On Sun, Nov 7, 2010 at 8:33 PM, Lyle Giese <l...@lcrcomputer.net> wrote:
> slamp slamp wrote: > > http://checkip.dyndns.org/ > > > > how is this possible? i am behind a standard install of pfSense > > 1.2.3-RELEASE which means i am NAT'd. how is pfsense publishing my > > private IP? > > > > > What makes you think pfSense is publishing that data? It is Squid running on pfSense that is publishing that data. There is no javascript on that page. The fact is, it is poorly written applications that is causing the problem. Squid is mis-configured which causes it to set the HTTP X-Forward header to the internal private IP. The application checks for the header to be set and uses the data it contains without doing a sanity check first. Several projects that I contribute to have had the same issue, here is a sample in PHP. Original (bad) code: if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "") { $IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]; } else { $IP = $HTTP_SERVER_VARS["REMOTE_ADDR"]; } Fixed code: if ($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"] != "") { $forwardforip = ip2long($HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]); if ( ($forwardforip >= ip2long("10.0.0.0") && $forwardforip <= ip2long("10.255.255.255")) || ($forwardforip >= ip2long("172.16.0.0") && $forwardforip <= ip2long("172.31.255.255")) || ($forwardforip >= ip2long("192.168.0.0") && $forwardforip <= ip2long("192.168.255.255")) ){ $IP = $HTTP_SERVER_VARS["REMOTE_ADDR"]; } else { $IP = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"]; } } else { $IP = $HTTP_SERVER_VARS["REMOTE_ADDR"]; }
