Go Back   WhatIsMyIP.com® Forum > IP and Network Questions > General Questions

Notices

General Questions Any question that doesn't fit in another category...please ask it here.

Closed Thread
 
Thread Tools Display Modes
Old 01-09-2017, 08:47 PM   #1
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default external IP address appearing to bounce between two different IP addresses

I am seeing a strange condition with my external IP address appearing to bounce between two different public facing Comcast IP's when checked every few moments.

Here is the background. I am in a corporate apartment that comes supplied with Comcast internet. I am able to access the modem and configure. It appears this is a Comcast ADSL service and has a Netgear DVDN3700v2 modem / router.

I am trying to port-forward a port to a Slingbox connected on the local LAN. Everything works fine on the LAN but noticed my Slingcatcher cannot access the Slingbox from external networks.

So when I check the ports needed from external network port checker tools, they show as not opened. Even though the port forwarding appears to be configured properly on the router.

I am using whatismyip.com to determine my external IP address and noticed that on random clicks, ever so often, the IP changes back and forth between two different IP addresses. The two addresses have been consistent over several days of checking (always the same two) and they do appear to be legitimate Comcast public facing IP addresses.

Problem is neither of them appear to respond to the router settings I am making. Things like the options to "respond to ping" and "port forwarding" appear to set fine on the router but seem to have no effect on these external addresses. Both IP's respond to pings regardless of my modem settings and port forwarding does not work from either address although appears to be set fine in the router. Other parts of the modem / router appear to make a difference, i.e. if I change ADSL parameters, DSN servers etc. these all respond fine so the issue appears to be on the external facing IP addresses being reported publicly.

Almost acting like a double NAT error response kind of thing but only one router in the network? I have stripped the network down to only the modem / router, the Slingbox and the PC used to check things with. Scanned the network for IP's and only those three devices show as present on the LAN.

Is this bounce between the two public IP address something anyone has seen before? I am somewhat perplexed as to what may be going on.

Is whatismyip service reporting the wrong public IP address? I tried this with several other similar services and get the same results. all report no proxy detected and report the same two IP's bouncing back and forth at random intervals.

Any thoughts or insights?

Last edited by wimiadmin; 01-10-2017 at 11:30 AM.
Zendog is offline  
Old 01-10-2017, 02:20 PM   #2
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 1,511
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default

Is the netgear device supplied by comcast in router mode or in bridge mode? In other words, is the netgear device getting the IP address assigned to it or is the computer getting the public IP assigned to it? If you go to Start, Run, CMD then type ipconfig /all the IP on the computer will show either the same as you're seeing on whatismyip.com or something like 192.168.xxx.xxx. If it's 192, then the netgear device is in router mode....which is ideal.

The next thing I thought of is to make sure the computer you're using to connect to the internet with is only connected to the netgear router supplied by comcast. Make sure it's not connecting to other wireless networks in the immediate area. Also make sure the computer is set to obtain its IP information via DHCP and not getting IP information supplied statically.

What happens if you connect a mobile device via wireless and go to our homepage? https://www.whatismyip.com Does it show the same IP info as what you're seeing on the computer? What if you hit refresh? Does the IP change as it does on the computer?
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 01-10-2017, 06:58 PM   #3
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Thanks for the response ...

The netgear device is in Modem + Router mode. The netgear is getting it's address from the router settings under Internet/Get Dynamically from ISP.

However the IP shown in that menu is the Comcast internal IP for the modem and is in the 10.110.x.x segment which is different than the two public IP addresses that I see through the IP checking tools.

IPCONFIG is normal and shows the LAN side of the NAT (if that is what you are getting at). I can confirm it is in router mode and all is working fine from the LAN side of things.

Wireless connections are confirmed as well and do the same thing as wired in regards the bounce between the two public IP shown on the IP checking tools.

Really strange ...
Zendog is offline  
Old 01-11-2017, 09:53 AM   #4
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 1,511
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default

Really....really strange.

