Get the external IP address from a Linux box

[André Rodier]

Hello,

I am looking for a native package on Debian, that can give me the
external IP address of the machine.

So far, I used internet sites, but I am sure there is a package that do
that properly, especially if one site is unreachable.

Something I can run from the command line, and that would return the
external IP address.

Thanks.

--
André Rodier
Homebox: https://github.com/progmaticltd/homebox

[John Conover]

=?ISO-8859-1?Q?Andr=E9?= Rodier writes:
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>

Hi Andre.

Type "ifconfig" without the quotes. The record you are looking for is
inet addr: for IPV4. Its about the second line from the top.

John

--

John Conover, con...@rahul.net, http://www.johncon.com/

[to...@tuxteam.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 24, 2018 at 07:22:56AM +0100, André Rodier wrote:
> Hello,
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.

Before embarking in such a task, you might want to consider what
"the external IP address of your machine" actually means, just to
understand where the limitations and pitfalls of such a concept are.

> So far, I used internet sites, but I am sure there is a package that do
> that properly, especially if one site is unreachable.

Judging from that, I guess you mean "your machine as seen from the
Internet". Well, that will (in most cases) the IP address your provider
assigns to your DSL modem (or your cable modem, or whatever device
you're using to connect to the Internet). Behind that, there's (again:
most probably, but not necessarily) an NAT ("network address translation",
so your machine's IP address looks different.

> Something I can run from the command line, and that would return the
> external IP address.

For that you'll always need the cooperation of some site located in what
you consider to be "out there".

Cheers
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlsGYf8ACgkQBcgs9XrR2kbWWACfdIGAWCqm1fEM6hZTJ3o52aJr
XWAAnjumSCL0It21S5aawrReSodJKyXF
=4bN5
-----END PGP SIGNATURE-----

[likcoras]

On 05/24/2018 03:48 PM, John Conover wrote:
> =?ISO-8859-1?Q?Andr=E9?= Rodier writes:
>>
>> I am looking for a native package on Debian, that can give me the
>> external IP address of the machine.
>>
>
> Hi Andre.
>
> Type "ifconfig" without the quotes. The record you are looking for is
> inet addr: for IPV4. Its about the second line from the top.
>
> John
>

ifconfig would only work if you are directly assigned the public,
external IP. If you are behind eg. a router that does NAT, you would
only see the private IP internal to the local network.

I am not aware of any packages in the repos that has this kind of
functionality, but you could always just write a simple script around
the various sites that report your external ip.

It can be as simple as `curl ipinfo.io` (or your preferred site), you
could even try to have a script to try a few backups in case your
primary site happens to be unreachable.

[Alberto Luaces]

Joe writes:

> On the assumption that you are using a router of some kind, your public
> IP address will be that of the router WAN port (cable, ADSL, etc.) and
> there will be a method of determining that by connecting to the router
> as an administrator. That method will depend entirely on the router.

If the router supports upnp and it is activated, you can check the
external IP in an device-independent way with

upnpc -l | grep ExternalIPAddress

--
Alberto

[Joe]

On Thu, 24 May 2018 07:22:56 +0100
André Rodier <an...@rodier.me> wrote:

> Hello,
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>
> So far, I used internet sites, but I am sure there is a package that
> do that properly, especially if one site is unreachable.
>
> Something I can run from the command line, and that would return the
> external IP address.
>

To begin with, try:

ip addr show

and look for the block of information with a label beginning 'eth' or
'en'. That will contain the Ethernet adaptor IP address. From your
question, I assume your computer contains only one.

The address returned by Internet sites will be your public IP address,
and unless you have a very unusual setup, that will not be the same as
the IP address of your computer. But you have told us nothing at all
about how your computer connects to the Internet, so I am just guessing.

On the assumption that you are using a router of some kind, your public
IP address will be that of the router WAN port (cable, ADSL, etc.) and
there will be a method of determining that by connecting to the router
as an administrator. That method will depend entirely on the router.

--
Joe

[André Rodier]

Thank you, finally an answer that make sense and is not pedantic.

I tried this, but it is not 100% reliable. For instance, with the
firewall / router I use, upnp id not activated. I suppose I will have
to write a custom python script.

