digg

Facebook Connect Join Digg About

How To Get “Provider Independent” IP Address For Your Home Server?

blog.kovyrin.net This article is about how to provider-independent real IP address for your home server behind the NAT.

Who dugg this? Made popular Apr 3, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

62 Comments

show profanity settings
expand all
  • sporktek, on 10/12/2007, -0/+7What you have is a dynamic IP - it just doesn't change very often. If you have a broadband connection that rarely disconnects, you'll have the same IP for a long time. Then, one day, when you disconnect and reconnect (may take a little while between, may be instantaneous) you will have a new IP and some headaches if you're running a server. The writer is talking about something different from static and dynamic IPs tho - his ISP assigned him a *private* IP on their network. There are public IPs (most of them) and then there are private ones, which aren't visible from the internet. Say, an office building may assign addresses from 192.168.123.1 to 192.168.123.100 to a bunch of it's machines. The office across the street can do the same thing. The address pools don't conflict because the 192.168 "group" of IPs aren't public
  • bek99, on 10/12/2007, -0/+6That's just due to nature of DHCP. Dynamically allocated, but if your lease isn't up and as long as you don't change your mac address, you'll be fine. DHCP behavior is to renew 1/2 way through the lease (if I remember correctly) and provided your same address is available (which you have it, so it usually is), you just retain same info and lease expiration is updated. Again, if I remember correctly, dhcp spec tries to renew with same info you already are assigned in present lease. Many cable modem providers don't go out of the way to break the DHCP to hand out a new ip every time. Now if lease expires and you didn't renew, good chances are you'll get a new ip.
  • madeingermany, on 10/12/2007, -1/+7I fail to see how this is going to help anyone not working at a company generous enough to give you an IP address for your own private pleasure.

    And my employer would fire me, if I did any of these "tunnel stunts" from our corp network to my private home machine....
  • cyberdude191, on 10/12/2007, -0/+5Most cable ISP do not change their assigned ip very often. mine changes every 4-6 months or if i unplug my router and cable modem for more than 30 minutes.
  • ph713, on 10/12/2007, -1/+6Basically, nobody gets a "provider independant" IP address that isn't a large company or an ISP of least some reasonable size. And if you have to ask, you're probably not on the list:

    A truly "provider-indepedant" IP address would be one that is directly assigned to you, rather than part of a larger netblock owned by your current provider of choice. This would mean you'd have to get your own top-level netblock from ARIN. ARIN doesn't hand them out to anyone who asks. Generally, you just won't get one unless you can justify it reasonably (as in, "I'm an ISP", or "I'm a large company with many machines"). Basically, you have to justify how many addresses you get, and it's useless (and probably impossible) to get a smaller allocation than some predefined minimum (I'm not sure what the minimum is these days, as I haven't touched this stuff in years, but I would guess it's around /22 or (which is 1024 addresses), or perhaps (much) larger now). Smaller routes won't be allowed on the global backbone routing BGP tables, because they don't want a huge table of small allocations - for performance and stability the backbone prefers a small number of relatively large address space chunks.

    Assuming you manage to justify a netblock of your own from ARIN, and it's big enough to be useful and acceptable on the backbone as an indepedant route, now you basically have two ways of using it:

    1) Sign up with a provider who will advertise your route for you via their AS. Your route will for all practical purposes look like a netblock belonging to this ISP now, and you get your connection from them. You're kinda half-tied to your ISP. It will be a big PITA to switch providers, but you *can* do it and retain your IP addresses, if you find the need to do so.

    2) Get your own Autonomous System number, and become a true public BGP peer with one or more upstream ISPs. Since you're probably not a "provider" on the scale of the guys you're hooking up to, you will have to pay for this peering/bandwidth. And last I heard there's only 65535 AS numbers (has this ever been expanded yet, since I last worked on this stuff, anyone?), so you'll have to come up with even better justifications than you did for the netblock in order to get one assigned to you. But the results are that you are a truly independant routing entity. You can sign up with more ISPs at will and re-use the same route advertisments through them, and have true redundancy against failures of various upstream ISPs. You could in theory choose to allow two or more ISPs you are directly connected up with to route traffic through you to get from A to B (they probably wouldn't choose to do so of course). You could establish indepedant local routing with neighboring local ISPs that are in the same boat as you. You could even become a big backbone provider yourself and go hook your AS up at the big peering centers, and still re-use the same IP addresses, assuming you eventually meet all the requirements for doing that.

  • strictnein, on 10/12/2007, -2/+7http://dyndns.org/ is your friend
  • sporktek, on 10/12/2007, -0/+4Bobby - BUT, there are plenty of people who *can* configure a tunnel somewhere else. That's who this article is aimed at.

    +digg
  • favoriteguy, on 10/12/2007, -0/+4Lets answer a few questions.

    1. Dyndns Services - If the people that mentioned this would have read the first two paragraphs of the article you would have noticed that this guy was assigned an IP address of 192.168.192.2, this means he was behind a router that his ISP owned and he had no control over it. If he would have used dyndns or a service like this he would have been assigned an outside address to a router that he had no control over, and he wouldn't be able to route easily to his home. That's why he had to do this whole setup.