You've posted here twice and the IPs are only slightly different. The first three octets are the same. Only the last octet is different. One ends in .132 and the other ends in .161. Curious if those are the two you're seeing bouncing back and forth.

I suppose this could be a security measure put in place by Comcast to keep residential customers from accessing their network via IP without paying for a static. But if that were the case, I'm guessing we'd be reading about it elsewhere on the net and I'm not seeing anything similar.

I suppose it could be a connectivity issue with Comcast. Does the modem drop out and reconnect? Since you're in a corporate apartment with supplied internet, I doubt you'd be able to call Comcast and submit a trouble ticket since you're not the 'owner' of the connection.
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 01-11-2017, 02:50 PM   #5
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Yes ... Those are the two addresses in question.

It is strange indeed.

You also hit the account issue on the head as I am not the actual account owner. I do have mail out to the management company of the facility but this issue is way beyond their norms for support so not clear they will be able to translate this properly to Comcast for any meaningful evaluation.

I should only be here for 90 so guest I can make do as is for the duration. I have never seen anything like this (short of dual NAT issue with multiple routers) in many years of network support. I know this is not a local dual NAT issue as this is ADSL and has a phone cord going into the modem for the internet connection. So I can say without a doubt there is no other attached to my connection.

Could be a Comcast security measure but would think many many more folks would be complaining about this if this were the case. In addition to the dual IP this also seems to render router features like port forwarding, ping response, etc. as non functional.

The only other thing that comes to mind is a potential issue with the Netgear router itself? I may get curious enough to buy another and swap it out just to see if this strange behavior is explainable. It sure seems to be outside the norm of any configuration I have ever seen.
Zendog is offline  
Old 01-11-2017, 03:35 PM   #6
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 1,511
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default

I'm curious as to what you find out. Hopefully you'll figure out a resolution.

I suppose this could be how ADSL works. It's been a while since I've even thought about those types of connections, but aren't they essentially two phone lines synched together to give you twice the normal bandwidth allowed over standard DSL?

If that's the case then outbound traffic is shared between the two lines with each line having it's own IP address.

Just a guess though.
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 01-12-2017, 01:48 PM   #7
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,344
Shnerdly has disabled reputation
Default

Welcome to the forum Zendog.

Sorry for the untimely response, I've been out of town for a few days.

First I have to say that I have never know Comcast to be in the ADSL/DSL type of connections. This is surprising to me. CenturyLink is big in the DSL market and for reasons they identify as customer security, they rotate their customer IP's between a number of IP's continually, usually 7-10 IP's. I don't agree that it provides any security for their customers at all. The only thing it does accomplish is to prevent their customers from hosting anything from their home including surveillance systems. I would find it to be frustrating. Even Dynamic DNS services have a hard time keeping up with the changes.

Because this is a corporate apartment, I have to wonder if the Modem you have access to is perhaps a slave to one or more main modems elsewhere in the building. That would explain the inability to port forward and also explain the 10.110.x.x IP is shows on the external connection. It is strange though that they would use ADSL/DSL for a private internal system. I've never even heard of that before though it could be done. Perhaps it was done to utilize existing infrastructure in the building instead of running cat5 or cat6 through the building.

I too am interested to hear what you discover if you get it figured out.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 01-13-2017, 03:43 PM   #8
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Quote:
Originally Posted by Shnerdly View Post
Welcome to the forum Zendog.

Sorry for the untimely response, I've been out of town for a few days.

First I have to say that I have never know Comcast to be in the ADSL/DSL type of connections. This is surprising to me. CenturyLink is big in the DSL market and for reasons they identify as customer security, they rotate their customer IP's between a number of IP's continually, usually 7-10 IP's. I don't agree that it provides any security for their customers at all. The only thing it does accomplish is to prevent their customers from hosting anything from their home including surveillance systems. I would find it to be frustrating. Even Dynamic DNS services have a hard time keeping up with the changes.

