Issue
Background: when I'm on call, I need to be able to quickly SSH into an AWS production server from my cell phone (e.g., if I don't have a laptop handy and there is cell coverage but no wifi). SSH access is only allowed from a small number of IP addresses, and before I can SSH I need to add my cell phone's public IP address to that list. I'm using Prompt 2 and AWS Mobile Console.
Question: how can I find my cell phone's public IP address that I need to add to the AWS security group? (please read the entire question before you close it as a duplicate)
It does sound easy, right? Except I cannot find an easy way to determine my cell phone's actual public IP address. For example, while accessing the internet via the cell phone network, whatismyip.com reports my public IP address as 107.77.xxx.xxx. Adding that address to the security group does not work. ipchicken.com and some other sites report the same address.
Next, I figured that there is probably all sorts of NAT in between, and that maybe some smarter web tools can handle that. Indeed, ifconfig.me and checkip.dyndns.org report a different public IP address, 166.170.xx.xx, in my case. Adding that address to the security group, also does not allow me to SSH into the server.
Now, as my last resort, I ssh'ed from my cell phone into another server that does not contain production data and allows ssh access from any address:
$ netstat -an|grep ":22 .* ESTABLISHED"
tcp 0 0 172.31.14.173:22 107.72.xx.xx:23255 ESTABLISHED
$
Per netstat, my ssh session is coming from IP address 107.72.xx.xx (full address redacted). Now, if I add that address to my AWS security group, I can finally ssh from my cell phone into the production server. So, this last method does yield the correct address that I need, but it's somewhat difficult to obtain, especially if I don't have access to another server that allows SSH from any address.
So, in short: is there a website like whatismyip.com or ifconfig.me that would give me access to my cell phone's "true" public IP address, as determined by netstat.
I'm using an iPhone so I cannot run local UNIX commands. My cell service provider is AT&T, if that helps. I also put my phone into field test mode, but it gives me only AT&Ts non-routable internal 10.x.x.x address.
Solution
It sounds like web traffic gets proxied, so you would need to check the address via a non-HTTP method.
Getting a public IP without access to a browser? - Networking - Spiceworks suggests using a DNS lookup to obtain the address, which would avoid the proxy.
Answered By - John Rotenstein Answer Checked By - David Goodson (WPSolving Volunteer)