How to detect connection comes from inside LAN?
Author
As the title states, I'm developing some network code, and I need to think up a way of detecting if a client connecting to the server machine comes from inside or outside our corporate intranet.
[Web Client]<---->[Router]<---->[Server]<---->[ Lan Client]
I've thought up various possibilities, but I don't seem to have reached a solution yet, so any pointers are welcome.
Quote:Original post by Prozak
As the title states, I'm developing some network code, and I need to think up a way of detecting if a client connecting to the server machine comes from inside or outside our corporate intranet.
[Web Client]<---->[Router]<---->[Server]<---->[ Lan Client]
I've thought up various possibilities, but I don't seem to have reached a solution yet, so any pointers are welcome.
Make the router reject any IP coming from the internet with a intranet address (i think this is already active, its to prevent ip spoofing inside the lan).
Then check in your app if the IP address of the client is one of the range of your corporate ones.
Author
I've kept digging, and here is something interesting.
The Server sits on a LAN, behind a Router. There is then, obviously, Port Forwarding involved, so that machines external to the LAN might connect to the Server.
So, instead of connecting to the Server's internal LAN IP, I tried to connect to the Server's external IP:Port.
So, before, when a machine internal to the LAN connected, the Server would say:
"Machine 192.168.1.10 connected".
Now it says:
"Machine 192.168.1.1 connected".
The above is the Router's IP address. I can use this to tell me that if any machine connects to the Server coming from 192.168.1.1 it has to be a machine internal to the LAN.
Have I missed any detail here?
The Server sits on a LAN, behind a Router. There is then, obviously, Port Forwarding involved, so that machines external to the LAN might connect to the Server.
So, instead of connecting to the Server's internal LAN IP, I tried to connect to the Server's external IP:Port.
So, before, when a machine internal to the LAN connected, the Server would say:
"Machine 192.168.1.10 connected".
Now it says:
"Machine 192.168.1.1 connected".
The above is the Router's IP address. I can use this to tell me that if any machine connects to the Server coming from 192.168.1.1 it has to be a machine internal to the LAN.
Have I missed any detail here?
You can see the apparent remote address of a connection for TCP in the argument to accept(), or by calling getpeername(). You get the remote address to reply to for UDP in recvfrom().
If you use reverse NAT, then it's pretty much impossible to detect whether the connection is from LAN or from the router -- unless you can configure your program to recognize the router address as "external."
If you use a system that exposes the external addresses, such as putting your machine in a DMZ, then you will get external addresses for external clients, and can simply test for whether the address is in your internal subnet (by netmask) or not.
In real situations like these, you often have two networks on the same physical interface, one with an internal address, and one with an external address.
If you use reverse NAT, then it's pretty much impossible to detect whether the connection is from LAN or from the router -- unless you can configure your program to recognize the router address as "external."
If you use a system that exposes the external addresses, such as putting your machine in a DMZ, then you will get external addresses for external clients, and can simply test for whether the address is in your internal subnet (by netmask) or not.
In real situations like these, you often have two networks on the same physical interface, one with an internal address, and one with an external address.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
