I have a CentOS server at home that I'm trying to put a website on. I put the index.html in the /var/www/html/ folder and can access it from another computer on the local network (with 'http://192.168.etc'). The problem comes when I try to access it from the web with my ip (http://34.52.xx.xx). I turned off iptables when I tried to access it to rule out a firewall issue with no success. I use Comcast and read that they sometimes block port 80 so I edited the /etc/httpd/conf/httpd.conf to listen on port 8000 in addition to 80 incase port 80 was blocked (httpd restarted after changes). When I enter 'http://myIP:8000' with iptables down I still don't get my page to show up.
What am I missing?
Thanks!
You surely have one public IP address let say 34.52.01.01 and you surely have “several” private IP addresses 192.168.1.1/192.168.1.2 ...
Between both worlds there’s a layer in your router call NAT (Network Address Translation) that
allows a request started from let say 192.168.1.2 to reach the external world (let say google.com), when the external world provides an answer for such a request it's your router NAT who knows that that answer must be routed back to 192.168.1.2
But if you have a request originated in the exterior world pointing to 34.52.01.01 you do not have an HTTP server
on that address then you need in your router some forwarding rule saying let say if you receive a TCP request in port 80 route it to 192.168.1.5 that is the internal address of your HTTP server…
You need to add port forwarding to your router…
Related
while I was studying Internet Protocols, a question just occurred to me. Typically, we could assign any ports that are not for typical usage (e.g. 80 for HTTP, 443 for HTTPS) to our applications. For example, when I use Node.js Express to build a simple server, I could assign port 5000 to this process like below.
const express = require('express')
const app = express()
const port = 5000
// some code to configure server
app.listen(port, () => {
console.log(`Server is now running on port ${port}`)
})
My Node.js application will listen to port 5000. If my ip is for example 10.10.10.10, then my application will get a request if anyone hits 10.10.10.10:5000. However, if that's a HTTP/HTTPS request, shouldn't the packets come from port 80 / 443? Can someone tell me why it's not the case or why application listening to different ports can receive packets if they indeed come from 80 / 443.
Thank you.
When a packet leaves your computer it went through all the layers of the OSI model. It contains basically six specific information.
The destination and source IP address (the IP address of the server and your IP address respectively), the destination and source port (the port it is destined to at the server and the port it uses on your machine) and the destination and source MAC address (the MAC address of the machine it is destined to (locally) and the MAC address of your computer).
In a simple configuration (the computer behind a router), when you send this packet, it will be rerouted to the router using it's MAC address. The OS keeps a routing table which has the info on what to do with what IP address. Whether it is "On-Link" or if it needs to send the packet to a default gateway. You can print the routing table of your computer by typing route print in Windows CMD. If you are joining an outside server then the packet will be sent to the default gateway. It may need to do an ARP request in order to get the MAC address of the default gateway (or not depending on your computer's ARP table at that moment). You can see the ARP table by typing arp -a on Windows (in CMD).
Once the packet reaches the router, the router strips off the source IP (your internal network IP) and replaces it with the IP of it's external interface (your public IP). It does the link between those two addresses using the NAT table:
It also strips off the internal port and replaces it with a random available port (to the right). It means that 2 different machines accessing the same website can share the same local port. The destination port stays the same.
In the end if you receive a request from outside your router. Your router doesn't have a NAT table entry for that packet because it wasn't initiated by you. You'll need to use port forwarding to tell your router to forward incoming packets (destined to a certain port) to a certain internal IP.
Some routers (like mine) don't support specifying an external port AND an internal port. So both of these are the same (you cannot specify a different external vs internal port so you can't forward external 80 to internal 5000). In your case, you would need to specify an external port of 80/443 and an internal port of 5000 destined to 10.10.10.10 for your configuration to work. Otherwise, it should not work.
I am a novice at networking, I have a NodeJS server running with server.listen(3000, '10.0.0.7'); and have forwarded port 3000 with the internal IP address of my server being 10.0.0.7. I can connect from another machine on my network by putting in the browser: 10.0.0.7:3000. It is my understanding that my external IP address should connect me to the router which should then forward me to the server I have set up on 3000.
Am I missing something important? Because I am unable to connect via the external IP address.
Also please note that my firewall is disabled.
I am neither a network expert so excuse me if I use any incorrect terms. In my understanding, you are right about the current configuration, however you are missing the last step. By default, your router makes your LAN unreachable from a so called “external ip”. Just for the definition: external ip in this case is every ip that is not in your LAN. Imagine if your router would allow any communication without you explicitly giving permission. Every open port on your LAN would be available for the network that your router connects to. That is definitely not desirable.
Lets look at it with an example, quoted from this article:
your router has an ip of: 5.6.7.8 if you access it from outer network (internet)
your router has an ip of: 192.168.1.1 if you access it from your LAN
your laptop is in your LAN and has an ip address of 192.168.1.10 and you want to expose port 3000 from your laptop to the outer network (internet)
You have 2 options:
You can expose the port via the configuration of the router (e.g.: you map 5.6.7.8:3000 to 192.168.1.10:3000 in the router configuration and now it will be accessible from the outer network on 5.6.7.8:3000. Note that you can choose any free port, ports don’t have to match.). Of course it is only possible if you have the option to configure the router and you are willing to do so. (e.g.: if you are not in a café)
You can use some tunneling tools like Ngrok or OpenSSH, which make a direct tunnel between the external machine and your server. This can also work if you don’t have the ability to change the router configuration.
