How do I really know who is accessing my server?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
Recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router (Huawei HG532s). I also have a web page (Only for testing) and an SSH server to log in and monitor the server from anywhere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who
it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is establishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who
command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Output of the traceroute
command to my server's IP from my university’s network:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
Apache2 log after access with my 4G IP:
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Command who
output after logging in with my 4G IP:
alex pts/0 2019-02-07 09:35 (192.168.1.254)
alex pts/1 2019-02-07 09:16 (62.37.40.224)
alex pts/2 2019-02-07 10:19 (62.37.40.224)
alex pts/3 2019-02-07 10:44 (62.37.40.224)
networking ubuntu router ip adsl
|
show 1 more comment
Recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router (Huawei HG532s). I also have a web page (Only for testing) and an SSH server to log in and monitor the server from anywhere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who
it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is establishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who
command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Output of the traceroute
command to my server's IP from my university’s network:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
Apache2 log after access with my 4G IP:
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Command who
output after logging in with my 4G IP:
alex pts/0 2019-02-07 09:35 (192.168.1.254)
alex pts/1 2019-02-07 09:16 (62.37.40.224)
alex pts/2 2019-02-07 10:19 (62.37.40.224)
alex pts/3 2019-02-07 10:44 (62.37.40.224)
networking ubuntu router ip adsl
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
1
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
2
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?
– xBeiker
Feb 7 at 10:22
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39
|
show 1 more comment
Recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router (Huawei HG532s). I also have a web page (Only for testing) and an SSH server to log in and monitor the server from anywhere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who
it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is establishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who
command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Output of the traceroute
command to my server's IP from my university’s network:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
Apache2 log after access with my 4G IP:
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Command who
output after logging in with my 4G IP:
alex pts/0 2019-02-07 09:35 (192.168.1.254)
alex pts/1 2019-02-07 09:16 (62.37.40.224)
alex pts/2 2019-02-07 10:19 (62.37.40.224)
alex pts/3 2019-02-07 10:44 (62.37.40.224)
networking ubuntu router ip adsl
Recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router (Huawei HG532s). I also have a web page (Only for testing) and an SSH server to log in and monitor the server from anywhere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who
it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is establishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who
command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Output of the traceroute
command to my server's IP from my university’s network:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
Apache2 log after access with my 4G IP:
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Command who
output after logging in with my 4G IP:
alex pts/0 2019-02-07 09:35 (192.168.1.254)
alex pts/1 2019-02-07 09:16 (62.37.40.224)
alex pts/2 2019-02-07 10:19 (62.37.40.224)
alex pts/3 2019-02-07 10:44 (62.37.40.224)
networking ubuntu router ip adsl
networking ubuntu router ip adsl
edited Feb 7 at 12:10
Melebius
6771925
6771925
asked Feb 7 at 9:37
xBeikerxBeiker
63
63
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
1
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
2
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?
– xBeiker
Feb 7 at 10:22
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39
|
show 1 more comment
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
1
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
2
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?
– xBeiker
Feb 7 at 10:22
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
1
1
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
2
2
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?– xBeiker
Feb 7 at 10:22
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?– xBeiker
Feb 7 at 10:22
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39
|
show 1 more comment
1 Answer
1
active
oldest
votes
If I understand your question correctly, this will be a problem with the way your router is handling inbound connections. It appears to be proxying them or translating the source address as well as the destination - when it.should.only be doing the latter.
I've updated the post (at the end) to show the output ofwho
when I log in with my 4G IP and the access log of apache2 in case it helps...
– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
|
show 2 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403052%2fhow-do-i-really-know-who-is-accessing-my-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
If I understand your question correctly, this will be a problem with the way your router is handling inbound connections. It appears to be proxying them or translating the source address as well as the destination - when it.should.only be doing the latter.
I've updated the post (at the end) to show the output ofwho
when I log in with my 4G IP and the access log of apache2 in case it helps...
– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
|
show 2 more comments
If I understand your question correctly, this will be a problem with the way your router is handling inbound connections. It appears to be proxying them or translating the source address as well as the destination - when it.should.only be doing the latter.
I've updated the post (at the end) to show the output ofwho
when I log in with my 4G IP and the access log of apache2 in case it helps...
– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
|
show 2 more comments
If I understand your question correctly, this will be a problem with the way your router is handling inbound connections. It appears to be proxying them or translating the source address as well as the destination - when it.should.only be doing the latter.
If I understand your question correctly, this will be a problem with the way your router is handling inbound connections. It appears to be proxying them or translating the source address as well as the destination - when it.should.only be doing the latter.
edited Feb 8 at 18:45
GAD3R
2,4421226
2,4421226
answered Feb 7 at 10:44
davidgodavidgo
45k75392
45k75392
I've updated the post (at the end) to show the output ofwho
when I log in with my 4G IP and the access log of apache2 in case it helps...
– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
|
show 2 more comments
I've updated the post (at the end) to show the output ofwho
when I log in with my 4G IP and the access log of apache2 in case it helps...
– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
I've updated the post (at the end) to show the output of
who
when I log in with my 4G IP and the access log of apache2 in case it helps...– xBeiker
Feb 7 at 10:52
I've updated the post (at the end) to show the output of
who
when I log in with my 4G IP and the access log of apache2 in case it helps...– xBeiker
Feb 7 at 10:52
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
What ypu have provided in your update shows everythings is correct, and your router is not ptoxying or rewriting source addresses. Without some kind of authentication or tie-in with a third party, the best you csn get is the remote parties purported IP address, ehivh is coming yhtough uniquely as per your tests.
– davidgo
Feb 7 at 18:16
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
But whenever someone logs in via SSH it's not showing me his IP address, it's showing my own public IP adress
– xBeiker
Feb 7 at 19:58
1
1
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
You can. The problem exists on the router, so you would need to fix it theore (or if it is not fixable there, replace the router). You may also be able to work arround it by changing the port SSH listens on - especially SSH runs on the router. Another solution would be to use a VPN to connect to the box, and then SSH over that - which is a more secure solution as well.
– davidgo
Feb 7 at 20:20
1
1
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
Now that you mention it, I forgot to explain that I use both 22 and 443 ports to access via SSH since my university's proxy has port 22 unaccesible, but when I use it on my phone I'm using the 22 port and it shows the same
– xBeiker
Feb 7 at 20:52
|
show 2 more comments
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403052%2fhow-do-i-really-know-who-is-accessing-my-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you had someone else try to connect? Cause any connections from you would be from your ip address... your ip address would be both the destination (which then gets NATed to the internal network ip of the server) and the source.
– Cliff Armstrong
Feb 7 at 9:40
1
As @CliffArmstrong has suggested... a basic test would be to use your mobile phone 3G/4G and visit your website/log on to your SSH and then check the logs to see if your 3G/4G IP address is logged...
– Kinnectus
Feb 7 at 9:47
Originally posted at askubuntu.com/questions/1116327/…, see also the comments there.
– Melebius
Feb 7 at 9:49
2
90.174.4.159 - - [07/Feb/2019:10:20:24 +0000] "GET / HTTP/1.1" 200 774 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1"
Oh yes, if I get into my web page from my 4G IP address it shows it... Why doesn't it show it when I log in with my univeristy proxy?– xBeiker
Feb 7 at 10:22
@xBeiker Have you also tried SSH from the phone (e.g. using Termius)?
– Melebius
Feb 7 at 10:39