I know that on a local network, it is possible to redirect from the default port to another port like so, and run an application:
# Routes all traffic from port 80 to port 3000
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
node .
For clients to access the service, typing 11.0.120.131 will have the same effect as typing 11.0.120.131:3000 (if 11.0.120.131 is the IP of the computer running the node server).
I've seen in a couple cases where you can type into the address bar a word, e.g. http://meetings and it will actually pull up a web page (as if typing in an IP). I'm not sure what the technique is called, but I would like to achieve the same thing on my local network.
Is this possible on a Linux machine using a command similar or not to iptables above?
URLs are resolved to IP addresses via the Domain Name System. In order to create a fancy URL like meetings, some router between you and the DNS server looks for those particular URLs and resolves them to the correct IP address (or provisions your machine to use a custom DNS server which does the same thing).
If you want to achieve this behavior on your computer, you can edit the hosts file (on Linux, /etc/hosts). This file contains a list of explicit URL resolutions; if you put a URL in this file, such as meetings, then it will be resolved to the IP address you specify, without ever contacting a DNS server.
If you want all the computers on your network to use this behavior, you have to set up an actual DNS server for those URLs, and configure your router to specify it as the DNS server to use, which may not be possible depending on the brand of router.
Related
I made a nginx server at 192.168.1.106 and I can access it from the host computer but it doesn't show when I access it on a computer in the same network. But I can ssh into the server from a different computer using the same address. I checked my firewall to make sure it isn't blocking anything.
How do I access the server form a different computer?
> iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The server_namedocs directive is used to identify virtual hosts, they're not used to set the binding.
netstat tells you that nginx listens on 0.0.0.0:80 which means that it will accept connections from any IP.
If you want to change the IP nginx binds on, you have to change the listendocs rule.
So, if you want to set nginx to bind to localhost, you'd change that to:
listen 127.0.0.1:80;
In this way, requests that are not coming from localhost are discarded (they don't even hit nginx).
I have a server that has multiple ip addresses. It also has multiple web apps written in nodejs that I'm running.
In short I'd like to forward specific ip addresses to specific node applications. How is this done? Should I use apache or nginx?
running centos 7
Any running application can bind to either 0.0.0.0 (to catch all the packets) or to some specific IP (it must use this ip when it calls bind() on the socket). Thus almost any TCP/IP server application has option like "Listen" in it's config file or command line, so you should read your docs carefully to figure out how can it be made in your particular application. For Apache it's port-based virtual hosts.
If you want to route user requests to different application based on user's IP address, you should read about iptables nat table and REDIRECT target.
I develop websites with rails, and I was looking for a simple way to setup a dynamic name resolution for my app. The final product I need is to is: Every time I start a rails application (by typing rails server on my application folder, I want to run it on a random port and if I type the application name on my browser (like myapp.dev or something) it resolves to the localhost on the correct port.
The part of getting the app name and generating a random port is not the problem. The problem is how to resolve a name to a local port. Is there any simple tool on linux that allows me to do this?
Right now, the best I can think off is start a daemon that keeps track of when a rails app is started, annotate the port, and add an entry to itself in /etc/host with the app name. Then, whenever it receives a request, it forward to the correct app based on the name.
I can't believe this is the best way so ideas are highly appreciated.
I'm not sure if I understand your problem correctly, but DNS it not about ports. By using DNS you can resolve the name to IP not port or from IP to name (RevDNS). What you would do in your case is during start up of application on random port, forward another port which will be always the same.
For instance:
By iptables forward port 80 to random port of your application. Then you will always get to application by port 80.
Edit: I couldn't paste it in the comment because it's too long, so I give you answer here:
You can create a lot of iptables rules and first application will be on port 80, next 81, and so on.In browser you have to type then: apps.test.com (first app) , apps.test.com:81 (second app)..
Another solution: if you want to have diffrent domains (not type a port after colon), you can use proxy server,
and use VirtualHost to redirect to particular apps. In proxy configuration you can define that app1.test.com goes to port e.g 8888, app2.test.com goes to port 8889 and then during start up your app you can create iptables rule or ssh tunel to redirect whole traffic from port 8888 to your random port of
ruby application. To don't do it more complicated, it would be nice that these port
which you configure in proxy, are not used by your ruby application. Also you can check, iptables
"string match" option; Match Host field of HTTP request and then analogously during start up apps,
create iptables rule which will redirect everything which goes to port 80 with specify Host field to
your ruby app port. The last option would be using SRV dns record, but it's rather useless in your
situation. But anyway you can play around with all of these options, and choose one which is the best for
you.
