How do I really know who is accessing my server?
I've tried to search for a solution but I couldn't... Maybe I didn't search well so it could be that the post is duplicated, so I'm sorry if it's like this.
Well, recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router. I also have a web page (Only for testing) and a SSH server to login and monitor the server from anywere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is stablishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Outuput of the traceroute command to my server's IP:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
networking server internet
asked Feb 7 at 8:09
xBeikerxBeiker
689
|
show 5 more comments
I've tried to search for a solution but I couldn't... Maybe I didn't search well so it could be that the post is duplicated, so I'm sorry if it's like this.
Well, recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router. I also have a web page (Only for testing) and a SSH server to login and monitor the server from anywere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is stablishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Outuput of the traceroute command to my server's IP:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
networking server internet
asked Feb 7 at 8:09
xBeikerxBeiker
689
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IPThis should not be the case. Are you very sure about this ?
– RoVo
Feb 7 at 8:12
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
2
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the commandtraceroute <your-server-ip>to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.
– Melebius
Feb 7 at 9:14
1
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
2
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33
|
show 5 more comments
I've tried to search for a solution but I couldn't... Maybe I didn't search well so it could be that the post is duplicated, so I'm sorry if it's like this.
Well, recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router. I also have a web page (Only for testing) and a SSH server to login and monitor the server from anywere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is stablishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Outuput of the traceroute command to my server's IP:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
networking server internet
asked Feb 7 at 8:09
xBeikerxBeiker
689
I've tried to search for a solution but I couldn't... Maybe I didn't search well so it could be that the post is duplicated, so I'm sorry if it's like this.
Well, recently I started using my old desktop computer as a server, I installed Ubuntu server 18.04 and it's now connected to my router. I also have a web page (Only for testing) and a SSH server to login and monitor the server from anywere (obvious) and the problem comes now:
I have the server connected to the router and the router (ADSL) is connected to the internet. I have set up the router to forward any request that wants to connect via port 80 or 22 to the private IP of the server. And now, whenever someone connects to my web server, the access logs shows me that all petitions are coming from the same IP (My public IP) and same with SSH, whenever I connect to my server, when I type the command who it shows me I'm connected from my public IP.
I know that problem it's because it's my router who is forwarding the packaged and requests but I would like to know if there is any kind of "solution" to this so I'm able to actually know who is stablishing a connection to my server.
Thanks in advice and sorry if I misspelled, trying my best to write this correctly.
Output of who command:
alex@ubuntu:~$ who
alex pts/0 2019-02-07 07:22 (62.37.40.224)
alex pts/1 2019-02-07 07:22 (62.37.40.224)
Outuput of the traceroute command to my server's IP:
traceroute to 62.37.40.224 (62.37.40.224), 30 hops max, 60 byte packets
192.168.212.254 (192.168.212.254) 3.004 ms 2.972 ms 2.947 ms
172.29.34.1 (172.29.34.1) 7.755 ms 7.736 ms 7.686 ms
1.red-81-46-16.customer.static.ccgg.telefonica.net (81.46.16.1) 7.662 ms 7.621 ms 7.584 ms
217.red-217-124-114.static.ccgg.telefonica.net (217.124.114.217) 15.257 ms 217.124.112.37 (217.124.112.37) 20.113 ms 217.124.114.217 (217.124.114.217) 20.108 ms
* * *
157.red-80-58-84.staticip.rima-tde.net (80.58.84.157) 14.988 ms 15.931 ms 15.895 ms
145.red-80-58-97.staticip.rima-tde.net (80.58.97.145) 15.865 ms * *
80.58.106.58 (80.58.106.58) 14.724 ms 14.712 ms 14.687 ms
241.red-80-58-88.staticip.rima-tde.net (80.58.88.241) 14.661 ms 14.635 ms 14.615 ms
10.21.0.1 (10.21.0.1) 14.565 ms 14.475 ms 20.228 ms
10.21.0.2 (10.21.0.2) 20.180 ms 20.143 ms 20.111 ms
172.27.111.22 (172.27.111.22) 15.212 ms 15.175 ms 15.005 ms
172.27.111.51 (172.27.111.51) 14.931 ms 14.818 ms 14.807 ms
172.27.111.126 (172.27.111.126) 14.797 ms 14.776 ms 14.762 ms
172.27.111.10 (172.27.111.10) 19.592 ms 16.708 ms 16.622 ms
193.152.56.1 (193.152.56.1) 19.503 ms 19.474 ms 19.407 ms
80.58.72.149 (80.58.72.149) 19.399 ms 19.356 ms 19.292 ms
* * *
* * *
216.184.113.180 (216.184.113.180) 23.230 ms 17.892 ms *
* * *
* * *
* 193.251.247.14 (193.251.247.14) 16.104 ms *
* * *
* * *
* * *
* * *
* * *
* * *
* * *
networking server internet
networking server internet
asked Feb 7 at 8:09
xBeikerxBeiker
689
asked Feb 7 at 8:09
xBeikerxBeiker
689
edited Feb 7 at 9:25
xBeiker
asked Feb 7 at 8:09
xBeikerxBeiker
689
asked Feb 7 at 8:09
xBeikerxBeiker
689
asked Feb 7 at 8:09
xBeikerxBeiker
689
689
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IPThis should not be the case. Are you very sure about this ?
– RoVo
Feb 7 at 8:12
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
2
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the commandtraceroute <your-server-ip>to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.
– Melebius
Feb 7 at 9:14
1
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
2
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33
|
show 5 more comments
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IPThis should not be the case. Are you very sure about this ?
– RoVo
Feb 7 at 8:12
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
2
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the commandtraceroute <your-server-ip>to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.
– Melebius
Feb 7 at 9:14
1
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
2
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IP This should not be the case. Are you very sure about this ?– RoVo
Feb 7 at 8:12
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IP This should not be the case. Are you very sure about this ?– RoVo
Feb 7 at 8:12
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
2
2
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the command
traceroute <your-server-ip> to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.– Melebius
Feb 7 at 9:14
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the command
traceroute <your-server-ip> to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.– Melebius
Feb 7 at 9:14
1
1
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
2
2
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33
|
show 5 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1116327%2fhow-do-i-really-know-who-is-accessing-my-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1116327%2fhow-do-i-really-know-who-is-accessing-my-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Whenever someone connects to my web server, the access logs shows me that all petitions are coming from [...] My public IPThis should not be the case. Are you very sure about this ?– RoVo
Feb 7 at 8:12
@RoVo I attached 2 screenshots. In the first 1 I'm logged in to the server with 2 different computers and in the second one you can watch which IP I'm connecting to with the SSH Client
– xBeiker
Feb 7 at 8:21
2
Are you using your public IP address (and port forwarding) to connect the server? Then it would be the correct behavior. If not, I am suspecting your router maintains two (or more) separate subnets, so your request to the server appears as going from outside. Please edit your post to add the output of the command
traceroute <your-server-ip>to check this. Don’t forget to apply code formatting to the pasted terminal text, please do not post screenshots of the terminal.– Melebius
Feb 7 at 9:14
1
you're connecting from the same network ?
– RoVo
Feb 7 at 9:14
2
So it happens when you connect from outside? I thought it happens from the LAN, too. Anyway, this looks related to your router rather than Ubuntu and Super User should be a better place to ask. It might be configurable but you haven’t provided any details of your router yet.
– Melebius
Feb 7 at 9:33