Kind regards,
André

[John Conover]

likcoras writes:
> >>
> >> I am looking for a native package on Debian, that can give me the
> >> external IP address of the machine.
> >>
> >
> > Hi Andre.
> >
> > Type "ifconfig" without the quotes. The record you are looking for is
> > inet addr: for IPV4. Its about the second line from the top.
> >
>

> ifconfig would only work if you are directly assigned the public,
> external IP. If you are behind eg. a router that does NAT, you would
> only see the private IP internal to the local network.
>

Then:

dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

[to...@tuxteam.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 24, 2018 at 08:13:54AM +0100, André Rodier wrote:

[...]

> Thank you, finally an answer that make sense and is not pedantic.

Thank *you* for the "pedantic" ;-)

And to return the favour, here's why you don't really want to have
UPnP on your border device:

https://www.reddit.com/r/sysadmin/comments/4gpiez/upnp_on_pfsense_security_risks_and_alternatives/

(the short: every random javascript your browser sucks in from
the Intratubes and a small slip in your browser's security can
instruct your border device to open arbitrary holes in the
firewall).

Enjoy
- -- t

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlsGaeAACgkQBcgs9XrR2kb7EACeIXbTMCst2jHQafuTNjXNX/1A
j6sAnjWusTwHMXzKAjtJQFNZkMBNRPYV
=M+M2
-----END PGP SIGNATURE-----

[Abdullah Ramazanoğlu]

On Thu, 24 May 2018 07:22:56 +0100 André Rodier said:

> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>
> So far, I used internet sites, but I am sure there is a package that do
> that properly, especially if one site is unreachable.
>
> Something I can run from the command line, and that would return the
> external IP address.

Unless you have a dedicated IP address, then even if you directly connect to
your ISP (no routers, no NAT) you will likely get a local pool address and from
there routed to the internet by your ISP. In that case your link will have 2
*local* addresses (e.g. 192.168.. or 10...) : one for your side, one for ISP
side. You first enter ISP's local IP pool, and from there exit to the internet
over a real address from ISP's address block.

It can be visualized as a local cloud of ISP. One side of the cloud faces
customers (local reserved IP range), the other side faces the internet (real IP
address pool). E.g. I am connected through 3G modem and my IP and my address
starts with 10.x.x.x - an A class reserved block address.

The only reliable way (AFAIK) is going through some sort of "loop-back"
mechanism to see your external address. External sites are one way of achieving
this.

John Conover's (dig) and likcoras' (script) solutions look promising in that
regard.

Regards
--
Abdullah Ramazanoğlu

[to...@tuxteam.de]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 24, 2018 at 10:37:44AM +0300, Abdullah Ramazanoğlu wrote:

[...]

> Unless you have a dedicated IP address, then even if you directly connect to
> your ISP (no routers, no NAT) you will likely get a local pool address and from
> there routed to the internet by your ISP. In that case your link will have 2
> *local* addresses (e.g. 192.168.. or 10...) : one for your side, one for ISP
> side. You first enter ISP's local IP pool, and from there exit to the internet
> over a real address from ISP's address block.

In that case, the NAT will be at your provider's side. At the end, it'll
be NAT too (NAT == "your external IP isn't what it seems to be").

Cheers

- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlsGbbQACgkQBcgs9XrR2ka9cACeNyvIhBUgdYL4DJ374mxFHY9v
yycAnRvwpiCuJyrSsXApAF4DsewYUk7W
=pNsg
-----END PGP SIGNATURE-----

[André Rodier]

Thank you, John.

This solution works.

I doubt google would be offline, but perhaps I will add this solution
as part of a script, with other servers as well.

Kind regards,
André.

[Joe]

On Thu, 24 May 2018 08:13:54 +0100
André Rodier <an...@rodier.me> wrote:

> On Thu, 2018-05-24 at 09:07 +0200, Alberto Luaces wrote:
> > Joe writes:
> >
> > > On the assumption that you are using a router of some kind, your
> > > public
> > > IP address will be that of the router WAN port (cable, ADSL, etc.)
> > > and
> > > there will be a method of determining that by connecting to the
> > > router
> > > as an administrator. That method will depend entirely on the
> > > router.
> >
> > If the router supports upnp and it is activated, you can check the
> > external IP in an device-independent way with
> >
> > upnpc -l | grep ExternalIPAddress
> >
>
> Thank you, finally an answer that make sense and is not pedantic.
>

How is it possible to avoid being pedantic? You told us nothing about
your Internet connection, or Debian version, so we had to guess at what
information you actually wanted and which device to ask.

> I tried this, but it is not 100% reliable. For instance, with the
> firewall / router I use, upnp id not activated. I suppose I will have
> to write a custom python script.