    2. VPN - Essentially he just created a VPN to his home (from his office) and placed his computer at home on the Internet from his office. This uses the bandwidth limitation of lesser of the 2 connections (his office and his ISP). This tunnel allows him to do whatever he wants at home and use a IP address at server location. This will bypass 99% of the routers that you run into since VPN's are common now.

    Since he had complete control over the IP address with his work, he was able to do this. Normal everyday users would not be able to take advantage of this situation unless they were a system admin at their company and had control (or a good friend at work) to adjust the settings.

    I agree though, it would have been much easier just to fork over the money for the IP, or change providers. The plus of changing providers is that you may set yourself up with a business connection that will allow you to change the MX records and such ( you need this to have a valid mail server on the Internet). Mail servers that run on Dynamic IPs tend to have major issues when the IP changes.

    I will digg this story since the process was cool, but some of these comments are people that are just lost at the whole idea of TCP/IP.
  • deadbaby, on 10/12/2007, -2/+6So apparently this guy's ISP basically puts their users on a NAT? (his IP from his provider was 192.168.*) That's really beyond stupid. I'd never use an ISP that did that. Hell I'd even move if they were my only ISP choice.
  • bytefoo, on 10/12/2007, -1/+5I would totally fire you if you did this through my company's network.
  • Writher, on 10/12/2007, -0/+3You have a dynamic IP with a DHCP lease. Your client just constantly refreshes the lease before it expires and therefore you always get the same IP. If the lease table on their server was reset, the scopes got reconfigured, or if you didn't refresh the lease before the max-lease-time was up, you would lose the IP and likely get a new completely different one.
  • mesostinky, on 10/12/2007, -0/+3+++++++++

    The title for this article sucks and is misleading. Change it to "How to piggyback off your work's network" or something more relevant.
  • inactive, on 10/12/2007, -0/+3I agree, he didn't "really" get a different ip, he just setup a tunnel to forward incoming connections. And for all intents and purposes I can do the same with "SSH -R 25:myNEWip.com:25". So instead of forwarding emails from one server to anther he is now forwarding "tcp packets". If the connection between his work pc and his own pc fails then he looses the emails.
  • tylerni7, on 10/12/2007, -0/+3I had my old IP for about... 6 months. Then suddenly it changed and my website stopped working. It took a couple of minutes for me to realize I lost my old IP. So even if you've had the same IP for a while, unless it says it's static, it probably isn't.
  • tokachu, on 10/12/2007, -1/+4Why would anyone spend all that time and money on labor and equipment for trying to get a public IP address when you could probably buy one for a few dollars more a month? If your employer has a public IP address, why don't you just put the equipment on their premises?... or what if your employer suddenly switches their network layout? Then what? Find another person you can take bandwidth from?

    Maybe this is commonplace in other countries, but in the United States most ISPs will give you a public IP address. Even the cheap run-o'-the-mill dialup providers will give you one.
  • hourigan, on 10/12/2007, -2/+5It's not real a provider-independent IP address since it is your employer's IP. For truely provider-independent IP addresses you need an AS number and your own allocation of IP. However it is a good solution for the problem you had.
  • SniperX, on 10/12/2007, -0/+2I don't know why people are hating on Scoundrel's little hack to get a public IP for free (where it's not normally allowed). I thought most good technology lovers supported this stuff.
  • cockbadger, on 10/12/2007, -1/+3No clue what the article was about as it's dead, but there are a number of services that provide IPv6 over IPv4 tunnes.

    It's free, you can get a whole /64 netblock for yourself, and it's just a matter of time before IPv6 obsoletes IPv4 anyway.

    http://www.google.com/search?q=ipv6+tunnel

  • Scoundrel, on 10/12/2007, -4/+6Yes! You are right. It is not real PI IP and that is why words "provider independent" are quoted in title ;-)
  • mooninite, on 10/12/2007, -2/+4This isn't that bad. What's bad is when your ISP blocks ports in an attempt to make their network "virus free." Instead of allowing their customers access to port 80 and 25, they completely block them. *cough* Cox Communications *cough*
  • cheesy, on 10/12/2007, -0/+2The idea of true provider independent (or "portable") IP addresses is pretty ridiculous. It's analogous to moving to a new house but wanting to keep your same street address. If people need to contact you they look up your name (i.e. domain name) up in a phone book or address book (i.e. DNS servers)...that's what DNS is for!

    This doesn't apply in the author's case, it sounds like he just needs a better ISP. If it were simply dynamically assigned public IPs he could use something like dyndns.com
  • geekworking, on 10/12/2007, -1/+3"I decided to take one of IP addresses from IP pool of my employer (I am working for hosting company) "
    ------------------------------
    Any hosting company that would allow $200/month employees decide on their own to configure company servers to tunnel traffic from the company's network to their home computers either has no security policies or this guy didn't quite have permission.

