Preface: I have only a basic understanding of IP address; not a network guy.
I have a list of IP start and end ranges in the format of XXX.XXX.XXX.0 to XXX.XXX.XXX.251.
I need to manually enter these ranges into the IP restrictions feature of IIS Manager to allow or block them - IIS Manager is asking for "A range of IP addresses:" and the "Mask:".
How do I determine which values to enter into IIS IP restrictions.
I have tried using various online IP range calculators but I honestly don't trust them all with my limited knowledge of IP addresses, and we can't afford to shut down possibly multiple sites due to an error.
Related
I'm trying to find a way to display the real IPs of VMs a user has tried to sign in instead of the proxy's IP in the "Sign-ins" section of each user.
For example if user "max" tried to sign in to a vm that has the IP '10.0.0.1' then when I go to the Sign-ins section of user max it will show me that this user tried to log in at 10.0.0.1 and not at the proxy IP.
I don't think you can do that unless your VM is directly to connect to the Internet without any proxy. Also, in your example, the IP address 10.0.0.1 is a private address that does not route on the Internet.
To display the IP address is a bit to rely on the networking environment where your VMs. From the Sign-in activity reports in the Azure Active Directory portal, currently Azure tries best effort to convert the IP address to a physical location where the computer located as mapping IP addresses is complicated by the fact that mobile providers and VPNs issue IP addresses from central pools that are often very far from where the client device is actually used.
IP addresses are issued in such a way that there is no definitive
connection between an IP address and where the computer with that
address is physically located. Mapping IP addresses is complicated by
the fact that mobile providers and VPNs issue IP addresses from
central pools that are often very far from where the client device is
actually used. Currently in Azure AD reports, converting IP address to
a physical location is a best effort based on traces, registry data,
reverse look ups and other information.
I'm trying to set an one IP adresss (dynamic) as the source of inbound ssh rules for azure VM. But when its set to "any" works perfectly but given my local dynamic IP doesn't work(connection timed out).
Also tried giving CIDR block for source, but still confused as to why a single IP doesn't work.
Most 'Whats my IP' sites will give you your Public IP address that you can use for you NSG.
http://www.hazelnest.com/IPproject/MyIP/ip.php
But i believe the issue you are having is one i have seen in very large company networks, the IP you get from site is not really the IP for RDP/SSH.
Easiest and guaranteed way is to contact you networking guys to provide you with the information.
Another way is to check the IP you get on the RDP/SSH logs when you connect without restricting NSG. Then use that IP on the NSG, not that depending on the network this might change.
Linux:
Check the auth.log under the \var\log
IMAGE 1
Windows:
In the VM's Event Viewer, navigate to path below and check the event 22, that should have information.
Applications and Services Logs\Microsoft\Windows\TerminalServices-LocalSessionManager
IMAGE 2
Have one app service plan (standard 1 pricing tier) with only one web app. From what I understand I have a static ip based on this configuration / price. So when I do an nslookup on my web site and get an ip back, that ip is static correct? Just needed verification. TIA.
So when I do an nslookup on my web site and get an ip back, that ip is static correct? Just needed verification
Every Azure Web App have 1 external IP address and multi outbound addresses. What you saw from nslookup is external IP address.
The external IP address(Inbound address) is used for domain binding(A record binding). If you want to binding your custom domain, please use external IP address. You could find the external IP address from Azure portal. Web App->Custom Domains tab.
From official document, we know
If you delete and recreate your app, or change from a higher pricing tier back to the Shared tier, your app's external IP address may change. Otherwise, the external IP address won't be changed.
Traffic come from your web app will use one of the outbound addresses as IP address. There is no agreement of when the outbound IP address will change or not. They will not change from 1 day to the next, nor is there any plan or real need to change them.
will there be some type of notification from azure when the outbounds do change?
There is no official document which pointed it out. I found following words from MSDN forum. Hope it will be helpful for you.
It becomes necessary for Azure infrastructure to increase the number of outbound IP addresses. In that case the existing IP addresses will be preserved but there will be some new ones. So far there hasn't been a need to increase number of IP addresses and if there ever be the need for that there will be an early notice about it.
The Web App gets relocated to a different scale unit. Prior to that the subscription owner gets an email notification one month in advance.
From: Static outbound IP addresses for Azure Web Apps?
I'm pretty sure you are assigned 4 external IP addresses, so at the very least there are 4 ip addresses you need to consider static, but from what I can tell they are subject to change (that's how it previously was, I'm not sure if it holds now).
Also, remember that those are shared, so whitelisting those is potentially dangerous.
I've only recently begun scratching the surface of hosting my own DNS, but I'm looking to do so in the hopes that I can facilitate my own reverse lookups.
My idea being that if I can manage my own DNS, I can give it tables I've complied about IP / FQDN relations so I can do a reverse lookups on dynamic ips (of which I know the FQDN of) without my ISP's support; I'd pair the return of something like an nslookup somewhere within my own hosted DNS then have that DNS server facilitate reverse DNS lookups for some programs that require the function (like for a CFEngine Hub)
Near as I can tell, the 'PRT' record is what I want to spoof; Right?
I'm wondering if there are better resources out in the wild to use. This and this are the best I've found about hosting DNS in this manner.
Any pitfalls I'm not seeing about trying to pursue this convoluted solution?
Reverse lookup requires the IP address owner to delegate reverse lookup DNS to you. Note that the owner here is not the DHCP recipient, but whoever assigns the IP address.
For a completely internal network, it would be possible to configure your own PTR records since you control the IP addresses being assigned.
On third party networks, the third party (who assigns IP addresses to you) would need to delegate reverse lookup for those IPs to you. In a dynamic IP situation, this delegation is unlikely because your IP comes out of a pool that is used for assigning IP addresses to many customers, not just you. Some ISPs allow allow programmatic access to configure reverse lookups, but this again seems unlikely for dynamic DNS for the same reason as delegation -- the addresses are part of pool assigned to any customer using it, not just you.
It might be possible to hack ("shadow"?) it by requiring your users / clients to use your DNS server and populating "fake" (since you don't actually have ownership of the IPs) PTR records.
Article on reverse lookup sequence and info.
http://www.dnsstuff.com/reverse-dns-faq
A way around this might be to create your own tool for looking through your forward lookup table for a specific IP address. However, this would be a custom tool separate from the usual DNS lookup tools like nslookup and dig.
I've entered the IP address from the Windows Azure Portal (both the one specified in the website Dashboard or within the Manage Domains area) but when trying to use SagePay Direct it returns that it is not a valid IP address.
I eventually solved this by doing a "showpost" for SagePay and then having to tell me what the IP address is.
The problem is - how can I determine this IP address for myself? As I worry that the IP address could change in the future.
If I use "Request.ServerVariables("LOCAL_ADDR")" (Classic ASP) it seems to return the local IP address of the webserver.
what if you create a script or something that just returns the visitor IP address and make a request, get or post, to that script from your server?
The IP Address that you see to use for your A records is not the outgoing IP Address used by Azure Websites. Hence why SagePay does not accept transactions from the website because it is an invalid IP Address.
Instead there are 4 IP Addresses that you need to add, and those 4 IP Addresses depend on what Scale Unit your site uses.
The scale unit for your site can be found from the FTP Host Name for your Azure website. For example: ftp://waws-prod-blu-011.ftp.azurewebsites.windows.net - the scale unit is 'waws-prod-blu-011'
I then put that into Google, and a couple of azure maintenance articles came up. Scroll the article to you see your region, and then your scale unit and there are the 4 IP Addresses you need.
Please refer to this azure maintenance article for more information.