So presumably it isn't your computer's external address that you want,
but that of your router. I was a bit surprised to see upnp mentioned, I
thought it was only game-players who were willing to run that, and
Debian would not be their OS of choice.

From (not recent) experience of talking to routers, you may have telnet
or ssh available, otherwise it's an http admin login, followed by one or
two router-specific commands. You might be lucky, and the default
router status page without login may contain the WAN address.

A couple of lines of bash should do it: use curl, and you'll probably
have to provide the admin password, so the script should probably be
stored in /root. My routers in years gone by used to need an occasional
reboot, so I had a script running every ten minutes to check multiple
websites for connectivity, and if none were found, to issue a reboot
command.

--
Joe

[Dan Purgert]

Abdullah Ramazanoğlu wrote:
> On Thu, 24 May 2018 07:22:56 +0100 André Rodier said:
>
>> I am looking for a native package on Debian, that can give me the
>> external IP address of the machine.
>>
>> So far, I used internet sites, but I am sure there is a package that do
>> that properly, especially if one site is unreachable.
>>
>> Something I can run from the command line, and that would return the
>> external IP address.
>
> Unless you have a dedicated IP address, then even if you directly
> connect to your ISP (no routers, no NAT) you will likely get a local
> pool address and from there routed to the internet by your ISP. In
> that case your link will have 2 *local* addresses (e.g. 192.168.. or
> 10...) : one for your side, one for ISP side. You first enter ISP's
> local IP pool, and from there exit to the internet over a real address
> from ISP's address block.
>

Ew, CGNAT. :(

If you have a particularly poor ISP, they may even NAT you somewhere
insane outside of RFC1918 (10.0.0.0 - 10.255.255.255 / 172.16.0.0 -
172.31.255.255 / 192.168.0.0 - 192.168.255.255) or RFC6598 (100.64.0.0 -
100.127.255.255) space.

I've seen some of these jokers use space in some of the "old /8" space -
stuff owned by the likes of the US DOD, AT&T, HP, etc. who got in back
in the early days. So even if it looks like you have a "public" IP
address on your router, it's always a good idea to verify from the
outside.

--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

[Peter Ludikovsky]

curl https://icanhazip.com

Regards,
/peter

[Greg Wooledge]

On Thu, May 24, 2018 at 07:22:56AM +0100, André Rodier wrote:

> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.

wget --quiet -O- http://wooledge.org/myip.cgi

Or your favorite alternative "tell me what my IP address is" web service,
if you don't like mine.

[Dan Purgert]

Another one to add to the toolkit.
Wonder what other tidbits that wooledge.org site is hiding, hmmm...

[Stefan Monnier]

The miniupnpc Debian package even comes with the `external-ip` script
which basically does the above.

I just tried it and it worked (tho only after I installed & enabled
miniupnpd on my OpenWRT router). Of course, the IP address that my
router gets could itself be an "internal IP" behind a NAT firewall of my
ISP, so even if `external-ip` does give an answer I'm not sure it's
guaranteed to be "the" external IP address.


Stefan

[Erwan David]

Le 05/24/18 à 22:17, Stefan Monnier a écrit :

You could also be natted to one pool, so get different addresses for
different connections, or even have different services natted to
different pools (eg because there is a transparent proxy for outgoing
HTTP connections)

[Miles Fidelman]

On the assumption that you're connected to a NAT router - the easiest
way is to log into the admin port on the router - usually there's a
management interface that will tell you your external IP address.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra

[Alan Greenberger]

On 2018-05-24, André Rodier <an...@rodier.me> wrote:
> Hello,
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>

Assuming you are looking for the public internet address of your router,
you could try:
/usr/sbin/arp -n
and it may show up on a line with the HWadress of your router.

[Abdullah Ramazanoğlu]

On Thu, 24 May 2018 11:04:51 -0000 (UTC) Dan Purgert said:

> Ew, CGNAT. :(
>
> If you have a particularly poor ISP, they may even NAT you somewhere
> insane outside of RFC1918 (10.0.0.0 - 10.255.255.255 / 172.16.0.0 -
> 172.31.255.255 / 192.168.0.0 - 192.168.255.255) or RFC6598 (100.64.0.0 -
> 100.127.255.255) space.

Since RFC1918 and RFC6598 reserved addresses you mentioned are free (as in
lunch) to use, an ISP violating them in their internal cloud must be really
poor of clues, rather than of finances.

