1

My configuration is as follows:

my linux laptop ---eth---> openbsd_fw ---usb---> 4g_modem ----> internet

If I run MTR to 8.8.8.8 it gives me the following:

 Host                                  Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. _gateway                            0.0%    18   22.4  24.7  22.3  28.6   1.8
 2. 192.168.86.33                       0.0%    18  218.0  85.9  42.7 247.9  71.0
 3. 192.168.86.33                       0.0%    17  145.9 223.4 145.9 255.3  40.0
 4. (waiting for reply)
 5. 192.168.83.30                       0.0%    17   43.7  46.9  41.1  61.9   4.7
 6. (waiting for reply)
 7. 10.178.86.145                       0.0%    17   58.4  56.6  51.8  71.1   4.5
 8. 83.224.40.198                       0.0%    17   56.7  57.4  51.8  62.8   3.4
 9. 83.224.40.197                       0.0%    17   54.5  56.3  51.1  59.9   2.5
10. 83.224.40.217                       0.0%    17   62.5  62.3  56.7  68.3   3.7
11. 185.210.48.1                        0.0%    17   60.6  63.0  58.5  68.7   3.1
12. 72.14.238.234                       0.0%    17   59.4  63.9  56.8  71.8   3.8
13. 216.239.50.221                      0.0%    17   61.6  61.0  57.8  66.7   2.2
14. dns.google                          0.0%    17   60.5  62.6  58.3  70.7   3.8

As you can see the second hop and the third have the same ip on a private network 192.168.86. The 5th hop is an other C class private network and the 7th is under 10.x If i connect to that machine they seem proxy because I receive the following error:

Tunnel Connection Failed

and

Connection refused

because the port 80 is open and listening.

My questions are:

  • why my provider uses so much private ip in his network ?
  • why the second and third hop have the same ip ?
  • why there are proxy or tunneling software listening on the hops ? I find it strange because as I know https is not cacheable.
Peregrino69
  • 5,004
Lews
  • 111

2 Answers2

1

All of IP addresses 1 - 7 may well exist only between your laptop and the 4G modem. As the whole path is wired, there's no way to set up a MITM in between; unless there's another way to access your firewall. The 4G modem requires connection to a service provider, and it will only connect to the provider who provided the SIM Card, so a MITM in between the modem and the service provider is also extremely unlikely.

Tunnels in this context have nothing to do with caching, they're just a way to route traffic in a specific way. To quote Wikipedia:

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It is used to transport another network protocol by encapsulation of its packets.

Usually tunnels are used because it simplifies the routing one way or another. In this context something may be internally configured to use a tunnel, for example the Ethernet-over-USB interface that connects the modem to the firewall. Can't say much more than that without knowing more of the setup; the hardware and the configuration.

Connection refused has nothing to do with port 80, only the fact that your client isn't authorized to connect to that tunnel.

Peregrino69
  • 5,004
0

Your carrier is free to use any rfc1918 (ie private soace) in their network for parts you dont need to be able to reach - indeed doing this can save real IP space. You have not pointed out where your world routable or CGN IP is defined, and doing this could be useful in you understanding how tnings fit together.

Also be aware that the reported IP addresses in a traceroute are for guidance purposes only It is entirely possible there are things messing with the ICMP (or equivalent) packet TTLs causing duplicates masking real IP addresses - but you would need to communicate with your ISP if those are a concern.

HTTPS is cachable - although the word cachable is vague. Relatedly large content providers often will deploy equipment to ISPs to distribute and cache content. Typically the content provider will provide equipment to do caching including appropriate certificates so https does not fail, and work with the ISP to ensure traffic is appropriately routed to the caching bix in the ISP network.

davidgo
  • 73,366