I just obtained static IP from ISP and configured port forwarding on my Sercomm AOT-4221SR Router
While accessing outside network it works properly and shows webpage of my server however when i connect my machine to same network within LAN and visit website or static IP it shows router page i.e 192.168.0.1 (with original website URL which i entered in browser)
Please help me to solve this.
192.168.0.1 this is a private IP and shouldn't be used. I am guessing that you received a public IP from ISP. Use your public IP and add port forward rules for that IP to your web server IP
X.X.X.X:80 ------------> 192.168.0.x:80
X.X.X.X:443 ------------> 192.168.0.x:443 for HTTPS
X.X.X.X is your public IP and 192.168.0.x is the ip of machine where you are running webserver.
And point your domain name to that public IP. You can add entries in /etc/hosts for testing purposes
What you are looking for is NAT reflection.
It would not work, as most routers, including the Sercomm one does not have NAT reflection feature.
I was in the same boat as you.
What I did:
Let us assume you have 3 devices from which you want to forward ports. After adding the rules in the router, with LAN IPs 192.168.0.A, 192.168.0.B, 192.168.0.C
and your static IP is W.X.Y.Z.
Go to duckdns.org and create a free account.
create 3 entries
somethingdevice1.duckdns.org --> W.X.Y.Z
somethingdevice2.duckdns.org --> W.X.Y.Z
somethingdevice2.duckdns.org --> W.X.Y.Z
Now create static DNS entries as follows (I am using AdGuard instance inside a HASS instance which I am using as DNS, I created DNS rewrite rules there)
somethingdevice1.duckdns.org --> 192.168.0.A
somethingdevice2.duckdns.org --> 192.168.0.B
somethingdevice3.duckdns.org --> 192.168.0.C
Now use these URLs to access your devices withing or outside your local network.
Related
I have moved to a new place that provides an ethernet port in the wall which I have attached my router to (using dynamic IP setting). I know how to port forward with my router and it worked fine until now with a DSL connection:
My router provides 192.168.0.X IP addresses to the clients in the house. When I checked my router settings I have noticed that the default gateway and the IP address starts with 172.16 (I have connected to the router settings using 192.168.0.1), while when checking what is my external IP (through whatismyip.com for example) it shows a different IP address. I guess it means that it's a VLAN (I'm not an expert...)
When I enter the default gateway it asks for username and password which I don't have, so I guess this is the main problem. Is there a way to port forward anyways?
Thanks in advance.
the IP address starts with 172.16
That is a private IP address. Unless the port forwarding is also set up on the previous NAT router, there's no way your router can forward from public IP space.
Dual-stage forwarding is possible but requires the real public router's admin to set that up. The only alternative is via a tunnel from another public IP address (port forward from an external server/router into a VPN tunnel that you terminate).
A VLAN is nothing that can help you here.
I have a service exposed over 2 nodes, each node has a https url for the service.
I want to put a F5 on top of these 2 https nodes, is it possible
Yes. First create an https monitor, some request that when you get the right response back, the node is 'online'. Then create a pool with the two nodes (listing their IP and port number) and attach the monitor. Then create a virtual server or two (I normally make an http one with no pool and the built-in https redirect iRule) plus the https virtual server. give them the same IP address, allow all source addresses (the source here is what allows the F5 to select it, you can restrict IP addresses further with the firewall policy). Auto SNAT will make the f5 replicate the request to the backend server but with the src IP of the F5. If you care about the client IP address on the backend servers they will need to listen for x-forewaded-for header. You'll need to add a profile to the https virtual server to attach such a header and populate it with the clients 'real' src IP. Then attach the pool and make sure the VS firewall is open correctly. You'll also need to import the right certs and keys and create an ssl profile that matches the DNS name you want to point at this VS, and attach the ssl profile to the https vip in the client ssl section. the server ssl section is normally ssl-insecure-compatible.
for the DNS name, hopefully your 2 nodes are named something like web1 and web2.example.com. so the DNS name for the vip should be web.example.com and the SSL Cert required would be for web.example.com or *.example.com if you're feeling frisky lol.