Because this is a corporate apartment, I have to wonder if the Modem you have access to is perhaps a slave to one or more main modems elsewhere in the building. That would explain the inability to port forward and also explain the 10.110.x.x IP is shows on the external connection. It is strange though that they would use ADSL/DSL for a private internal system. I've never even heard of that before though it could be done. Perhaps it was done to utilize existing infrastructure in the building instead of running cat5 or cat6 through the building.

I too am interested to hear what you discover if you get it figured out.
I think you are on the right trail in your replies. Agree with the Comcast vs CenturyLink business model about ADSL services. What was confusing is the IP's in question are in fact registered to Comcast and my modem is in fact running through a DSL connected phone line.

You may also be right about the CAT5/CAT6 building wiring.

So in poking around with this a little further, I placed the Netgear router in "Modem Only" mode bypassing the NAT and Router functions and plugged in a PC directly to the (now configured modem port) device and did a IP network scan.

The results should about a dozen network routers and devices. Looking at the list of device MAC Addresses, I did a look up of the associated vendors. A couple of the devices were these puppy's.

https://www.versatek.com/blog/what-is-dslam/

Versatek DSLAMS.

So am thinking this may be in fact be a building premise configuration to route Comcast ISP throughout the tower.

I was hoping that since the Netgear was working as a modem only in this config, that I could simply place another router on the connection and use that router NAT for the port forwarding that I am needing to do?

However, all connection attempts while interacting with the network connections while in "Modem Only" mode appeared to be only at a LAN level. While I could scan the network device at a now LAN access level, I could not get out of the gateway to the internet in this mode.

I attached a router the "Modem Only" connection and could get the newly attached router to pick up the base WAN IP of the 10.101.x.x. segment (along with DSN & Gateway, etc.) However, I could not get any devices attached to it (the new router) to pass through to the internet?

It is either something really basic that I am missing in the config settings or this DSLAM configuration is looking to interact only with the Netgear device in it's configuration.

So a new picture has painted itself in how this configuration is setup which would confirm your comments and explains the wiring, the ISP services and probably the IP bouncing between the two addresses (probably is a dual NAT issue between the DSLAM routing and my NAT in my local router level). This functions fine for normal internet access however, back routing through my routers NAT to local LAN devices will be problematic as the local router (in my unit) gets confused on where the WAN delineation is versus the LAN.

So this new found insight / theory leaves me with the original issue with how to port forward to my devices on my local LAN which still eludes me at this point.

Any thoughts on what else cold work in this configuration? Or is this configuration effectively shutting down localized port forwarding?
Zendog is offline  
Old 01-13-2017, 05:19 PM   #9
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Quote:
Originally Posted by wimiadmin View Post
I'm curious as to what you find out. Hopefully you'll figure out a resolution.

I suppose this could be how ADSL works. It's been a while since I've even thought about those types of connections, but aren't they essentially two phone lines synched together to give you twice the normal bandwidth allowed over standard DSL?

If that's the case then outbound traffic is shared between the two lines with each line having it's own IP address.

Just a guess though.
Thanks again for the reply Brian.

I had to dwell a bit on what you described. I am thinking that the TCP/IP layer parts of ADSL configurations are at different (higher) layer of the network stack then the physical wiring layer?

Am not thinking that there is an assignment of IP addresses on a per wire pair basis. The logic for the assignment and control TCP/IP addressing has to be with functional interfaces that can retain and control the addressing, like the Modem/Router/NIC/etc.

In this case the wiring comes across the RJ11 connector into the modem which addresses this connection in total as a singular addressable interface unit with one IP address assigned to it.

I do not believe that dual IP's are a normal part of ADSL configurations. I have have worked under other service provider ADSL connections and never had multiple IP addresses, constantly bouncing between two IP addresses, and was able to use NAT / Port Forwarding without issue. (if there were always multiple IP's on one line then cannot see how port forwarding would ever work?).

So at this point, am thinking this is must be a local premise configuration / service provider issue and not the nature of ADSL in general. (possibly by design to prevent people from running local servers on this service)

Will let you know if I ever get a resolution. I think we have a clearer understanding of the issue configuration but not clear I will ever get port forwarding working in this configuration.

