Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Visitors from 10.0.0.0/8 Digitalocean London (Lon1) internal network visitors?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Visitors from 10.0.0.0/8 Digitalocean London (Lon1) internal network visitors?

GM2015GM2015 Member

I'm visiting my own site hosted on a DO droplet from my mobile (O2) 3G crap network and on my own piwik analytics my ip is shown as as 10.x.x.x. So doing a whois on it, I got it's used in private networks, meaning that O2 and DO connection are in the same datacenter/network?

Or how is that possible?

Someone care to help out a linux amateur with an infinitely limited brain? Thanks.

Comments

  • blackblack Member

    I don't think that's possible unless O2 and DO are on the same vlan, which shouldn't be the case. Do you have private networking enabled on your droplet?

  • o2 do not run a normal network as such they proxy everything

  • GM2015GM2015 Member
    edited July 2015

    Aye, I turned it on server creation. I wanted to make it so that I might try some internal networking with my limited linux abilities.

    It has a nice 10.x.x.x "Private IP".

    black said: I don't think that's possible unless O2 and DO are on the same vlan, which shouldn't be the case. Do you have private networking enabled on your droplet?

  • GM2015GM2015 Member
    edited July 2015

    My mobile IP is on X belonging to Telefonica * Ltd (o2).
    I assume they route my ip in the same network?

    While my droplet is on X .

  • BruceBruce Member

    @GM2015 said:
    My mobile IP is on 82.132.212.0/22 belonging to Telefonica * Ltd (o2).
    I assume they route my ip in the same network?

    While my droplet is on xxxxxxxx

    never a good idea to post IPs on LET, as some visitors here think it's great fun to DDoS them. suggest you edit your post before they max out your DO bandwidth for the month

  • TarZZ92TarZZ92 Member
    edited July 2015

    GM2015 said: My mobile IP is on 82.132.212.0/22 belonging to Telefonica * Ltd (o2). I assume they route my ip in the same network?

    no this is a wide NAT ip. you will notice it will change per site you load because of the proxy (the 10,XXX IP will never change but that 82.132 one will.) literally every port/service is proxied.

    Check proxy here http://netalyzr.icsi.berkeley.edu/

    or here (not very accurate this one) http://www.lagado.com/proxy-test

    Thanked by 2GM2015 linuxthefish
  • TarZZ92TarZZ92 Member
    edited July 2015

    Bruce said: never a good idea to post IPs on LET, as some visitors here think it's great fun to DDoS them

    They are IP's of a NAT network (heavily firewalled too) nothing to do with the customer

  • GM2015GM2015 Member

    I'm not too familiar with all the "fine" folks on LET, however I've only given out ranges. Do you that say there are morons out there just trying to DDOS all the IPs on a range I've given out to "have some fun"?

    I've thought to be ddosed, they'd need to know the exact ip of a server, not just a range. Isn't ddosing illegal for the Americans/in the UK?

    Bruce said: never a good idea to post IPs on LET, as some visitors here think it's great fun to DDoS them. suggest you edit your post before they max out your DO bandwidth for the month

  • GM2015 said: I've thought to be ddosed, they'd need to know the exact ip of a server, not just a range. Isn't ddosing illegal for the Americans/in the UK?

    it's illegal and i think Bruce just made the comment without reading.

  • Are you checking X-Forwarded-For and related headers without authenticating it's source?

  • GM2015 said: my own piwik analytics my ip is shown as as 10.x.x.x.

    Do you use piwik-proxy? If so, you need to make sure your access permissions are like these:

    Else, do you use a reverse proxy? Nginx in front of Apache, etc?

  • GM2015GM2015 Member
    edited July 2015

    I'm not a proxy professional at all, however using http://www.lagado.com/proxy-test on mobile network, it exactly showed it as the above quote "no this is a wide NAT ip. you will notice it will change per site you load because of the proxy (the 10,XXX IP will never change but that 82.132 one will.) literally every port/service is proxied." is right. The A and B block remain the same, however C and D changes every few minutes.

    The lagado proxy test showed the proxy ip as open proxy and their "internal" 10.x.x.x ip as "X-Forwarded-For".

    Rallias said: Are you checking X-Forwarded-For and related headers without authenticating it's source?

    I've tried the Piwik proxy from github to hide the piwik tracker url, however it was pointless. My amount of websites doesn't justify the effort. The tracker proxy significantly increased my site loading times, because I've had the tracked website A on one droplet/domain in London(on UK ip on whois) and the piwik install on a different droplet/domain in their London datacentre(IP locaiton Netherlands according to whois).

    Also, the tracked domain forwarded the website A's server ipv6 to piwik server B as visitor.

    So, instead for this site A I've just moved piwik to domain.tld/piwik-subfolder. But piwik still adds a significant loading time for the server. No visitors at all yet but it adds usually around 0.1 to 0.6 s loading time. That's just painful.

    I'm thinking of ditching it for external party service for a while.

    Traffic said: Do you use piwik-proxy? If so, you need to make sure your access permissions are like these:

    Yes, the droplet was set up using serverpilot.io. Since then I've got a bit better with CLI but not with server and security configs.

    Their installer scripts sets-up nginx-sp in front of apache-sp(2.4.x), mysql 5.5.x and a chroot jailed sysuser to host your website files. They also setup php-fpm 5.4,,5,5 and 5.6. However, php-fpm eats 300mb ram on an empty wordpress site with W3TC installed and caching done on server. Looks too much for me.

    My WP install uses 5.6. Don't ask why, I don't know.

    It's convenient a setup, copy paste and let it run, but I'm going to learn nginx setups at home on RPI for future deployment.

    Also, the droplet is on a overloaded server. I've raised an issue with DO in a ticket. SSD disks having 15-40 MB/s read/write tests is bad.

    They tried to move the droplet, but according to them "the migration did not start for some reason", so my droplet apparently remained on the same troubled hypervisor/host. Their support responded pretty fast. I directed them to a file hosted on my domain and popped-up in 5 minutes on piwik. They seemed to pass the issue around or use company proxies.

    I'll put in another ticket now.

    The configs related to webservers are pretty standard as their script did. I didn't touch that.

    Traffic said: Else, do you use a reverse proxy? Nginx in front of Apache, etc?

  • Looks like you have something like mod_cloudflare converting x forwarded for to visitor IP.

  • RalliasRallias Member
    edited July 2015

    linuxthefish said: Looks like you have something like mod_cloudflare converting x forwarded for to visitor IP.

    mod_cloudflare uses the CF-Connecting-IP header by default, which shares the IP that connected to CloudFlare (as opposed to X-Forwarded-For). https://github.com/cloudflare/mod_cloudflare/blob/master/mod_cloudflare.c#L42

    Thanked by 1linuxthefish
  • getvpsgetvps Member

    If i understand right, first check your local IP of server .. this can be showed in logs.. i use piwik (on nginx + apache) and sometime i see my server ip on logs (not Internal..but still can be this) ..

Sign In or Register to comment.