Chanaka Srinuwan
asked on
traceroute
ISP uses router in front of my firewall and They use dedicated public IP block (WAN and GW) for the connectivity.
My firewall WAN IP and other external IPs are in completely different range.
With traceroute , Router's LAN IP 10.xxx.xx.1 is getting listed as the first hop and next is ISP GW IP. The public IP assigned in router (WAN) is not getting listed.
Is this common situation with traceroute or what is the theory behind this ?
My firewall WAN IP and other external IPs are in completely different range.
With traceroute , Router's LAN IP 10.xxx.xx.1 is getting listed as the first hop and next is ISP GW IP. The public IP assigned in router (WAN) is not getting listed.
Is this common situation with traceroute or what is the theory behind this ?
Is this common situation with traceroute or what is the theory behind this ?Perfectly normal, especially on a smaller network. There are cases where you might several LAN addresses, but that gets into networks with higher levels of complexity.
With traceroute , Router's LAN IP 10.xxx.xx.1 is getting listed as the first hop...You're starting from inside the LAN, so the first response will be from the gateway address, which is 10.xxx.xx.1.
... and next is ISP GW IPYou're probably wondering why this is the case. Remember that 10.xxx.xx.1 and your WAN address are both tied to the same device. All that is happening is that the ICMP packet is reaching your firewall's LAN interface, and is passing the packet along through its WAN interface. Think of passing an object along people in a line. They might receive it in their right hand, and pass along with their left. For tracking purposes, you only pay attention to you passed the object to the person to your left, who passed to the person to their left. You never make a record of the fact that it moved from their right hand to their left. Unnecessary detail, as you know what direction it moved. So in this case, seeing the ISP GW address, you know that the packet went through the WAN interface to the ISP.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
That is completely normal and expected.
The response is the IP that sends back to you, so it will be the LAN side address
If it gave both, you'd think there were two devices, rather than just the one that is actually there.
Alan.