I am however keeping an open mind that someone may have experienced this before and have the golden key solution to provide that will unlock this.

Best regards ...
Zendog is offline  
Old 01-14-2017, 09:08 AM   #10
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,344
Shnerdly has disabled reputation
Default

Quote:
I attached a router the "Modem Only" connection and could get the newly attached router to pick up the base WAN IP of the 10.101.x.x. segment (along with DSN & Gateway, etc.) However, I could not get any devices attached to it (the new router) to pass through to the internet?
DSLAMS on DSL connections are essentially the same as node servers used in Cable Internet connections. They don't really work the same but they serve the same basic purpose. They handle a very small segment of the IP's used by the ISP. One major difference is that login credentials are required for DSL. They us a something called Point-to-Point Protocol over Ethernet (PPPoE). That's probably why you can't get to the Internet without the Modem in Modem/Router mode. The username is probably in plain text in the Modem. If you can discover the Password, you may be able to get to the Internet without the router by putting the Modem in passthrough mode and applying the Username and Password directly from your computer.

Another possible limitation is that DSLAMS have the ability to limit connections based on MAC addresses just like MAC Filtering in a Wireless Router. If your MAC is not on the list, you are not getting through to the Internet.

Someone has to be managing this system inside the building so they should be able to help you get the Port Forwarding done if it's allowed.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 01-16-2017, 11:54 AM   #11
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Quote:
Originally Posted by Shnerdly View Post
DSLAMS on DSL connections are essentially the same as node servers used in Cable Internet connections. They don't really work the same but they serve the same basic purpose. They handle a very small segment of the IP's used by the ISP. One major difference is that login credentials are required for DSL. They us a something called Point-to-Point Protocol over Ethernet (PPPoE). That's probably why you can't get to the Internet without the Modem in Modem/Router mode. The username is probably in plain text in the Modem. If you can discover the Password, you may be able to get to the Internet without the router by putting the Modem in passthrough mode and applying the Username and Password directly from your computer.

Another possible limitation is that DSLAMS have the ability to limit connections based on MAC addresses just like MAC Filtering in a Wireless Router. If your MAC is not on the list, you are not getting through to the Internet.

Someone has to be managing this system inside the building so they should be able to help you get the Port Forwarding done if it's allowed.
Thanks for the insights and assist in this issue. Here is what I discovered.

The building folks do not maintain the system. This is in fact the Comcast demark equipment for their services at the building and the whole network end-2-end service contract is under Comcast support agreement for the premise.

The DSLAM connection does not require a logon, at least not from end modem / routers and connections. Mine does not have a user id or password in the configuration.

The local configuration is the Modem / Router is only connecting to the premise equipment. Thus is the 10.101.x.x WAN address in the modem which is a non routable IP address segment. Once in the premise connection there is a LSN carrier grade NAT "switch and router" behind the DSLAM. This is why port forwarding does not work on my router as the my router is effectively creating a dual NAT that disrupts the local routers ability to perform port forwarding. Also my router is only communicating with the premise configuration and does not really have it's own externally facing routed WAN address (as it would be in normal configuration). In short, Comcast does not support port forwarding in their services at this building with this configuration.

Once the premise connections are aggregated at the building level, all internet connections are routed by the premise equipment in a load balanced round robin method across the two internet DS3 premise connections. Thus is why I see the the bounce between the two public addresses (random chance between my traffic and everyone else at the premise that are alternating between these two paths).

So .... long story short, port forwarding will never work in the traditional way. Once I accepted this fact with the new knowledge of the configuration, I explored another path.

I setup up a VPN (since this will create a virtual direct encrypted path and not be concerned about how the local configuration NAT's). I used a trial from "vpnstaticip" and was able to add a VPN route (using a PPTP VPN connection) on a LinkSys router.

