---->[ Lan Client] I've thought up various possibilities, but I don't seem to have reached a solution yet, so any pointers are welcome.

Share this post


Link to post
Share on other sites
Quote:
Original post by Prozak
As the title states, I'm developing some network code, and I need to think up a way of detecting if a client connecting to the server machine comes from inside or outside our corporate intranet.

[Web Client]<---->[Router]<---->[Server]<---->[ Lan Client]

I've thought up various possibilities, but I don't seem to have reached a solution yet, so any pointers are welcome.


Make the router reject any IP coming from the internet with a intranet address (i think this is already active, its to prevent ip spoofing inside the lan).
Then check in your app if the IP address of the client is one of the range of your corporate ones.

Share this post


Link to post
Share on other sites
I've kept digging, and here is something interesting.

The Server sits on a LAN, behind a Router. There is then, obviously, Port Forwarding involved, so that machines external to the LAN might connect to the Server.

So, instead of connecting to the Server's internal LAN IP, I tried to connect to the Server's external IP:Port.

So, before, when a machine internal to the LAN connected, the Server would say:
"Machine 192.168.1.10 connected".

Now it says:
"Machine 192.168.1.1 connected".

The above is the Router's IP address. I can use this to tell me that if any machine connects to the Server coming from 192.168.1.1 it has to be a machine internal to the LAN.

Have I missed any detail here?

Share this post


Link to post
Share on other sites
You can see the apparent remote address of a connection for TCP in the argument to accept(), or by calling getpeername(). You get the remote address to reply to for UDP in recvfrom().

If you use reverse NAT, then it's pretty much impossible to detect whether the connection is from LAN or from the router -- unless you can configure your program to recognize the router address as "external."

If you use a system that exposes the external addresses, such as putting your machine in a DMZ, then you will get external addresses for external clients, and can simply test for whether the address is in your internal subnet (by netmask) or not.

In real situations like these, you often have two networks on the same physical interface, one with an internal address, and one with an external address.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this