Windows Firewall shows router's IP instead of IP of connection

2

Using Windows Firewall, when I receive a connection, the originating IP is displayed as the IP address of my router/gateway instead of the actual originating IP address of the connection. My router is an ASUS RT-N16 with dd-wrt build 14896, and the server I am experiencing this issue on is running Windows Server 2008 R2 SP1.

2012-08-05 23:01:03 ALLOW TCP 192.168.1.1 192.168.1.11 60597 25565 0 - 0 0 0 - - - RECEIVE
2012-08-05 23:01:04 ALLOW TCP 192.168.1.1 192.168.1.11 60601 3389 0 - 0 0 0 - - - RECEIVE
2012-08-05 23:01:12 ALLOW UDP 192.168.1.11 192.168.1.1 55238 53 0 - - - - - - - SEND

192.168.1.11 is the IP address of my server, and 192.168.1.1 is the IP address of my router. I have tried with DMZ on/off and with Windows Firewall on/off, to the same results.

Additionally, my Minecraft server also displays only my router's IP address, instead of the actual player's IP address (names in log were changed to "player"):

[INFO] player[/192.168.1.1:59069] logged in with entity id 10445 at (-782.984331133011, 99.63587500882896, 294.12718027903713)
[INFO] player[/192.168.1.1:49865] logged in with entity id 145517 at (-166.5, 64.62000000476837, 257.5)

Kale Muscarella

Posted 2012-08-06T03:07:54.790

Reputation: 1 080

Answers

3

Your public IP is assigned to your router. And it's the only IP you have that's reachable from outside your LAN. If people connect to your router's IP address, the packet will go to your router.

The router can't forward that packet to your server with the router's IP address as its destination. If it did, your server would just forward it back to the router rather than processing it locally.

Similarly, in order for the return packet to go to the right destination, the router must ensure the replies go to the router. So the source address (as seen by the server) will always be in the direction of the router (never another LAN IP).

So this is all expected behavior with port forwarding and hairpin NAT. Connections from outside your LAN should show the correct source IP address at the server. Otherwise, it's all rewritten by the router to make sure all the packets go through the router.

David Schwartz

Posted 2012-08-06T03:07:54.790

Reputation: 58 310

Ah, thank you. I swear I remember my Minecraft server showing the actual IP addresses of players in the log though. With DMZ, however, shouldn't the server be outside of the router's firewall and therefore outside of NAT? Or does it still stay behind NAT? I need to read up on this. – Kale Muscarella – 2012-08-06T04:30:15.200

@Huskehn: Are you talking about connections from your own LAN or connections from the Internet? If the connections are from the Internet, you should see the correct source IP address. If connections are from your own LAN, you will see the correct source IP address if, and only if, the connections are to the server's LAN IP address. If you connect using loopback NAT (from your LAN but to the Internet IP address), the source address must be changed otherwise the router cannot ANT the reply packets and the connections will fail. – David Schwartz – 2012-08-06T07:58:26.330

Asked: 2012-08-06T03:07:54.790

Viewed: 384 times

Active: 2012-08-06T03:45:54.900