This connects to the VPN service when the router boots, once the VPN connection is running, I can port forward to the attached LAN devices connected to this router and use the external static IP address of the VPN connection to access these devices via the internet.

There is of course some overhead associated with all of this, and the configuration is overly complicated for what set out to be a simple port forward, but the connection speeds achieved during initial testing show it as a workable solution (at lest for my 90 day stay) until I can get back to a real externally faced internet connection service.

So in a nutshell:

1. The 10.101.x.x WAN address in the router is not externally facing.
2. The two addresses shown externally (bouncing between them) on "whatsmyip" are the collected buildings load balanced internet connections from the local premise equipment.
3. It is a Comcast service (which is why the two externally facing IP addresses are registered to Comcast).
4. My router does create a dual NAT condition and my router is not directly exposed via WAN address to the internet (which is why I cannot port forward from my router).
5. VPN with static IP creates a direct tunnel to the internet that allows port forwarding to occur from this tunnel (with the incurred overhead of the VPN routing).

I hope this shed some light to anyone who finds themselves in a similar condition. Thanks for everyone's help in sorting through this.

Best regards ...
Zendog is offline  
Old 01-16-2017, 12:26 PM   #12
wimiadmin
Administrator
 
wimiadmin's Avatar
 
Join Date: May 2008
Location: Pigeon Forge, TN
Posts: 1,511
wimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to beholdwimiadmin is a splendid one to behold
Default

Zendog,

Thank you so much for returning and taking the time to post your findings and what you used for a work around. So many take info/advice from us and never return, so it's nice to see someone giving back.

I'm glad you were able to come up with a solution. The setup Comcast has in place seems overly complicated, though. And, of course doesn't allow for simple port forwarding....unless that was their goal.
__________________
Brian
Please Search Before Posting
wimiadmin is offline  
Old 01-17-2017, 08:32 PM   #13
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,344
Shnerdly has disabled reputation
Default

Thanks Zendog.

I agree with Wimiadmin, that is a complicated setup but if it was installed in a large complex that was built before the Internet was common, it makes sense that they utilized the phone lines in the building instead of running Coax or cat6. Especially if this is an old high-rise building. Running new cable would be a major pain.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Old 01-19-2017, 12:08 PM   #14
Zendog
Member
 
Join Date: Jan 2017
Posts: 7
Zendog is on a distinguished road
Default

Quote:
Originally Posted by Shnerdly View Post
Thanks Zendog.

I agree with Wimiadmin, that is a complicated setup but if it was installed in a large complex that was built before the Internet was common, it makes sense that they utilized the phone lines in the building instead of running Coax or cat6. Especially if this is an old high-rise building. Running new cable would be a major pain.
I agree with you both. Overly complicated and not very efficient in implementation, support or functionality. As proven by how long it took me to understand it and find a solution for what would be a simple and normal router port forward function.

It is an older high rise with 26 floors of old school RJ11 telephony wiring. So I suspect this is the genesis of the poor (lacking modern functionality) design.

The workaround seems to function OK so far. But the additional cost, complexities and numerous points of potential failure introduced leaves it less than ideal for a permanent long term solution. Fortunately the days are ticking away and I will be on to a more permanent housing solution (with normal internet) by March.

Thanks again for the insights you guys provided. Your thoughts were instrumental in working through this.
Zendog is offline  
Old 01-20-2017, 08:14 AM   #15
Shnerdly
• The †erminator
 
Shnerdly's Avatar
 
Join Date: Jun 2010
Location: The frozen tundra of Minnesota
Posts: 1,344
Shnerdly has disabled reputation
Default

We are always glad to help where we can.

Thanks again for reporting back the final outcome and solution.
__________________


Grammar is important. For instance, commas save lives:

Let's eat grandpa.

OR

Lets eat, grandpa.

Shnerdly is offline  
Closed Thread

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 10:24 AM.


What Is My IP

Join WhatIsMyIP.com on Facebook Follow WIMI on Twitter

Need IP address location detection service? Get it from IP2Location.com now.

Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright - WhatIsMyIP.com®