I made a nginx server at 192.168.1.106 and I can access it from the host computer but it doesn't show when I access it on a computer in the same network. But I can ssh into the server from a different computer using the same address. I checked my firewall to make sure it isn't blocking anything.
How do I access the server form a different computer?
> iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).
Related
Usually I prefer finding a solution on my own, but unfortunately that didn't work out too well this time so I'm asking here.
I'm trying to deal with a server (rather a computer with no screen and debian minimal on it) which is on the usual home network. Problem is the ISP is running out of ipv4 addresses and therefore
decided to use ipv6 instead and dual-stack lite to access the ipv4 side of the internet. This means the computer is not accessible over the ipv4 address from the outside
but is able to connect to a ipv4 computer.
I do have a vserver (debian as well) which still uses only ipv4, so my plan was to use it as some kind of relay or porxy. Problem there is, I am not able to use iptables to configure NAT
since the server provider has removed that module from the kernel.
My first attempt was to use an SSH tunnel like this:
ssh -f user#vserver -R 2222:localhost:22 -N
This allows me to access the CLI over SSH which now listens on port 2222.
Next step was to open a second SSH tunnel and tunnel UDP traffic through that using socat:
homeserver:~# socat tcp4-listen:${tcpport of second tunnel},reuseaddr,fork udp:localhost:${udpport to forward traffic from}
vserver:~# socat -T15 udp4-recvfrom:${udpport to forward traffic to},reuseaddr,fork tcp:localhost:${tcpport of second tunnel}
This does work, however once the client application is trying to connect to the UDP port, the server application is trying to continue the communication on a different new port from the dynamic
port range (Ephemeral Port Range I think). That one random port of course is not being forwarded since socat is not listening to.
The second attempt also involved an SSH tunnel, only a dynamic one this time (basically a socks proxy).
I was trying to setup a virtual network device to route all the traffic through the socks proxy:
(As described in man pages from badvpn-tun2socks)
homeserver:~# openvpn --mktun --dev tun0 --user <someuser> #create tun0 device
homeserver:~# ifconfig tun0 10.0.0.1 netmask 255.255.255.0 #configure it
homeserver:~# route add <IP_vserver> gw <IP_of_original_gateway> metric #Route all traffic through tun0
homeserver:~# route add default gw 10.0.0.2 metric 6 #exept the ones to the vserver
homeserver:~# badvpn-tun2socks --tundev tun0 --netif-ipaddr 10.0.0.2 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:1080 \
--udpgw-remote-server-addr 127.0.0.1:7300
This needs to SSH socks-proxies since upd needs to be handled seperately.
On the vserver side of things these need to be handled as well:
vserver:~# badvpn-udpgw --listen-addr 127.0.0.1:7300
The connection between both is successful but this time the homeserver is not accessible at all. (seems to me like the vserver has no clue what to do with the packets)
I hope there is a simple fix to either of my attempts. But as it stands now,
I think my whole approach is fundamentally flawed and I'm starting to run out of ideas.
Any help would be appreciated, Thanks in advance!
I have an hadoop defaultFs application run in port 8020, as show with sudo netstat -tulpn | grep :8020, where 10.44.142.19 is the internal address,
tcp 0 0 10.44.142.19:8020 0.0.0.0:* LISTEN 31680/java
I also opened this port in iptables
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8020
But this port is still blocked.
I guess is the problem of ip address, where 10.44.142.19 should be 127.0.0.1, because I am visiting it from external, right?
How could I solve this? Thanks in advanced.
ok if you are coming in from the WAN you need to use your ip from your modem. google "whats my ip" If you are behind a router, your router will give you an ip of something like, 192.168.10.101 type that in goto your sever over a LAN.
:8020 at the end if that is your port you are directing to.
firewall must be down for that port to come from the outside, and your web server must be setup to make the files and folders you want to disturb or make available with permission of at least read for your web servers user or group, in permissions.
each system is a little different so you have to tweek things as you go.
I run a "private" service on my computer, which I do not want to be accessible from other computers. I configured it to only listen on 127.0.0.1. Do I still need a restrictive firewall?
For example, is it possible to receive a packet on eth1, which would somehow have 127.0.0.1 as its destination address? Then, if my FORWARD chain is permissive, wouldn't it get delivered to my server listening on the localhost?
127.0.0.1 is only for local computer "loopback". They are required to be dropped if they come from outside the local computer. So no firewall is required if the app is only listening on 127.0.0.1.
I know that on a local network, it is possible to redirect from the default port to another port like so, and run an application:
# Routes all traffic from port 80 to port 3000
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
node .
For clients to access the service, typing 11.0.120.131 will have the same effect as typing 11.0.120.131:3000 (if 11.0.120.131 is the IP of the computer running the node server).
I've seen in a couple cases where you can type into the address bar a word, e.g. http://meetings and it will actually pull up a web page (as if typing in an IP). I'm not sure what the technique is called, but I would like to achieve the same thing on my local network.
Is this possible on a Linux machine using a command similar or not to iptables above?
URLs are resolved to IP addresses via the Domain Name System. In order to create a fancy URL like meetings, some router between you and the DNS server looks for those particular URLs and resolves them to the correct IP address (or provisions your machine to use a custom DNS server which does the same thing).
If you want to achieve this behavior on your computer, you can edit the hosts file (on Linux, /etc/hosts). This file contains a list of explicit URL resolutions; if you put a URL in this file, such as meetings, then it will be resolved to the IP address you specify, without ever contacting a DNS server.
If you want all the computers on your network to use this behavior, you have to set up an actual DNS server for those URLs, and configure your router to specify it as the DNS server to use, which may not be possible depending on the brand of router.
I have a CentOS server at home that I'm trying to put a website on. I put the index.html in the /var/www/html/ folder and can access it from another computer on the local network (with 'http://192.168.etc'). The problem comes when I try to access it from the web with my ip (http://34.52.xx.xx). I turned off iptables when I tried to access it to rule out a firewall issue with no success. I use Comcast and read that they sometimes block port 80 so I edited the /etc/httpd/conf/httpd.conf to listen on port 8000 in addition to 80 incase port 80 was blocked (httpd restarted after changes). When I enter 'http://myIP:8000' with iptables down I still don't get my page to show up.
What am I missing?
Thanks!
You surely have one public IP address let say 34.52.01.01 and you surely have “several” private IP addresses 192.168.1.1/192.168.1.2 ...
Between both worlds there’s a layer in your router call NAT (Network Address Translation) that
allows a request started from let say 192.168.1.2 to reach the external world (let say google.com), when the external world provides an answer for such a request it's your router NAT who knows that that answer must be routed back to 192.168.1.2
But if you have a request originated in the exterior world pointing to 34.52.01.01 you do not have an HTTP server
on that address then you need in your router some forwarding rule saying let say if you receive a TCP request in port 80 route it to 192.168.1.5 that is the internal address of your HTTP server…
You need to add port forwarding to your router…