Hope I was able to help. Good luck.
I am trying to get my Node.js server to listen to a public IP so that I can access it on a different network than my home network.
I've purchased a domain and used a DNS host - right now I'm using No-IP and have downloaded their client to push my IP to their servers.
When I set the IP on No-IP configuration to my local IP I can use the domain name and hit my server on another computer on my network. But if I change this to my public IP and use the domain, the request hangs for about 10 seconds and then fails. I've set up port forwarding (I believe correctly) and opened inbound / outbound traffic on the port I'm listening to (not 80 right now). I even pulled my firewall completely.
I tried changing server.listen(4444) to server.listen(4444, '0.0.0.0') as I've seen all over the web. But this doesn't work.
Anyone have ideas out there? I feel like maybe my ISP is blocking it somehow? I'm fairly new to networking, so maybe I'm missing something critical?
Thanks!
server.listen(4444) should be fine. As long as you don't have multiple active network connections in your server, you don't need to specify an IP address. Port forwarding from your router (if configured correctly) will direct the request that came from to public IP address to the actual local IP address of your host.
Note that for port forwarding to work reliably, you will have to give your host a fixed private IP address (not a DHCP assigned address) so the IP address will not vary. Then, you configure port forwarding to that fixed IP address.
Then, you need to do some network debugging. From a computer outside your own network (e.g. something out on the internet), you should do a couple commands to your public DNS name:
ping yourserver.net
tracert yourserver.net
If your DNS entry is not working, ping should tell you immediately that it didn't find yourserver.net.
If the DNS entry is working, but the IP address can't be reached, then ping will tell you that the server is unreachable. At that point, you will know you have a networking issue with connecting to your public IP address from the internet.
If ping is initially finding your server, but packets aren't flowing properly, then either the ping results or the tracert results should give you an idea where to look next.
If ping and tracert are finding your public IP and packets are flowing to/from it, but you still can't connect to it with the browser, then you either don't have the IP address set correctly (so you're not connecting to the right server) or your node.js server isn't listening appropriately or you aren't using the right ip/port in the browser that represents the actual node.js process. If you suspect this to be the case, then back up and make sure you have everything working purely on your own private network where the browser tries to connect directly to the local IP address and port. When that is working, you will know the node.js server is working appropriately and you can move back to working on the public IP.
FYI, if you tell us what the public DNS name and public IP address is, we here can do a few steps of this debugging from our computers.
It may be that your router can only forward a port to a computer on your network, but not change the port when forwarding. If that's the case, then you have these options:
Put everything on port 4444. Have your server listen to 4444, specify 4444 in the port forwarding in the router and then put 4444 in the URL like http://thecastle.ninja:4444.
Set up the port forwarding for port 80, put your server on port 80. Change the port forwarding to port 80. Change your server to listen to port 80 (if your server is Unix, you will need elevated privileges to listen to port 80 directly). You should then be able to use a URL like http://thecastle.ninja.
Set up the port forwarding for port 80, put your server on port 4444 and use ip table settings to route 80 to 4444 on your server. This allows your server to run in the less privileged 4444 port, but lets the end-user use the default port 80. I have a node.js server on a Linux Raspberry Pi configured this way. You should then be able to use a URL like http://thecastle.ninja
Run a proxy on your server that will route port 80 to port 4444. This is probably more than you need, but nginx is a popular one and it can do port forwarding on the server.
I know that on a local network, it is possible to redirect from the default port to another port like so, and run an application:
# Routes all traffic from port 80 to port 3000
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3000
node .
For clients to access the service, typing 11.0.120.131 will have the same effect as typing 11.0.120.131:3000 (if 11.0.120.131 is the IP of the computer running the node server).
I've seen in a couple cases where you can type into the address bar a word, e.g. http://meetings and it will actually pull up a web page (as if typing in an IP). I'm not sure what the technique is called, but I would like to achieve the same thing on my local network.
Is this possible on a Linux machine using a command similar or not to iptables above?
URLs are resolved to IP addresses via the Domain Name System. In order to create a fancy URL like meetings, some router between you and the DNS server looks for those particular URLs and resolves them to the correct IP address (or provisions your machine to use a custom DNS server which does the same thing).
If you want to achieve this behavior on your computer, you can edit the hosts file (on Linux, /etc/hosts). This file contains a list of explicit URL resolutions; if you put a URL in this file, such as meetings, then it will be resolved to the IP address you specify, without ever contacting a DNS server.
If you want all the computers on your network to use this behavior, you have to set up an actual DNS server for those URLs, and configure your router to specify it as the DNS server to use, which may not be possible depending on the brand of router.
Set up behind a router (192.168.1.1)! Able to access my website in apach2 via 192.168.1.2:8008 how do i access it when i type my ip address (from whatsmyip.org); where i want to access the webserver remotely!
If there is only a router between your network and your ISP (the internet), then you just have to go into the configuration page of your router and forward port 8008 to 192.168.1.2. Then typing 1.2.3.4:8008 (replacing 1.2.3.4 with your external IP from whatsmyip.org) should, if there are no other devices or firewalls in place, display the webpage.
If you tell us what model your router is, we can be more specific on how to actually forward the port.