what is the deal with my network/firewall? a networking pro's opinion, please!

Discussion in 'Mac Basics and Help' started by orijinal, Sep 3, 2007.

  1. orijinal macrumors 6502

    orijinal

    Joined:
    Jun 6, 2005
    #1
    Hi,

    I recently moved into a new apartment and am using a new internet service provided in the area. I don't know how the network works, exactly, but I know that there is no firewall on it, but it uses NAT and DHCP.

    I have my Mac OS X Firewall on, and all the advanced settings on, but when I try out some firewall tests (grc/Shield's Up!) it scans my external IP (73.xxx.xxx.xxx) and shows that almost none of my ports are stealthed, shows most closed, and a couple open ports.

    My internal IP is different, a 10.xxx.xxx.xxx IP.

    I just setup my wireless router, and it shows the same results for the Shield's Up! test, with the same external IP. My internal IP now shows the typical 192.xxx.xxx.xxx IP.

    Is this not scanning my computer's actual ports? Is there a host computer on my network or something that it is scanning? Why aren't they showing up as stealthed, etc.? Back at my old place, under comcast, while using the same router, and mac firewall, it showed all my ports stealthed and whatnot.

    And, yeah, yeah, I know we are "safe" using macs on the net, but I wanted to know if anyone knows the deal with this discrepancy?
     
  2. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #2
    ok so your external IP is ok.. no need to worry about that.

    have you checked your routers IP?? it could have been reset during the move, maybe you might have to reconfigure that back to the 10.xxx.xxx.xxx.
     
  3. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #3
    Log into your router's admin page and see what it's getting as an external IP (maybe called a WAN IP). If it's different than the external IP grc shows, then your ISP either has you going through a proxy, or they're doing NAT to all their customers (most likely the case if your router's got a 192.x.x.x or a 10.x.x.x IP).



    EDIT: On second thought, I reread your post and saw this:
    Is that the IP your Mac had when you were plugged directly into your modem (or whatever you plug into to get internet access at your place?) If so, then your ISP is definitely doing NAT of some sort because any IP address that begins with 10. is a private internal address. They likely have one public IP, the 73.x.x.x one, and are using NAT and giving their customers the 10.x ones. So grisoft is scanning the ports on their router (Were ports 22 and/or 23 completely open? Those are the SSH and Telnet ports, and if they're using Cisco or some other high end router, which I certainly hope they are, one, if not both, of those will be open. Actually, they shouldn't be for security, but by default they are on Cisco gear). Now, if you ever need to open a port for torrenting or a game or something, unless they've got UPnP enabled, you're probably SOL.

    EDIT 2: I take back what I said about having those ports open is a huge security oversight on their part. They could have an access control list setup so they can only connect to the router via telnet from the internal network (or a specific machine which would be even better) but the port would still be open to the outside world. So don't go running off just yet thinking your ISP is incompetent ;)
     
  4. orijinal thread starter macrumors 6502

    orijinal

    Joined:
    Jun 6, 2005
    #4
    upon further research (eg. http://probe.hackerwatch.org/probe/hitme.asp), there is a disclaimer saying: "Important: If your only connection to the internet is through a proxy server or NAT this test will not work as expected for you. Instead the proxy itself will be tested, and the results will not actually apply to your computer."

    I think that that is what is happening here? My mac isn't being scanned, but rather the NAT is what is being scanned?

    Is there a program or command line that can show me if there are any open ports on my computer, locally?

    my wan IP is: 10.x.x.x., i think the same as what my internal IP network settings was showing, was without my router.

    what does this mean?
     
  5. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #5
    OK, it means that they are in fact using NAT, and the port scanner was scanning their router rather than your computer. This is how the network seems to be setup:

    Code:
                                                            |- Customer (10.x.x.x)
                                                            |- Customer (10.x.x.x)
    Interwebs------------Their router (73.x.x.x public IP)--|
                                                            |- Customer (10.x.x.x)
                                                            |- You/Your router (10.x.x.x)
                                                               |- Mac (192.168.x.x)
    
    
     
  6. orijinal thread starter macrumors 6502

    orijinal

    Joined:
    Jun 6, 2005
    #6
    Lol, well, when I had my mac connected directly to the ethernet connection, whatismyip.com was giving me that 73.x.x.x address, but i could see in my network connections that my internal IP was a 10.x.x.x.

    you are actually on the money, my 22/80... couple other ports are open apparently.

    AND, again you are on the money... torrenting isn't working out here! i was thinking about connecting my xbox up, too... but i don't think xbox live will fly either.

    any more input on this? am i safe? from what i understand, these scanners are just scanning the NAT, and not my computer/router??

    thanks for the replies, btw! i learned a lot in these last few posts.
     

Share This Page