Regards
--
Abdullah Ramazanoğlu

[Dan Purgert]

Yep, "poor as in bad", rather than "poor as in a pauper".

[Michael Stone]

On Fri, May 25, 2018 at 09:03:15PM -0400, Kenneth Parker wrote:
>I haven't reviewed the Source Code for the "who" command, to see how it gets
>that IP Address.  Anybody?

It gets it from your login program or pam writing to /var/run/utmp

Mike Stone

[Kenneth Parker]

I have Shell Access (as Admin) to a "Cloud" System (Ubuntu 16.04 Server, but due to be Reinstalled as Debian 9.4.  Go Debian!)

When I ssh in, to my "Regular Account", I type "who", and get the External IP Address for my Spectrum Broadband access.  

What I got, just a few minutes ago, was the following response:

>> chronos@localhost:~$ who
>> chronos  pts/0        2018-05-26 00:47 (173.95.180.12)
>> chronos@localhost:~$

(This is a Dynamic IP, from Spectrum, formerly Time Warner Cable, formerly Roadrunner.  You know the drill:  Small fish, eaten by a medium-sized fish, who is, then gobbled up by a Big Fish).  

I haven't reviewed the Source Code for the "who" command, to see how it gets that IP Address.  Anybody?

Thank you and best regards,

Kenneth Parker, Troubleshooter

[Kenneth Parker]

Thank you most kindly, Mike!  Is there anything from this, that can help the original Poster?  Sign onto yourself, from a VPN or some such?  

(Back in the "good old days" where being a "hacker" was Respectable, people would see if they could reconnect to their own Unix/Linux System, through as many Countries as possible.  With UUCP [Anyone else remember THAT?], you could get, quite a "Telephone Circle" going.  Oh well!!!)

Kenneth Parker

[Richard Hector]

On 24/05/18 18:59, Joe wrote:

> To begin with, try:
>
> ip addr show
>
> and look for the block of information with a label beginning 'eth' or
> 'en'. That will contain the Ethernet adaptor IP address. From your
> question, I assume your computer contains only one.
>
> The address returned by Internet sites will be your public IP address,
> and unless you have a very unusual setup, that will not be the same as
> the IP address of your computer. But you have told us nothing at all
> about how your computer connects to the Internet, so I am just guessing.
>
> On the assumption that you are using a router of some kind, your public
> IP address will be that of the router WAN port (cable, ADSL, etc.) and
> there will be a method of determining that by connecting to the router
> as an administrator. That method will depend entirely on the router.
>

Until recently, I would have agreed with you - and when I tried the
nifty google dns lookup mentioned in another post, that's what I was
expecting.

Now, however, I get an IPv6 address, and it is the one on my desktop PC.
I can get the router's external IPv4 address by using dig -4.

I suspect my experience is becoming less unusual these days.

Richard

[André Rodier]

On Thu, 2018-05-24 at 07:22 +0100, André Rodier wrote:
> Hello,
>
> I am looking for a native package on Debian, that can give me the
> external IP address of the machine.
>

> So far, I used internet sites, but I am sure there is a package that
> do
> that properly, especially if one site is unreachable.
>
> Something I can run from the command line, and that would return the
> external IP address.
>
> Thanks.
>

After a few tests, I wrote a script that perhaps some people can use.

First, interestingly, the google DNS trick did return the first IP
address assigned to me, where I had four, whatever the server I used.

The code is on github, as part of my small homebox project. I am not
sure it deserves a dedicated repository ;-).

https://github.com/progmaticltd/homebox/blob/dev-arodier/install/playbo
oks/roles/system-prepare/files/external-ip

It is very simple, but it does what I wanted:

- Query multiple servers.
- Count the IP addresses returned, and order them by the most probable
result.
- Return the external IP address only if above a certain level of
confidence (actually 100%).
- The list of IP addresses is in a separate configuration file.

Please, note:

- It is quickly made
- I am not a bash expert
- Yes, it would be nicer in Python

Kind regards,
André

[Pascal Hambourg]

Nope. That would just show the internal address of the router.

[Andrew McGlashan]

Hi,

On 26/05/18 20:53, André Rodier wrote:
> The code is on github, as part of my small homebox project. I am not
> sure it deserves a dedicated repository ;-).
>
> https://github.com/progmaticltd/homebox/blob/dev-arodier/install/playbo
> oks/roles/system-prepare/files/external-ip

My take from your script is at:

http://ix.io/1bwE/ [lose the trailing / for the raw file]

NB: I am deliberately using bash instead of dash for a number of reasons....