I have a CentOS server at home that I'm trying to put a website on. I put the index.html in the /var/www/html/ folder and can access it from another computer on the local network (with 'http://192.168.etc'). The problem comes when I try to access it from the web with my ip (http://34.52.xx.xx). I turned off iptables when I tried to access it to rule out a firewall issue with no success. I use Comcast and read that they sometimes block port 80 so I edited the /etc/httpd/conf/httpd.conf to listen on port 8000 in addition to 80 incase port 80 was blocked (httpd restarted after changes). When I enter 'http://myIP:8000' with iptables down I still don't get my page to show up.
What am I missing?
Thanks!
You surely have one public IP address let say 34.52.01.01 and you surely have “several” private IP addresses 192.168.1.1/192.168.1.2 ...
Between both worlds there’s a layer in your router call NAT (Network Address Translation) that
allows a request started from let say 192.168.1.2 to reach the external world (let say google.com), when the external world provides an answer for such a request it's your router NAT who knows that that answer must be routed back to 192.168.1.2
But if you have a request originated in the exterior world pointing to 34.52.01.01 you do not have an HTTP server
on that address then you need in your router some forwarding rule saying let say if you receive a TCP request in port 80 route it to 192.168.1.5 that is the internal address of your HTTP server…
You need to add port forwarding to your router…
I've been developing locally on a little ubuntu netbook with xampp for about 7 months. Two weeks ago I got a computer I'd like to use as a server. I've installed the latest Ubuntu distribution and xampp, moved all my files over, and forwarded port 80. I've also got a domain name from dyndns.com which is being updated by a client which runs in my router (a Netgear WGR6154 v8).
Now, when I try to access my server by typing in the address I got from dyndns.com the browser loads until it timesout. I can access everything locally using localhost as the address so I believe xampp is running, just unable to connect with the internet.
In order to be able to view my files over the internet what should I do next?
Thanks to all in advance...
[I'm starting a bounty for the first person to help me get my files successfully online]
You have a combination of issues here, and that is something of a problem. Each issue is complex in an of itself. Here is what I would recommend to get you going for certain.
First verify that you can surf the web from your server. This will confirm that you have a working ethernet interface.
Step 1 make sure that XAMPP, and your files are viewable from your home network. I assume you are using something like 192.168.1.X for your network and perhaps your server is 192.168.1.10
Go to another computer in your house and type http://192.168.1.10/ and see if you can see your files. If you can then you know that the server is properly configured and XAMPP is working.
Then add an entry to your hosts file to resolve yourdnsrecord.com (or whatever your dyndns record is) to your private ip address. Then when you type yourdnsrecord.com into a browser from that computer you should still get your files. This will rule out your server being improperly configured to listen for that domain name.
Next you need to test to see if there is a firewall problem. To simplify this, first remove your home router from the equation. Instead, place your new server directly onto your internet connection. (assuming you can). This way, you do not need to have NAT or firewalls properly configured. Your dyndns name should map to a public IP and your server should then have that IP and be connected directly to the Internet. If you have your server directly connected, and the command ifconfig from the root prompt returns the same public IP address that your dynamic dns record is point to, then it should work.
It will make your life easier if you have an iphone or some other way to test how your network is seen from the Internet.
If your public IP as shown by ifconfig is different than the IP record in your dyndns account, then your dynamic dns update script is broken. manually set the IP, and see if things work.
It is very possible that this will not work. Some ISPs firewall port 80 preventing their subscribers from hosting servers. Once you have your server directly connected to the internet you can test this (even if your dns is not working) by using the public IP address. As root, type ifconfig from the command prompt to get your public ip address. Then type the command tcpdump -i eth? port 80 from the root prompt. eth? needs to be the same interface that you saw had a public IP address from the ifconfig command. usually this is eth0 but it might be wire0 or something like that.
This command will show you all traffic coming on port 80 to your server.
From an iphone (or whatever second Internet connection you have) browse to the IP address that you got from your ifconfig command. If you see something on your server (and it is directly connected to your ISP) then your ISP is not firewalling you.
If you can get to your server, when it is directly connected to the Internet, either by IP address or by DynDNS address, then your ISP is OK and it is time to debug your firewall.
Two things need to work for your firewall to be configured NAT, where the public address that your router gets from your ISP is converted into your private network and a firewall rule which permits that traffic. If you get this far, then you know your firewall is the problem and then it is just a matter of getting its configuration correct. There are far to many home routers to document here, but you usually can find how-to instructions for your router for this task from the manufacturers website (usually it is part of the manual)
If you follow these instructions exactly you will get your system working. Make comments on the process and I will be happy to modify this to make it clearer.
HTH,
-FT
You should make sure your xampp is not listening to only the localhost.
to do so edit your apache configuration file and check and search for Listen directive
you should be able to know also by analysing the output of netstat -a.
After that make sure your router is forwarding properly, using tcpdump would help.
drop me a comment if you need more help.
Cheers