Finding out the users IP Address behind NAT

  • Thread starter Thread starter Adam The Generic
  • Start date Start date
A

Adam The Generic

Hi All,

Normally i can get user IP address from the
HttpContext.Current.Request.ServerVariables, like that;

// sample
string ip;
ip = HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
if (string.IsNullOrEmpty(ip) || ip.Equals("unknown",
StringComparison.OrdinalIgnoreCase))
{
ip = HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
}
//

but if the hosting server is behind the NAT or firewall the ServerVariables
gets only server's IP not the users.
the HttpContext.Current.Request.UserHostAddress gets the same result, just
the server IP.

How can i get the user's IP address if the hosting server is behind a
firewall or using NAT ?

Thanks in advance.
 
re:
!> How can i get the user's IP address if the hosting server
!> is behind a firewall or using NAT ?

What do you plan on doing with that information ?




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
=========================
 
Web applications are not stateful. They use a request/response mechanism. We
fake state by using cookies (session cookies in particular) and holding some
state on the server (or renewing it with each hit).

The above is not important to your problem, but it illustrates why you can
only get information the client agrees to send. The only way to get
additinoal information the client does not want to send is via JavaScript,
and you are limited here. Only problem is JavaScript is fairly well boxed.
So you have to go to some other client side technology, like Java. But many
users no longer have Java and will refuse the "This site is trying to
install the IWantToStealYourRealAddress ActiveX control. Do you wish to
install?" messages that pop up.

If this is an internal app, meaning in your business, you can force the user
to install the ActiveX control by deploying it. With the world, you will
just get the finger and you cannot force me to install Java, so you are back
to square one. With NATting, the only way you can get the internal IP with a
client side solution is if the NATting server does not replace it. But then
you can't communicate back, so that would be stupid.

If you really want to head down this road, you can gogle Java or ActiveX
solutions. There is a well known Firefox hack, for example.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Blog:
http://feeds.feedburner.com/GregoryBeamer

*********************************************
| Think outside the box |
*********************************************
 
it is a reporting application and the managers want to log the all process
of users including the IP addresses.
it will used mostly on LAN, but the problem is some remote branch offices
will use same application via the internet.
but we can not get the remote office user's IP.
as a result, it will needed as a logging info.
And maybe for prohibiting or allowing some IP addresses.

Thanks..
 
Hi Gregory ,

Thanks for your time and all information.
But i can not understand that if i use a web server which does not use
NATting or any firewall it works.
What is the diffrence for the client (user) who requesting something from
the web server if the hosting server behind the NAT or not ?

i can understand that system does not want to send some additinoal
information, if the user is behind the NAT
But in this situtaion the web server is in the NATting area not users ..

why can not get the client's info if the web server side is behind the NAT ?

thanks again for patience..
 
Are you 100% in what you saying..?
Are you saying that if server behind of firewall or NAT then
ServerVariables["REMOTE_ADDR"] returns IP of the Firewall or NAT device and
not the actual user IP address?

Usually it's not the case.

It sounds like you have a proxy server between Internet and your WebServer.
Then Users connect to proxy server and proxy server connects to the
WebServer. In this case the WebServer will always get only IP of the Proxy
Server.

But why would would you put a webserver behind the ProxyServer????
May be your NAT or Firewall can be configured to behave as ProxyServer as
well? Then you need to disable this option there...

Usually it's users that are behind the ProxyServer then if this is not
anonymus proxy server you can get internall IP address using
HTTP_X_FORWARDED_FOR.



George.
 
Yes George,

you are right, i have checked that there is a proxy server between internet
and web server.
But i dont know why.

I should talk with networking team.

Thanks your help..
 
Adam The Generic said:
Yes George,

you are right, i have checked that there is a proxy server between internet
and web server.
But i dont know why.

I should talk with networking team.

Thanks your help..


George said:
Are you 100% in what you saying..?
Are you saying that if server behind of firewall or NAT then
ServerVariables["REMOTE_ADDR"] returns IP of the Firewall or NAT device
and not the actual user IP address?

Usually it's not the case.

It sounds like you have a proxy server between Internet and your
WebServer. Then Users connect to proxy server and proxy server connects to
the WebServer. In this case the WebServer will always get only IP of the
Proxy Server.

But why would would you put a webserver behind the ProxyServer????
May be your NAT or Firewall can be configured to behave as ProxyServer as
well? Then you need to disable this option there...

Usually it's users that are behind the ProxyServer then if this is not
anonymus proxy server you can get internall IP address using
HTTP_X_FORWARDED_FOR.



George.
Click to expand...
Click to expand...
 
Don't know if you solved this but i've just had the same problem. I have a
web server sat behind an ISA firewall in one of my LANs and all i was logging
was the internal IP of my firewall whenever i tested it from an external
address.

I found a setting on the web publishing rule that relates to request
forwarding. All requests to the web server were being forwarded as if they
had come from the firewall. I changed a setting to forward the original
client request and i got proper external ip addresses.

Obviously this relies on the client not blocking their IP addresses but i've
not come across that yet.
 
Back
Top