Can't ping my external CGNAT IP address from external network

Question

I'm new to networking and I'm trying to scan my external IP from an external network.

I first tried finding my public IP from whatismyIP.com. The IP address on that site was different from the external IP address on my home router so I assumed my network used a Carrier Grade NAT device.

I tried scanning the IP I got from whatismyIP.com using nmap and also tried pinging it. I was able to do so inside my router's network, but not when I was outside it. I was wondering if anyone could explain why I couldn't ping or scan the address from whatismyIP.com outside my network. Does it have something to do with the CGNAT.

Answer 1

"Your" CGNAT IP address is not really yours; it belongs to the NAT gateway. Depending on the ISP's setup, it might not always be pingable:

1. The ISP might have simply blocked ping requests on the gateway, as some admins do. (Much like Windows blocks ping requests; it's just a firewall rule.) If the address is pingable from inside but not outside, that's the most likely explanation.

2. The address might not be assigned to the gateway at all, only routed towards it. This makes no difference to packets that the gateway does translate, but when a new packet comes in that doesn't match an existing translation, it could literally go nowhere instead of being accepted by the router itself.