> It is very simple, but it does what I wanted:
>
> - Query multiple servers.

My script also does the Google DNS lookup.

> - Count the IP addresses returned, and order them by the most probable
> result.
> - Return the external IP address only if above a certain level of
> confidence (actually 100%).
> - The list of IP addresses is in a separate configuration file.

I've kept the option to use external config file; otherwise it
uses what is known already n the script.


I've used the following for quite some time, but it usually takes too
long (for my liking) to get an answer and it doesn't use https either:

curl -s ifconfig.me


--
Kind Regards
AndrewM

[André Rodier]

On Sun, 2018-05-27 at 21:10 +1000, Andrew McGlashan wrote:
> Hi,
>
> On 26/05/18 20:53, André Rodier wrote:
> > The code is on github, as part of my small homebox project. I am not
> > sure it deserves a dedicated repository ;-).
> >
> > https://github.com/progmaticltd/homebox/blob/dev-arodier/install/playbo
> > oks/roles/system-prepare/files/external-ip
>
> My take from your script is at:
>
> http://ix.io/1bwE/ [lose the trailing / for the raw file]
>
> NB: I am deliberately using bash instead of dash for a number of reasons....

I use dash because it is the default shell for the root account on a
number of distributions, and has a better security history than bash.

> > It is very simple, but it does what I wanted:
> >
> > - Query multiple servers.
>
> My script also does the Google DNS lookup.

I have four IP addresses, and Goodle DNS returns the first one,
although I query from the second one.

> > - Count the IP addresses returned, and order them by the most probable
> > result.
> > - Return the external IP address only if above a certain level of
> > confidence (actually 100%).
> > - The list of IP addresses is in a separate configuration file.
>
> I've kept the option to use external config file; otherwise it
> uses what is known already n the script.

Fair enough.

> I've used the following for quite some time, but it usually takes too
> long (for my liking) to get an answer and it doesn't use https either:
>
> curl -s ifconfig.me

Yes, I can see it's very slow.

Thank you.

--
André Rodier
HomeBox: https://github.com/progmaticltd/homebox

[Andrew McGlashan]

Hi,

On 27/05/18 22:14, André Rodier wrote:
>> My script also does the Google DNS lookup.
> I have four IP addresses, and Goodle DNS returns the first one,
> although I query from the second one.

Are you sure that isn't a problem at your end? How your firewall is
identifying and routing the traffic, perhaps?


I've got access to an IPV4 /29 block and did the Google DNS query from
two hosts and got their own IP addresses.

# dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
"115.nnn.nnn.17"


# dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
"115.nnn.nnn.18"

Kind Regards
AndrewM

[André Rodier]

On Sun, 2018-05-27 at 23:48 +1000, Andrew McGlashan wrote:
> Hi,
>
> On 27/05/18 22:14, André Rodier wrote:
> > > My script also does the Google DNS lookup.
> >
> > I have four IP addresses, and Goodle DNS returns the first one,
> > although I query from the second one.
>
> Are you sure that isn't a problem at your end? How your firewall is
> identifying and routing the traffic, perhaps?

Yes, it might be that, the only logic explanation. I will check my
router settings.

> # dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com

> "74.125.181.11"
> "edns0-client-subnet 92.19.253.41/32"
> # wget -q -O - https://api.ipify.org/ ; echo
> 92.19.253.42

> I've got access to an IPV4 /29 block and did the Google DNS query from
> two hosts and got their own IP addresses.
>
> # dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
> "115.nnn.nnn.17"

> # dig -t txt +short o-o.myaddr.l.google.com @ns1.google.com
> "115.nnn.nnn.18"
>
> Kind Regards
> AndrewM

Have a nice day!

[Alan Greenberger]

You are mostly correct. However, I have one machine on which the
response to
/usr/sbin/arp -n
shows two lines with the HWaddress of the router, one with the internal
address as you said and the other with the external address. I have no
idea what made arp see the external address.

[David Wright]

Can we see what you're seeing (suitably mangled)?

Cheers,
David.