I am having below two issue,
The below one observed from IFTTT make an web request,
1.Applet skipped "If You say "Open Binny", then Make a web request".Unable to make web request: Error: ETIMEDOUT
"I am using this URL http://192.168.43.184:8123/api/services/shell_command/test_cmd?api_password=solo#123"
The below one is observed in home assistant while we call service
2.homeassistant.components.shell_command] Error running command: pwd, return code: 1
can you solve this ? Thanks
The IP (192.168.43.184) you are using in your http-request is a private internal IP (it will only work wthin your home network). You need to use your public (external) IP from your internet router (hopefully you have a public one). But even then, it will not work until you configure your router for a port forwarding, so if a request hit's your external IP (and port) your router should know which server (here 192.168.43.184) should be reached. You need a port forwarding like this: If a TCP conncetion comes to your public IP on port 8123 route it further to 192.168.43.184:8123
But I would suggest to get a DNS-entry like from DynDNS.org because your public IP will maybe change, and then you always have to adapt the IFTTT-URLs. With an DNS-entry you get rid of changing all the URLs out there. Often there is a tool which runs in your lokal network and checks if your public IP has changed and informes DNS-provider and updates the mapping between your DNS entry and your public IP
You need a secure remote connection. You can use duckdns and https cert created with dehydratated
https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
You can try the new tutorial https://www.home-assistant.io/integrations/google_assistant/ for google assistant connection
So here is my issue, I have a website hosted from a virtual machine on my server and am using a dyndns service to point a url to my IP. My ISP recently set up a new modem which unfortunately has its own built in gateway and router. After fighting it to forward port 80 I tested it by trying to navigate to the site via the URL and it didn't work, then I tested it on my phone connected to cell data network and it worked! I am able to visit the site via the URL as long as I am not connected to my network. i find this very weird and cannot figure out why.
I am able to view the site on my network by typing in the local IP of the server.
Any suggestions why this might be occurring?
Yes, this is a pain. Usually your modem won't route traffic from inside that's destined for its public IP address.
When you come from outside, the traffic hits the modem from the external line, and the port forwarding rules get applied, and the traffic reaches your web server. But those port forwarding rules don't get applied to internal traffic. You're trying to browse the web server on the modem, rather than on your server.
I did once find a modem that allowed forwarding of internal traffic, but that was a long time ago, and I haven't see one like it since. What I do these days is to use the internal address when I'm on the internal network, and the external address when I'm not. For things that get scripted, I have a little function that determines whether I'm on my local network or not, and programmatically chooses the right way to address the server.
This is because your router does not support hairpinning (or does not have it set up).
From Cisco Support Community:-
The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.
Visualize this and you see something that looks like a hairpin.
Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The problem is how you are doing your internal routing DNS.
You can do DNS Lookup and trace route to see where the Website name is not resolving and whether if you ping the domain e.g. ping something.com return the public IP.
I resolved ours by doing policy routing on website FQDN to go through a different WAN. It's working fine. This works for those with different WAN terminating at the site.
The other way is redo the DNS configuration in internal network.
I'm using the Play Framework which uses http://localhost:9000 by default. I'm also trying something with Twitter and it needs to use a callback url for authentication, but Twitter won't accept http://localhost:9000 as a callback URL.
How can I configure my localhost to map to something like http://mylocal.loc, (similar as with an Apache vhost), instead of http://localhost:9000?
The problem is that the URL needed to be entered in the following format:
http://127.0.0.1:9000/twitter-callback
The above works perfectly as a Twitter callback address.
Twitter isn't trying to access localhost directly, it simply takes the above address as far as I understand, sticks it into the HTTP response header, prompting whichever browser being used to perform a straight forward 302 redirect.
The following blog post had some invaluable information in regards to this question:
http://www.tonyamoyal.com/2009/08/17/how-to-quickly-set-up-a-test-for-twitter-oauth-authentication-from-your-local-machine/
The reason that twitter can't use localhost as a callback url is because localhost is a redirect to your computers loopback interface. In other words, localhost is always the computer that you're on. In order for other computers (including twitter) to access your host, you need to use an external IP address, or a hostname.
To get your IP address, visit whatsmyip. This will tell you your external IP address (which other computers on the internet can access). If you have a static IP address, you can purchase a domain name, or get a free one from something like no-ip or dyndns to make it easier to remember and type. You'll need to point a DNS record from that domain to your IP. You'll also probably need to do some port forwarding and stuff to get it to go to your computer on port 9000, rather than your router (dependent on your network setup).
Possibly an easier option would be to obtain a free hosting/domain service whilst you're testing.
EDIT: josef's problem was not related to the absence of internet access to his local server, see his own answer for what was going on and a solution. This answer handles the case where a local server needs to be visible from the internet.
localhost, aka 127.0.0.1 is the name that on each computer points to the computer itself. So Twitter looks at itself, obviously doesn't see the service, end of story.
If your computer is connected to a local network, most likely that network is NATed and using private addresses like 192.168.x.x, 10.x.x.x or 172.16x.x.x. These addresses are private (not known outside of the local network because not routed on the internet), so that doesn't help you either.
What remains is your public IP address, ie the address your router gets from your ISP. Via DNS you can map that address to a name, a free service that allows you to map a fixed name also to a variable address is DynDNS.
But wait, there is more! Your router protects your network by not allowing traffic originating OUTSIDE the private network IN, unless you define some forwarding rule in the router, in your case a rule that forwards incoming tcp traffic on port 9000 to your machine's port 9000.
Once all that has been taken care of, your computer will be accessible from the outside, and your callback should work.
Edit your hosts file and add the following line:
127.0.0.1 mylocal.loc
For Windows, it is located in C:\Windows\System32\drivers\etc\. On *nix, you can find it in /etc.