-3

It's bothering me. I'm an amateur at Linux networking so pardon me on that. I've heard terms like NATTED IP from others. But I am not sure what do they mean.

A serious issue has arouse. And I need to debug this.

Assume the IP with which I access the remote server is A.B.C.D. Some call it NATTED IP.

Assume the IP I get from ip a command is E.F.G.H.

  • I can curl/telnet/ping E.F.G.H but not A.B.C.D. Why?

  • I can curl localhost but not the NATTED IP. Why?

  • How do I figure out if the server's IP address was altered at some point of time? What logs can I check for it?

That IP was used in 3 different places, assume in NEPAL.conf, INDIA.conf and PAKISTAN.conf

I already know the fix of this issue, but I want to reverse engineer how this happened. That's the goal of asking this question!

In NEPAL.conf, the IP address of api server used is A.B.C.D

Access: 2023-10-10 17:49:06.302410326 +0545
Modify: 2021-01-07 11:14:28.259435813 +0545
Change: 2023-10-08 11:18:43.987203621 +0545

This is what the stat command shows.

In INDIA.conf, we needed some different IP address not A.B.C.D or E.F.G.H. But there is a typo on this IP.

Access: 2023-10-10 17:26:54.613930249 +0545
Modify: 2022-10-12 15:10:51.731213409 +0545
Change: 2023-09-24 12:31:52.801053008 +0545

https://stackoverflow.com/questions/3385203/what-is-the-access-time-in-unix

What is the difference between modify and change in stat command context?

It seems the change means only change in metadata of file.

As per https://www.grymoire.com/Unix/Inodes.html

the metadata of file consists of following.

Mode/permission (protection)
Owner ID
Group ID
Size of file
Number of hard links to the file
Time last accessed
Time last modified
Time inode last modified

In no world, it can be true that since 1 year this ip address is wrong. It means a big fat module of this app isn't working since 1 year.

Now I go to PAKISTAN.conf, here also we're using A.B.C.D instead of E.F.G.H. The output of stat here seems plausible.

Access: 2023-10-10 17:33:33.716178074 +0545
Modify: 2023-10-09 13:41:36.536314722 +0545
Change: 2023-10-09 13:41:36.537314712 +0545

I'm unable to make sense of all these stuffs. Please guide me.

achhainsan
  • 468
  • 2
    That IP was used which one? in 3 different places, assume in NEPAL.conf, INDIA.conf and PAKISTAN.conf what are we assuming? what are these .conf things? What is their purpose? – Jaromanda X Oct 11 '23 at 04:20
  • It's not relevant. to my question. Assume it's for helping to login, do payment etc. Calling api servers. – achhainsan Oct 11 '23 at 04:23
  • 1
    "Assume the IP with which I access the remote server is A.B.C.D." Does that mean the remote server's IP is A.B.C.D or the remote server sees your access as coming from A.B.C.D? – muru Oct 11 '23 at 04:34
  • 6
    It's not relevant. to my question what isn't? if it's not relevant, then why is it in the question which is already a word salad – Jaromanda X Oct 11 '23 at 04:56
  • If I understand you correctly, you are intermixing the LAN-IP of your PC with the WAN-IP (what the internet sees) of the router. You most likely cannot ping your routers internet-IP because of firewall settings, any access to any website will go through the router, thus the webserver sees the router's IP. The logs you seek for are in the router (if at all); some routers support emailing you changes if the ISP assigns you a new IP. Especially useful if you host a webserver at home. – FelixJN Oct 11 '23 at 09:19
  • 1
    Your question is very hard to understand. What is A.B.C.D or E.F.G.H ? Is it IP address of the server you want to access, or of the machine FROM which you are accessing the server? If it is the address of the server, why are you checking it with ip a ? On which machine you run this command? On which machine you try to curl localhost ? On which machine or machines are the files NEPAL.conf, INDIA.conf and PAKISTAN.conf used? Which of these files contain address A.B.C.D and which ones E.F.G.H ? – raj Oct 11 '23 at 13:58
  • 1
    This is just unclear in the extreme. To begin with, you're talking about the address of a remote server, and then running ip a which would show you the addresses of the host you run it on. One might assume you're running that on some local system, not the remote server, but you're not saying if that's the case or not. We can't tell why you can't access the server, because we don't know what else there is. With network issues, it usually helps (read: it's almost required) to draw an image of the devices involved and whatever there is between them. – ilkkachu Oct 11 '23 at 14:24
  • 1
    We don't know which system the output of ip a is collected from, we don't know what the configuration files are for, and it's really hard to tell what the timestamps of the files are supposed mean. – ilkkachu Oct 11 '23 at 14:25

1 Answers1

0

Note: this is a simplified version. Use it as overview, but you may need to get in details, so with exceptions and special cases.

Every network interface has zero to many IP addresses.

The routing table (ip route) tell you where to send packets depending on the destination IP. So you will find that 127.x.x.x will go to local (lo interface, so it will not go to a network card). On house computers, you may have local network, so you will just send data directly to them, and the default x.x.x.x (marked as 0.0.0.0/0, let's skip network masks) will go to a specific IP address (the local network address of your router).

The router will do the NAT: it will just replace your IP address (local network) to the public IP address of your router (note: in reality there may be an additional carrier-grade-NAT (so also the routers of your ISP will do an additional NAT). And the router keep track of the links, so if the server you contacted want to reply back, the router know which computer on the network to send the packet, and so it will replace the destination address (global router IP) to the local network address of the expected machine).

Now your question is about routing.

On your local network you know local IP so you can connect local machines, and global IP. But external servers cannot know your local IP address (which it is not unique). At most they know your router IP. So they may connect to the router, but that the router do not know where to send the packers. Is the target the printer or the phone on the LAN? Also because security router will just ignore the packet (NAT acts also as a firewall).

You can change the NAT tables of your router: e.g. send telnet to such machine, web to the other machine (and possibly: all unknown packets to local IP x [do not do it if you do not know what you are doing: there are security implication (DMZ settings may have such default destination)].

And for mobile phone or laptops you may have different local IP depending on which network (and wifi) you connect. So you may have different network configurations.

To connect NAT to NAT, there are many tricks but it requires some external server to synchronize connections (if both parts connect nearly at same time to the other external IP, both routers now will know the connection. or other tricks (e.g. done by some VPN, peer to peer services). But usually we just open a port on router (possibly with a random port, and we map it to a standard local port: less noise on logs).

Your files and access time are not much relevant. It depends on the network configuration tool you use, and they are free to access or modify them as they like. You have a network problem/question: keep it at network level (forget filesystem).

Giacomo Catenazzi
  • 2,846