    Somebody out there has their e-commerce site hosted by this guy's employer. I'm glad it's not me.
  • phool, on 10/12/2007, -2/+3how about the security implications of doing this company side, did they know you were doing this? I imagine not.
  • equusdc, on 10/12/2007, -3/+4That's a pretty hokey setup just to get around paying an extra twenty bucks for a "real" connection.
  • favoriteguy, on 10/12/2007, -0/+1Sorry you wouldn't need a business connection to change the MX records, but you would need control over reverse DNS lookups. All the mail servers that I run use look-ups as a way of blocking/marking spam.
  • Scoundrel, on 10/12/2007, -2/+3You can find this program at http://vtun.sourceforge.net/.

    VTun is the easiest way to create Virtual Tunnels over TCP/IP networks. It support various tunnel types and provides many useful features:
    - Encryption
    - Compression
    - Traffic shaping

    VTun is easily and highly configurable. It can be used for various network tasks:
    - VPN
    - Mobile IP
    - etc
  • solarpowered, on 10/12/2007, -0/+1"how to provider-independent real IP address"

    Need a verb, dude.
  • Scoundrel, on 10/12/2007, -1/+2But if you are behind NAT, you can't use DDNS services...
  • Scoundrel, on 10/12/2007, -0/+1I don't understand you. English is foreign language for me, but I am trying to learn it to be able to speak with more people around the world or to share my knowledge and experience with other. And you are posting some fool jokes about my grammar... I think, it is not normal...
  • favoriteguy, on 10/12/2007, -0/+1You don't need linux to do this. This can be done in windows.
  • Progranism, on 10/12/2007, -1/+1I looked around and could not find any detailed information about VTun, a program mentioned in the article. What precisely does it do? It looks interested, so I want to know more about it.
  • Scoundrel, on 10/12/2007, -2/+2No. You have not understood me. Before this tunnel has been built, I worked at my native town as ISP admin. Then I was hired by this hosting company and they gave me really good salary as for my country reality.

    Tunnel is pointed to our testing server where software is being tested and there is nothing confidential.
  • Agret, on 10/12/2007, -3/+3Need IP range to....serve mail.....lots of mail
  • maxhrk, on 10/12/2007, -1/+1Microsoft has vista IPv6 ready i think.. Yeah it probably matter of time when we switches to ipv6 from ipv4. just a thought.
  • Scoundrel, on 10/12/2007, -2/+2Yes, this configuration has been implemented some years ago in my native town, but now I live in Kiev and don't actually need it, but I'm using it because I'm to lazy to change configuration ;-)

    Sporktek, feel free to contact me via msn or ICQ (you can find them in my resume).
  • Kitsune818, on 10/12/2007, -1/+1This is all well and good.. assuming you've got a place to tunnel to and assign yourself a publicly addressable IP... but, you know, otherwise, piece of cake! :P
  • Browncoat, on 10/12/2007, -2/+2Ever since I got broadband (from the only provider in my area) I have been unable to play some of my favorite PC Games online (they're kind of old) because my ISP has me behind a NAT giving me a 10.x.x.x IP. Very aggrevating. Dont think this method will help me because I need to use a Windows machine and have no IP pool to "borrow" from
  • Scoundrel, on 10/12/2007, -3/+3Only one IP ;-) Don't need range of IPs ;-)
  • sporktek, on 10/12/2007, -1/+1Scoundrel - are you the author of the article? I'd like to impliment this on my own systems, but I'd like more info.
  • MrUnderbridge, on 10/12/2007, -0/+0d00d, sell it for $10 on ebay!
  • FozzTexx, on 10/12/2007, -0/+0His bandwidth will be the lesser of his ISP or *half* his company's outgoing. For every packet that comes in it has to go out his company, then his reply has to go back to the company and out to the originator.
  • getownip, on 04/15/2008, -0/+0This is not a real provider-independent IP address. Here I wrote an article with explanations why running own AS and BGP session is so important.
    http://getownip.com/sysadmin
  • cheesy, on 10/12/2007, -1/+1digg ph713's comment! This is why the whole idea of portable IP addresses is ridiculous.
  • Scoundrel, on 10/12/2007, -2/+2Thanks for really great lecture about PI IPs and ASes. But it is too late for me ;-) I have learned this info few years ago when I worked as Senior Network Administrator for largest ISP of our city .
  • volz0r, on 10/12/2007, -1/+1"the NAT".. hahaha.. Where's The Grim Reaper from Family Guy when you need a good extended
    chuckle?
  • Scoundrel, on 10/12/2007, -0/+0I know, but I can't edit my news submision :-(
  • volz0r, on 10/12/2007, -1/+1Misfired this one.
  • Scoundrel, on 10/12/2007, -4/+3I don't want to use public email service for my business contacts. I have gmail accout and I think it is great! But not for commercial email contacts.
  • FozzTexx, on 10/12/2007, -1/+0Wowie zowie, a VPN? Geez that's like, amazing!

    Seriously, I think anyone that has ever built a Linux router does this kind of stuff in their sleep all the time. I know I do. I quite often map entire IP subnets over a VPN onto a bunch of servers so that I can physically move servers from one site to another and not have to have customers freak out for a few days while the DNS caches finally update.
  • blampen, on 10/12/2007, -2/+1i think that i will stick with my gmail account
  • Fetching more discussions...
    Show 51 - 62 of 62 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.