I need to troubleshoot an issue by trying to block port 1935 connections to remote servers for a home computer. Note, 1935 is the default port for Flash Media Server's RTMP protocol. My home router is a Netgear one. I followed their instructions by creating a 'Service' in which port 1935 was 'always blocked' and then added that service to the 'Outgoing' part of the Firewall Rules of the router. But my testing still shows a successful connection from a Flash client to port 1935.
I thought there might be some way in the Windows 7 firewall but don't see any?
Any idea?
Thanks.
Try restarting the router. Many firewall changes don't take effect until the router is rebooted.
The correct answer is what I already said in my Comment to #Matt and as per my screen cap:
https://docs.google.com/open?id=0BxaCdcZpiglQQ0ZPbERzS0pPWFE
I had the settings right in the router: Port 1935 was indeed blocked. However, my test Flash application still reported rtmp, which made me think it was still port 1935. It was actually rtmp over port 443, as I later found out.
So if someone wants to block certain remote ports in a Netgear router then they can follow the steps I took: Create a 'Service' with the desired port; then add that Service to the Firewall Rules 'Outgoing' part, per my screen cap.
Thank you, Matt, for your help!
Related
Has anybody succedeed in creating a web server at home using a huawei hg633 router ?
I started by using the no-ip service and didn't get very far, as stated in this document this router is not compatible with no-ip.
So I tried using duckdns, following the instructions in the same document but that didn't work either. I also read in this relatively old post that dynamic dns is broken on those routers. In fact when I save my ddns settings, the password looks truncated.
Any port forwarding I set on my router doesn't seem to work, but that's probably related with the problems above (?)
Anything else I could try here ?
Thanks a lot !
For the record, my web server works, I can access it from within my network.
I've searched in general, and looked at suggested responses here, so I hope this isn't immediately marked as a duplicate. So here goes.
I'm building a simple web app with an Angular server using port 3000 on my desktop. I've been testing it with the standard "localhost:3000" URL. I then wanted to make it accessible to others outside my home for testing and review. So I did the expected port forwarding in my router of port 3000 to my local machine at 10.0.0.90. I then constructed a link using my external IP (router's "WAN IP") like "[wan ip]:3000". And this has worked as expected, enabling external access as well as internal access. The only thing funny at the time was having to add "--host 0.0.0.0" to the server invocation.
But here's the problem. My original setup, where everything worked, was a Comcast modem with my router (TP-Link) hanging off of it. Recently, I switched to their Xfinity Gateway combo modem/router (Arris TG1682G). Now, I can't get to the server using the [wan ip]:3000 URL. I can't even ping that URL, they all time out. So, while on the phone with Comcast tech support, and not being able to determine why I had this problem (even after upgrading router firmware and rebooting it), I asked him to try [wan ip]:3000, and it worked! It also doesn't work from any other machines on my local network. But, when I changed my laptop wireless connection from my house Xfinity router to an external one (one of the many "xfinitywifi"s seen in a list of networks, besides numerous neighbors), it again worked! Poking around in Xfinity router admin pages, I didn't see anything that sounded like it was involved with this.
So, any idea what's going on, and how to fix? Thanks for any ideas or guidance.
OK, I think I see what's going on. A colleague mentioned that for this to work, the router needs to support "NAT reflection/loopback". Looking at every setup page on this router, I don't see anything that sounds like that. Further searching shows a page where they state that this router does not support it. Oh well.
I know in airports, for example, I've connected to their AP, and it pops up a browser window to log in on my device. Is it possible to do so with NodeMCU in lua, or even with c firmware?
This can accomplished by setting the DNS server for a connecting client [via DHCP] to a sort of DNS proxy. It doesn't need to be a fully featured DNS server, it only needs to be able to either return a static DNS answer for any host name query or forward the request to a real DNS server, to resolve host names as usual.
The static answer effectively hijacks web requests at the DNS level, by forging the DNS answer, causing all host names to resolve to the IP address of a local web server. That local web server ignores any Uri details and serves a login prompt for every request. It must also maintain a list of client MAC addresses that have authenticated.
NodeMCU does have a built-in DHCP server, as part of it's built-in WiFi AP, but running both a web and a DNS proxy in ESP8266's limited memory would be a hell of a trick. I think that two of them working cooperatively, interfaced using the SPI bus might be workable... maybe even three of them, one dedicated to maintaining the list of authenticated MACs, expiring them, etc.
Note that the only part of this I have done on an ESP 8266 is some very simple web server functionality, so it's mostly theory. If you try it I'd be very interested in hearing about it. :-)
You might want to try out CaptiveIntraweb project (https://github.com/reischle/CaptiveIntraweb) which is based on NodeMCU.
There is also thread (http://www.esp8266.com/viewtopic.php?f=32&t=3618) on ESP8266 community forum that discusses the solution details.
Using AHKsock (AutoHotkey), I built a minimalistic client-server system with AHKsock_Connect, AHKsock_Send and AHKsock_Listen on both sides to communicate with each other. It works and I can send messages back and forth, if I connect to the server using localhost.
But I want the server to be accessible from everywhere. Shouldn't this be possible using my "external IP" which I can see # whatIsMyIP.com? Whenever someone tries to connect to the server on my computer, his/her connection will timeout/not work.
What is the IP of my server? How can others connect to it from anywhere? I assume there must be a simple solution to it, because the software itself seems to work: As stated above, connecting from the same computer to localhost will work.
Any help is much appreciated.
Did you forward the appropriate ports in your router/firewall? The IP should be correct.
This was the solution, I did something wrong in my router
So here is my issue, I have a website hosted from a virtual machine on my server and am using a dyndns service to point a url to my IP. My ISP recently set up a new modem which unfortunately has its own built in gateway and router. After fighting it to forward port 80 I tested it by trying to navigate to the site via the URL and it didn't work, then I tested it on my phone connected to cell data network and it worked! I am able to visit the site via the URL as long as I am not connected to my network. i find this very weird and cannot figure out why.
I am able to view the site on my network by typing in the local IP of the server.
Any suggestions why this might be occurring?
Yes, this is a pain. Usually your modem won't route traffic from inside that's destined for its public IP address.
When you come from outside, the traffic hits the modem from the external line, and the port forwarding rules get applied, and the traffic reaches your web server. But those port forwarding rules don't get applied to internal traffic. You're trying to browse the web server on the modem, rather than on your server.
I did once find a modem that allowed forwarding of internal traffic, but that was a long time ago, and I haven't see one like it since. What I do these days is to use the internal address when I'm on the internal network, and the external address when I'm not. For things that get scripted, I have a little function that determines whether I'm on my local network or not, and programmatically chooses the right way to address the server.
This is because your router does not support hairpinning (or does not have it set up).
From Cisco Support Community:-
The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.
Visualize this and you see something that looks like a hairpin.
Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The problem is how you are doing your internal routing DNS.
You can do DNS Lookup and trace route to see where the Website name is not resolving and whether if you ping the domain e.g. ping something.com return the public IP.
I resolved ours by doing policy routing on website FQDN to go through a different WAN. It's working fine. This works for those with different WAN terminating at the site.
The other way is redo the DNS configuration in internal network.