Home » Questions » Computers [ Ask a new question ]

How can I determine why my home IP address is blocked from work?

How can I determine why my home IP address is blocked from work?

I am sitting at work right now, I can use my cell phone to access my home IP address, but I can't access it from work. Typically when a site at work is blocked by the proxy, it explicitly says so. In this case though, it just times out.

Asked by: Guest | Views: 318
Total answers/comments: 2
Guest [Entry]

Most companys block any ICMP echo requests (Outbound ping) which would also cause tracert (which relies on ICMP) to get to the point of your work's firewall and then fail. Although the majority of ICMP attacks occur from outside company walls (Ping of death, DoS attacks), it's possible for employees to take advantage of the ICMP Protocol from within, utilizing tactics such as ICMP tunneling. Therefore, most company firewalls are setup to only allow ICMP echo requests to leave their network destined for any network they have reason to communicate with.
Guest [Entry]

"I have no idea how your cell phone is accessing your home network, so I am going to declare that hint a ""red herring"" and generalize your situation. If this over-simplifies your situation and renders this answer useless, I apologize.

Most folks use a ""router"" on their home network. It's really a ""network address translation"" or NAT router. You can tell if your home network is using NAT if your home IP address is ""private"". Private addresses are usually 192.168.x.x. There is also the 169.254.x.x self-addressed network block, which is also private. There is a hint in your note that you are trying to go through a private address. No can do.

You can configure most NAT routers to ""open a port"" for your home computer on their public IP address. So, for example, you could configure your home router to open port 80 on the public IP address assigned by your ISP to your router for access to port 80 on one of the private address home computers (eg, 192.168.1.150).

So what you need to do is:

1) configure your home router to open a port to one of your internal private addresses.

2) from outside (at work) use the public IP address of your home router and the port number you mapped to your home computer

Unfortunately, that is but one port and one service. Some routers have the ability to map all their ports to one private IP address, but that opens a lot of vulnerabilities in your home OS to outside attacks, so be careful.

Also note that ping and traceroute won't work on these port mappings to get all the way to your desktop at home, but if you recognize your home router public IP address, you know you got to your premises, if not through the router and back again. That is often enough to test connectivity. If a traceroute to your router public IP address works, then you aren't blocked.

The other alternative if you are using one computer at home is to plug it directly into your DSL or cable modem. Again, your OS is now open to more attacks so maintain patches and high security configurations, but a temporary setup like this might help you debug your desktop's application that you are trying to connect to from work. Then you could fall back to a port mapping through your router and debug that separately from your desktop service configuration."