mobile access through firewall


#1

Hello-

I have a firewall rule to block access to certain vif’s on my network unless the source IP is in the network-group. It works just fine from my PC. However, when trying to access from my cell, I can’t get in.

Running whatismyip.com on my cell phone gives me an IPv6 address. If I ssh into one of my linux devices from my phone, it shows the following address as connected:

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
xxxxx pts/0 146.sub-70-193-2 06:00 4.00s 0.05s 0.05s -bash

A search on ARIN shows that 70.193.2.146 belongs to Verizon (my mobile carrier), yet adding this address to the appropriate network-group doesn’t work. I don’t get any hits on that rule.

Any ideas?


#2

tcpdump is pretty much the only way to know for sure what source IP you have. Once you’ve verified 100% what your source-IP is, and your network-group rule is not working, then enable rule logging or default action logging to see where/why it’s being dropped or rejected.

GL

Chris


#3

Thanks Chris - that gave me the address and all is good.