what is the deal with my network/firewall? a networking pro's opinion, please!

orijinal

macrumors 6502
Original poster
Jun 6, 2005
384
0
Hi,

I recently moved into a new apartment and am using a new internet service provided in the area. I don't know how the network works, exactly, but I know that there is no firewall on it, but it uses NAT and DHCP.

I have my Mac OS X Firewall on, and all the advanced settings on, but when I try out some firewall tests (grc/Shield's Up!) it scans my external IP (73.xxx.xxx.xxx) and shows that almost none of my ports are stealthed, shows most closed, and a couple open ports.

My internal IP is different, a 10.xxx.xxx.xxx IP.

I just setup my wireless router, and it shows the same results for the Shield's Up! test, with the same external IP. My internal IP now shows the typical 192.xxx.xxx.xxx IP.

Is this not scanning my computer's actual ports? Is there a host computer on my network or something that it is scanning? Why aren't they showing up as stealthed, etc.? Back at my old place, under comcast, while using the same router, and mac firewall, it showed all my ports stealthed and whatnot.

And, yeah, yeah, I know we are "safe" using macs on the net, but I wanted to know if anyone knows the deal with this discrepancy?
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
ok so your external IP is ok.. no need to worry about that.

have you checked your routers IP?? it could have been reset during the move, maybe you might have to reconfigure that back to the 10.xxx.xxx.xxx.
 

yg17

macrumors G5
Aug 1, 2004
14,888
2,480
St. Louis, MO
Log into your router's admin page and see what it's getting as an external IP (maybe called a WAN IP). If it's different than the external IP grc shows, then your ISP either has you going through a proxy, or they're doing NAT to all their customers (most likely the case if your router's got a 192.x.x.x or a 10.x.x.x IP).



EDIT: On second thought, I reread your post and saw this:
My internal IP is different, a 10.xxx.xxx.xxx IP.
Is that the IP your Mac had when you were plugged directly into your modem (or whatever you plug into to get internet access at your place?) If so, then your ISP is definitely doing NAT of some sort because any IP address that begins with 10. is a private internal address. They likely have one public IP, the 73.x.x.x one, and are using NAT and giving their customers the 10.x ones. So grisoft is scanning the ports on their router (Were ports 22 and/or 23 completely open? Those are the SSH and Telnet ports, and if they're using Cisco or some other high end router, which I certainly hope they are, one, if not both, of those will be open. Actually, they shouldn't be for security, but by default they are on Cisco gear). Now, if you ever need to open a port for torrenting or a game or something, unless they've got UPnP enabled, you're probably SOL.

EDIT 2: I take back what I said about having those ports open is a huge security oversight on their part. They could have an access control list setup so they can only connect to the router via telnet from the internal network (or a specific machine which would be even better) but the port would still be open to the outside world. So don't go running off just yet thinking your ISP is incompetent ;)
 

orijinal

macrumors 6502
Original poster
Jun 6, 2005
384
0
upon further research (eg. http://probe.hackerwatch.org/probe/hitme.asp), there is a disclaimer saying: "Important: If your only connection to the internet is through a proxy server or NAT this test will not work as expected for you. Instead the proxy itself will be tested, and the results will not actually apply to your computer."

I think that that is what is happening here? My mac isn't being scanned, but rather the NAT is what is being scanned?

Is there a program or command line that can show me if there are any open ports on my computer, locally?

Log into your router's admin page and see what it's getting as an external IP (maybe called a WAN IP). If it's different than the external IP grc shows, then your ISP either has you going through a proxy, or they're doing NAT to all their customers (most likely the case if your router's got a 192.x.x.x or a 10.x.x.x IP).
my wan IP is: 10.x.x.x., i think the same as what my internal IP network settings was showing, was without my router.

what does this mean?
 

yg17

macrumors G5
Aug 1, 2004
14,888
2,480
St. Louis, MO
my wan IP is: 10.x.x.x., i think the same as what my internal IP network settings was showing, was without my router.

what does this mean?
OK, it means that they are in fact using NAT, and the port scanner was scanning their router rather than your computer. This is how the network seems to be setup:

Code:
                                                        |- Customer (10.x.x.x)
                                                        |- Customer (10.x.x.x)
Interwebs------------Their router (73.x.x.x public IP)--|
                                                        |- Customer (10.x.x.x)
                                                        |- You/Your router (10.x.x.x)
                                                           |- Mac (192.168.x.x)
 

orijinal

macrumors 6502
Original poster
Jun 6, 2005
384
0
Log into your router's admin page and see what it's getting as an external IP (maybe called a WAN IP). If it's different than the external IP grc shows, then your ISP either has you going through a proxy, or they're doing NAT to all their customers (most likely the case if your router's got a 192.x.x.x or a 10.x.x.x IP).



EDIT: On second thought, I reread your post and saw this:

Is that the IP your Mac had when you were plugged directly into your modem (or whatever you plug into to get internet access at your place?) If so, then your ISP is definitely doing NAT of some sort because any IP address that begins with 10. is a private internal address. They likely have one public IP, the 73.x.x.x one, and are using NAT and giving their customers the 10.x ones. So grisoft is scanning the ports on their router (Were ports 22 and/or 23 completely open? Those are the SSH and Telnet ports, and if they're using Cisco or some other high end router, which I certainly hope they are, one, if not both, of those will be open. Actually, they shouldn't be for security, but by default they are on Cisco gear). Now, if you ever need to open a port for torrenting or a game or something, unless they've got UPnP enabled, you're probably SOL.

EDIT 2: I take back what I said about having those ports open is a huge security oversight on their part. They could have an access control list setup so they can only connect to the router via telnet from the internal network (or a specific machine which would be even better) but the port would still be open to the outside world. So don't go running off just yet thinking your ISP is incompetent ;)
Lol, well, when I had my mac connected directly to the ethernet connection, whatismyip.com was giving me that 73.x.x.x address, but i could see in my network connections that my internal IP was a 10.x.x.x.

you are actually on the money, my 22/80... couple other ports are open apparently.

AND, again you are on the money... torrenting isn't working out here! i was thinking about connecting my xbox up, too... but i don't think xbox live will fly either.

any more input on this? am i safe? from what i understand, these scanners are just scanning the NAT, and not my computer/router??

thanks for the replies, btw! i learned a lot in these last few posts.