Which IP address do I use to access my server?

12

3

I'm running a Samba server on my MacBook and I've also set up port forwarding to said server from my router.

My public IP is 106.51.x.x (according to google and a few other services) and my Mac's local IP is 192.168.x.x, but when I head to my router's configuration page, it says my external IP is 10.242.x.x.

This is what I don't understand, when connected to my home WiFi, using the 10.242.x.x address works just fine. But if I try to access the same over 4G, the connection times out.

As for the public address, neither WiFi nor 4G works.

Is there some setting on my Mac (I'm running MacOS Sierra) that I must alter to make it visible to the public?

Zohair

Posted 2017-08-26T14:32:12.507

Reputation: 135

2The question is now why - following grawity's answer - the asker wants to open up a samba server to public access over the web, seems unusual. Why not use FTP over SSL, say? Perhaps they really want to share between local machines? – pbhj – 2017-08-26T15:32:35.967

6As @pbhj says, opening up samba to the Internet is a spectacularly bad idea. – Darren – 2017-08-26T19:02:08.870

Thank you for your advice. Im going to try and use vsftp instead. – Zohair – 2017-08-26T19:08:52.943

2I believe some ISPs outright block the port, so even if you had a public IP address it could very well not work. – user541686 – 2017-08-27T06:55:37.487

1maybe try ngrok.io? – Dmitry Kudriavtsev – 2017-08-28T16:26:07.920

ngrok seems really interesting. I'll give it a shot! Thank you! – Zohair – 2017-08-28T16:37:46.503

Answers

27

Your router's address, 10.242.x.x, is also in a private-address range (all of 10.0.0.0/8 is reserved for LANs). This usually means your ISP implemented CGNAT and is sharing the same public 106.51.x.x address between several customers. (Just like your home router does, but at a broader scope.)

In this situation, you don't actually have a public address and cannot access your network from the outside directly.

Your first option is to set up a VPN connection to some external server, which has its own public IP address and can forward connections back to your home network (via the VPN).

As a side note, even though Samba is less risky than Windows, it's still not a very good idea to expose SMB to the public Internet. Older protocol versions don't support encryption (SMBv3 does, but it requires Samba 4.7 or Windows 8), so you would risk revealing your passwords and file data.

If you go with the VPN approach, I would recommend to use the VPN not just for the main server↔home link, but also when you're accessing the server itself from public 4G/Wi-Fi. (There are mobile apps for strongSwan, OpenVPN, OpenConnect...) That way you'll have a secure connection and won't need any port-forwarding.

user1686

Posted 2017-08-26T14:32:12.507

Reputation: 283 655

5This is very good advice. If you are going to expose a file server to the internet, make it only accessible, if you are connected to a VPN. – Ramhound – 2017-08-26T16:16:58.597

3If all devices involved and the carriers too support IPv6, that could be a viable alternative. Also, some carriers can give you a public IPv4 on request. – matega – 2017-08-26T17:18:29.933

@matega IPv6 would only give him an external IPv6 address, not an IPv4 address. Also, IPv6 used to be quite popular, but that seems to be waning; I've seen more and more ISPs move to CGNAT instead out of security concerns. Many home users and small businesses don't know how to firewall IPv6, or are even aware of IPv6. – Kevin Keane – 2017-08-26T17:53:43.023

2

@KevinKeane According to Google's statistics, IPv6 use is still growing consistently.

– marcelm – 2017-08-26T19:06:55.307

@KevinKeane: If customers are using ISP-provided (and ISP-configured) routers, then the security concerns are completely made up: the router can just as easily have a stateful firewall blocking incoming IPv6 connections as it [hopefully] already does for IPv4. Forgetting to do that is only a concern for custom setups. – user1686 – 2017-08-26T19:21:00.147

@marcelm the key point related to the question is that IPv6 would not give him an IPv4 public address. And as for the graph - use the slider at the bottom to narrow it just to 2017; growth almost plateaued in 2017. – Kevin Keane – 2017-08-27T20:17:20.063

@grawity true, and some ISPs go that route. – Kevin Keane – 2017-08-27T20:20:03.653

@KevinKeane So? Matega clearly said "If all devices involved and the carriers too support IPv6". If that's the case, the OP doesn't need an IPv4 address. Besides, that's not what I was addressing, I was addressing your statement that IPv6 support "seems to be waning", which is completely false according to my data. Finally, I don't see how it "almost plateaued" in 2017 - for Google, it grew from ~15% to ~19%. That's 27% relative growth in less than a year (it's only August, after all). – marcelm – 2017-08-28T14:37:07.027

Asked: 2017-08-26T14:32:12.507

Viewed: 2 195 times

Active: 2017-08-27T07:36:44.417