[Pascal Hambourg]

Thinking of it, a router following the "weak host" model (like Linux
does) can advertise any local address on any interface. It can be tested
with arping. However I am failing to imagine any plausible scenario
which could lead a host on the internal LAN to have the router's
external IP address in its ARP cache. It means that either :
- the host sends an ARP query for the router's external IP address
- the router sends an ARP query to the host from its external IP address

[Alan Greenberger]

192.168.1.1 ether 6x:3x:ex:7x:4x:bx C eth0
2x.1xx.1xx.1xx ether 6x:3x:ex:7x:4x:bx C eth0

[Pascal Hambourg]

I guess this could happen if the host has a direct default route (no
gateway) and the router acts as an ARP proxy. Quite an unusual setup.

> - the router sends an ARP query to the host from its external IP address

I checked that the latter can happen when the router must send a packet
to the host with its external address as source and must resolve the
host's address. Then the ARP query source IP address is the external
address, and the destination host stores it in its ARP cache.

Any idea why the router would send packets to this host from its
external address ?

[Greg Wooledge]

On Fri, May 25, 2018 at 09:13:34PM -0400, Kenneth Parker wrote:
> Thank you most kindly, Mike! Is there anything from this, that can help
> the original Poster? Sign onto yourself, from a VPN or some such?

It's conceptually the same as getting a web service to tell you what
IP address it "saw" you coming from, and using a web service is much
simpler than doing a whole ssh login.

There are a LOT of web services that do this; a few were already mentioned
earlier in this thread.

[Joel Rees]

(Erk. Sorry, Joe.)

On Thu, May 24, 2018 at 6:29 PM, Joe <j...@jretrading.com> wrote:
> On Thu, 24 May 2018 08:13:54 +0100
> André Rodier <an...@rodier.me> wrote:
>
>> On Thu, 2018-05-24 at 09:07 +0200, Alberto Luaces wrote:

>> > Joe writes:
>> >
>> > > On the assumption that you are using a router of some kind, your
>> > > public
>> > > IP address will be that of the router WAN port (cable, ADSL, etc.)
>> > > and
>> > > there will be a method of determining that by connecting to the
>> > > router
>> > > as an administrator. That method will depend entirely on the
>> > > router.
>> >

>> > If the router supports upnp and it is activated, you can check the
>> > external IP in an device-independent way with
>> >
>> > upnpc -l | grep ExternalIPAddress
>> >
>>

>> Thank you, finally an answer that make sense and is not pedantic.

Two people have already tried to point out that UPNP is vulnerable by design.

If you have any interest in your local security, your router to the
outside should simply not respond to UPNP at all.

Block/ignore UPNP at every interface, internal and external, on your
external router, at bare minimum.

This is not pedantry, this is trying to save you from being attacked
from your inside.

> How is it possible to avoid being pedantic? You told us nothing about
> your Internet connection, or Debian version, so we had to guess at what
> information you actually wanted and which device to ask.
>
>> I tried this, but it is not 100% reliable. For instance, with the
>> firewall / router I use, upnp id not activated. I suppose I will have
>> to write a custom python script.
>
> So presumably it isn't your computer's external address that you want,
> but that of your router. I was a bit surprised to see upnp mentioned, I
> thought it was only game-players who were willing to run that, and
> Debian would not be their OS of choice.
>
> From (not recent) experience of talking to routers, you may have telnet
> or ssh available, otherwise it's an http admin login, followed by one or
> two router-specific commands. You might be lucky, and the default
> router status page without login may contain the WAN address.
>
> A couple of lines of bash should do it: use curl, and you'll probably
> have to provide the admin password, so the script should probably be
> stored in /root. My routers in years gone by used to need an occasional
> reboot, so I had a script running every ten minutes to check multiple
> websites for connectivity, and if none were found, to issue a reboot
> command.

What Joe says here.

I had ten or twenty lines of moderately careful code in a two
hundred-line perl script I used to update my dyndns.com domain name
back before dyn.com decided they had to kick all the freeloaders like
me off.

Resolution to *some* domain name really ought to be part of an ISP's
basic package, but the Internet got taken over by the poachers.


--
Joel Rees

http://reiisi.blogspot.jp/p/novels-i-am-writing.html

[David Wright]

The easiest way to achieve this might be to plug that host's cable
into the modem rather than the router (for just a short period).
I don't know how long it takes for arp entries to expire.

A more worrying alternative is that something is misconfigured in the
router, but I don't know what.

Cheers,
David.

[David Wright]

I think your analysis starts from an assumption that everything is,
and always was, set up correctly from the start, and is working with
a sane and correct configuration, which might not be completely true.

Cheers,
David.